Hi There,
Are there any physica switches out there that can run ZeroTier and where the ZeroTier client can ‘join’ multiple ZT networks ?.
Basically I’d like to take a switch and map ports 1-4 to ZT Network A, 5-8 to ZT Network B and ports 9-12 to ZT Network C. Here, the ZT Networks would be analogous to VRFs and - therefore - wide scale macro segmentation where, for example, if I had another physical switch in another geo location, I could do same and those connected devices would be on the same ‘VRF’ (Zero Tier Network).

Hope this makes sense and appreciate any input.

Take care,
Steve

You could do something like this with MikroTik Routers by creating bridges on the designated ports to group their traffic and then creating routing rules to the various Zerotier networks that you are connected to. But this would be at the IP layer - I don’t know of anything that would be able to do this at layer 2.

Hmmm - I just checked in the configuration on one of my Mikrotik boxes and a Zerotier interface can be added to a bridge, so that might just work.

Thanks @erik - appreciate the steer and will try out some Mikrotik boxes. Many thanks.

Interestingly - it does look like the config might be valid, I guess I just need to try it practically ;).
Thanks again !

Step 1: Configure Internet on Port 6

/interface ethernet
set [ find name=ether6 ] name=ether6-wan

/ip dhcp-client
add interface=ether6-wan add-default-route=yes

Step 2: Create Bridges for Each ZeroTier Network

/interface bridge
add name=bridge-ztn1 comment=“Bridge for ZTN1 (172.16.1.0/24)”
add name=bridge-ztn2 comment=“Bridge for ZTN2 (172.16.2.0/24)”
add name=bridge-ztn3 comment=“Bridge for ZTN3 (172.16.3.0/24)”

/interface bridge port
add bridge=bridge-ztn1 interface=ether1 comment=“Port 1 to ZTN1”
add bridge=bridge-ztn2 interface=ether2 comment=“Port 2 to ZTN2”
add bridge=bridge-ztn3 interface=ether3 comment=“Port 3 to ZTN3”

Step 3: Configure ZeroTier Interfaces

/zerotier
set [ find default=yes ] disabled=no
/zerotier interface
add name=ztn1 network= comment=“ZeroTier Network 1”
add name=ztn2 network= comment=“ZeroTier Network 2”
add name=ztn3 network= comment=“ZeroTier Network 3”

Step 4: Add ZeroTier Interfaces to Respective Bridges

/interface bridge port
add bridge=bridge-ztn1 interface=ztn1 comment=“ZTN1 to Bridge 1”
add bridge=bridge-ztn2 interface=ztn2 comment=“ZTN2 to Bridge 2”
add bridge=bridge-ztn3 interface=ztn3 comment=“ZTN3 to Bridge 3”

Step 5: Assign IP Addresses to Bridges (Optional, for Router Management)

/ip address
add address=172.16.1.1/24 interface=bridge-ztn1 comment=“ZTN1 Management IP”
add address=172.16.2.1/24 interface=bridge-ztn2 comment=“ZTN2 Management IP”
add address=172.16.3.1/24 interface=bridge-ztn3 comment=“ZTN3 Management IP”

Step 6: Configure NAT for Internet Access

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether6-wan comment=“NAT for Internet”

Step 7: Basic Firewall Rules

/ip firewall filter
add action=accept chain=input comment=“Allow established/related”
add action=accept chain=input protocol=udp port=9993 comment=“Allow ZeroTier”
add action=drop chain=input comment=“Drop all other input”
add action=accept chain=forward comment=“Allow all forward traffic”

Step 8: Enable IP Services (Optional, for Management)

/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=no
set api disabled=yes
set winbox disabled=no

At a glance that looks like it should work. If the box isn’t the actual router, then you won’t need the NAT step, just the DHCP client to get an IP from your existing router.