I wanted to get some ideas on large apartment complex networking setups. I run a few larger ones and have been wanting to redesign a few of them now that I have larger blocks of Public IP’s to assign to the residents. Current models for me have been a VLAN assigned to each apartment and then I NAT them out either 1 IP or break it up on a per building basis.
Now that I have more IP’s I can actually cover each apartment with 1 Public IP. I would like to leave the VLANs in place on a per apartment basis, but instead of handing them a private IP I would like to hand them a Public directly.
If you are doing this setup, how are you handling it? specific setup? QinQ? Loopback?
You could set up a bridge as the “customer access interface” and connect all of the individual apartments’ vlan interfaces to the bridge, and set each bridge port to be horizon=1. Ports with the same horizon value cannot communicate directly with each other (split horizon bridging), but then you can just put a simple IP and DHCP server on the access bridge interface itself. Finally, set the bridge interface arp type to reply-only, and set the dhcp server option “add arp for leases” and then you’ll have forced DHCP and blocked user<->user connectivity.
EDIT: by “connecting vlans to the bridge” I mean to add them as ports in the bridge > ports menu, not to create VLAN interfaces on the bridge interface itself. The VLAN sub-interfaces would be built on the ethernet interfaces themselves. You wouldn’t need (or want) direct bridging between the ethernet interfaces themselves so be sure that the actual physical interfaces are not connected to the access bridge, and that they’re not using hardware switching. You just want the Mikrotik to be a big router with lots of layer 3 interfaces like some big giant squid or something.
The only remaining challenge is limiting the number of IP assignments that each unit may have, but I think this can be done in RADIUS (you do want to use RADIUS-backed dhcp).