Best way of 3 routers connection

lefterissim · January 7, 2024, 10:23am

Hello all guys!!
Im using Mikrotik a year now and im very excited!!!
I have already a mikrotik hex rb750gr3 and just purchase a ax3, also i have from gift a tp link er650.
What is the best way to connect all devices together?
I am thinking to create 3 networks.
1 network will be with ax3 as main router for firewall rules and create 2 vlans,one to connect rb750gr3 as switch and one to connect tplink.
In rb750gr3 i will create an ipsec connection with nordvpn because i want to connect some devices that will run always behind vpn.
Also in second vlan i will connect the tplink for manage 2 play rooms with pcs and xbox.
Also im thinking to create a container in ax3 with tplink omada controller so i will manage tplink from there.

Is this a solid way to make my network? any suggestions will be welcome!!
thank you all!!!

anav · January 7, 2024, 3:43pm

First, this is not a TPLINK forum and second, there is no such model TP link er650. There is however a wifi-extender (NOT A ROUTER) called the TP link RE650. This can be connected by ethernet to one of your routers to act as an access point. However its a dumb access point that cannot read vlans. At most you will be able to pass on the one LAN network for both 2.4 and 5ghz wifi and this device does not even have an option for guest network.

Dont bother with omada for the single device that should be simply setup an an access point on whatever vlan/subnet is designated for the TP LINK. Much complexity and frustration for little gain.
Similarly dont use capsman on the ax. Not needed and adds complexity not required.
The over all plan seems okay.

hapax, ether1 to WAN (ether2 to future wan?)
ether3 to hex switch trunk port and vlans 10,20,30 (10 trusted, 20 iot, 30 cameras etc…)
ether4 to tplink access port (access port ) pvid=40 ( vlan40 to xbox etc..)
ether5 off bridge access for initial config
wlan1 2.4ghz trusted access port vlan10
wlan2 5ghz trusted access port vlan10
wlan1-virtual 2.4 guests access port vlan50
wlan2-virtua 5ghz guests access port vlan50
HeX Switch
ether1 trunk from ax
ether2 to devices
ether3 to device
ether4 to devices
ether5 off bridge access for initial config and later on access

++++++++++++++++++++++++++++++++++++++++++

UNDERSTAND THE REQUIREMENTS AND MAKE THE PLAN

STEP1 = Right down all the requirements
a. identify all user(s)/device(s)/groups of users and devices
b. identify the data flows they need to accomplish.

STEP2 - LEARN VLANS - http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

STEP3 - Learn about Wireguard VPN and read 3rd party paragraph - http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

STEP4 - DRAW NETWORK DIAGRAM - THE PLAN. Showing equipment, connections, nominal ports, nominal subnets/vlans
STEP 5 - Start Configuring ax3 OFF BRIDGE
https://forum.mikrotik.com/viewtopic.php?t=181718

STEP 6 - Configure HEx Switch OFF BRIDGE
https://forum.mikrotik.com/viewtopic.php?t=182276

STEP 7 - Connect TPLINK device to PC to configure, then plug into appropriate ax port.

Step 8 - When stuck come here and post both ax and hex configs
/export file=anynameyouwish ( minus router serial number, public WANIP information, keys etc. )

we havent covered firewall rules, IP routes etc… so there will be issues LOL.

jaclaz · January 7, 2024, 3:55pm

Maybe it is an ER605. (I think it is allowed to mention the model even if this is not a <other manufacturer’s name redacted> forum)

lefterissim · January 7, 2024, 4:02pm

Sorry my mistake the TP-Link is er605 omada vpn router but ok I understand and thank you very much for your help!!

anav · January 7, 2024, 4:52pm

Maybe?, dont you even know what you have???
In any case, no need for TPLINK router at all

lefterissim · January 7, 2024, 5:10pm

Well to be honest I will put only the TP-Link for OpenVPN TCP protocol because one of my IPTV is working solid only with TCP protocol with OpenVPN with connection with nordvpn.and as I know mikrotik doesn’t support TLS authentication unless if support and don’t know.but the plan I will do it as you said with vlans trunk on hap ax3 and from my rb750gr3 as switch I will tag them for devices.and I will make a seperate tag vlan in ax3 just for the TP-Link to run a OpenVPN client with nord for one of my IPTV providers.dont worry about firewall rules and routing I know what must do to allow traffic or block access to my ax3.

jaclaz · January 7, 2024, 5:48pm

I do know what I have, rest assured, but I am not the OP, only suggesting a possible typo.

anav · January 7, 2024, 6:12pm

I have no time for guesses, this is not a circus but you sir are a clown… If you need to work on your imagination, go read a book.

jaclaz · January 8, 2024, 8:23am

Yep, I understand how welcoming new users on the forum can be taxing.

mkx · January 8, 2024, 9:04am

Whenever we played whack-a-mole, @anav lost

anav · January 8, 2024, 1:43pm

Sounds like a scenario for double nat. Modem, to MT Router, then to TPLINK router (for vpn mostly).
The hex need not route as my earlier post and can be connected to the AX as a switch.