Hello everyone, I have an idea in my head, I just do not know how to put this idea into a real network setup. I hope someone can read this, and give me a suggestion on how I could setup this network topology to achieve the goal in my head!
So, right now I have a standard DSL internet connection with a brand new RB450G connected, configured with a DHCP server on the local network-side.
The other ports on the Mikrotik, which are not used for the WAN, are bridged together to function as a switch. They go out to different “stupid” switches on the floors of our building, so all of the offices we rent out can have internet connection!
Now while this setup is very very simple, it works so that all of our clients get their internet.
BUT - this is not ideal because everyone is on the same subnet and can potentially mess with each others computers.
What would be the ideal solution to ensure some sort of isolation between the users? Is it possible from the Mikrotik, or do I have to replace the “stupid” switches on each floor?
Also, does Mikrotik have a feature where I can ensure that no one-user can hog all of the internet bandwidth from everyone else? I do not want any strict and advanced load-balancing, I just want some sort of assurance that no one person can utilize 100% of the connection. What should I look into to achieve this?
What would be the ideal solution to ensure some sort of isolation between the users? Is it possible from the Mikrotik, or do I have to replace the “stupid” switches on each floor?
You need to replace the stupid switches on each floor. After all, in Ethernet networks users on the same network talk directly to one another, the router isn’t involved in intra-subnet traffic. Even if you were to block things on your bridged ports users on the same unmanaged switch can still affect one another. Cisco’s solution, for example, is called ‘private VLANs’. This configures several types of ports: promiscuous ports can talk to all other ports in the VLAN - that would be a router. Community ports can talk to promiscuous ports, and other ports in the same community. Isolated ports can only talk to promiscuous ports, and not to other community ports, or other isolated ports. They still all share the same network. Other vendors have equivalent solutions, but this requires smart, managed switches.
Also, does Mikrotik have a feature where I can ensure that no one-user can hog all of the internet bandwidth from everyone else? I do not want any strict and advanced load-balancing, I just want some sort of assurance that no one person can utilize 100% of the connection. What should I look into to achieve this?
QoS. Mikrotik does this under the “/queue” configuration section. This is fairly complicated stuff - make sure you read all the manuals, watch the MuM videos, etc.