Managing Connected Devices on TP-Link Access Point with MikroTik Router - Need Advice

rendzzx · October 6, 2024, 7:58am

I have a TP-Link access point (Model: TL-WR840N) connected to a MikroTik router (I’m considering to buy RB951UI-2HND). I’m looking for the best way to effectively manage all the devices connected to my access point.
If possible without using the hotspot feature, because i have some AndroidTV and wirless CCTV and it cannot be connected with hotspot (the login page did not show up).

I’ve attached a photo of my network topology diagram for reference.

BartoszP · October 6, 2024, 8:06am

There are 9 TP-link APs on the diagram and MT that you do not posses. What does it mean: “…the best way to effectively manage all the devices connected to my access point…”?

EDIT: BTW … you are on the MT forum and you ask for managing TP-Link connected devices. Ask on the TP-Link forum.

rendzzx · October 6, 2024, 8:20am

Yeah I know it’s a mess lol.
Right now I have the RB941-2nD (hAP lite) with hotspot configuration, but because the TV and CCTV won’t connect I reset it and accidentally removed the bridge interface, and now it won’t even show up on Winbox neighbors

What I mean by “…the best way to effectively manage all the devices connected to my access point…” is to view all devices connected and maybe Allocate and prioritize bandwidth for different devices, and also whitelist/blacklist by MAC address

ingdaka · October 6, 2024, 11:07am

Just turn all your TP-Link AP on bridge mode and then all devices will get dhcp from Mikrotik, so you have all MAC on your Mikrotik ARP. Just be careful not creating loop on network.

anav · October 6, 2024, 11:20am

They are not access points, those are old wifi routers that could be used as access points.
However these are dumb devices, there is no vlan capability and no real management capability.
You can provide one subnet per port ( and thus per AP ) on the router and thats probably the extent of the separation you can provide.

So your options are limited.
ONE bridge, all ports on bridge connected and ONE SUBNET for all devices

OR
For a bit better security, separate at least the users by subnet and ports and firewall rules.
( assign different subnets directly to ports )
port2 subnetA
port3 subnetB
port4 subnetC
port5 subnetD

OR
ONE BRIDGE ( no dhcp, all work done on vlans )
vlan10 untagged to port2
vlan20 untagged to port3
vlan30 untaqged to port4
vlan40 untagged to port5