Hi,
yesterday I worked all day on building a network with MK and I couldn’t break up at all. It’s time to strengthen the security of my small business, but I’m an amateur, so I apologize for the inaccurate expression.
The point is that I have MikroTik RB3011UiAS version 6.48 on the input.
Do ether 1 - WAN “flows internet”; ether 9 is the output to the LAN through which all traffic runs. Ether 5 is connected to another MK, where the separate network is physically. I don’t want to change that.
So far I have one pool 192.168.0.0-192.168.0.255. I have AP UniFi all over the company collecting people and throwing them to this extent.
I created 6 POOLS:
1.) Visitors - 192.168.0.1/24
2.) Ethernet - 192.168.2.1/24 - all connected via ETHERNET
3.) WiFi - 192.168.3.1/24 - all connected wirelessly
4.) CAM - 192.168.4.1/24 - all cameras
5.) TECH - 192.168.5.1/24 - all technological servers, printers and more
6.) VPN - 192.168.6.1/24 - all clients via SSTP - for secure connection.
I have one DHCP server running in the range of 192.168.0.1/24, which is fine and everyone is crashing there. If I want to create more DHCP servers, so what I studied is to physically separate the ports from the bridge so that it is not taken as SLAVE and create a new bridge or it is possible to do a VLAN. I tested these possibilities and I couldn’t help it.
I achieved that I had one DHCP on 192.168.0.1/24 people fall there and then via DHCP leases I assigned IP to the pool according to MAC it worked, but then the given POOL did not have the Internet - the participant I assigned there. I set everything to Address list, ARP list and Leases.
Unfortunately, this address did not have internet, but it is not what I need.
I want each pool to have its own DHCP, if I understand correctly, then each pool will have a VLAN and a created DHCP server, where I will then set up ARP-reply only so that no one from the null network 192.168.0.1/24 will force another POOL.
The zero pool will have an ARP-enable for visitors.
Then in FW - I’ll make a rule so that 0 pool can’t see the others, I succeeded. They can see everyone else.
I’m sending a photo from Tik, as I have it set up without VLAN + a smaller scheme, as I would have imagined.
I apologize in advance if this is difficult to understand. Maybe I described it well.
Thanks in advance.