My private Network is 192.168.2.x and can access 192.168.10.x.
The LAN 192.168.10.x is the IoT Network
The LAN 192.168.20.x is the Guest LAN and it is used only for the WiFi
Two port are trunk port to transport all the 3 VLAN to another switch and to an Ubiquiti AP.
I also have 2 NAS, each one has 2 ethernet port one connected to BR1 and one connected to BR2.
I have a 18 ports Cisco 250 smart switch. I would like to connect this switch to the router using the SFP port.
Since I new to Mikrotik router, I’m looking for suggestions about the best router configuration.
My ideas are:
Create 3 bridges, one for each LAN ad assigne ethernet port to each bridge.
Configure 2 port as trunk for VLANS
Use Wireguard to access my BR2 from everywhere
If it is possible, configure the router as VPN Client
I would like to connect the Cisco switch to the router using SFP or Ethernet Port using VLANs so I have the three LAN available on the switch.
About the NAS, how can I reach best performances with the router switch? One ethernet port for each LANs (BR1 and BR2) or shuold I use VLANs (since one nas can be configured as trunk?
Note: One of them is used for stream multimedia files.
I read a topic about perfomances issue when upgrading the RB3011 to the latest software versione 7.x.
So I would like to set the best configuration possible.
Open VPN has varied success on MT gear.
Recommend you replace your proton connetion to Wireguard.
If your MT gets a public IP, or if you are behind and ISP modem/router and can forward a listening port, you can also then remote into the router via Wireguard
don’t use multiple bridges. In ROS, bridges are VLAN-aware and you deal with L3 over different VLANs in different manner.
You may want to have a look at this great tutorial on how to do VLANs in ROS. And this explanation of different bridge personalities (bridge is overloaded with multiple functions, things are easier to configure if one is aware of which personality certain config applies to).
right
nothing wrong with that
what kind of VPN? ROS does support certain VPN types, but some are not supported very well
that’s what trunk ports are for … to pass multiple VLANs tagged (it’s a standard thing) to connected equipment
And in general: RB3011 is a pretty decent router, but a pretty dated as well. And since ROS v7 it doesn’t age well (you need ROS v7 for wireguard). So try to look at some other device, decent successor to RB3011 is RB5009.
Yes absolutely recommend wireguard for both connecting to proton and to host your own wireguard so you can remote into the router to config it or for LAN services or to use its internet or to be forwarded out protons internet.
Somewhere on the forum I read somethin about the best practice to connect the NAS to the bridge in order to maximize the perdornces.
IS there something I should do?