Hi, I tried to get some help in the beginners section but with no luck.
Is there a way to separate the 4 houses in the drawing such that they appear on separate networks? I have only 2 ports in my switch in the base house. So I have one VLAN for the base house and one common VLAN for the 3 client houses. Can they exist on 3 separate networks in this setup? As it is today all gadgets is shown in all 3 client houses since they are all on the same subnet. Also I suspect there are unnescessary traffic between the houses since I observe high upload stats on the base. During 1 week the download shows 150 GB, while upload is 80 GB. Normally noone is uploading that amount of data.
On Mikrotik Base use access list to tag traffic from different Mikrotik Clients with different vlan tag.
Add one additional vlan (perhaps even your vlan2) for managing Mikrotik Base itself.
And trunk all that from Mikrotik Base to your Cisco router.
On cisco router use a separate DHCP server for each of the vlans.
Thank you very much. Will try to implement. I somehow was under the impression that you could only have 1 dhcp-server per port, I logged on now and see it is per VLAN like you said, not per port.
Now I have added clients to access list and tagget traffic with vlan number 5, 6 & 7. Only made changes in Base, not client radios. Have also set DHCP servers for each VLAN.
I seems to work, but should I do anything else? I have not done anything for trunking in Base or marked any traffic in clients.
I now have less than 1/10 of traffic going up versus downloading.
Thanks for the help. However I just noticed that after marking the traffic to client 1, 2 &3 with VLAN 5, 6 & 7, I am no longer able to access the clients on the -87-network.
From the base I can ping 192.168.87.1, but not 201, 202 & 203. I also lost internet on 201, 202 & 203. Is there a way to fix this (there is internet in all houses but not on the client routers themselves)?
That is the expected behaviour.
If they were configured to get address from DHCP, they are probably on some dynamic address in .88. .89. .90. network respectively (but as they lost internet connection, that is most likely not the case).
Otherwise, if they have static addresses, probably the easiest way will be to put your PC in each of vlan 5,6,7 consequently and connect to them via MAC-address.
They have static IPs. I assumed that the base and client routers had to be in the same subnet, since that was how it was sold to me. But for me to be able to remotely access these, can I put them in the 88, 89, and 90 networks?
I need to be able to access them from outside since these are summer houses/cabins that are not always accessable. I live in another city and sometimes my neighbours will call me for help even if I am not there.
Client 3 is my summer house. So I could put the base and client 3 in vlan 1 and keep adresses and remove vlan 7.
And change ip-adress of client 1&2 to 192.168.88.201 and 192.168.90.202
Then with port forwarding in the cisco I should be able to access all from the outside?
Technically it is possible to have all four SXTs (together with cisco) in separate vlan 1 management network and put only wifi routers and client’s devices in vlans 5,6,7 (for security reasons), but that will need a more complicated configuration both on Base and on Client’s SXTs.
