I have mant15s APs and SXT Lite 5 CPEs and Tenda F3 Home Routers
I need a good IP management plan such that the Tendas have PPPoE accounts that connects them with the external ISP (PPPoE server not mine)
How can I configure them such that, from within my home network, I can manage all the CPEs, APs, and routers?
I’d recommend that your management interfaces are protected with ACLs and positioned in a way that you can only reach them from particular places.
This means for most use cases you’ll want to use private IPs although if you are flush with public you could use them for this too.
You’ll also want to set it up so you use a bastion host (jump box) or VPN to access your devices. This will allow you to set an ACL on all of your devices to only allow SSH from the jump box or the VPN network. You can use software like SecureCRT to automatically login to a jump box and from there login to a device. A jump box would be my preferred solution.
With that in mind any private IP scheme would work fine.
My setup is currently like this:
1- All Mikrotik devices (CPE & AP) have bridge and its IP (ex: 10.10.1.2)
2- All routers have PPPoE account
exceptions:
1- My SXT (CPE) has PPPoE Client
2- My Router WAN is static IP (192.168.88.2) connected to SXT LAN with IP (192.168.88.1)
whenever I want to access the network I do this:
1- connect my laptop through WiFi to my router
2- Open Winbox and connect to 192.168.88.1 which gives me access to my SXT
3- Open IP neighbors table and MAC Telnet to all other clients
I think there should be a more convenient way, since this way Winbox cannot see the clients on the network explicitly