Suggestions for new network

mikeyt · December 1, 2020, 10:40pm

Hi folks,

was looking for some pointers in the right direction with my new Mikrotik network,
I have a RB760iGS connected via Eth5 to a CSS326-24G-2S+, I also have 2x RBcAPL-2nD.
I have a PPPoe 100Mb fibre connection and I am using a L2TP VPN connection giving me BBCiPlayer and ITV hub on my TVs (I am in Ireland)
I currently have my PC, printer and NAS and TVs connected to my switch but not separated yet.

What I would like to do is separate my TV’s to use the VPN, have guest and private Wifi from cAP lites and then the rest of wired network using the PPPoe connection.

Would I be better setting up a single trunk port from the router with 2x Vlans and connecting cAP lites to switch or maybe setting up the router as in this post "http://forum.mikrotik.com/t/hex-s-router-individual-ethernet-port-and-vlans-configuration/141348/1 like k6ccc has his network and using 2 separate ports for the Lans and 2 for the cAP lites.

Any ideas as to best practice would be appreciated thanks.

erkexzcx · December 2, 2020, 6:52pm

Looks like you are trying to do something called “Security over obscurity”.

I am not sure what VPN you are using, but looks like you can do this (see 2nd use case).

Set static IPs for your TVs, then add connection mark for your TVs traffic which is found by their their static source IP. Then pass this mark to mode-config. Everything is routed as usually, except TVs traffic is routed through VPN. Setting VPN provider DNS is also advised.

mikeyt · December 2, 2020, 10:11pm

Erkexzcx Thanks for the suggestion will have a look and see if I understand it