Hi Guys,
having trudged the internet looking at videos and forums to figure out how to do this, I have finally resorted to swallow my pride, accept the fact that I may have bitten off more that I can chew, and revert back to the forum with the pros' and ask for your advice.
I have got fed up with ultra restricted commercial grade routers that seem on paper very capable but for price point/political & marketing reasons completely emasculated in their functionalities, hence me buying a MikroTik hAP ac3.
Having moved from an 18Mb ADSL to a 300Mb up and 300Mb down fiber, and my trustworthy Draytek couldn't handle the bandwidth I was throwing at it (mainly inter-VLAN routing).
The new MikroTik is inserted between my ISP router and the network, this enables me not to have to go through all my network settings every time I change ISP, and this works very well.
The setup is quite simple, I have to sites (two CAT6 interlinked houses in fact) , a Pi-Hole (sitting on the ac3), and a Mesh WIFI (Tenda MW6 scattered around house1).
Cable work as follows :
eth1_WAN -> ISP router
eth2 -> house1
eth3 -> house2
eth4 -> pi-hole
eth5 -> mesh
To date, everything is running on the same network running one DHCP on the ac3, simple.
Previously with the Draytek (didn't have mesh wifi at that point), I had 3 VLANS (VLAN10=>house1 & VLAN8=House2) and a VLAN for the Pi-Hole (VLAN222), with inter-VLAN routing and a couple of firewall rules (for specific ports mainly DNS port 53 for pi-hole) to only enable the following communication :
VLAN10 -> WAN -> ISP ROUTER -> INTERNET = YES
VLAN10 -> VLAN222 = YES
VLAN10 -> VLAN8 = NO
VLAN8 -> WAN -> ISP ROUTER -> INTERNET = YES
VLAN8 -> VLAN222 = YES
VLAN8 -> VLAN10 = NO
VLAN222 -> WAN -> ISP ROUTER -> INTERNET = YES
VLAN222 -> VLAN10 = only specific port 53
VLAN222 -> VLAN8 = only specific port 53
As the mesh has been added since, I would need a VLAN100
VLAN100 -> WAN -> ISP ROUTER -> INTERNET = YES
VLAN100 -> VLAN222 = YES
VLAN100 -> VLAN10 = NO
VLAN100 -> VLAN8 = NO
VLAN222 -> VLAN100 = only specific port 53
VLAN222 -> VLAN100 = only specific port 53
Also each VLAN would ideally need a DHCP server as follows :
VLAN10 : 192.168.10.xxx
VLAN8 : 192.168.8.xxx
VLAN222 : 192.168.222.xxx
VLAN100 : 192.168.100.xxx
The 10, 8, 222, 100 figures are only for mental recollection (house1 is n°10 of the street and house 2 is n°8, 222 being DNS and 100 anything Wifi)
To configure the MikroTik, I use the browser GUI (not the CLI), and it seems to do the trick, but between the settings, tabs, sub-tabs, radio buttons, bridges, switches interfaces etc. etc. etc. I am overwhelmed.
Could one of you be kind enough to point out the process and point me in the right direction for the setup, and I am all ears if one of you figures out a more noble way of segregating the network to meet the needs. No worries if one of you comes back with a "Steve your setup is absolute nonsense !"
A huge thank you in advance for any help,
Best regards,
Steve.