Community discussions

MikroTik App
 
userNAC
just joined
Topic Author
Posts: 2
Joined: Thu May 27, 2021 12:13 pm

Setting up VLAN/Firewall with Mikrotik Router (RB4011)

Thu May 27, 2021 12:51 pm

I have been watching the Mikrotik forums for a while, because I need a more advanced setup at my home. I wanted to get a full OMADA setup and I have actually made a post about how to set that up on their forum, but I don't know if they actually give a shit about their users. I have a asuswrt merlin AC87U with a FTTH 920/800 PPOE fiber connection.

I will keep things simple, here is my network setup:

Image

Is the network logic ok?
How hard is to setup this using winbox? (please no CLI, I have seen that users post the code of the configuration and while I could some portions of it, it is too advanced for my level.
RB4011 has two swtich chips, I should use just the first 5 ports, or it is better to keep wan on port 1 and the rest of clients on 6-10 ports?

Regarding firewall and INTER VLAN networking:
- could the clients on IOT VLAN be seen and controlled by the private vlan clients? basically IOT clients cannot access private vlan, but the connections established from private to be allowed.
- can I connect to clients such as chromecasts? I have seen that they require mDNS Service in order to be located, can I locate a chromecast on the IOT lan and giving him comands from the Private VLAN?
- what ports do I need to keep open in order fot my smart tv located on the IOT VLAN, be able to acces a samba share from my desktop private vlan? (kodi service)
- if I want to block inter VLAN communication and also want to block the router interface from all VLANS except the native VLAN1, is it ok if I have my desktop connected on a switch port with vlan1 only?
- is there a guide for best practices regarding the firewall rules (attack filtering, url filtering) and port forwarding (ports for xbox and plex in my case)

I have read viewtopic.php?f=23&t=143620 and regarding my questions, I want to know if it is doable and where can I find resources to acomplish that using a user interface (router os or winbox)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Setting up VLAN/Firewall with Mikrotik Router (RB4011)

Sat May 29, 2021 5:06 pm

Most things are doable.
Chromecast no guarantees,
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: Setting up VLAN/Firewall with Mikrotik Router (RB4011)

Sat May 29, 2021 5:52 pm

please no CLI, I have seen that users post the code of the configuration and while I could some portions of it, it is too advanced for my level

Just FYI: basic configuration structure (tree if you want) is mostly the same both in GUI (either winbox or webfig) and in CLI. It's much easier and more readable to exchange configuration bits in CLI format, but if somebody gives you configuration instructions in CLI it's pretty easy to make necessary steps in GUI. It's also much easier to review actual configuration in ASCII export format than by studying tens of screenshots.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Setting up VLAN/Firewall with Mikrotik Router (RB4011)

Sat May 29, 2021 6:28 pm

Concur I use winbox to mostly config the router/ aka tweak.
However I read the config files (text) put out by the terminal comman /export to review work. Much easier.
Sometimes one needs screenshots aka for example sometimes routes are also best viewed my jpeg.
The text script is extremely useful too, via the Terminal window when replacing config or porting it.
Imagine all I have to do is copy every DHCP lease (could be a hundred) and paste into terminal window and DONE..........
 
userNAC
just joined
Topic Author
Posts: 2
Joined: Thu May 27, 2021 12:13 pm

Re: Setting up VLAN/Firewall with Mikrotik Router (RB4011)

Mon May 31, 2021 10:19 am

tthe explanation about CLI makes sense and I would probably get used to it in time. thank you for the information.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Setting up VLAN/Firewall with Mikrotik Router (RB4011)

Mon May 31, 2021 8:11 pm

What you are proposing is fairly straight forward. It is no problem to set up firewall rules so that either all or selected devices on your private or management VLAN can get to either IoT or Kids VLAN devices to manage them, but those two VLANs for example can only get to the internet - I do that all the time. In RouterOS, it's very easy to allow or block specific devices from communicating between VLANs
My son run Chromecast all the time and required nothing special to be set up to make it work. I don't know about that if you try to do so from a different VLAN. My son's Chromecast and phone are on the same VLAN.
Sorry, I have no information on ports for your Kodi service - but I assume an internet search should help there.
As for CLI vs GUI interface. As stated, it is far easier to share data via CLI, and you should be able to figure out the formats pretty easily so you can read what someone is sending you. Then you can put that data into WinBox. I personally do almost all of my configuration in WinBox,

Who is online

Users browsing this forum: Ahrefs [Bot], cmmike, hatred, Matta and 42 guests