I have been watching the Mikrotik forums for a while, because I need a more advanced setup at my home. I wanted to get a full OMADA setup and I have actually made a post about how to set that up on their forum, but I don't know if they actually give a shit about their users. I have a asuswrt merlin AC87U with a FTTH 920/800 PPOE fiber connection.
I will keep things simple, here is my network setup:
Is the network logic ok?
How hard is to setup this using winbox? (please no CLI, I have seen that users post the code of the configuration and while I could some portions of it, it is too advanced for my level.
RB4011 has two swtich chips, I should use just the first 5 ports, or it is better to keep wan on port 1 and the rest of clients on 6-10 ports?
Regarding firewall and INTER VLAN networking:
- could the clients on IOT VLAN be seen and controlled by the private vlan clients? basically IOT clients cannot access private vlan, but the connections established from private to be allowed.
- can I connect to clients such as chromecasts? I have seen that they require mDNS Service in order to be located, can I locate a chromecast on the IOT lan and giving him comands from the Private VLAN?
- what ports do I need to keep open in order fot my smart tv located on the IOT VLAN, be able to acces a samba share from my desktop private vlan? (kodi service)
- if I want to block inter VLAN communication and also want to block the router interface from all VLANS except the native VLAN1, is it ok if I have my desktop connected on a switch port with vlan1 only?
- is there a guide for best practices regarding the firewall rules (attack filtering, url filtering) and port forwarding (ports for xbox and plex in my case)
I have read viewtopic.php?f=23&t=143620 and regarding my questions, I want to know if it is doable and where can I find resources to acomplish that using a user interface (router os or winbox)