Hello,
Even though I've been using Mikrotik for almost a year now, my knowledge is still very basic.
Yesterday I have decided to do some big changes on my WiFi configuration.
The reason for this change was mainly WiFi config which I was not satisfied with. On PRIMARY RB (with internet source and serves as a router) I had 2 SSIDs configured to 2 different bridges (home/guest), which then on my SECONDARY RB (only wifi extension and connecting my PC) could not have been replicated due to SECONDARY router being assigned bridge-home IP address.
So what I have done:
[*] on SECONDARY RB I have created DHCP Client and on PRIMARY I have set it as static and assigned it an IP Address 192.168.88.2 (PRIMARY ends with .1)
[*] on SECONDARY I have switched Wi-Fi to be managed via CAPSMAN
[*] on PRIMARY I have configured CAPSMAN
It all seems to be working well and it helped me to reach my goal of having home and guest WiFi on my both RBs.
However,
[*] I would like to ask you whether you, more skilled guys, could take a look at my configs and verify whether I might have done anything which could create a security breach.
[*] Also, I would be very glad for any tips regarding other stuff I can do to increase my security (perhaps verification/addition of my Firewall rules etc.?)
[*] Last but not least, my IP address is not public, if this helps with the security advice, but I will soon switch to Fiber - will my setup still be OK to use, will the transition from xDSL to Fiber require minimum changes on my end? My ISP told me they will give me their modem and I can switch it to the bridge mode and use my Mikrotik stuff, but I am not sure whether I can retain most of my current settings due to public IP and different technology.
Thank you very much for literally any feedback! :)
RKU