Page 1 of 1

Isolating subnets with MikroTik

Posted: Thu Sep 05, 2019 11:12 pm
by DrJoe
https://1drv.ms/u/s!ApGRjFx_6bb8qnNZu_bOHD95KR15

This is my home setup. Originally the WNR2020 routers were not present. But, only the Calix guest network is truly isolated. Activating the guest networks on the other routers still allows a connected user to see and ping devices on the main LAN. So I added the WNR2020s and activated DHCP on them so they are on different subnets, tryiing to use them as wireless access points that would be isolated from my main LAN. The do not "see" the devices on the main LAN, but can still ping them. I have visitors with smart phones in all the remote areas ( who ask for wifi access ), as well as needing IOT devices in these areas. My goal is to isolate these "guests" and IOT devices from my main LAN. I am stuck with the single "trunk" connecting the remote routers. I do not completely trust the security in IOT devices, nor the smart phones carried by visitors. Reading all the features of RouterOS leads me to believe that adding a MikroTik router in the network ( in front of the Calix? ) would allow me to isolate the subnets assigned to these guest networks, but I am not sure. Ideally, I would filter based on subnets, and allow those subnets to only access the internet. Access from the main LAN to those subnets would sometimes be useful, but not completely necessary. My question is this: Is RouterOS capable of this type of filtering? I need automatic connection by the IOT devices ( which can remember a wireless password ), but I wouldn't mind if smart phones had to connect with the hotspot feature. Thanks for any opinions. I don't mind doing the work to figure out a configuration later. Just want to know if this is possible before purchasing a MikroTik device.