1. I would like to make to have managment access to microtik only from a computer with a specific IP address or MAC address (which is more secure) or another idea
2. I would like to isolate so that raspberry can access pc (only stats+dns)+ssh
3. From pc I would like to access raspberry and TV.
Create a guest WiFi network for IOT devices sensors, electrical outlets etc, but for the raspberry pi (home assistant) to collect info from them.
What is the best way to do this and secure it properly? I have static addresses assigned by DHCP in mikrotik.
VR Quest 3 I use WiFi 5Ghz, and streaming is from a "PC" to google
Router asux Ax55 does not support vlans unfortunately.
Currently my network scheme looks like the picture.
https://postimg.cc/xc17XYVS
Re: managment - topology [SOLVED]
1.
2. & 4.
3. I'm not sure myself
Code: Select all
/ip firewall filter
add action=accept chain=input protocol=tcp dst-port=8291 src-mac-address=xx:xx:xx:xx:xx:xxCode: Select all
/ip firewall filter
add action=drop chain=forward src-address=10.27.0.16 dst-address-list=!Allowed
/ip firewall address-list
add address=10.27.0.30 list=Allowed
add address=10.10.0.0/24 list=Allowed
/interface wifiwave2
add master-interface="wifi_interface" name=wifi_iot configuration.ssid="ssid" security.authentication-types=wpa2-psk security.passphrase="wifi_password"
/interface bridge
add name=bridge_iot
/interface bridge port
add bridge=bridge_iot interface=wifi_iot
/ip address
add address=10.10.0.1/24 interface=bridge_iot
/ip pool
add name=pool_iot ranges=10.10.0.2-10.10.0.254
/ip dhcp-server network
add address=10.10.0.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.10.0.1
/ip dhcp-server
add address-pool=pool_iot interface=bridge_iot name=dhcp_iot
/ip firewall filter
add action=drop chain=forward src-address=10.10.0.0/24 dst-address=!10.27.0.16Re: managment - topology
Maybe this topology can help you:
viewtopic.php?t=205291
viewtopic.php?t=205291