I have a network including a handful of physical workstations and printers plugged into a Mikrotik CRS-125, and a pair of virtualization host servers running VMWare ESXi 6.7.0. I am attempting to set up VLANs to separate internal users (the workstations and domain-based PCs) from the web server (accessable from the internet high seas) and then to further separate the VM management network into a VLAN and the backup traffic into a VLAN.
I did some reading up on mac-based VLAN, and I like this approach because it seems to help protect against a user plugging a foreign device into an ethernet port in their office and being a liability on the network. Last night I was working my way through the setup process. I managed to enable the FDB-based VLAN on an ethernet port (8), and I set up the ethernet port which goes to the virtualization servers (23) to be a trunk port, and I further set up the virtual switch on ESXi to use the same VLAN I had configured for ethernet port 8. I gave the VMs and the desktop some static IPs on a subnet of their own and was able to ping from one PC to the other on the same VLAN. So far so good.
I was not able to establish DHCP for the VLAN, and am also unable to find guides that describe how to enable multiple VLANs to route to the Mikrotik's default gateway (I want two VLANs with different subnets to connect to the internet, but not to each other. Particularly in the case of the business VLAN, guest WiFi and the web server, I want all three to connect to the internet, I want the internet to connect to the webserver (NAT), and I want guests to be able to open websites on the web server, so some VLAN-to-VLAN traffic is needed. Does anyone have a guide or some tips on how I need to approach this particular step? Thanks in advance!