Hey Folks,
I'm looking to upgrade my Mikrotik setup after finding the smaller units fantastic. They are too limited for my wider network needs so I'm looking to upgrade to something with IPSEC hardware acceleration and idealy with decent wifi.
The Mikrotik RB4011iGS+5HacQ2HnD-IN Router looks like a great option as it would save me having to pay for separate access points (or at least, reduce how many I would need if I have a range issue)
I have a couple of questions...
Firstly, I'd like 4 or 5 different (and isolated) network segments with their own SSID. This I presume is fine, but what I would also like is for one of those wireless segments to have a policy whereby all traffic must pass over an IPSEC interface. I have this now on my hAp Lite and it works well but I don't have any fancy VLAN config or anything like that there. Is it possible to have a policy for this tied to a specific VLAN, and furthermore does the blackhole/kill switch functionality still work here such that if the VPN dropped, traffic on that segment would simply fail?
Secondly, I'm looking to replace my BT router with this (it's FTTP) - I've found a few posts around this but should this generally be OK without too much effort to get the PPPoE session up and running? any gotchas around this?
Many Thanks