hello all
I'm a newbie into mikrotik world and decided to jump on the deep (very deep) end to establish a home network implementing VLANs to allow for network segregation for IOT devices, guests, etc.
Followed a mix and match of resources:
1) maybe the most useful: viewtopic.php?t=143620 -> Switch with a separate router example
2) an useful yet basic video on CAPsMAN: https://www.youtube.com/watch?v=taQ70m0DVYA
Topology wise:
HEX S router running RouterOS 6.48.6 ->
port 1->WAN
port 2-sfp1 bridged connected to switch
CSS326 switch running SwitchOS 2.13 ->
port 1 -> trunk to router
port 2 -> desktop
port 3 -> server
port 23 -> CAP ac1
port 24 -> CAP ac2
Running 4 VLANs: 10-trusted, 20-untrusted, 30-guests, 99-mgmt
Ideally what I'm after is to isolate clients on VLANs 20 and 30 such that they can talk to the internet and nobody else.
VLAN 10 should be able to access clients on 10, 20, 30 VLANs.
I've done tests and I seem to be able to accomplish my goals (from .10 can ping .20, .30, from .20 cant ping anyone else, from .30 cant ping anyone else) but I'd love some review/inputs on my config so far.
Attaching my current routerOS config and screenshots from SwitchOS config.