Please help by checking user reqs and suggesting technical solution (not the actual setup of the MT, I'll attempt on my own after confirming my functional reqs here).
Fresh start after failing first attempts in limited spare time to learn MT.
Yes I've read New user pathway to success but though I'd start over by getting user reqs right first. Please suggest.
Devices:
Network: Mikrotik hEX S with RouterOS 7.6, 2 x Unifi AC Lite (vlan aware WAP's, support max 4 SSID's), 2 x netgear 'smart' switches (not truly managed, but smart enough for vlan), 1 x RPi with unifi controller and PiHole
"Admin devices" (trusted. mine): wired desktop, laptop, phone,
"Other user devices": 2 x RPi, laptops, phones, tablets
"Kid's devices": laptops, phones, tablets
"Untrusted / IoT": lighting devices and other home automation - printer also here?
What I'd like:
Segregated networks (I'm assuming VLAN's?) for:
1. "Admin" for management of network devices (as recommended per MT forum). Contains management interfaces of network devices and my personal devices. My personal devices should have access to internet and all other VLAN's. Wifi and wired access.
2. User devices 'DNS unfiltered': for "other user devices", unrestriced access to internet, access to other VLAN's EXCEPT "Admin". Wifi and wired access.
3, User devices 'DNS filtered': for "other devices", PiHole filtered access to internet, access to other VLAN's EXCEPT "Admin". Wifi and wired access.
4. Untrusted / IoT devices: access to internet but NO access to any other VLAN. Wifi and wired access.
Preferably a seperate VLAN for Kids devices with filtered internet access and NO access to any other VLAN ... but then I'd exceed 4 SSID's in my current imagined setup. So add these to group 3.?
No seperate VLAN's required for TV receivers or IP phones, as we don't have these devices.
Other user reqs:
a. user devices can choose filtered (phiole) and unfiltered internet via SSID (required because adblocking can "break" sites and users need easy way of switching between filtered and unfiltered DNS)
b. PPPoE access through VLAN 6 (ISP delivers internet on VLAN 6)
c. two ports used on the hEX S: 1 x WAN, 1 x LAN. Switching left to the switches as much as possible.
d. LAN on ether1 so the MT can be powered by PoE switch
Functional reqs?
Please help define. So what will be basic setup... 5 VLAN's (1 WAN, 4 x LAN) ? I understand there's different ways to go about this in RouterOS - what would be most suitable way for me?