Community discussions

MikroTik App
 
davidon
just joined
Topic Author
Posts: 13
Joined: Wed Sep 28, 2022 10:03 pm

Ultimate MTik setup with a secure & nonstop connection - for the average joe

Tue Jan 10, 2023 12:38 am

Hi all MTikers,

I'd like to verify with you before purchase, because it is pricey:

I want to purchase a MTik router which provides:
  • Ability to connect to internet as a WiFi client (for when a cable is impractical/nonexistent.)
    Device should still be able to operate as a WiFi AP (to allow internet access for other clients) and wired clients are able to connect to internet via the device as well.
  • Guest WiFi (Internet-only) 2.4/5 GHz network.
  • IoT WiFi 2.4/5 GHz network.
  • Ability to isolate networks (Guest/IoT) from other networks.
    In other words, the isolated networks may communicate only with internet.
    At times, it might be needed to access the IoT WiFi network to configure stuff.
  • Supports SIM card which allows internet connection via Cellular network to be used in case that the main WAN connection is lost (whether the WAN is via wired WAN port or via WiFi interface as a WiFi client).
  • OpenVPN support as both server and client.

To have these, I assume that either of the following two devices is needed:
  • Chateau LTE18 ax
  • Chateau 5G ax

I collected the following tutorials that would help me achieved all the above:

Configure MTik as WiFi Client to connect to Internet:
https://sanisimov.com/2019/02/connect-m ... -and-wifi/

Configure WiFi Guest network (Internet access only):
https://www.prado.lt/how-to-setup-mikro ... fi-network

Setup "WAN2" (Cellular modem builtin the MTik device) as failover for "WAN1" (wired WAN):
https://wiki.mikrotik.com/wiki/Manual:F ... ll_marking

The network isolation is done on two levels: Ethernet and IP.

Layer2 isolation is achieved with VLAN (useful also for QoS):

https://help.mikrotik.com/docs/display/ROS/VLAN
viewtopic.php?f=13&t=143620
https://www.youtube.com/watch?v=dr-WrgrhXOg
https://thesebytes.net/mikrotik-routero ... iguration/

IP Isolation is acheived with Firewall rules which drop packets that attempt to traverse between VLANs.


---------


Did I miss something?
If you happen to have a suggestion, please do..

Who is online

Users browsing this forum: Bing [Bot], ccrsxx, rolling and 34 guests