Community discussions

MikroTik App
 
fisha462
just joined
Topic Author
Posts: 5
Joined: Wed Aug 10, 2022 7:33 am

Mikrotik Setup, VLANning Network, Mix of Wifi/Eth, 1 SSID

Tue Mar 28, 2023 3:21 pm

Hello,

Thank you in advance for taking the time to read this and provide feedback. I have a large home network, for the most part all my infrastructure is Mikrotik except for one POE camera switch, and one unmanaged desktop switch. I would like the delve into the world of VLANs for my own better-meant and to enhance my home network security. I have a single WiFi SSID and would prefer to keep it but I am open to creating multiple. All Mikrotik APs are managed by CAPSMAN in my RB5009 router. I also have a CSS326 switch running SWOS. All other Mikrotik devices are running RouterOS 7.8. I would like to create various VLANs and move appropriate devices onto those VLANs so I can provide myself better security and control over the traffic as well as restrict internet access in certain cases. I have read through many forum posts and many aspects of the online manuals, as well as watched Mikrotik VLAN setups on Youbtube by the network berg. At this point I am scratching my head as most of the information is based on multiple SSIDs/VLANs not one SSID. I am somewhat confused by what I need to configure as far as interface VLANs, Bridges/VLAN Tables. It seems that my setup will require some work to be done in my CAPSMAN access list, as well as setup in the switch, and each AP.

My router is connected to the main switch via SFP port, all of my APs (4) are plugged into ports on that switch, most of my hardwired devices are connected to that switch, a few devices are plugged into the secondary ports of the APs.

Attached is a visual layout I made, if anyone is willing to help me get started - that would be wonderful as I am somewhat lost!
You do not have the required permissions to view the files attached to this post.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Mikrotik Setup, VLANning Network, Mix of Wifi/Eth, 1 SSID

Tue Mar 28, 2023 3:33 pm

Question from my side:
If you want to stay with one SSID (which is your choice, no comment there from me) you are aiming for 1 VLAN for everything Wifi and 1 VLAN (or multiple) for everything fixed ?
You should first clarify that part for yourself. Why VLAN ? To separate what from what and why ?
What is the list of the devices you want to have included in this setup ? I already see RB5009 (ROS) and CSS326 (SWOS), what else ? I THINK I notice a drawing for AC2 and/or AX2 ? It's not clear from the picture.

Have a decent look at this EXCELLENT thread made by pcunite, it contains all basics needed to get you started.
viewtopic.php?t=143620

Read it more then once (it's needed, trust me).
Once you see the pieces falling together, it's not thát difficult if you follow the steps.

It helps if you can use spare material to build small setups to test things in order to get everything digested.
 
fisha462
just joined
Topic Author
Posts: 5
Joined: Wed Aug 10, 2022 7:33 am

Re: Mikrotik Setup, VLANning Network, Mix of Wifi/Eth, 1 SSID

Tue Mar 28, 2023 4:45 pm

holvoetn,

I was thinking of categorizing devices into multiple VLANs, some are wireless and some are wired and some VLANs would have both. So for example a VLAN for all of my cameras which are all hardwire, a VLAN for IOT devices - some Wifi Some hardwired, a computer VLAN some hardwired, some Wifi, I have some work edge devices I use for testing, all hardwired.

For the IOT devices, they are communicating to a local instance of Home Assistant, many of them try to "dial home to the mothership" I would like to be able to block them and restrict traffic only whats necessary to operate.

VLANs:
Cameras
IOT
Computers
Mobile
Work
Switch Management

Am I shooting myself in the foot by not making separate pairings of SSID/VLAN? I didn't initially go that route as I thought it would be even more complicated but I can at this point.

The device you asked about is a hAP AC2.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Mikrotik Setup, VLANning Network, Mix of Wifi/Eth, 1 SSID

Tue Mar 28, 2023 4:49 pm

1 SSID serving multiple VLANs is a big no-no for me.
You'd never know upfront what will end up where.
Unless you also play with MAC access rules or alike... big mess if you ask me.

If you want separation on your wireless devices, stick to 1 VLAN for 1 SSID.
(you can have multiple SSIDs in 1 VLAN, I do so at home for 2.4 and 5Ghz channels).

Based on function of your devices, it is possible to put wireless devices and hardwired devices on the same VLAN.
 
fisha462
just joined
Topic Author
Posts: 5
Joined: Wed Aug 10, 2022 7:33 am

Re: Mikrotik Setup, VLANning Network, Mix of Wifi/Eth, 1 SSID

Wed Mar 29, 2023 4:26 pm

I ended up making seperate SSIDs. Yea, so much easier than what I was trying to do before. Thanks for your help!

Who is online

Users browsing this forum: ccrsxx, GoogleOther [Bot], nichky, nickhoulton, onnyloh, outtahere, rolling and 64 guests