hello,
I am new to this forum and mikrotik in general, I just bougth a new CRS326-24G-2S+RM and trying to build some complex home network.
In the attached img you can see the network diagram:
the 2 APs run 3 different VLANs that cannot talk to each other, but can connect to internet via the modem/router.
there is the NVR on VLAN-NVR that can talk to internet and only with VLAN-home
the HA machine is under VLAN-IOT.
and the 2 servers are on the same VLAN-servers that can only connect to internet and with VLAN-home
given this requirements I need to build all of the above, I already created all the VLANs on APs and on the CRS326
the modem/router IP is 192.168.1.1 and the DHCP use the IPs pool 192.168.1.0/24 for every connected device.
now I need:
1) use the IP 10.0.x.x on all the VLANs (done)
2) make sure that only VLAN-home, VLAN-guest and VLAN-servers can reach the internet. I created the srcnat with out-interface the port where the modem is connected to, but even the VLAN-IOT can reach the internet, how can I select what VLAN can do it?
3) make the HA device reachable just from a single IP/MAC from the VLAN-home
4) should I disable the bridge completely for all the ether ports, since all the connected devices are in one of the VLANs above?
thanks in advance