Hi all,

I never used Mikrotik products professionaly, but for the last 10 years buy and install them in every ocasion for my friends and family. I have some experience in network configuration, but the task that I have seems to be above my level of competence. The network layout is shown below: I want to achieve the following:

• Devices with yellow dots can access Internet
• Home devices can access each other, plus Home Server
• Only home server can access devices in Home Automation WiFi
• Devices in Home Automation WiFi cannot access anything except Home Server
• Guest devices can access only Internet and not each other

Before upgrade to 7.13 three interfaces coming from each CAP (one per WiFi) were setup within Mikrotik router (RB951G). These interfaces were then mapped to 3 bridges. Home Server was connected to the same bridge with Home Automation WiFi. With firewall rules I setup access between networks and allowed Home devices to access Home Server and Internet.
After upgrade to 7.13 I have only local forwarding option available on CAPs and that means that traffic from 3 WiFi network mixes and I cannot manipulate it on Mikrotik router.
I thought about creating VLANs, but it has no encryption and any devices connected to the switch can technically access devices in all WiFi networks. I would like to have a certain level of security since many sensitive devices are connected to Home Automation WiFi: like gas boiler, locks, lamps, etc.

One solution that I have in mind is to reconnect CAPs to Mikrotik router through PoE injectors. It won't look pretty, but it shall be more secure, since devices connected to the switch will not be able to reach home automation. Then create VLANs for each WiFi and keep switch connected with no VLAN

Any better solution that I'm missing?

Thank you!