I have a wAP ax with the latest RouterOS (7.19.1). I have a 10.1.10.0/24 subnet for PCs and devices that may talk to them. I have a 10.2.10.0/24 subnet for guests' phones and smart devices (wifi enabled light switches, Ring cameras, etc), which I want separated in case a device were to get compromised. (I think) I want to change this to 10.2.10.0/32, to further prevent devices from talking to one another, while still allowing them to connect to the internet.
Pieces I've been editing, from my config:
Code: Select all
/ip pool
add name=dhcp ranges=10.2.10.180-10.2.10.199
/ip dhcp-server network
add address=10.1.10.0/24 comment="Home Network" dns-server=10.1.10.251 \
gateway=10.1.10.1 netmask=24
add address=10.2.10.0/32 comment="Home Automation" dns-server=1.1.1.1 \
gateway=10.1.10.1 netmask=32
/ip route
add comment="Subnet for internet devices " disabled=no distance=1 \
dst-address=10.2.10.0/24 gateway=bridge routing-table=main \
suppress-hw-offload=no
add comment="Subnet for isolated internet devices" disabled=no distance=1 \
dst-address=10.2.10.0/32 gateway=bridge routing-table=main \
suppress-hw-offload=no
add address=10.2.10.0/24 comment="Home Automation" dns-server=1.1.1.1 \
gateway=10.1.10.1 netmask=24
What else do I need to change to make this work?