F5F Stay Refreshed Power Users Networks Recommendations for improvement. Diagram included.

Recommendations for improvement. Diagram included.

Recommendations for improvement. Diagram included.

T
Taybaybay
Posting Freak
Find
850
08-04-2021, 03:43 PM
#1
Preparing for my new Mikrotik router tomorrow involves reorganizing the network, installing cables for all cameras, setting up a wireless access point, and finding the safest way to secure everything. I’ve already reviewed the basic setup on MikroTik, which looks straightforward. Any suggestions for improvements? I plan to include a switch with PoE for the two cameras and the AP, as they’re currently using external power. A guest network for visitors on the AP is also on my list. Have you heard of virtual networks in routers? It could help separate the network further if needed.
Reply
Reply
T
Taybaybay
08-04-2021, 03:43 PM #1

Preparing for my new Mikrotik router tomorrow involves reorganizing the network, installing cables for all cameras, setting up a wireless access point, and finding the safest way to secure everything. I’ve already reviewed the basic setup on MikroTik, which looks straightforward. Any suggestions for improvements? I plan to include a switch with PoE for the two cameras and the AP, as they’re currently using external power. A guest network for visitors on the AP is also on my list. Have you heard of virtual networks in routers? It could help separate the network further if needed.

Reply
Reply
T
Taybaybay
Posting Freak
Find
850
08-05-2021, 12:06 AM
#2
I switched on the little POE device to power all your equipment as requested. I set up a VLAN to divide my network from the guest network. It makes sense to isolate your sensors for better security. Overall, it works well!
Reply
Reply
T
Taybaybay
08-05-2021, 12:06 AM #2

I switched on the little POE device to power all your equipment as requested. I set up a VLAN to divide my network from the guest network. It makes sense to isolate your sensors for better security. Overall, it works well!

Reply
Reply
_
_AxioZ
Junior Member
Find
4
08-05-2021, 05:57 AM
#3
The guest network will be assigned a separate subnet, likely using a different VLAN or a dedicated range. This ensures they receive distinct IP addresses separate from the main network.
Reply
Reply
_
_AxioZ
08-05-2021, 05:57 AM #3

The guest network will be assigned a separate subnet, likely using a different VLAN or a dedicated range. This ensures they receive distinct IP addresses separate from the main network.

Reply
Reply
K
koolkittyLR
Member
Find
172
08-06-2021, 07:16 AM
#4
The diagram includes a VLAN CIDR notation.
Reply
Reply
K
koolkittyLR
08-06-2021, 07:16 AM #4

The diagram includes a VLAN CIDR notation.

Reply
Reply
F
Frogimouse
Member
Find
217
08-07-2021, 01:05 PM
#5
This was my initial reaction too. I favor using IP groups on my firewall since it simplifies controlling access for individual devices, though VLANs also function well. Excited to see increased focus on securing physical devices against online threats—great progress!
Reply
Reply
F
Frogimouse
08-07-2021, 01:05 PM #5

This was my initial reaction too. I favor using IP groups on my firewall since it simplifies controlling access for individual devices, though VLANs also function well. Excited to see increased focus on securing physical devices against online threats—great progress!

Reply
Reply
F
flamex123456
Member
Find
227
08-07-2021, 03:45 PM
#6
I'll set up three separate VLANs: one for guest access, another for IoT devices and sensors, and a third for computers, future SAN equipment, and media servers.
Reply
Reply
F
flamex123456
08-07-2021, 03:45 PM #6

I'll set up three separate VLANs: one for guest access, another for IoT devices and sensors, and a third for computers, future SAN equipment, and media servers.

Reply
Reply
R
RoboTron56
Junior Member
Find
37
08-07-2021, 04:34 PM
#7
I needed to clarify since this wasn’t the first time someone mentioned "The IoT SSID will be a different subnet" without planning VLANs. Usually, VLANs provide clear signs—like router and AP labels indicating native or trunk ports, or tagged/untagged configurations. It looks like no distinct CIDR for IoT is specified. For example, the Zigbee Hub IP falls within 192.168.88.0/24.
Reply
Reply
R
RoboTron56
08-07-2021, 04:34 PM #7

I needed to clarify since this wasn’t the first time someone mentioned "The IoT SSID will be a different subnet" without planning VLANs. Usually, VLANs provide clear signs—like router and AP labels indicating native or trunk ports, or tagged/untagged configurations. It looks like no distinct CIDR for IoT is specified. For example, the Zigbee Hub IP falls within 192.168.88.0/24.

Reply
Reply