I'm new to MikroTik (and advanced networking). I come from a FreshTomato background running on an ASUS router. The network I will be building will be for my apartment. I have couple of devices, including: 3 phones, 3 Raspberry PIs, a PC, 3 Laptops (personal, work and son's), Printer and a dedicated HP server. I've recently got the RB4011 WiFi model and I want to use it as the main router for the whole network.
Currently, the network configuration is relatively simple: ISP <--fiber--> Huawei <--ethernet--> Router <--ethernet/WiFi--> clients. All LAN devices have static DHCP MAC-IP bindings. The server has some ports forwarded for some services to be connectable from the internet. PC and server are the only things connected through the cable, everything else run on WiFi. One of the RPis runs PiHole and is set by FreshTomato's dnsmasq as the main DNS when clients obtain IP from DHCP. Every device, both Ethernet and WiFi are using the same network - 192.168.1.0/24.
One caveat is that my ISP currently allows my ASUS router MAC address (this shouldn't be a problem - I should be able to change the MAC on MikroTik, right?). QoS is disabled because of hardware limitations and I'm getting 300Mbps down instead of the full 750Mbps I should be having. When I turn on CTF I'm getting the full speed, however I can't use QoS then.
What I'm missing right now:
- QoS + Bandwith Limiting - I'd like to "divide" both upload and download speed so that the requests from/to the server get the highest priority, then work laptop, then my PC, then everything else. The rule of thumb I'd like to use is that 90% of bandwidth is always used across all devices. Ideally I want my server to have high connection speed and low pings for services while I would be working on the laptop, wife watching TV, son play video games with small pings and guests use WiFi without lags/slow downs.
- No FastTrack/CTF - I have this currently on because that's the only way I'm getting my full internet speed. If I'm understanding this correctly - FT/CTF turned on implies that QoS/Bandwidth Limiting are ignored and I want to have the full bandwidth available for QoS/BW Limit
- working Hairpin/NAT Loopback - currently the only way I can connect from my PC to the server is to have a LAN IP entry for the domain the server is using in the hosts file. If I'm understanding this correctly - Hairpin NAT would handle that on a network packet level based on some firewall (?) rules
- Network Flow visualization + monitoring - I'm looking for a way to have some sort of a dashboard with as much details as possible, including: connections displayed on map, drilling down to the network packet level, etc... I can host it on my dedicated server. Any recommendations what open source/free tools I can use for that?
- Secure and Efficient Firewall w/ server ports forwarded - I understand NAT a little bit but I have no idea about other things like Mangle, Rules etc.. so I can't even really tell if I should consider those or maybe those are required in my case
- VLANs (?) - I'd want to group some devices and manage those groups in terms of internet connectivity and communication between each other groups, i.e. printer doesn't have to have internet access at all but should be accessible to all LAN devices, work laptop should have internet access and be able to use the network printer but nothing else
- Ditching Huawei - I might be able to use the SPF+ slot and plug the fiber cable through the connector there but I might have to call the ISP to confirm that the Huawei serves only the purpose of converting fiber to ethernet and I also need to find a proper connector
From what I've already researched, this should be the order of how I should get this all done:
- Design/Draw network diagram
- Boot up Mikrotik and remove default configuration
- Upgrade to the latest version
- Plug the WAN cable to Eth1 port, Server cable to Eth2 and PC cable to Eth3.
- Create WAN interface (?), put it the ISP-required MAC address there, create a network of 192.168.1.0/24 (to keep the current addressation) and turn on DHCP with a custom pool
- Add all the static DHCP leases
- Create a WiFi Network and it's security profile
- Setup routing (?)
- Setup Firewall (QoS, Bandwidth limiting, Port Forwading, other(?))
If I messed up/overdoing/missing something here, let me know - any help and guidance is much appreciated!