Example network with DMZ part, using VLANs and trunks. Tested in my network, but not my current setup.
VLAN 3 – DMZ VLAN 10 – Homenetwork VLAN 128 – MGT
Modem : fritzbox, is dhcp server for 192.168.1.1 network CRS: is dhcp server for wlan, home network, management, Also a firewall with NAT is configured here. ( No block examples below, only NAT ) RB: (Routerboard 2011) has no IPs except for a management IP (not in config below) Server and Reverse proxy are in the 192.168.1.1 network. (dhcp requests in a dmz vlan (3) get their IP from the modem DHCP pool.
Example ip’s server and PC
server: gets dhcp from modem, 192.168.1.10/24 gateway 192.168.1.1 DNS 192.168.1.1 PC: gets dhcp from CRS, 10.10.0.1/24 gateway 10.10.0.253 DNS 1.1.1.1
I used to draw my network using inkscape, or graphviz. But the last years i’ve been using DrawIO. A friend is drawing his. So i posted some tips.
When using inkscape, i liked the way that i could view more or less details using layers. But editing was hard.
Getting DrawIO:
There is a online version: https://app.diagrams.net/ You can download a AppImage And .. install it in your nextcloud, which is the way i’m using it. (Login as admin, click Apps and search for draw.io)
Some tips on using images .. Below is a example of a Mikrotik switch with connector points.
Use a search engine to look for images, the ones with front facing connectors are easier to use. I always look for images which have a transparent background. Using google you can use below ‘trick’ google > images > tools > color > transparent Just copy-paste into your DrawIO document, it is better to have a large picture which you can resize as the other way around.
Adding connection points:
Left click the image in DrawIO, right mouse and Edit connection points
Now you can place/remove edit connection points.
Due to security reasons i won’t be posting my complete network image ..
Another tip:
Network sheet a friend is working on
Device is not straight, so its harder to get the connections right. Besides that, the lines are below the device. Click line and select bring to front.
Many years ago i started segmenting my network using vlans.
In 2022 i started to reconfigure my lab and using a lot more Mikrotik switches. So how many … is to many, because i always overdo stuff.
Well .. is 9 to many for home environments?
default vlan – did’t bother to configure
old DMZ .. to be migrated
DMZ – my servers live here
Wifi personal workstations – Mobiles and laptops .. macaddress limited
IOT – only arduino’s, raspberries and other hardware live here
Personal workstations – UTP connected workstations with less networking limitations
LAB – My lab environment, Ovirt virtualisation for fun and manage access to servers in dmz
Storage – my SFP enabled all-flash storage
Management – really tight restricted access to management interfaces (switches/routers/storage/ILO)
Hard to manage? All those vlan’s? .. Sure, but i learn a lot! (Not really .. when you got the basics down, more of the same. Hardest part? .. not cutting-off connections/switchports you are using!)
Today Vincent mentioned a link about mqtt and mikrotiks, i knew about addons, but not mqtt .. lets try this.
When you want to use MQTT with Mikrotik you have to install the iot package from extra_packages.
Download correct package zip from ( https://mikrotik.com/download )
Download extra packages zip for your system
Extract and use file upload
Reboot your mikrotik
(i had to upgrade my firmware first, iot package was not build for my version)
Create a entry in IoT > Mqtt to your broker.
save below in a script ending with a .rsc extention, and upload in file manager
# Required packages: iot
################ Configuration #################
# Name of an existing MQTT broker that should be used for publishing, the one you just created
:local broker "10.1.0.17"
# MQTT topic where the message should be published
# i've got mine in a tree called mikrotik/switchtype/
:local topic "mikrotik/rb2011/topic"
############### System ###############
# You can create your own variables below
:put ("[*] Gathering system info...")
:local cpuLoad [/system resource get cpu-load]
:local freeMemory [/system resource get free-memory]
:local usedMemory ([/system resource get total-memory] - $freeMemory)
:local rosVersion [/system package get value-name=version \
[/system package find where name ~ "^routeros"]]
:local model [/system routerboard get value-name=model]
:local serialNumber [/system routerboard get value-name=serial-number]
:local upTime [/system resource get uptime]
################## MQTT ###################
# create a message
:local message \
"{\"model\":\"$model\",\
\"sn\":\"$serialNumber\",\
\"ros\":\"$rosVersion\",\
\"cpu\":$cpuLoad,\
\"umem\":$usedMemory,\
\"fmem\":$freeMemory,\
\"uptime\":\"$upTime\"}"
:log info "$message";
:put ("[*] Total message size: $[:len $message] bytes")
:put ("[*] Sending message to MQTT broker...")
/iot mqtt publish broker=$broker topic=$topic message=$message
:put ("[*] Done")
Import script using
import mikrotikmqtt.rsc
Todo’s:
Import is just @ import time, need to “cron” this?
