MikroTik

Hi,

I am planning my home network setup and considering the necessary equipment. My only available connection is through LTE. The cell tower is less than 2km away but behind a few walls and a curve of a forested hill so I am considering an outdoor modem positioned optimally. So far the best choice seems to me the SXT LTE6 kit. So far so good. Then my eyes are starting to get misty pondering the whole LAN setup. After staring long at all available block diagrams I've come up with two example diagrams with my current choice of devices: SXT LTE6, Audience AP/router and a RB260GSP switch.

The Audience hardware seems quite capable so at first I thought I would pass through my external IP to it and use it as my main router, doing firewall, VLANs, etc. Fig. 1

But then this setup seems a bit more straightforward: Fig. 2

Which one of the two should I focus on considering the following objectives:

1. Management access from laptop/workstation to all network devices including the SXT LTE6. I've read about using two VLANs to achieve this.
2. Maximum throughput between wired clients and between wired and wireless clients on the 5Ghz WLAN
3. All gadgets on a separate WLAN (virtual interface, VLAN?) with firewall allowing them only access to WAN (firmware updates) and access from rest of LAN for management purposes
4. (Optional) Guest WLAN
5. (Optional) Link aggregation for NAS server

What are the bottlenecks, limitations of the two setups?
Or would you suggest other setup/equipment? I would rather have it simple, but with the possibility for more complex configuration/expansion when needed. Any guidance appreciated!

The SXT LTE6 will probably handle basic NAT and firewall for a LTE connection just fine. I would probably go with Figure 2.

If you need heavier inter-VLAN routing then you could use the Audience, then default out via the SXT.

Thanks for your opinion @mada3k!
I am sure the SXT would be fine as a basic outside firewall, gateway router. I just wanted to make sure that I avoid any inter VLAN rouiting-on-a-stick scenario. I've posted the same question on reddit and got the suggestion to ditch the RB260GSP and go with something like CRS112-8P-4S-IN which has Layer-3 capabilities, VLAN switching, ACLs, and more ports for future expansion. Looks sweet and fits nicely in my Fig.2 proposed setup. No need for IP passthrough this way either. I am looking into this now. Wish it had 2 SFP+ instead 4 SFP ports so I can put the NAS on a 10GBit line! Can't see any smallish (8-port) desktop PoE switch with a SFP+ cage in the current line-up. Still looks good enough for now. The CRS328-24P-4S+RM is a monster of a switch but quite frankly -- an overkill for my home.

CRS112-8P-4S-IN is nice and can indeed do L3, but not with the performance of the Audience.

You could for example create the following a "LTE uplink" VLAN that goes between the SXT and the Audience.
All clients defaults to the Audience, then the Audience defaults to the SXT. NAT is done at the SXT.

I am trying to visualize what you say because I struggle to wrap my head around it otherwise. Does something like this seem reasonable to you: Fig.1

Or the alternative: Fig.2

I am even more confused than when I started trying to comprehend the packet flow and performance implications of each approach. I am about to give up on the whole VLAN segregation thing and do it simply: SXT (router/gateway) --> CRS (switch) --> AP. Some more reading is due before I try more complex setups.

This can be done, what problem you reach becase at 1st post you write few generic question and not write one problem to solve.
I not have CSR but can help with all other stuff.