MikroTik

I'm performing some upgrades on my home office network and installing a new NAS which will also serve as my email server, so it needs to be web-accessible. I have been manually assigning IP addresses to this kind of hardware in the past, but I'm also planning to implement a VLAN scheme in the near future and I'd rather not have to manually change all the IPs again.

I understand that it is/should be possible to "reserve" an IP address for a specific hardware/MAC ID so that the device can be left in "auto/DHCP" mode but DHCP will assign it the same IP address every time. What is the proper/best way to do this?

Secondly, I currently have IPv6 disabled. I'd like to enable it in future but I still don't know enough about it, especially vulnerabilities, to be comfortable. I understand that much of its security relies on the sheer number of possible IP addresses, which makes port scanning a losing proposition. Again, though, some of my hardware will be web-accessible and will have IP addresses published, especially the NAS machines. What can I do to harden them? Pointers to reference and educational material are welcome.

For static dhcp leases, you can go into IP -> DHCP Server -> Leases and select an assigned lease and click Make static.

Once you have done that you can even change the IP, eg if you want all static to be in a certain range.

You can also use the address list feature on a lease to add this IP into an address list automatically which can be useful when building firewall rules.

For IPv6 you should ensure that you have a good forward chain setup which only allows outbound connections, and established and related packets. There should be a default drop rule at the bottom of the chain.
If you need to allow inbound connections you can then add rules for those.

Hope that helps
Nick

For VLANS this is an excellent reference.
viewtopic.php?f=13&t=143620