MikroTik

I have a few Mikrotik cAP/wAPs connected to a Cisco Catalyst managed switch, which is connected to a PfSense router.

What I want to do is create a VLAN for my IOT devices, which will be blocked from going out the WAN on the router (I don't trust cheap Chinese electronics).

I've found enough write-ups to figure out the Mikrotik WiFi configuration part, and I've created a IOT-no-internet interface on the router, but what do I need to do configure the Cisco switch in the middle?

I have 192.168.0.1/16 as the LAN, 10.1.1.1/24 as a DMZ, and 10.4.1.1/24 as the IOT-no-internet.

The switch, as it is now, just has all of the interfaces bridged in the single "default" VLAN.

You need to do this on the pfsense router and cisco switch so wrong forum.

You need to do this on the pfsense router and cisco switch so wrong forum.

@anav, I thought you'd come up with correct answer on this one ... which is: replace Cisco with a CRS3xx switch

I'm not paid enough for such novel thinking, however if MT added a zerotrust cloudflare options package for all MT devices, I would probably be inspired to recommend MT switches.