|
Scaramouche posted:my-crow-tick unless you speak spanish/portuguese then apparently it's me crow teek
|
#
?
Mar 29, 2011 15:05
|
|
|
|
| # ? Apr 16, 2024 05:46 |
|
|
yarrmatey posted:I'm about 30 minutes into evaluating a couple, and as a managed switch, I'm a little disappointed. Rather than the software being based on RouterOS, it is a tiny 38KB image. Management seems to be http and SNMPv1 read only (no https, ssh, or telnet). Yikes. I don't have an application where that would matter, as my home network is not exactly complicated or large, but on principle it's hard for me to consider something that takes such a lazy shortcut in a key part of it's functionality. It makes me wonder what else isn't implemented ideally. Can you comment on the VLAN performance or if it supports LACP?
|
|
#
?
Apr 4, 2011 19:24
|
|
+
|
5.0 and came out and 5.1 quickly after to fix some bugs. I ran 5.0 at home for a bit then upgraded to 5.1, no issues so far on a rb493. 5.x has a richer web interface if that's your thing- it seems to mostly replicate winbox. * Changelog
|
|
#
?
Apr 15, 2011 01:03
|
|
|
Cool deal! We've ignored the web interface since 2.8 because of it's glorious track record of destroying the configuration of the unit. Winbox and Terminal 4 Lyfe.
|
|
#
?
Apr 15, 2011 06:40
|
|
|
So I've read the thread several times and I'm ready to drink the MikroTik Kool-Aid  I've got an organization that cannot afford a wireless solution that utilizes a Wireless LAN Controller. I want to outfit their three story building with about 12 access points that can handle meshing. I understand MikroTik can do all this and more as well as not break the bank. So what would I need to build out these 12 AP'S? I was looking on r0c-n0c and this is what I've come up with: - Indoor Router Box - Routerboard with a MiniPCI slot - MiniPCI Radio - PoE Adapter - Antennas - RouterOS license Or is it just easier in the long run to setup Ubiquity Nanostations to provide the same functionality and not have to build out each MikroTik box??
|
|
#
?
Apr 21, 2011 20:18
|
|
|
Depending on what boards you get, you may not need the licenses. Every board comes with a RouterOS license of some sort; if they're all Level 4 licenses or higher, I think that's enough to do meshing. Basically, don't get a 411 or 711 board (or other super-cheap thing designed to be a client only, like the Crossroads line) and you'll probably be fine on that front. Instead of getting POE injectors, most boards also can run on a standard wall-wart, and those usually are a couple bucks cheaper. Plug: I usually buy my Mikrotik gear from these guys, but that's at least partly because they're fairly local to me (and because we get a discount for being in the same trade association). And they'll assemble your order for you, saving you a bit of labor. I don't think NanoStations would be a good fit for this, because of their directional antennas. If you didn't need meshing, the Ubiquiti UniFi gear would probably be perfect. (Or someone probably makes an indoor-friendly antenna for the Rocket. I've never done mesh stuff with Ubiquiti, so I can't vouch for how well it works.)
|
|
#
?
Apr 21, 2011 20:43
|
|
|
wolrah posted:Can you comment on the VLAN performance or if it supports LACP? Haven't tested performance nor LACP support I'm afraid. johnnyonetime posted:I've got an organization that cannot afford a wireless solution that utilizes a Wireless LAN Controller. I want to outfit their three story building with about 12 access points that can handle meshing. I understand MikroTik can do all this and more as well as not break the bank. I'm going to also recommend the Ubiquiti UniFi. The (free) controller software was 2d based for planning coverage area, so the multi-story layout might be a bit tricky. How necessary is mesh capability, or can you get an ethernet drop to each AP? We have 3 UniFi APs at our office and have been very happy with them.
|
|
#
?
Apr 22, 2011 06:01
|
|
|
yarrmatey posted:Haven't tested performance nor LACP support I'm afraid. I'm not sure I understand the software part of the UniFi. You would essentially setup your Mikrotik and make it use the UniFi as a wireless AP, then you have to use the UniFi software to configure the UniFi? You can't just access the UniFi via its IP address in a web browser?
|
|
#
?
Apr 22, 2011 16:58
|
|
|
I think we fiddled around with mesh networking on mikrotiks a few years ago. We haven't used it since then because we found that it worked but the drop in throughput wasn't acceptable for general usage. I remember there being one set of radios still in that mode and they limp along okay. It's probably much better under the newer firmware though, especially with all the fancy new radios that are available.
|
|
#
?
Apr 22, 2011 17:15
|
|
|
yarrmatey posted:I'm going to also recommend the Ubiquiti UniFi. The (free) controller software was 2d based for planning coverage area, so the multi-story layout might be a bit tricky. How necessary is mesh capability, or can you get an ethernet drop to each AP? After I thought about it, we could get ethernet drops to our AP's relatively easy so I guess the mesh networking is not that important. I just wanted to make sure I made the right call before spending the meager budget on a sub-par wireless system. Thanks goons! 
|
|
#
?
Apr 23, 2011 03:11
|
|
|
There are new products for 2011 (http://www.mikrotik.com/download/share/hu11.pdf). The RB435G seems to be the successor to the RB433 (to which a quick setup guide was posted earlier in this thread). The PDF I linked above seems to mention that the chip operates at 800MHz, but that's the overclocked speed. It is the same chip they use in the RB450G. RB450G still seems like a solid choice. Now I'm having trouble deciding what to go for 
|
|
#
?
Apr 24, 2011 20:32
|
|
|
Some of those new items make me feel funny in my special parts. The 750UP, with four POE-output ports, will take the place of a 750 and four power injectors; unless it's $250 it'll be cheaper, and involve less parts, than my present squirrely setup for some tower deployments (presently using a 750G, which goes out to a five-port switch with four POE ports). And depending on the price of the 751-2n, it might be my new go-to for higher-end SOHO deployments, where we want something that looks a bit more impressive than a Linksys. The Groove looks like their attempt to snag a bit of Ubiquiti's market share - my office has been using Ubiquiti Bullet devices like candy, but they can get hard to get because Ubiquiti doesn't know a supply chain from a paper bag. This too could be promising, though it would have made more of an impact a few months ago in my office (the boss already has decided Ubiquiti's MIMO/Airmax stuff is the Next Big Thing, and we've already got some 300 clients switched over to it).
|
|
#
?
Apr 25, 2011 06:56
|
|
|
I'm looking forward to that weirdo Omnitik thing. We've got a couple pairs of those round oddball CPE's at work and though they look like plasticy poo poo, they seem to perform okay. Their antennas are teeny tiny though so we'll have to use them for close-in work.
|
|
#
?
Apr 25, 2011 07:58
|
|
|
Definitely planning to pick up an RB2011. Seems like it's capable of handling pretty much any connection you might want to use for the foreseeable future.
|
|
#
?
Apr 25, 2011 15:01
|
|
|
falz posted:5.0 and came out and 5.1 quickly after to fix some bugs. I ran 5.0 at home for a bit then upgraded to 5.1, no issues so far on a rb493.
|
|
#
?
Apr 27, 2011 15:08
|
|
|
Weiz posted:Are you insane? They are still fixing bugs in version 4 and you're going to install something that JUST came out. I run into plenty of bugs on Cisco hardware as well, at least with Mikrotik you can just post on the forum and they generally look into it. krackpot posted:There are new products for 2011 (http://www.mikrotik.com/download/share/hu11.pdf).
|
|
#
?
Apr 28, 2011 00:23
|
|
|
Did they ever change their stance on putting out a router with fiber interfaces or is it still "velcro tape + media changer"? e: oh poo poo RB2011 gimmie! 
CrazyLittle fucked around with this message at 04:22 on Apr 28, 2011 |
|
#
?
Apr 28, 2011 04:14
|
|
|
falz posted:All software has bugs, there are features I want in 5.x so I'm running it at home. code:
|
|
#
?
Apr 28, 2011 15:22
|
|
|
Couldn't hold off for the new products. Just ordered a RB493G with the R52Hn card from Baltic Networks. Hopefully the border won't ding me that bad. They're doing a small discount on most of their products at this time (couple bucks off here and there). Getting excited about messing around with this device. Hopefully it will be just challenging enough to keep me interested. Maybe this thread will grow in popularity if enough people find out about these products.
|
|
#
?
May 8, 2011 18:39
|
|
|
krackpot posted:There are new products for 2011 (http://www.mikrotik.com/download/share/hu11.pdf). Looks like they took the PDF down. Still looks like the cheapest Gigabit router they have then is the RB435G? And that comes with the MiniPCI slots for use with the R52Hn (if wireless is desired). Then you need an enclosure for all of that with support for external antennas. PUBLIC TOILET fucked around with this message at 20:51 on May 8, 2011 |
|
#
?
May 8, 2011 20:41
|
|
|
COCKMOUTH.GIF posted:Looks like they took the PDF down. Still looks like the cheapest Gigabit router they have then is the RB435G? And that comes with the MiniPCI slots for use with the R52Hn (if wireless is desired). Then you need an enclosure for all of that with support for external antennas. Not sure if this is the same PDF file (http://www.mikrotik.com/download/share/generic.pdf) RB435G is quite new. I got a response form the roc-noc guy saying a nice metal indoor enclosure wouldn't be ready for a few months. I think if you wanted to populate the entire board with wireless cards, you'd need a custom enclosure anyways just for the antenna. You'd also need a beefier PSU and possibly better cooling.
|
|
#
?
May 9, 2011 04:41
|
|
|
krackpot posted:Not sure if this is the same PDF file (http://www.mikrotik.com/download/share/generic.pdf) RB751G sounds perfect to me. Q3 2011 on the other hand, not so much.
|
|
#
?
May 9, 2011 05:17
|
|
|
COCKMOUTH.GIF posted:Still looks like the cheapest Gigabit router they have then is the RB435G? The cheapest gigabit router is the RB750 for about $70. I've got one at home and it's glorious. If you mean gigabit and wireless, that's a different story. Then the model above will have both.
|
|
#
?
May 9, 2011 20:00
|
|
|
COCKMOUTH.GIF posted:RB751G sounds perfect to me. Q3 2011 on the other hand, not so much. That's the exact reason I just chose to buy now. I couldn't wait for all these new products no matter how awesome they are.
|
|
#
?
May 10, 2011 04:09
|
|
|
1W output sounds plain scary. I already get interference at 100mw from my speakers if they're within a few feet of the router. Hopefully it doesn't come pre-configured to 1W so people can actually set an appropriate power level that doesn't destroy the whole 2.4GHz band for everyone in a 150ft radius.
|
|
#
?
May 10, 2011 07:12
|
|
|
1W output power sounds probably-illegal (at least in the US) with just about any antenna people would use in the real world. Really, I've never understood why so many hardware makers insist on putting out boards with ever-increasing Tx power (Ubiquiti, I'm looking at your mini-PCI lineup), when all that really does is complicate things for everyone. Lower power with better antennas and more-sensitive receivers is almost always the way to go.
|
|
#
?
May 10, 2011 16:46
|
|
|
Weird Uncle Dave posted:1W output power sounds probably-illegal (at least in the US) with just about any antenna people would use in the real world. I don't think MikroTik hardware is sold with any of the regulatory stuff in the US so does it really matter anyway?
|
|
#
?
May 10, 2011 16:56
|
|
|
Realistically, the odds of the FCC doing anything to a home user are zero, but I use a lot of this gear for work (we're a fixed-wireless ISP, and the boss has been to DC to chat up FCC commissioners a few times, so we try really hard to stay legal and set a good example in the industry). While Mikrotik themselves generally don't get FCC certifications for their gear, some resellers will get certs for a specific set of assembled parts. Mikrotik's general lack of concern for such things as "regulatory compliance" is part of why we're moving away from Mikrotik gear for a lot of wireless uses, though I still love RouterOS and we still use it for a lot of routing and general networking weird-projects. RouterOS will let you specify a regulatory domain, and enter things like antenna gain, and try to adjust radio power levels accordingly to keep you legal. It's not always accurate, but it's usually close, and a good idea in any event - should the FCC knock on your door, it'd be a good way to demonstrate that you were trying to stay legal, and they often are a bit more lenient if you're acting in good faith.
|
|
#
?
May 10, 2011 17:26
|
|
|
1W is the legal limit for unlicensed 2.4Ghz band in the USquote:In the 2.4 GHz to 2.4835 GHz band, the maximum peak output power is limited to 1 W. If the transmit antenna has a directional gain of greater than 6 dBi, the transmitter power must be reduced by the amount in decibels that the antenna gain is greater than 6 dBi. This does not hold for point-to-point systems, however. For point-to-point systems, the peak output power must be reduced by only 1 dB for every 3 dB that the antenna gain exceeds 6 dBi. and for 5Ghz quote:There are now four bands in 5 GHz channelized for 802.11 in the US, although they're numbered somewhat strangely. In brief, there is total of 555 MHz across 23 channels in 802.11a/n. The lower four are indoor only; the higher 19 are indoor/outdoor. The lowest four (5.15 to 5.25 GHz) can have 50 mW of output power, the next four (5.25 GHz to 5.35 GHz), 250 mW; the next 11 (5.47 to 5.725 GHz), 250 mW; and the top four (5.725 to 5.825 GHz) up to 1 W. (There are further restrictions on 5.25 GHz to 5.725 GHz in terms of detecting and avoiding stepping on military radar transmissions, which share those bands. And the 802.11a spec specifies 40 mW/200 mW/800 mW instead of 50, 250, and 1,000, just to make it even more complicated.)
|
|
#
?
May 10, 2011 20:51
|
|
|
There are several different ways to do failover on Mikrotik, but none of them seem to handle the particular weird failure mode I'm trying to cover. Doing failover by just setting two default gateways, and using check-gateway is easy, and often "good enough." I want to handle the possibility that the failure is four or five hops upstream, though. (I work for an ISP and want to handle the rare possibility that all our upstreams are broken, so the end-user could still see everything within our network but not anything beyond that.) I don't think I can just use a simple ping test to see if Upstream 1 is up, because let's say I ping something like 4.2.2.2. My script tests it, sees it can't ping that IP, switches to the secondary connection, pings, that IP suddenly is pingable again, switches back to the primary connection that's really still broken... Meanwhile, pinging something like my network's default gateway would have the same problem in reverse if it really is a last-mile outage. Any suggestions on getting out of this without a bunch of really complicated and fragile scripts?
|
|
#
?
May 16, 2011 15:46
|
|
|
Weird Uncle Dave posted:There are several different ways to do failover on Mikrotik, but none of them seem to handle the particular weird failure mode I'm trying to cover. Doing failover by just setting two default gateways, and using check-gateway is easy, and often "good enough." I want to handle the possibility that the failure is four or five hops upstream, though. (I work for an ISP and want to handle the rare possibility that all our upstreams are broken, so the end-user could still see everything within our network but not anything beyond that.) what about pinging the gateway from the other connection? primary-->no check secondary-->ping primary router wan IP I'm probably missing something obvious but it seems like that line of thought might get you somewhere?
|
|
#
?
May 16, 2011 20:06
|
|
|
Just received my 493G today and spent a better part of the day learning about Winbox and how to actually configure the router. The guide in the OP is invaluable. I had to reboot the routerboard to get the settings to "stick" though. Are there any general security/ Firewall rules that we should use after setting up the router using NAT? I've disabled the services such as ftp, ssh, telnet, www in IP > Service. I just realized that I could access the www server from the outside network to my IP of the router!
|
|
#
?
May 17, 2011 04:20
|
|
|
I turned off all the services except winbox because I didn't want them facing the internet. It's not a big deal I just didn't want my log to fill up with ssh bots probing the port. As for firewall rules it's a least-permissions setup on inbound and everything allowed on outbound. If you want to change that, it's not too hard to do. The firewall interface is a little wonky at first but if you have something specific I'm sure I can dummy up an example on how to make it happen.
|
|
#
?
May 17, 2011 07:39
|
|
|
This pretty much covers the majority of it: http://wiki.mikrotik.com/wiki/Securing_New_RouterOs_Router Also I glanced over the OP and didnt see this: http://mikrotikuniversity.com/index.php/mikrotik-training-videos/ That is really the site that made MikroTik go from frustration about to sell on ebay, to now my goto router Remit fucked around with this message at 07:52 on May 17, 2011 |
|
#
?
May 17, 2011 07:50
|
|
|
Am I going to run into any issues/gotchas switching from DSL (static IP block) to a metro-e setup? I'm assuming I just unplug dsl, plug into the other modem, and adjust the IP ranges? I shouldn't need to do anything else, right? I can't start on this until later but here's my fair warning that I might be blowing up this thread in a few hours.
|
|
#
?
May 17, 2011 22:25
|
|
|
Remit posted:Also I glanced over the OP and didnt see this: American Jello posted:Am I going to run into any issues/gotchas switching from DSL (static IP block) to a metro-e setup? I'm assuming I just unplug dsl, plug into the other modem, and adjust the IP ranges? I shouldn't need to do anything else, right? I can't start on this until later but here's my fair warning that I might be blowing up this thread in a few hours.
|
|
#
?
May 17, 2011 22:34
|
|
|
CuddleChunks posted:I turned off all the services except winbox because I didn't want them facing the internet. It's not a big deal I just didn't want my log to fill up with ssh bots probing the port.  ugh e:http://whois.domaintools.com/202.57.42.173 PuTTY riot fucked around with this message at 22:55 on May 17, 2011 |
|
#
?
May 17, 2011 22:51
|
|
|
American Jello posted:
Hahhaha, I know your pain. We have hundreds of mikrotiks deployed and our logs are a sea of crap like that. Hooray for the blackhole route on our core routers. Bye bye jerks!
|
|
#
?
May 17, 2011 23:28
|
|
|
That went off without a hitch, really couldn't have been any easier. (Oxford MS by the way, no idea why it says Miami)
|
|
#
?
May 18, 2011 02:13
|
|
|
|
| # ? Apr 16, 2024 05:46 |
|
|
Instead of disabling ssh and weeding through logs full of static from the internet you should just apply some basic router protection firewall rules. Set up an address list of allowed management and monitoring networks and block pretty much everything else except ICMP on the input chain. I also always have a log rule just before deny that is only enabled for troubleshooting purposes.
|
|
#
?
May 18, 2011 03:44
|
|