|
So none of the users noticed any issues but yeah, the speeds blow. Wifi speeds are around 30-40mb (out of 100) for most users, and it doesn't really matter what distance they are away from the AP. Since 2 users use a file share and need more bandwidth I went ahead and shitcanned the unit and replaced with an older Netbox 5 (5Ghz N, AC). It does around 40MB/s real bandwidth so like 300-500mbps connection speed. I adore the netbox 5s for 5Ghz usage. They are among the best performing APs I have found. WTF Mikrotik. This is not that hard. AC is not a new technology.
|
#
?
Mar 17, 2018 16:27
|
|
|
|
| # ? Apr 20, 2024 03:00 |
|
|
I think I might have to abandon my dreams of a combined AP/router that would be acceptable in a domestic environment and can ceiling mount, and pull some conduit to a utility cupboard to split the devices up.
|
|
#
?
Mar 17, 2018 16:37
|
|
|
I had a feeling the hAP AC2 would be lack-luster when I last compared the spec datasheets between the hAP AC and hAP AC2.
|
|
#
?
Mar 18, 2018 05:55
|
|
|
I just got a RouterBoard hEX, to replace a BT Homehub 5. I am happy with it. Things I like: 1. A lot of configurability. For example, I can change the DNS, which you can't on a HH5. 2. It was a doddle to get it to take data from the new Netgear DM200 DSL modem I got to replace the modem part of the HH5. 3. It's nice and small. Things I sort of dislike: 1. Having to google where to find things in the UI, e.g. where do I see all the clients connected to it with their IP addresses. (after a bit of googling, I now know it is inside IP --> DHCP Server --> Leases.). Things I have done so far: 1. Set a password. 2. Added PPPoE settings to get internet into it from my modem. 2. Disabled the "get the default DNS from your ISP" (I don't want it defaulting to BT's DNS if my OpenDNS entires do not work, it was not intuitive to figure this out, needed googling why it was showing "dynamic DNS" entries after my OpenDNS IPs specified, wtf...). Any recommendations for any other changes I should make to it for a small home, which has 5 APs, 1 24 port switch and about ... 15 devices in total connected to the network?
|
|
#
?
Mar 18, 2018 13:47
|
|
|
redeyes posted:So none of the users noticed any issues but yeah, the speeds blow. Wifi speeds are around 30-40mb (out of 100) for most users, and it doesn't really matter what distance they are away from the AP. Since 2 users use a file share and need more bandwidth I went ahead and shitcanned the unit and replaced with an older Netbox 5 (5Ghz N, AC). It does around 40MB/s real bandwidth so like 300-500mbps connection speed. I adore the netbox 5s for 5Ghz usage. They are among the best performing APs I have found. Running the RC RouterOS and firmware has improved things a little bit, but we're still at sub-100Mbps levels of actual throughput. Given I was after a device to be a router and AP for a 150Mbps Internet connection that is only going to have wireless clients it's not ideal. I'll send it back and get it swapped for a Unifi AC Lite and run with the ISP-provided router for now, since it can run standalone and be managed off the app. Maybe add a Hex or a EdgeRouter at a later date if the requirements are there. PUBLIC TOILET posted:I had a feeling the hAP AC2 would be lack-luster when I last compared the spec datasheets between the hAP AC and hAP AC2. The strange thing is I'm pretty sure the IPQ-4018 chip is happily running a lot of home/SMB gateway boxes and doing a very good job of it. Seems like this is purely a software fuckup but I don't realy want to wait around for MikroTik to fix it. Thanks Ants fucked around with this message at 21:48 on Mar 18, 2018 |
|
#
?
Mar 18, 2018 21:45
|
|
|
New thread title? Mikrotik: Purely a software fuckup
|
|
#
?
Mar 18, 2018 22:30
|
|
|
SamDabbers posted:New thread title?  ROS 7 anytime now. 
|
|
#
?
Mar 19, 2018 20:12
|
|
|
Atreus posted:
Back when I was looking into our BGP issues I remember finding a post from something like 2012 - 2013 talking about how the they'd be resolving the issue with the BGP process being single threaded in 7.0. That was pretty eye opening for someone who runs/ran a lot of their production network on this hardware, let me tell you.
|
|
#
?
Mar 19, 2018 20:19
|
|
|
That reminds me, how do you guys handle BGP if you're using these for full tables? ASR1k/9k?
|
|
#
?
Mar 19, 2018 20:52
|
|
|
Atreus posted:That reminds me, how do you guys handle BGP if you're using these for full tables? ASR1k/9k? I've currently got a pair of CCR-1072s handling my BGP which is fine when you've only got one or two transit providers but when you start getting access to the big internet exchanges you start seeing some severe scalability issues. Within the next 2-3 months that will be a single ASR-9006 with dual supervisors. My fancy design for my core OSPF routers with multiple 1072s and stacking switches will be replaced by a single Nexus 7k, also with redundant supervisors. Finally having the income to justify buying big-boy gear makes life so much simpler and so, so much more reliable. Pendent fucked around with this message at 21:06 on Mar 19, 2018 |
|
#
?
Mar 19, 2018 21:04
|
|
|
Atreus posted:That reminds me, how do you guys handle BGP if you're using these for full tables? ASR1k/9k? For the cheap clients, I use the Ubiquiti EdgeRouter Infinity. It's a fantastic device, I've got one at my office here handling 7 full tables. The redundant power supplies are nice too. The whole thing is pretty awesome for the price. Two caveats: 1. The Web GUI has some kind of stupid memory leak, causing reboots every 14 hours. Just disable it and use the command line. It's essentially an overhauled/more user friendly Vyatta/VyOS. 2. The ports are 'slaved' in a fashion. So ports 0-3 and 4-7 share the same 'port settings'. This means 0-3 have to be all gig or all 10 gig, and same for 4-7. For my purposes, I just have them all set to 10Gig and hang switches if I need gig ports. For the clients with money, Cisco or Alcatel/Nokia. I'm a big Alcatel FanBoy so I deploy refurbished Alcatel 7750 platforms for any of my clients that can afford better than Mikrotik/Ubiquiti.
|
|
#
?
Mar 20, 2018 18:34
|
|
|
zennik, Do you have any recommendations on Alcatel stuff that might be economical enough to purchase for home labbing/use that gives good feelings for TiMOS? We're going to start using more 7750's here and I need something as economical and analogous as possible so I can get a better feeling for it and be ahead of the curve on it.
|
|
#
?
Mar 21, 2018 22:18
|
|
|
No idea how useful this is, but https://networks.nokia.com/src/mysrlab-getting-started
|
|
#
?
Mar 21, 2018 22:51
|
|
|
So what's the general consensus here regarding 6.41.x? Safe to upgrade or stick with 6.40.x since that is now the bugfix only branch?
|
|
#
?
Mar 23, 2018 16:37
|
|
|
If you expect to have to rebuild the config from scratch for v6.40 -> v6.41, you'll probably be okay. The reason I say that is they completely rebuilt the bridge/ethernet hardware switching backend. Most people that have had issues are ones that just hoped the software updated correctly and then the bridge interface died or something. So update the software, clear the config to factory default, and you'll probably be fine (unless you're doing something special).
|
|
#
?
Mar 23, 2018 20:23
|
|
|
unknown posted:If you expect to have to rebuild the config from scratch for v6.40 -> v6.41, you'll probably be okay. I don’t think I did the upgrade and have a really basic config, bridge plus some NAT and firewall rules. Do I need to reset?
|
|
#
?
Mar 25, 2018 02:05
|
|
|
Boner Wad posted:I don’t think I did the upgrade and have a really basic config, bridge plus some NAT and firewall rules. Do I need to reset? No - you're fine. The problem is with people who have things like the CRS series and have some more complex configurations and the like are having surprises after upgrades. You'll be fine.
|
|
#
?
Mar 25, 2018 20:52
|
|
|
I have dozens of CRS125 units doing some VLAN fuckery that uses special CRS-only switch chip code. I do not expect any of them to work on upgrade... so they won't be.
|
|
#
?
Mar 26, 2018 19:00
|
|
|
Off topic for this thread, but does anyone know if the Routers from Ubiquiti are able to do basic traffic shaping? I'm thinking of replacing the whole setup at work to get much improved WiFi, but with an office of people working with cloud services I need something to fair-up bandwidth usage.
|
|
#
?
Mar 26, 2018 19:07
|
|
|
Which Routerboard model should I be looking at if I've got a home network with very simple needs (a couple of specific port forwards for services running on VMs, ~30 clients), but gigabit internet and don't want to bottleneck myself? I've got AT&T fiber, and twice now something has gone wrong with their router that required a complete factory reset, losing all my config. I'd like to just put another router behind it in DMZ+ mode, and essentially bypass the AT&T router. I've already got wifi handled somewhere separate. Edit: I also have an always-on VM host that could run pfsense and act as a router, if a single x86 core would be preferable to any of the cheaper routerboards. Twerk from Home fucked around with this message at 19:29 on Mar 26, 2018 |
|
#
?
Mar 26, 2018 19:11
|
|
|
FunOne posted:Off topic for this thread, but does anyone know if the Routers from Ubiquiti are able to do basic traffic shaping? I'm thinking of replacing the whole setup at work to get much improved WiFi, but with an office of people working with cloud services I need something to fair-up bandwidth usage. You have a lot of options: https://help.ubnt.com/hc/en-us/articles/216787288-EdgeRouter-Quality-of-Service-QoS- Just make sure you get a relatively beefy box - e.g. don't get a router that says it can do 150Mbps of throughput if you want to do 150Mbps of NAT, stateful firewall and QoS
|
|
#
?
Mar 26, 2018 19:19
|
|
|
I got this cool email from Mikrotik:code:On every tik box I put in production, I lock the management services to one private subnet.. but thats just me.
|
|
#
?
Mar 29, 2018 15:55
|
|
|
I just got the 60G Wireless Wire antenna combo. The idea is not to have to dig up a parking lot for a Hotel. Wish me luck.
|
|
#
?
Mar 29, 2018 15:58
|
|
|
Make a IP firewall for any service you have still open: # MGMT firewall #1/3: disable unused services /ip service set ssh disabled=no set winbox disabled=no set telnet disabled=yes set ftp disabled=yes set www disabled=yes set www-ssl disabled=yes set api disabled=yes set api-ssl disabled=yes # MGMT firewall #2/3: create a whitelist of MGMT IPs /ip firewall address-list add address=XXX.XXX.XXX.XXX/18 list=whitelist comment="Whitelisted MGMT IPs" add address=YYY.YYY.YYY.YYY/20 list=whitelist comment="Whitelisted MGMT IPs" # MGMT firewall #3/3: block all SSH connections from IPs not on the above whitelist /ip firewall filter add action=reject chain=input dst-port=22 protocol=tcp reject-with=icmp-host-prohibited src-address-list=!whitelist \ comment="Reject SSH connections from IPs not on whitelist" add action=reject chain=input dst-port=8291 protocol=tcp reject-with=icmp-host-prohibited src-address-list=!whitelist \ comment="Reject Winbox connections from IPs not on whitelist" add action=reject chain=input dst-port=80 protocol=tcp reject-with=icmp-host-prohibited src-address-list=!whitelist \ comment="Reject WWW connections from IPs not on whitelist"
|
|
#
?
Mar 30, 2018 00:00
|
|
|
Is there a reason you don’t just use the ACLs that are tied to the services? Those seem to work pretty well to me
|
|
#
?
Mar 30, 2018 00:08
|
|
|
Pendent posted:Is there a reason you don’t just use the ACLs that are tied to the services? Those seem to work pretty well to me Wow. I've been doing the firewalls for like 5 years now. Maybe the ACL tied to services are new?
|
|
#
?
Mar 30, 2018 01:25
|
|
|
I need a replacement router, and have come across the hAP AC. Is it a good choice for a small 2 bedroom 2 floor house? I'm interested in prosumer stuff and this seems to be a decent option.
|
|
#
?
Mar 30, 2018 06:33
|
|
|
Atreus posted:zennik, A few options there. You can acquire the x86 VM image for some lab testing, seems to work in GNS just fine. But it has a 24 hour expiration and then you have to reload it. The 7750 SR-1 can be pretty cheap on eBay, get one with a pair of gig line cards and you'd be set for some tinkering. I managed some pretty large networks with 7750 SR7s and 12s for several years so if you have any specific questions let me know. Most of my knowledge is based on using them for MPLS/VPLS, OSPF, and BGP.
|
|
#
?
Mar 30, 2018 18:57
|
|
|
redeyes posted:I just got the 60G Wireless Wire antenna combo. The idea is not to have to dig up a parking lot for a Hotel. Wish me luck. Well that was f'n easy. Nice units too. They come pre-paired with all the fixings for mounting. Took all of a few mins to mount the things and presto, 1Gbps link over about 100 feet. Sweet!
|
|
#
?
Mar 31, 2018 17:29
|
|
|
Endymion FRS MK1 posted:I need a replacement router, and have come across the hAP AC. Is it a good choice for a small 2 bedroom 2 floor house? I'm interested in prosumer stuff and this seems to be a decent option. Its a great router. Rock solid. I had one and got rid of it for one reason, it had slightly less coverage than a Mikrotik Netbox 5 (5Ghz AC AP only). And this is because the netbox has external antenna mounts where as the HAP has internal antennas. Will it matter, really hard to tell. You can be assured if you do use it, you will install it and it will run for years with no issues.
|
|
#
?
Apr 4, 2018 16:40
|
|
|
Ah thanks. I figured it'd be reliable, but what about speed? I have a 100/10 plan, with probably ~5 devices connected to it.
|
|
#
?
Apr 4, 2018 23:21
|
|
|
Endymion FRS MK1 posted:Ah thanks. I figured it'd be reliable, but what about speed? I have a 100/10 plan, with probably ~5 devices connected to it. It would do that with no problems I am pretty sure.
|
|
#
?
Apr 5, 2018 01:17
|
|
|
More new stuff announced including 10gig copper switch. https://mum.mikrotik.com/presentations/EU18/presentation_5128_1522914661.pdf
|
|
#
?
Apr 6, 2018 18:51
|
|
|
That little SFP+ switch with dual power inputs looks interesting
|
|
#
?
Apr 6, 2018 20:06
|
|
|
Anyone successfully set up multicast routing over Mikrotik devices with their PIM implementation? I must be doing something dumb because nothing works if I try to do it according to MikroTik wiki. Regardless of what I do, the router on the sender side is not sending multicast anywhere and the router on the receiver side is not telling anyone that a receiver has registered (or even admitting it to itself). Everything works fine with hardcoded IGMP-Proxy based topology but when I enable PIM it is as if multicast ceases to exist. If anyone has a basic 5-step howto on how to achieve success with PIM, I would appreciate it. Edit: aw, jeez, found this comment on MikroTik forums quote:for those of you who are facing the same/a similar problem with multicast here's the latest news. I was in contact with Mikrotik support and they informed me that PIM is very buggy in rOS V6. It is expected to be fixed in V7. So in other words, PIM is not at a production level so far and by this, some-how unusable. Do I understand it correctly that V7 is vaporware? I see a lot of "planned for v7" style comments that I find little confidence in. EssOEss fucked around with this message at 19:59 on Apr 21, 2018 |
|
#
?
Apr 21, 2018 15:52
|
|
|
V7 is likely to be finished about three weeks before the global water wars start so I wouldn't make any plans that rely on it appearing in the future.
|
|
#
?
Apr 21, 2018 21:04
|
|
|
New security vulnerability found in all recent versions (v6.29+) over winbox allowing remote download of the users file. https://forum.mikrotik.com/viewtopic.php?f=21&t=133533 Someguy on reddit on how it is encrypted posted:The passwords in the sended file are crypted - fortunatelly it's not too hard to decrypt it - after my analysis I figured out that the passwords are crypted with XOR method. Every account has a different crypt-key. DON'T ROLL YOUR OWN CRYPTO
|
|
#
?
Apr 23, 2018 21:16
|
|
|
lmao gently caress sake MikroTik
|
|
#
?
Apr 23, 2018 21:56
|
|
|
unknown posted:New security vulnerability found in all recent versions (v6.29+) over winbox allowing remote download of the users file. My ASR 9006 was ordered last Friday 
|
|
#
?
Apr 23, 2018 22:16
|
|
|
|
| # ? Apr 20, 2024 03:00 |
|
|
quote:Versions affected: 6.29 to 6.43rc3 (included). Updated versions in all release chains coming ASAP. Edit: v6.42.1 and v6.43rc4 have been released! Something missing from that list....
|
|
#
?
Apr 24, 2018 00:25
|
|
