|
ultrabay2000 posted:I want to use VLANs between two Mikrotik switches to carry the FIOS WAN connection to the firewall and then back from the firewall through LAN my living room over one ethernet cable. On the assumption of: pre:(internet/fios) --- (mikrotikA) --- (mikrotikB) --- (clientsB) `--- (clientsA) The issues that'll crop up is generally cpu in the mikrotikA as it's doubly processing the packets. Bandwidth isn't as much of a concern unless you've got symmetrical levels of up/down, in which case you're bandwidth between MikrotikA+B is effectively halved.
|
# ? Oct 4, 2016 17:28 |
|
|
# ? May 22, 2024 18:18 |
|
Yeah so here is a bad diagram: I'm not sure how much I care about the performance; the main thing would be ensuring the WAN traffic isn't disrupted too much. I think I'm going to try to go with just running two ethernet cables though. The red and green represent WAN and LAN and the blue is the segment which they would be on the same cable but VLAN separated. e: also 'core router' is 'core switch'
|
# ? Oct 4, 2016 21:25 |
|
Just make sure the ethernet ports on the mikrotiks are on the same switch chip (ie: if you're on a 2011) for maximum performance as it'll do it in hardware then (ie: slave the ethernet ports rather than using a bridge interface). Then your only concern becomes bandwidth if your internet is Gbps speed and you like doing symmetrical transfers (same up/down).
|
# ? Oct 4, 2016 21:38 |
|
Put the firewall before your core router, and not looped? Also, just put all of your firewall rules on your router? Mikrotik's IPTables implementation seems to work pretty well. I would put your AP behind your firewall/router as well. Make your ONT into just a pure bridge that doesn't do routing, and leave that all to your router. Set up multiple VLANs for different SSIDs if your AP allows it. Get an RB3011 (or cheapish CCR1009 but that may be overkill) if you're worried about CPU load on your router. I know for a fact any sort of software routing on an RB750/CRS125 CPU-level (~600-700Mhz single core) can't handle gigabit routing. jeeves fucked around with this message at 18:00 on Oct 5, 2016 |
# ? Oct 5, 2016 17:58 |
|
Nothing like surprising your distributors with a major revision: http://forum.mikrotik.com/viewtopic.php?f=3&t=113068
|
# ? Oct 7, 2016 22:43 |
|
That's a pretty massive change, why doesn't it get a new product number?
|
# ? Oct 7, 2016 23:07 |
|
thebigcow posted:Nothing like surprising your distributors with a major revision: I like the specs but who knows how well it's working. Probably best to wait for a few revisions to have them hammer out the usual nuisances. Then again, it's a MikroTik, you may be waiting for a long while if you don't want to deal with weirdness.
|
# ? Oct 8, 2016 09:29 |
|
They announced the RB3011 like over a year ago and it is barely getting into stock still after a small batch of them being released in June.
|
# ? Oct 8, 2016 21:25 |
|
Where are you folks purchasing the hAP AC from? I've been purchasing MikroTik units on Amazon, but I've noticed that the only hAP AC there is almost $130 and it's the international (not FCC approved) version. Additionally, what's the general consensus on the hAP AC & AC Lite units? Haven't tried the hAP product line yet.
|
# ? Oct 16, 2016 03:16 |
|
PUBLIC TOILET posted:Where are you folks purchasing the hAP AC from? I've been purchasing MikroTik units on Amazon, but I've noticed that the only hAP AC there is almost $130 and it's the international (not FCC approved) version. https://www.roc-noc.com/mikrotik/routerboard/RB962UiGS-5HacT2HnT-US.html https://www.roc-noc.com/mikrotik/routerboard/RB952Ui-5ac2nD-US.html 130 looks like it's the msrp for the non-lite version though?
|
# ? Oct 16, 2016 04:13 |
|
Quick question to to the thread. I'm looking to get a router that can support >= 1Gbps on WAN to LAN. Currently I have a Netgear Nighthawk and it seems to cap out around 500Mbps. What's a good MikroTik that would support this. I was looking at the CCR1009-8G-1S-PC as the main router and keep the Nighthawk as my wireless AP. How hard is it to configure one of these to be a fairly no frills router + firewall.
|
# ? Oct 17, 2016 14:45 |
|
Stanley Pain posted:Quick question to to the thread. TBH, you'd probably be better off with a Ubiquiti EdgeRouter
|
# ? Oct 17, 2016 16:45 |
|
Prescription Combs posted:TBH, you'd probably be better off with a Ubiquiti EdgeRouter Thanks for this info. So by the looks of it an EdgeRouter Lite would probably fit the bill nicely.
|
# ? Oct 17, 2016 17:16 |
|
CCR1072-1G-8S+ Great for testing CWDM.
|
# ? Nov 10, 2016 21:41 |
|
$3k router for testing fiber
|
# ? Nov 10, 2016 23:39 |
|
So is each SFP a different frequency Tx/Rx and then it's all combined? I'm not sure what's going on in that picture.
|
# ? Nov 10, 2016 23:47 |
|
Yeah there's a Champion One CWDM mux off to the side, so likely a few CWDM optics into the channels, then line side out of mux.
|
# ? Nov 11, 2016 00:47 |
|
I was trying to figure out why our 1550nm optic wasn't working on that channel. Turns out if it's not a CWDM 1550 it could be running anywhere from 1530-1570. Router was bought for testing on another project but we went with CCR1036-8G-2S+EM.
|
# ? Nov 11, 2016 17:53 |
|
I wish I had a use for the sfp cages they stick on everything now.
|
# ? Nov 11, 2016 19:29 |
|
I have a MikroTik hAP configured as a bridge to extend my home wireless network. I've hit a problem where my Chromecast is connected to my router, but if a device connects to the MikroTik, although it can see the Chromecast listed under available devices in apps like YouTube, it cannot connect to the Chromecast. Anyone have any ideas what settings I might change on the MikroTik to resolve this?
|
# ? Nov 17, 2016 00:22 |
|
Muga posted:I have a MikroTik hAP configured as a bridge to extend my home wireless network. I've hit a problem where my Chromecast is connected to my router, but if a device connects to the MikroTik, although it can see the Chromecast listed under available devices in apps like YouTube, it cannot connect to the Chromecast. Make sure the hAP is setup as a DHCP relay and that the devices connected to it get assigned IPs in the same subnet as the Chromecast.
|
# ? Nov 17, 2016 00:47 |
|
We recently pulled out the FastTrack rules from our routers due to some really strange behavior they were causing. Mainly loving with queueing and also phantom connection issues on IPSEC tunnels. They were set to only fast track with "no-mark" specified on the packet marks. Being that were not really using anything smaller than a rb2011 for a main gateway, the CPU savings just aren't worth it.
|
# ? Nov 17, 2016 01:23 |
|
Muga posted:I have a MikroTik hAP configured as a bridge to extend my home wireless network. I've hit a problem where my Chromecast is connected to my router, but if a device connects to the MikroTik, although it can see the Chromecast listed under available devices in apps like YouTube, it cannot connect to the Chromecast. Are they on the same layer 2 network, or separate networks that you route between. Can other devices connected in the same way communicate?
|
# ? Nov 17, 2016 16:35 |
|
Krailor posted:Make sure the hAP is setup as a DHCP relay and that the devices connected to it get assigned IPs in the same subnet as the Chromecast. thebigcow posted:Are they on the same layer 2 network, or separate networks that you route between. Can other devices connected in the same way communicate? Thanks for taking the time to reply, and sorry for not coming back soon. So you'll have to bear with me a little, I'm no networking expert. Not sure if this helps but to give some context, the router is 192.168.0.1, the hAP is 192.168.0.21. I'm using the webfig interface with the hAP and the Quick Set shows a couple of devices with the IP I'd expect. I have reserved IPs for some devices on the router and these are being reflected on the hAP, for example my mobile phone has 192.168.0.3 and this is what the Quick Set screen shows it as having. When I go to IP - DHCP Relay, there are no entries defined. Should I define something here, and if so, would the DHCP Server be the router's IP, and the Local Address the hAP's current IP? Devices connected to the router/hAP can communicate, because for example I can stream video from my desktop PC's Plex server when it's plugged into the hAP, to my phone/tablet when they're connected to the router. The devices can also see the Chromecast listed on the network across the router/hAP bridge, it seems to be specifically when I try to connect to the Chromecast that they encounter the problem.
|
# ? Nov 22, 2016 00:37 |
|
You do not need DHCP relays for your setup. You do need to post some more details about exactly what you have for networking equipment and how it is set up. I have never used a Chromecast, so any weirdness on its part I can't help with. As a troubleshooting start, try to figure out the IP address of the Chromecast and see if a device connected to the hAP can ping that address.
|
# ? Nov 22, 2016 18:37 |
|
Muga posted:Thanks for taking the time to reply, and sorry for not coming back soon. Put the hAP in bridge mode not router mode. Should work now. Do this in the Quickset (home) page.
|
# ? Nov 23, 2016 04:03 |
|
It sounds like it already is in bridge mode.
|
# ? Nov 23, 2016 16:22 |
|
thebigcow posted:It sounds like it already is in bridge mode. That's right. In case my previous post wasn't clear, when I refer to router, that's the physical box provided by my ISP. The hAP is set up in Bridge mode. To illustrate the problem I just tested this tonight. The Chromecast was connected to the hAP's wireless, with my phone and tablet connected to the router's wireless. The Plex app showed the Chromecast as an available device, I connected to it, and the Plex splash screen appeared on the Chromecast output on TV. Then I tried to play some media and get an error. I switched off the wireless on my router, so everything was connected to the hAP, and was able to play the media no problem. So whatever protocol, port, or something that is being used to send the media to the Chromecast is where the problem seems to lie. I appreciate this is perhaps not a MikroTik issue but I was hoping the solution lies somewhere in its or the router's config, to allow everything to communicate seamlessly across the bridged network...
|
# ? Nov 23, 2016 22:50 |
|
Do you use a different SSID for the router and hAP's wireless?
|
# ? Nov 23, 2016 23:28 |
|
Muga posted:That's right. I am not strong with mikrotik specially but it sounds like both wireless APs are part of the same broadcast domain and that multicast between them works ( I assume chromecast is using multicast to locate devices). That's all good. Is there some leftover firewall policy on the hAP device getting in the way? Have you tried casting from a google app/stream and not the plex? Maybe there is some plex-specific issue. Otherwise I would just packet capture to see what is actually going on and/or find the chrome casting specifications so you can understand exactly what is supposed to happen and then just step through it.
|
# ? Nov 25, 2016 01:40 |
|
Pseudo-Mikrotik related: We installed 10G fiber in our building at work, and I will be connecting two SFP+ adapters on Mikrotiks on either over about 300ft / 100M. Far too long for a direct attach. The in-building fiber is single mode for future proofing. I am only really used to using multimode fiber for in-building, but I am guessing I can buy an in-port SFP+ transceiver that will light such a short hop? I've only dealt with single mode for long shots where you need a physical external transceiver box to light it, and then like a direct attach from that box into the SFP+ port on the Mikrotik.
|
# ? Dec 5, 2016 19:59 |
|
They sell their own, so I assume the answer is yes. https://routerboard.com/Splus31DLC10D edit: but we all know what happens when you assume
|
# ? Dec 5, 2016 21:48 |
|
Nice. For some reason when I saw that product I thought it was multimode. Good to see I won't need an additional transceiver box.
|
# ? Dec 5, 2016 21:58 |
|
e: Nevermind, I misunderstood the question.
Eletriarnation fucked around with this message at 01:02 on Dec 6, 2016 |
# ? Dec 6, 2016 00:58 |
|
One thing I will point out, PLEASE consider using attenuators on short fiber runs if using distance optics. I'm a few years out of the game on fiber deployments, but we would constantly burn up optics because the receive side of the SFP Module would get too hot of a light signal. If you're going to use a 10KM optic for a ~200ft run, adding an attenuator rated at a few DB to bring the signal level down to something more manageable will significantly prolong the life of your SFP module. There are various calculators you can find online to figure out how much to attenuate by. You would place one on the RX side of each optic. Here is a link to some on Amazon that I've had decent luck with in the past: https://www.amazon.com/Fiber-Attenuator-Singlemode-Simplex-Fixed/dp/B001B1HOOM
|
# ? Dec 6, 2016 19:56 |
|
zennik posted:One thing I will point out, PLEASE consider using attenuators on short fiber runs if using distance optics.
|
# ? Dec 6, 2016 20:02 |
|
So which (if any) MikroTik routers have hardware-ASIC? I'm reading conflicting information. It sounds like all MikroTik models are software-ASIC. Isn't Ubiquiti hardware-ASIC?
|
# ? Dec 6, 2016 20:55 |
|
quote:An application-specific integrated circuit (ASIC) /ˈeɪsɪk/, is an integrated circuit (IC) customized for a particular use, rather than intended for general-purpose use. For example, a chip designed to run in a digital voice recorder or a high-efficiency Bitcoin miner is an ASIC. Application-specific standard products (ASSPs) are intermediate between ASICs and industry standard integrated circuits like the 7400 or the 4000 series. What is a software ASIC?
|
# ? Dec 6, 2016 21:22 |
|
thebigcow posted:What is a software ASIC? Sorry, been a long day. I meant to say Hardware acceleration/offloading. Like IPSEC, QoS, etc. onto a separate hardware chip. Looks like only these models are capable? But that only mentions IPSEC and not like NAT acceleration, etc. And with regards to Ubiquiti, it sounds like the ER-X does it only for NAT, but the ER-Lite can handle more? PUBLIC TOILET fucked around with this message at 21:47 on Dec 6, 2016 |
# ? Dec 6, 2016 21:40 |
|
|
# ? May 22, 2024 18:18 |
|
Nothing at layer 3 that I know of. A few processors have some kind of IPSEC hardware support which may just be AES-NI. If I had an account I would edit that wiki page, the RB850Gx2 does not have hardware IPSEC support unless they added it to a second revision.
|
# ? Dec 6, 2016 23:06 |