|
Some new details on the RB2011. They will be rolling out a total of seven different models starting in December and ending in February. Apparently they will be "a little above" the 400 series CPU-wise although they still haven't announced any hard specs. http://www.mikrotik-routeros.com/?p=254 CuddleChunks posted:One of my coworkers came in today with a RB751U 2HnD that wouldn't boot. He had found some grumblings on the official forums about using a higher powered power supply with the unit as a fix. A relative of mine had a Linksys WRT54G that had begun it's death throws (needed a reboot every other day) so I got her a 751U to replace it. While setting it up I found that if you slave ports 2, 4 and 5 to port 3 as the master the router locks up on a reboot. Any other configuration works fine, but that particular setup causes it to freeze  .Aside from that, this thing is awesome. Going from a lovely Linksys WRT54G that saw significant signal loss at 20 feet to a cheaper unit that was still showing a usable signal 1/4 mile down the street is pretty sweet. The_Franz fucked around with this message at 03:38 on Oct 24, 2011 |
#
¿
Oct 24, 2011 03:06
|
|
|
|
| # ¿ May 1, 2024 17:53 |
|
|
Alarbus posted:Okay, this is driving me insane, and fast. No idea what happened Sunday night, but my wireless starting behaving oddly, so I rebooted the modem and the Mikrotik RB793G router. After, nothing would connect to the Internet. So, I wiped the settings and did it again, still nothing. Concerned that I screwed up something with that, I pasted my export from right after I set it up before. Still nothing. Said screw it, and plugged in an old Netgear router. At first it wouldn't get an IP address, but if I rebooted the modem, it would. If ether1 is your WAN port it shouldn't be bridged with your wlan and switch ports. Try taking it off of bridge1.
|
|
#
¿
Dec 1, 2011 05:46
|
|
|
COCKMOUTH.GIF posted:I'm more or less in the same boat and have been for some time. The RB751 sounds perfect for me, but ideally I'd like internal gigabit switching. I suppose one could just connect a gigabit switch to one of the ports on the Mikrotik but that's kind of a half-rear end solution. Are there plans for something like an RB751G? I can't remember. They are coming out with a 751G although the only known timeframe is "coming soon". The RB2011 devices should be shipping in a couple of weeks as well, some configurations of which will offer gigabit switching with wireless hardware built-in. It's probably going to cost a bit more than the 751 devices though. Kaluza-Klein posted:Maybe I am being dumb, but isn't the other problem with that setup that N wifi is faster than fast ethernet? You are effectively limiting fancy N wifi to 100Mbit/s, rite? I'm guessing that the logic is "most people won't use the wired ports anyways and ISP speeds generally don't go above 100Mbps". The_Franz fucked around with this message at 22:45 on Dec 12, 2011 |
|
#
¿
Dec 12, 2011 22:40
|
|
|
DaCheese posted:No love. Still not sure what is going on. I have seen at least 3 different answers to this while researching via google but none of them seem to do anything for me. I left the default config and just altered as needed per a guide on the wiki to get wireless working. Is there anything in the default config that could be getting in my way? I also tried a routeros upgrade, which did not solve the issue either. When you test it, are the counters next to the NAT rule increasing? Did you put a rule in your firewall forward chain that allows traffic on port 8080 through?
|
|
#
¿
Dec 31, 2011 00:36
|
|
|
It looks like they finally started to release the RB2011 devices. http://routerboard.com/RB2011L-IN
|
|
#
¿
Mar 5, 2012 20:44
|
|
|
Weiz posted:I could of sworn they said the RB2011 was going to be faster than 400 series. It uses a newer generation of processor than the 400 and 700 series (MIPS 74K vs 24K) so you can't really judge performance based solely on clock speed.
|
|
#
¿
Mar 7, 2012 17:07
|
|
|
Kaluza-Klein posted:I am not getting my hopes up, but what's another week on top of three months! Good thing that you didn't get your hopes up. What exactly is the problem with getting the 751G approved? The 751U has the same wireless specs and it was approved quickly.
|
|
#
¿
May 28, 2012 19:37
|
|
|
movax posted:I need to get better at using SSH though, as I assume that is the ideal way to manage the unit remotely (unless you can setup port forwarding to let you point winbox at a target IP). Why would you need port forwarding to access the router? Just make sure port 8291 is allowed in your firewall input chain and point Winbox to the public IP.
|
|
#
¿
Jun 17, 2012 03:50
|
|
|
CuddleChunks posted:Oh, what kind of VPN are you setting up? There are some sneaky tricks for handling PPTP-type VPN's I had to work through recently and have some suggestions. Haven't setup an IPSEC style tunnel yet. An IPSEC+L2TP tunnel is really easy to set up. Despite having never done it before it only took me about 10 minutes to get up and running with this guide. Even if you aren't using Windows, the guide still has a nice step-by-step walkthrough for the Mikrotik side. The_Franz fucked around with this message at 23:19 on Jun 22, 2012 |
|
#
¿
Jun 22, 2012 23:16
|
|
|
COCKMOUTH.GIF posted:Has anyone configured a commercial VPN with the RB751G-2HnD and can attest to its file download performance while it's connected to the VPN? How complicated would it be to configure this in the RouterOS? Or would I achieve better VPN performance with something like the RB2011UAS-2HnD-IN? I can't comment on commercial VPN providers, but I did recently setup a VPN with a 750GL (same CPU as the 751G) on one end and an RB2011 on the other. With both units in my Of course, if you want to use 3DES or AES-256 encryption the throughput would be lower than this due to additional CPU overhead.
|
|
#
¿
Sep 30, 2012 22:21
|
|
|
thebigcow posted:The RB1100AHx2 supposedly has IPSEC acceleration but I haven't seen IPSEC benchmarks or documentation beyond one line on the brochure so who knows how much it does. Also everything CuddleChunks said. Mikrotik says 800Mbps, although they don't say what kind of encryption they used. Probably AES-128, but who knows.
|
|
#
¿
Oct 4, 2012 18:11
|
|
|
thebigcow posted:Anyone looking at the new Cloud Router Switch? Knowing MT I have a bad feeling that things will need to be split across certain port groups for performance. According to the block diagram all of the ports are on one switch chip, so performance across port groups shouldn't be an issue, but until someone actually has one, who knows.
|
|
#
¿
Nov 7, 2013 15:11
|
|
|
thebigcow posted:I've never found good sizing information, and a lot of what is out there suggests selecting the shittiest possible encryption method for performance. I think the next CPU up would be the RB1100AHx2 at about $350. When it comes it IPSEC, 3DES is generally both the weakest and slowest encryption. AES128 is considerably faster and more secure. If you aren't stuck on Mikrotik, take a look at the Ubiquiti EdgeRouter. Even the $99 model has hardware IPSEC acceleration.
|
|
#
¿
Nov 7, 2013 19:04
|
|
|
When I was trying to get this working, I think Windows necessitated leaving 3DES as the encryption algorithm under IPSec/Peers as it wouldn't connect otherwise, but if you tick off the AES-xxx boxes in the settings under IPSec/Proposals then Windows will use whatever encryption it determines is best. Once it was set this way then Windows could connect and it showed AES encryption under the connection properties display.
|
|
#
¿
Nov 8, 2013 14:40
|
|
|
kiwid posted:I'd have to get the Pro for the 5GHz and that's $235 They're really worth it if you want something that 'just works'. I've had the 2.4Ghz model running in my home for a couple of years now and after setting it up I've never had to touch it. For any reason. Ever. It even doubles as a nice nightlight in the hallway where it's mounted  .
|
|
#
¿
Mar 6, 2014 05:33
|
|
|
thebigcow posted:http://routerboard.com/RB1100AHx2 Assuming you want a Routerboard something in that range or bigger. Lots of small, low power routers are not at all suited to the internet speeds that are becoming available for home users. You might as well just spend the extra $75 and get a CCR1009 if you want to be future-proof. That thing will easily push full-duplex gigabit speeds with a full set of firewall rules and QoS.
|
|
#
¿
Jun 14, 2014 15:37
|
|
|
thebigcow posted:The 1100AHx2 has hardware IPSec support but I've never seen actual numbers from anyone who wasn't using the least CPU intensive encryption that may or may not be broken by this point. They seem to recommend using AES-128 for maximum speed which is definitely not broken. Slower does not necessarily mean better when it comes to crypto.
|
|
#
¿
Jan 2, 2015 17:13
|
|
|
thebigcow posted:
If those CCR numbers are for the models with Tile processors in them, something is very wrong somewhere.
|
|
#
¿
Jan 22, 2015 02:50
|
|
|
thebigcow posted:What was your experience with the CCR? I should have said that it sounds like something is wrong. A lot of people have been complaining that the CCRs easily get 500+ Mbps when just using IPSEC but throughput plummets as soon as you use a tunnel. According to the people reporting the issue the CPU cores aren't even close to maxed out when this happens, it just sounds like some strange behavior that caps tunnel speeds at 150Mbps or slower. Some even report this low limit when the tunnel is unencrypted. Apparently the 6.24 changelog said something about improved load balancing when using tunnels so maybe this is much better now? It would also be nice if the people posting throughput numbers would include their settings to rule out things like too-big MTU sizes that cause fragmentation or using really slow 3DES encryption. The_Franz fucked around with this message at 08:09 on Jan 22, 2015 |
|
#
¿
Jan 22, 2015 07:04
|
|
|
thebigcow posted:Oh that way. The 1100AHx2 has hardware IPsec support and has existed for more than a year so that is going to skew things in its favor. The Tile models have hardware acceleration for AES-CBC as well. RouterOS didn't have support for it when they initially shipped, but they added it about year ago. IPSEC doesn't seem to be the issue here, according to the reports it's only when trying to encapsulate packets in a GRE or IPIP tunnel that the throughput takes a nosedive.
|
|
#
¿
Jan 22, 2015 17:39
|
|
|
PUBLIC TOILET posted:Okay, thank you. I had a feeling it was the "Address Lists" option in Winbox under Firewall but I wasn't sure because I had never used that feature before. I wanted to confirm in my head where everything would appear within the Winbox interface once I thought about each command that jeeves had mentioned. No. The input firewall chain is for traffic going from the internet to the router itself. The forward chain is for traffic passing through the router (i.e. internet to LAN). Since traffic to the router is never going through NAT or being passed through to the LAN you just need the rule in the input chain.
|
|
#
¿
Mar 21, 2015 13:55
|
|
|
Packets hit rules in the order they are listed so you need to put your Winbox rule above the "drop everything" rule or the packet will be dropped before it hits the Winbox rule. You also need to have your Winbox rule accept whitelisted connections instead of dropping non-whitelisted connections or allowed packets will just fall through to the drop rule.
|
|
#
¿
Mar 25, 2015 05:33
|
|
|
Mr. Clark2 posted:So...what exactly does it mean when a port is "slaved" to another port? I'm guessing that changes I make to the master interface will also be applied to the slaved interfaces? I'm going through the documentation but some of the English is...not so good (but still better than my Latvian). It means they act as ports on a switch instead of being handled individually by the software. The master port is then what you specify when you want to communicate with all of the slave ports in the switch group. You can only slave ports to a master if they are physically connected to the same switch chip.
|
|
#
¿
Mar 26, 2015 21:39
|
|
|
jeeves posted:I was wondering why my home speeds were around 44Mb intra-network, then I took a look at my home RB750's CPU-- it hovers around 60% when copying files. I'm curious if that 60% is okay or if that's the bottleneck. I guess once we have a spare Cloud Core I'll bring it home and drop my home config onto it and see if speeds pick up-- the ability to move configs around easily is why Mikrotik really shines. Why is your internal LAN-to-LAN traffic even hitting the CPU? Do you have the ports bridged instead of configured as a switch?
|
|
#
¿
Apr 16, 2015 20:02
|
|
|
Thanks Ants posted:Don't you need to tick the box next to "Protocol"? The box is for 'NOT', so ticking it next to the protocol setting would mean "anything but the selected protocol".
|
|
#
¿
Jan 15, 2017 18:09
|
|
|
I just found out that at&t now offers gigabit fiber at my address, so in a few weeks my old 750GL isn't going to cut it anymore. I'm guessing that an RB3011 should cut it as long as I don't do any heavy traffic shaping. Are there any IPSEC numbers for this device? I can't seem to find anything on Mikrotik's forums and it doesn't do HW crypto acceleration, even though the chip allegedly supports it and they've been "working on it" since it came out 2 years ago.
|
|
#
¿
Oct 25, 2017 15:14
|
|
|
thebigcow posted:It will never support it. The new RB1100AHx4 at twice the price is specifically advertised for IPSEC performance. I don't actually need anywhere near wire speed IPSEC performance, I was just curious if there were any numbers for the 3011. I only have a couple of IPSEC+GRE tunnels between myself and a couple of relatives so we can easily share files when working on projects (and they're on sub-100Mbps cable) and I like to be able to VPN into my home NAS on occasion. As long as it can achieve full-speed when doing basic SOHO routing duty, that's all I really care about. I know it's underpowered for doing queues at full speed, but I can't imagine needing QoS with gigabit bandwidth.
|
|
#
¿
Oct 25, 2017 16:52
|
|
|
|
| # ¿ May 1, 2024 17:53 |
|
|
The latest WIP firmware finally enables HW crypto acceleration on the RB3100 
|
|
#
¿
Aug 24, 2018 20:10
|
|