I’m looking for a device to use as backup in WAN2 of mu Unifi Cloud Gateway.
I live about 350 meters from the cell tower which i have i plain sight, is it then best to use a device with directional antenna like SXT LTE7 kit, or is it better to use a device with non directional antenna like wAP ax LTE7 kit eve though it’s a bit more expensive?
I only get 4G from my provider so 5G devices are not neccessey.
And since I get a public IP from my LTE provider I would like if it was possible to passtrhough the LTE IP to the WAN2 port och the Unifi Cloud Gateway.
And I like the device to be powered by standard POE.
If you have a cell with free line of sight, a directional antenna will always give you better signal and (hopefully) less noise than an omnidirectional one.
BUT, if you are only 350 m from a cell tower, it makes little sense to go through the extra work of passing a cable outdoors, setting up a pole, have a surge/lighting protector, a proper ground AND the inconvenience of going up to a ladder (or whatever) to reach the device in case of issues.
If you have a flat (and easily accessible) roof or terrace where you can place the SXT, it becomes debatable.
The WapAX is a "different" device, it has not only the LTE connection, but also dual (2.4 GHz and 5 GHz) radios that make it a "cellular router/access point", I would choose that if you can afford it at $ 169, only if you need also its wi-fi radios and I believe it can be used both indoors (you will need to invent some kind of stand) and outdoors.
The "right" device for indoors would probably be the Chateau LTE7, $119, but personally I wouldn't rule out, if you are on a tight budget, the Ax Lite LTE6, only $99 (and "only" LTE 6) but still with plenty of RAM and storage (256 Mb/128 Mb) and more "flexible" (in the worst case you can still re-use it as a switch or router or 2.4 GHz only AP.
Anecdotally, I have a couple of FWA devices (non-Mikrotik) installed in two places and with LTE (4 G) I can only dream about 300 Mbit download/100 Mbit upload of LTE6, so the difference against LTE7 is IMHO largely marketing hype.
I live in a flat so I don’t have access to the roof, but I live on the top floor (3:rd floor), and from the balcony I have a clear line of site to the cell tower.
So the idea is to mount the device on the railing of the balcony and pointing it at the tower.
But regatding LTE6 / LTE7 I still won’t be able to reach the theoretical max speed with the SXT devices since they only have 100mbps ethernet interfaces.
I read somewhere thet there was issues to passthough the LTE IP to the ethernet inteface, but maybe that was the first SXT device?
But SXT LTE7 kit seems to be cheaper than SXT LTE6 kit, so I don’t see the point in buying the LTE6 version, or am I missing somtheing?
Well, as said, with 350 m distance you can keep the device inside (unless you have -say - 1 m thick reinforced concrete walls or similar, but that would be uncommon on a third floor), and avoid the hassle of the external mount, besides the SXT is (IMHO) not exactly "pleasant to the eye".
If you insist on mounting it outside, the wAP is much less noticeable.
The passthrough mode (generally speaking) has been reported as causing issues in some cases, particularly with access to the Mikrotik device from LAN, but not linked to a specific device AFAICR, and some of the other issues likely depend on the (cellular) ISP service.
As always it depends on personal preferences - I really cannot see the problem with using the device "normally" as a router (yes, you will have double NAT, but that is usually not a noticeable issue, particularly with a LTE connection IMHO).
BTW, the Chateau LTE7 (and also the Ax lite) can be "hacked" adding an external antenna connector, since I presume that you could do with a short enough - say - a 5 m antenna cable, that is yet another possibility, considering that - no matter how well it is built - an electronic device placed outside, exposed to the weather, is much less reliable than one placed indoors.
This is my first experience with a MIkritik router so I’n not at all pamiliar with the management interface.
What I imagine would be possible is to set upt the VLAN interface to get its IP adress from my Unifi cloud gateway thrugh DHCP, which means it will get gateway and DNS that way.
But I don’t see any options to set up the IP address for the VLAN to be handled by DHCP, any ideas where I can find that?
This is where I set up the IP addres for the VLAN, under: IP → Adresses.
The configuration on a Mikrotik device is easier to understand as textual settings, the GUI (be it Webfig or Winbox) is more pleasant to the eye and for making some settings it is more convenient but nothing beats terrminal (CLI) for clarity.
Cannot say if what you plan can be done the way you think.
Maybe you can attach a DHCP client to the VLAN interface, but without your configuration and a description how it is the network topology "past" the Mikrotik, it is just a guess.
Strictly speaking there is no need to have internet connectivity to upgrade/update, you can download the relevant files to a PC, upload them on the device and then upgrade.
If you look at the screenshots you’ll see that the router now have Internatr access(it spotted new software)
But sure I can upload my config, file is attached.
And when connecting using the Android app, it clearly say that Internet is available on vlan1, so maybe there is some kind of bug on the Quick Set page so Internet access is not spotted.
I am confused (and you broke also Rules #1 and #2), my guess is that it somehow works because you have no (IPV4) firewall as the VLAN 1 interface (on top of ether1) is WAN[1], but runs a DHCP client that (from the android screenshot) gets a 192.168.15.9 (so it behaves like being LAN, presuming that DHCP server and gateway is 192.168.15.1, or maybe the 192.168.15.9 is the address of the bridge? But that is not possible as there is no DHCP client running on the bridge).
To clear the matter you need to post also the output of: /ip route print
and /ip address print
[1] since you have no firewall and the NAT disabled, this categorization - even if "wrong" - has no adverse effects.
The reason I use vlan1 is because I want to reach the Mikrotik device thru the default LAN which is vlan1 in Unifi.
And because I want the device to simply act as a modem connected to WAN2 on the Unifi cloud gatway I disabled as much stuff as possible (Firewall and NAT) and now I even removed the bridgge and it's IP-adress, but everything works as I intend.
So now it looks a bit wierd on the Quick Set page with no Local Network IP-address
Yep, it is fine, the device is in passthrough mode, so no issues with bridging/switching (on VLAN1).
The Quick Set very likely doesn't even consider the VLAN interface.
Since you don't have the firewall in input (and also NAT disabled), everything works so you can keep everything "as is".
The addresses and routes are assigned Dynamically by the DHCP, the ether1 by the LTE and the VLAN1 by your local DHCP server, so everything is OK.
I would still change:
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=vlan1 list=WAN
to:
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=vlan1 list=LAN
for clarity and future memory, but it shouldn't change anything from a functional point of view..
Then you could clean up a bit the configuration (removing the unused DHCP server, and the other disabled things).
What is strange is that your /ip address print does not show the 192.168.88.1/24 static address of the bridge nor your /ip route print the corresponding route (but maybe it is a side effect of the passthrough mode?)
I would check that the bridge is actually reachable via IP or see if you can make the ether2 an offbridge port, so that you have another way to connect to the thingy should something go beserk with dynamically assigned addresses and routes.
And also check if via Winbox you can access the router from ether2.
Thanks for all your input, it's been very helpful.
I removed the bridge and it's IP-adress alltogether as I wrote in the previous post, that's why it doesnt show in the print.
That will probably mean I can't access ethe2 at all, but I don't need that port.
I guess the next step is to mount the the device outside to see if signal improves, and if not maybe try with a external antenna.
Of course it depends on location and your ISP, but 60/35 don't sound at all a bad result, for a Cat 6 device, testing it outside costs nothing, so it is worth it, but an external antenna seems to me an unneeded complication (unless you do it for fun, of course) and has a cost, probably around 100 € or so, plus the pigtails.
If it was your only and "main" connection to internet I would understand, but as a secondary, backup wan?
