I’m currently using a Tp-Link T480+ Load Balance router but I’d lie if I say I’m happy with it. I want to replace it and I’m really interested in MikroTik routers, however I’ve never used one and I have few questions about them in general. It would be great if someone will be able to help.
First of all I have 2 different internet providers and I’m using one of them as a backup provider. That being said I wasn’t able to see a dual WAN router in the MikroTik product list. Is it possible to use double WAN both for load balancing and failover with these routers?
The second thing I’m really confused about is the licensing. Is the license bound to the router’s hardware or it is PC related. I found information that it’s HDD bound and if that’s true it seems really strange for me. For example the router I was looking for is RB2011UiAS-IN and it says it has Licence level 5 but If I have to activate this licence on a single PC and I’m forced to move the HDD with the router it would definitely stop me from buying it.
The license is bound to hardware for hardware products. It is bound to hard disks for virtualized products (CHR or x86).
Dual WAN is rather a configuration thing than a hardware feature. All routing-capable products can assign the roles of individual Ethernet interfaces quite freely so you can e.g. set up three WAN ports and two LAN ports on a 5-port device.
A 2011 may be too weak these days, products with more CPU power have become available since the time the 2011 was released - it depends on the number of ports you need and the amount of money you want to spend which one to choose.
Thank you for the clarification. So basically every Ethernet router is with licence bound to it and there is no need to worry about anything. I’ve just looked again at the MikroTik site and there aren’t a lot of routers. I’d prefer to buy a router with more ports as I’m forced to use two of them as WAN ports. However what model would you recommend me to get even if it’s with fewer port number? I need a stable router that can switch from the main provider to the backup one as fast as possible if the first fails. I’ve looked even for 3011 but it seems to be only for rack mount. The amount I’m willing to pay is lets say between150 and 200$. I even thought about RV320 but it seems like the MikroTik routers are better in this price range that’s I’m heading for MikroTik.
Sorry, will need a bit more info, i.e.
is this for home / SOHO environment,
do you need wifi with or pure routing.
Will you need hardware vlan switching
The RB3011 has 10 ports total, and would be more then enough power to manage your home network. I have about 30 RB3011’s out int he field operating businesses. I can safely have about 250 devices online with a 500Mbps symetrical ISP connection. Router runs at about 45% CPU load, with about 40 Mangle rules, 15 Nat rules, and roughly 30 firewall rules. I also operate a hotspot server from them. Some also have multi VLAN’s on the same single interface.
If you need more then a few ports for your equipment I would recommend a network switch (unmanaged would be simpler, but managed gives you more options such as VLANs and such).
If you want something with more ports, and is more powerful, the RB1100 should do you well.
But if you want to keep it small, the hAP lite’s are also nice. But you would also need some kind of switch to connect all your other components to the hAP.
RouterOS is just software that runs on the Mikrotik chipsets. Just need to figure out how much load you will put on the chipsets, and find a model that matches.
Sorry for the lack of information. It is for a home, there are 5 PCs, 4TVs, 2 network printers, a server used mainly as storage server and a DVR. I’d prefer an Ethernet router with additional APs. to cover the areas where I need wifi. I’m using 2 VLANs for two different floors of a house. There are 2 different ISPs, to the main one I’m connected via PPPoE (fiber → media convertor in the basement) and there is a back up ADSL. Currently the main WAN on a 480T+ router is set to PPPoE and the back up one is coming through the ADSL modem. I would prefer to buy let’s say a future proof router and if 3011 would do the job I may consider it as an option. RB1100 would be a bit of an overkill I think. It’s really important to have a good failover capability as the current 480T+ is somehow slow and I don’t know, sometimes it acts a bit derpy and of course it’s 10/100.
Sorry for the delay. I’ve being looking for different options. Would I get hEX S (RB760iGS) over 3011? I’ve heard that 3011 is an old model and it’s the first one with ARM so it had few problems like when you connect 10/100/1000 and 10/100 on one side. As I see on the site it looks like that RB760iGS is really new device. Someone said that they are too hot - 40+ C is this true and if I pick it, is there a chance to overheat? The current 480T+ is really cool. I’ve being thinking about something like hEX S RB760iGS as main router, 2x hAP ac² as AP/Switches and probably one more switch.
We use 3011’s for our top business clients and have no issues. The 3011 is a more powerful router than the hEX, unless you do a lot of ipsec traffic and need hardware offloading for that. With a fully loaded configuration you can get around 350Mbps routing performance out of the hEX and 800Mbps routing out of the RB3011. Those values can go up if you have a simpler configuration and are using features like fasttrack, but if you like to tinker, then you will have more of a load and those values that I provided are about right.
I don’t think you need to worry about overheating, my hAP ac runs at 55C according to System->Health and even goes up higher to 60C on very hot days, I don’t have any problems with it.
If you need to get one more switch, consider a CRS model instead of a SwOS-based model as the CRS models run RouterOS and so you have more tools when it comes to troubleshooting etc. SwOS is more limited, and doesn’t support certain features like IPv6 for mgmt address yet. We have a few SwOS devices out in the field that we were trying out, and they work kinda OK, but we tried to upgrade firmware on them and it refuses to upgrade, the only fix is to go to the site several hundred km away and reset it to factory defaults, then upgrade it and set it up again from scratch. Instead of doing this we are going to spend the extra money on a few small CRS models that run RouterOS, because at least we know that RouterOS is reliable when it comes to upgrades.
Also,keep in mind that your config with load balanced Internet connections and the VLANs is not necessarily going to be simple. You might want to start with a simpler setup so that you can get used to working with the devices and proceed from there - RouterOS is very flexible, but that flexibility means that it is more complicated to set up. The VLAN configuration in RouterOS is currently in somewhat of a state of flux since they are trying to amalgamate the software switch (“bridge”) and hardware switch (“switch”) structures to make configuration easier by introducing bridges with hardware offloading (RouterOS 6.41 and later), which essentially sets up the hardware switching on the back end for you. However, only one series (CRS 3xx) currently supports hardware offloading with bridge VLANs, with all of the others you have to use the old way to set up switch VLANs with hardware acceleration.
Also, I don’t believe that the hEX supports hardware switch VLANs at all currently, but they are probably adding support in a future software upgrade. If you need to switch VLANs at wire speed on that device, then it may not be the best choice.
EDIT: RB3011 now has hardware acceleration as of the latest RC (beta version) released yesterday, so there is no longer any advantage of the hEX over the RB3011 besides cost.
Thank you for your post. The truths is that I’m not planning to do "a lot"of IPsec traffic or generally to need high routing performance. Currently I’m using the VLAN only to separate the network. My initial goal was to just “upgrade” the current 480T with something more robust and stable and to move to a gigabit. I’ve initially headed to 2011 because of the lan ports and then to 3011 as it turned out 2011 is a bit old. However if the hEX S would do the job for me I’d consider it as an option with additional hAP ac2 devices. For me the very minimum as it comes to configuration is the double WAN failover and the network separation. Of course I’d love to have something that I can do a lot more when needed. Here we come to the dilema which option would be the best for me, as if I can go with the hEX I’d be able to spent these extra cash for hAPs and switch.
Hi After i Reset mikrotik rb941-2nd-tc hap lite using the reset button, now it doest work? the the LED light oon the router keeps on blinking how can i fix it? thanks
I would go with the hEX S and the hAP ac2’s given your description above, they should be fine. If you can avoid using VLANs, you can simplify the initial setup. Your equipment is capable of VLANs but hardware acceleration for VLANs for the hEX S is still in the future. If you want to set up VLANs right away, try to avoid avoid having the hEX S double as a switch, except for low bandwidth devices.
… or use hAP ac² for routing. Recommended price is same as for hEX S, main diffrences are:
hAP ac² has dual-band WiFi, hEX S has none
hAP ac² has supported VLAN-capable switch chip, hEX S support is yet to come
hEX S has both passive and 802.3af/at support, hAP ac² has only passive-PoE support
hEX S has one SFP (1Gbps) port, hAP ac² has none - but if you use SFP port, CPU-ether connection drops to half capacity so CPU-intensive VLAN switching speed will get even lower, essentially making this device only to be useful as almost router on-a-stick with either SFP or single ether port used for WAN and single ether (or SFP in case ether being WAN) for connection towards LAN (with all of its VLANs)
So, depending on your needs, you can choose between the two devices. I’m going to use (configuration pending) hAP ac² for routing, with WiFi disabled, as I don’t need any kind of PoE while I do need HW offloaded VLAN switching.
In overal, block diagram of hEX S shows more hidden issues that sensible person would like avoid. Stuff like shared line for eth1, 3 and 5, complications with switched/not switched lines, or already mentioned exclusive line for SFP…
I know it is not really “hidden” (because block diagram is public) but the constant need to remember every possible bottleneck it is killing me. Especially when we know that RB450Gx4 or RBD52G (hAP ac^2) can do it without this fuzz - single block diagram, no exclusive lines, no semi-shared lines.
Which reminds me - If you need more memory/storage than offered by hAP ac2 but don’t need SFP, RB450Gx4 is actually really good model as it has all “cool” features - SD card, beeper, serial port, lot of memory and storage… Unfortunately bit more expensive - almost double price.
I don’t really need the SFP port, so I can go without it. However isn’t the hAP ac2 labled as an AP or it has the same functuionallity like the hEX S? Is it possible to use hAP ac2 as a router and another hAP ac2 as a pure AP?
hAP ac2 is labeled as wireless router and it’s routing capabilities (mandated by CPU speed) are at least as good as of hEX S (check Test Results on product home page).
Yes, it is possible to use hAP ac2 solely as router or as AP.
When using hAP ac2 as router, you just disable wireless interfaces.
When using hAP ac2 as AP, there’s slightly more work to be done as you have to unconfigure all firewall (at least the chain=forward, you may want to keep some of chain=input), any support services (such as DHCP server, DNS server, …) and reconfigure bridge (to add ether1 port to LAN bridge in case if you need all 5 ports switched. You can omit this part and just tape-off ether1 not to use it by mistake). Actually it’s easier to get there by removing all configuration and do it from scratch, there’s not much of it: create a bridge, add all ether ports to it. Add both wlan interfaces to the same bridge as well. Add IP address and default route (to be able to perform ROS upgrades). Configure wireless (security profile and SSIDs). You’re done. Optionally play with firewall if you don’t trust users on LAN.
Plus, if you go with two devices of same hardware type, you can use them as spare parts for each other in case one of them fails (keeping fingers crossed that this won’t happen).
