I am looking for a replacement for a new router. I’ve been dealing with the topic for many days now and have become aware of the Mikrotik CCR2116, as it can obviously keep up with the big ones in terms of price and functionality. We are a small company with a headquarters with around 30 employees and other small locations as well as additional home office employees (which will increase in the future). In the first step, the router’s task is to connect not only the office employees at the main location, but also all other locations and home office users via a VPN server. There are two ISP connections available, one of which should be configured as failover. However, some things are not entirely clear to me.
Do new firewall rules have to be created on the router for new subnets or do they apply globally to all networks?
Can subnets with an installed VPN client be used in another subnet, e.g. B. via rule definitions?
Is the split tunneling method supported regardless of how the client is connected (office or remote via the VPN server)? Traffic through the VPN client should only occur on specific websites.
How long are firmware updates etc. usually made available?
Do the model letters CCR, CRS, etc. have a meaning or classification?
I would like to thank you in advance for reading the article and hope for appropriate answers.
From the official product page, at the very bottom:
“The device has an operating system preinstalled and licensed. No separate purchase is necessary and the product is ready to use. The device includes free software updates for the life of the product or a minimum of 5 years starting from date of purchase..”
Since they guarantee a minimum of 5 years of software updates from the date of purchase, this means effectively a little more than 5 years after EOL. Because there will be people purchasing an already EOLed device - and they will have 5 years of updates. At a minimum.
Congratulations on finding MikroTik and considering it for your next project. Once I found MikroTik, I never looked back. Haven’t bought any Netgear, DLink, TPLink, ASUS or Cisco Small Business since.
It all depends on how you configure it. RouterOS is extremely flexible.
Yes
Yes. YMMV with Mac clients as they don’t support pushed static routes via DHCP.
A long, long time. Generally support will get dropped if the flash memory on the device is so little that the new OS releases are too large to fit on it. The Tilera-based routers will probably eventually become unsupported as MikroTik does not have any current hardware products that use the Tilera CPUs, and I believe all the existing Tilera-based products have become EOS.
CCR (Cloud Core Router) means it is intended to be a router and does not typically have a switch chip. In some cases each port is wired directly to the CPU. CRS (Cloud Router Switch) means it has a switch chip or switch chips, is intended to be used as a switch, has RouterOS as the primary OS available so that you can perform layer 3 operations. They are optimized as a switch and while can function as a router, you’ll incur a significant performance hit if you try. Some CRS models also have SwitchOS available in a dual boot configuration. CSS (Cloud Smart Switch) have a switch chip and are only available in a layer 2 web-based configuration.