Hi all.. I stumbled across this site a few weeks ago as a way to replace my current Cisco hardware at home with something that allows for easier management, more flexibility and still offers the same Cisco style features I’ve come to know and use (e.g. more flexible than the typical store-bought router). To that end, I’ve currently got the following hardware in use at home – all working just fine :
Cisco 1841 Router with K9 extensions, FastEthernet ports only (no gigabit)
a pair of Cisco Aeronet 1242 wireless access points strewn at opposite ends of the house for coverage – both using ceiling mount antennas
Currently this combination serves the following purposes : NAT’d port-forwarding firewall serving several websites, DHCP (assigning static IP’s to various hosts based on mac-addresses), Mail, WIFI to the entire house including some outside coverage, etc..
Some things I’d like to improve upon if a switch to another platform is done :
Increase routing speeds from FastEthernet (10/100) to Gigabit
Allow (if possible) the definition of a demark-zone for things like a VOIP box that prefers to be outside of the NAT’d firewall
Traffic Shaping (never tried doing this with the above cisco hardware, but I think it can do it)
Reduction in hardware – currently in the garage the router & AP are separate – it’d be nice to merge them to reduce power consumption
One last weird request – the ability to route web traffic by domain name (e.g. port 80) to one or more machines – similar to what Apache does normally in reverse proxy mode IF I have http://www.foobar.com hosted on machine “A” and http://www.barfoo.com hosted on machine “B” – with different IP’s. I didn’t find a way to do this with Cisco IOS..
Run a web proxy similar to DansGuardian to keep my kids off sites they should not be on - if possible.
I think that’s about all I can think of.. Now, in narrowing down the hardware available on the routerboard site, I see only three boards that qualify when you search for boards with gigabit network ports :
RB450G - 5 gigabit ports
RB493G - 9 gigabit ports
RB800 - 1 or more gigabit ports
So.. With that all in mind, is the RB493G the best bet for my money (without breaking the bank) and will it (along with the RouterOS) do what I need? I realize I’ll need two devices in total – one for the main router + wireless board (not sure which one) and another wireless standalone that will be wired up (preferably via PoE) via CAT6 back to the main router. Also, are any of the standalone wireless boards able to be mounted in an attic space without heat issues? I live in the Southern California area where an attic in summer may get 130F+ (my guess on temp) based on an outside max temp of about 100 to 105F – or I guess I could just mount the external antenna up there with a 15’ cable…
MikroTik will only offer gigabit, wireline forwarding if you use the Switch Chip feature. Using this feature limits the things you can do with each host. For instance, the hosts must resolve on the same network. You cannot separate hosts into different VLANs with MT as the gateway (no layer 3 switch)…and the list kinda goes on. Software forwarding performance will be slower than 100Mbps…and varies based on the number of software features in use.
If you’re looking for consistent packet forwarding rates, stick with Cisco.
*Allow (if possible) the definition of a demark-zone for things like a VOIP box that prefers to be outside of the NAT’d firewall
You can achieve this with a software bridge. Bridge your WAN port & an internal port together. Your internal port will be able to use any IPs present on your ISP connection. Assign your router’s ‘WAN’ IP (for NAT clients) to the bridge interface.
Traffic Shaping (never tried doing this with the above cisco hardware, but I think it can do it)
Reduction in hardware – currently in the garage the router & AP are separate – it’d be nice to merge them to reduce power consumption
Both are feasible.
One last weird request – the ability to route web traffic by domain name (e.g. port 80) to one or more machines – similar to what Apache does normally in reverse proxy mode IF I have > http://www.foobar.com > hosted on machine “A” and > http://www.barfoo.com > hosted on machine “B” – with different IP’s. I didn’t find a way to do this with Cisco IOS
Run a web proxy similar to DansGuardian to keep my kids off sites they should not be on - if possible.
I’m not sure you can use the web-proxy feature for outbound if you use it for inbound. But, MikroTik doesn’t really support content filtering like DansGuardian. You can block certain domains in the proxy, but the proxy doesn’t examine content like DG. So, stick with DG.
If I’m not planning on doing an VLAN sorts of things for now and have a fairly simplistic network topology, then perhaps that’s OK?.. With that in mind can I assume I’ll not be tickling any of the oddities here and still get fast wire-line switching/routing? I still need to do more homework in this area..
Sounds good.. I’ve usually got one server running 24x7 and will loadup DG on it and forward traffic through it (I saw this question asked back in 2005).. Thanks for all the help guys!!
You will be able to achieve gigabit, wire-line routing between the clients on the LAN. Traffic to/thru the gateway IP is handled in the MirkoTik CPU (software switched) and thus will be slower. You lose the performance of the switch chip the moment any traffic touches the CPU (queues, VLANs, bridges, layer 3 interfaces, firewalling, etc).
: