Hi, this is your newest member, from Turkey, my name is Ahmet, and i am very glad to be a member of such a helpful forum.
I’ve just taken some responsibility for my colleagues to serve them a fast, smooth and low-ping network which will be used for about 20 max 25 users at the same time and totally 100 to 150 users.
Restrictions:
-users will be manually added by me from their mac address, (i think this is ok)
-there will be an old computer for my access to router and will be used for logging. (logging is legally mandatory)
-we will have a fiber net with a speed up to 50-100 mbits, and if you advice, we may rent two different internet connections just to maintain speedy and low ping surfing (and gaming of course) what do you think?
-if possible i’d like to limit each user with max 8 mbits to control downloaders. (does this affect gamers?)
and presently we have a proffessional(actually i don’t know, it seems pro.) switch, and 3 access points inside the building, we are planning to add 2 other ap s, there are lots of ports inside the building which are made of fiber or cat cables.. (yes we have a server room) all ap s are desired to be bridged..
With these restrictions:
1- what is the minimum computer specs shall we have for this?
2- which AP of mikrotik should we order? not very expensive please
3- is the modem important? if it is important, which modem would you advice?
ps: simple language please, not a native speaker, and no abbreviations please.
many many thanks for the answers..
Hi,
I would go for RB2011UiAS-RM and have the wireless/AP separate from the box.
I read you already have good LAN-switches, so the Hex S can also be used if you do not need the ports on the RB2011.
More then powerful enough as you have “low internet” speed.
-users will be manually added by me from their mac address, (i think this is ok)
Sure, you can do this. Offcourse MAC can be “spoofed” to bypass your security, but for “typical” office user its OK
-there will be an old computer for my access to router and will be used for logging. (logging is legally mandatory)
OK, you can “limit” management to the router only from the IP of this PC and have all logging transmitted to it. If the PC has a bit more power, you can even have some network-analyzer software and monitor more in detail.
-we will have a fiber net with a speed up to 50-100 mbits, and if you advice, we may rent two different internet connections just to maintain speedy and low ping surfing (and gaming of course) what do you think?
OK, there are examples on how to config with 2 ISP’s and steer some of the traffic to ISP1 and the rest via ISP2.
-if possible i’d like to limit each user with max 8 mbits to control downloaders. (does this affect gamers?)
Possible yes, you can control this based on different criteria (eg. IP address, ports etc)
For the wireless I cannot advise. I personally use Mikrotik for the IP-routing part and Ubiquity for WLAN/AP’s.
But I think you can find some low-cost good-enough AP’s and integrate them with the RB2011
Indeed it is, but the RB2011 would still be a good match for the low speed 50-100megabit Internet line they seek to use. (even if they use 2 of such ISP lines)
If they would have 1Gbits/s Internet however, the extra horse-power of the hEX S (2 cores/4threads @ 880Mhz) would become more visible against the RB2011 (1 core @ 600Mhz)
I would only get the RB2011 IF the extra LAN-ports are really needed, but if enough other good LAN-switches are available, I would think about the hEX S
My RB3011 at home (2 core @ 1.4Ghz) on a 100Mbits/sec PPPoE xDSL almost never exceed 5% CPU even at 100% utilization of the link, but without QoS or IPSEC VPN or something.
I do have between 30-50 firewall rules, extensive logging to SPLUNK etc, all 10 ports are connected with devices.
RB2011 should IMO NEVER be recommended in 2020 - at least not for routing purposes.. it’s close to 10 years old and will only do 50-100megabit internet routing with basic firewall.
As soon as you try to do anything else you will have unstable link.
OP asks for queues (which is needed for the limit users @ 8mbit) and mangling (for potentially two ISP’s), both of which need fasttrack to be disabled which in turn will make CPU go 100% on RB2011 at these speeds.
Hex S is a much better device for routing. Combine with a separate switch if more ports is needed.
Or buy RB4011 to get all in one.
If no extra LAN-ports are needed or you can to combine with separate LAN-switch : hEX S (only 60-70 euros I think)
If up to 10 LAN-ports extra are needed : RB3011 or RB4011 (between 120-160 euros) is still a very safe choice. I have RB3011 since many years and happy with it.
For the wireless .. no experience with MT..a very happy Ubiquity user in this domain.
Thank you very much for the opinions and good ideas.
Because of our poor ISP, i still think 50 mbits is “fast” but you, in another country, you said it is “slow”
I need to know one more thing for the best choice.
Does a switch slow/retard my network?
I will go to work tomorrow, can you make a comment about our switch in use, if i upload its photo?
I also will take a photo of our AP.
Yeah I’m not sure what MT was thinking making all these devices with such small flash when 128MB wouldn’t add but a few dollars cost and save a lot of headaches for some people.
