Mikrotik SUCKS

user5342 · Sat Sep 16, 2023 11:15 pm

First of all i want to introduce my self.
I'm IT engineer for over more then 20 years. I'm not newbie, seen and know a lot of things.
I was buying and setting up a lot of Mikrotik routers for the past few years. Usually customers had a basic needs like port forward, vpn, etc.
These simple configurations are easy to made.
But once you want to make something more interesting Mikrotik is ZERO user friendly. It is pathetic to work with some specific topics.
To be honest with you i was trying to understand and work with this platform. I even tried to pass Mikrotik certifications, but they did not allowed to do that online. You have to fly somewhere. I was waiting for L900. The new model. It's quite nice, it's arrived. And i pissed off. Really. I believe in the human life there are much more to do, then spend hours and hours trying to do more or less basic things. Mikrotik WHY are you so f***ing complicated and so unfriendly? What is the reason to be such a pain in the ass? Things that are easily done on hap ac3 are no more possible to do on L9000. Why? It stinks like microsoft. If you knew how to set up someting in winxp you will not be able to set up the same thing in win10. Just because everything is different.
Why this: https://www.youtube.com/watch?v=1ZJ-pM89N7o work on ac3, but there is no way to set up on new L900?
I'm in love with linux and i'm in love with mac. I was really pushing my self to love mikrotik for years, but i see that live is too short to spend so much time on this extremely unfriendly platform. Probably i will switch to Cisco, OR please give me any other suggestions. What do you prefer and why?

I'm not a noob. I work with quite interesting and complicated linux platforms. But mikrotik... after more then 20 years working in IT, i feel stupid when trying to set up some quite basic things. I know what i want to do, i know terminology, i know and understand how things work, but in mikrotik it is somehow over the ass. Why so?

Maybe it is my fault? But where to understand this platform with the shortest possible time? I don't want to spend weeks, months and years, trying to set up a 2nd VLAN. Come on. It should be done in couple clicks. But i'm digging this piece of .... third evening. And it is not f*** working.

If i was a newbie in IT, then i should blame my self. But after half live in IT and struggling with quite basic things... .. come one...

I just disappointed.

Talking about Wireless. I'm in love with Ruckus. Very flexible, but extremely easy to understand platform. Try to do the same thing of Mikrotik, good luck. What is done in minutes on Ruckus, it takes evenings to set up on Mikrotik. WHY?

Looks like whole linux is much more understandable then mikrotik. If there is some fast learning tutorial or course, please share with me. I'm not spitting on mikrotik yet, but time is ticking. I believe i will move to the other platform. Cisco? PfSense? Also if you have any suggestions i would be thankful to hear them.

I'm just pissed of this this software. Asked for help from my colleagues, we spend hours together and could not make a simple tasks.

If i'm wrong, please correct me. If someone could help with the settings, also i would be thankful. all i need is to have separate VLAN with it's own IP range. with is own VLAN. With it's own SSID, and ONE or TWO ethernet ports, that are connected directly to the same VLAN and 2nd DHCP pool.

For years i was trying to learn and understand this platform. Where is my fault (or manufacturer) that i could not. I've learned linux faster then mikrotik.

Going to sleep today. Will 100% switch back to Rukus as for wireless solutions, but for the routers, i'm stuck... Help me to move out of this stuck situation. I would like to learn and understand mikrotik, but don;t want to spend all my life doing this. Believe that there are better options, with much smaller labyrinth to pass trough.

gabacho4 · Sat Sep 16, 2023 11:22 pm

Read the subject and the first couple sentences and immediately got bored. Best of luck network guru.

DarkNate · Sat Sep 16, 2023 11:26 pm

The author is clearly a man-child.

I have my problems with MikroTik, but I have a problem with Cisco, Juniper, Arista as well. No vendor is perfect.

As a network engineer, I work multivendor on per use-case and business-case basis. Good luck to the OP.

user5342 · Sat Sep 16, 2023 11:35 pm

Read the subject and the first couple sentences and immediately got bored. Best of luck network guru.

Good luck to you to, empty commenter.
There is no need to have higher IQ to write that basic comment, you just write.

user5342 · Sat Sep 16, 2023 11:41 pm

The author is clearly a man-child.

I have my problems with MikroTik, but I have a problem with Cisco, Juniper, Arista as well. No vendor is perfect.

As a network engineer, I work multivendor on per use-case and business-case basis. Good luck to the OP.

Most of the problems are solvable over 1,2,3,4 hours. With Mikrotik i stuck for weeks. Why so?
I learned linux, chef, jenkins, ms ad, ms365, azure, and much more. They are somehow intuitive when having basic knowledge you only need some little push to go trough. But with mikrotik, most in the time i feel like a newbie. Like a man, who never seen a router, o the man who does not understand tcp/ip and etc. I'm not blaming 100% mikrotik. Maybe it is my+mikrotik incompatibility. ...but some of my colleagues, who are very smart at networking and servers, also stuck mostly with mikrotik.

kraal · Sun Sep 17, 2023 12:40 am

Most of the problems are solvable over 1,2,3,4 hours. With Mikrotik i stuck for weeks. Why so?

According to what I see, you posted seven times so far in two separate threads, including this one. I quickly read the other thread, and frankly I dont get how an "IT engineer for over more then 20 years" don't get that if he wants to have a port part of a specific VLAN he needs to have an access port and tag the traffic with the correct vlan id.

Thus, the answer to your "why so" question, is IMHO a chair/keyboard-interface issue.

Regards,

anav · Sun Sep 17, 2023 12:50 am

Sorry no spoon feeding here, go back to yo momma!
https://mikrotik.com/consultants
https://mikrotik.com/training/centers
https://www.udemy.com/topic/mikrotik/
https://www.youtube.com/watch?v=waDRjGJ8_Ek

If you had asked for cloudflare zerotrust tunnel for all devices, I might have perked up.

memelchenkov · Sun Sep 17, 2023 2:20 am

You and your colleagues should get offline training. You are right, MikroTik's UI is counter-intuitive, even for those who knows Linux, and you'll spend months mastering it yourself. However, knowing how these UI sections interacts with hardware and with each other, it will not be harder than any other router, and I doubt you would like to switch WinBox to anything else then. If you like Cisco then you may work with MikroTik from a CLI, not much differences in work approach. I don't know any enterprise-level vendor with a flat learning curve.

felixka · Sun Sep 17, 2023 4:16 am

Most people I know that have some sort of background in networking and who are trying to make Mikrotik work for them go through this at the beginning. It's a normal part of the process.
It takes some time, but you'll learn to love it eventually. Especially if, like you said, you are somehow stuck with Mikrotik.

Mikrotik made and makes a lot of interesting and quirky design decisions. Some of them are because they are direct reflections of the underlying Linux components used to build a feature (such as bridging, and with that VLAN filtering). Some of them are because Mikrotik decided to in-house develop implementations for standards in their way (mostly routing algorithms or stuff like DHCP) rather than using a more featureful or simple to use open-source implementation.

Many times, in threads similar to this, people will "threaten" to go to other networking brands, such as Cisco. I always wonder what this is supposed to achieve? Mikrotik never seemed to have aligned itself with any of the larger brands' feature sets. Sometimes it feels like they deliver features that nobody asked for at a time when other stuff would have been more pressing. That makes it seem that Mikrotik is largely immune to outside forces, which can be both good and bad.

So take a breath, read the documentation and eventually it'll come to you. It did for me.

vikriaulia · Sun Sep 17, 2023 5:28 am

I absolutely stand by MikroTik because it's the ultimate solution for all my networking needs. It's a powerhouse that combines a firewall, wireless, router, and switch all in one device. If you're whining about the UX/UI, then it's clear to me that you're just a lazy old man who can't be bothered to learn anything new. Why don't you go ahead and splurge on some other complicated networking device setup with your endless supply of money? That seems to be the only thing you old folks know how to do!

gigabyte091 · Sun Sep 17, 2023 6:50 am

If you want help from this forum then you have wrong approach, coming here and bashing on ROS and Mikrotik.

If you want fancy interfaces you can try Ubiquiti, there you have few clicks and volla, you have second VLAN enabled, add second SSID for your guests.

Heck you even have Guest WiFi option so you are one click away from achieving your goal.

As a complete noob in networking (my field of work is electronics.) i learned a lot from this forum and people here will always help you, but not if you have this attitude.

And yes, it's a bit more complicated on Mikrotik but it's really not that hard...

msatter · Sun Sep 17, 2023 11:06 am

It seems popular to attack the person that complains instead of taking it serious.......

We have here persons that work indirect for the government that act the same and attack and supress opinions from citizen. I get the same feeling here, as with that.

gigabyte091 · Sun Sep 17, 2023 11:40 am

Problem is, Mikrotik won't change anything just because someone complains about something about their products or software.

For eg. in my line of work, you have one producer of equipment from Poland. They talk to installers, want to know what features are needed, what needs to be changed and they act on it.

On the other hand we have producer from Germany, they could care less about feedback from installers, their software, mobile apps are garbage and they look like they are written in era of windows 98.

Same as Mikrotik, they released wifi 6 like few months ago... there are so many features that are requested by us and nothing... (Okay some features are introduced)

I get it that OP is frustrated because he needs to spend hours to configure something and if there is possibility for him to change vendor then he should go for it, only problem is... Other vendors are expensive...

kraal · Sun Sep 17, 2023 1:07 pm

It seems popular to attack the person that complains instead of taking it serious.......

So you're telling us that you listen and help in the same way, with the same joy and same will a person who comes to you saying "Msatter, you SUCK" and another one saying "Msatter. I have a problem can you help me please" ? You whether are psychiatrist and are paid for this, otherwise should apply for future canonization.

mozerd · Sun Sep 17, 2023 2:39 pm

It seems popular to attack the person that complains instead of taking it serious.......
We have here persons that work indirect for the government that act the same and attack and supress opinions from citizen. I get the same feeling here, as with that.

@msatter ... I could not agree more !!!

To the OP ... RouterOS is a Linux based proprietry shell called an OS ... Yes I do agree with much of your comments ... MikroTik does not have the intelectual power to make ROS KISS

Regardless its very popular among technocrats -> me being one of them ...

...

biomesh · Sun Sep 17, 2023 2:49 pm

There are always positives and negatives with any solution.

Mikrotik positives: relatively inexpensive, flexible, no ongoing licensing costs, support lifecycle is fairly long (hardware will work for a long time)

Mikrotik negatives: Can be a steep learning curve compared to other vendors (changes on every hardware rev or software update), no paid support so priorities/SLAs can't be set

Solution: hire a consultant to do the work for you

msatter · Sun Sep 17, 2023 4:43 pm

It seems popular to attack the person that complains instead of taking it serious.......
So you're telling us that you listen and help in the same way, with the same joy and same will a person who comes to you saying "Msatter, you SUCK" and another one saying "Msatter. I have a problem can you help me please" ? You whether are psychiatrist and are paid for this, otherwise should apply for future canonization. :-)

Turning the other cheek....

spippan · Sun Sep 17, 2023 5:04 pm

wow for ~20 years of "experience" OP should learn SDN stuff and not individuall and cost-effective setups

there is no, i repeat NO, vendor out where all is calm-and-charm to just setup - even meraki has some fairly downsides. same goes for cisco, juniper, palo alto, barracuda, checkpoint (and i work and worked with named vendors)

tbh. saw the post, first 5-6 sentences, tl;dr

apestalménos1 · Sun Sep 17, 2023 5:05 pm

That seems to be the only thing you old folks know how to do!

Hasty generalization!

anav · Sun Sep 17, 2023 5:25 pm

Time for the mods to lock and throw away this useless thread.

Guscht · Sun Sep 17, 2023 6:03 pm

I can understand the TO, I have spend more than 15 years with Mikrotik. And the first years gave me a permanent mix of frustration and depression. But at some point I was able to understand (at least a tiny bit) of the sense behind it. Its hard, really, but its worth, not because of MT, but because of the knowledge you will gain. All other vendors do the same, but there is so much of abstraction, only a very limited/filtered reality is presented to you. With MT you are able to see "behind the curtain".

And I can promise you, all other vendors have weaknesses too. No one is 100% perfect.

On the other hand, MT offers a lot. I have absolutely no glue of dynamic routing, like OSPF, BGP, RIP... or MSTP, no way I understand MSTP in any MT manual. In some way we are overloaded with so much, the own insight to accept to not understand everything is a important piece of peace of your mind when working with MT.

bpwl · Sun Sep 17, 2023 6:16 pm

Why this: https://www.youtube.com/watch?v=1ZJ-pM89N7o work on ac3, but there is no way to set up on new L900?

Why? Because this Youtube shows something irrational, and completly outdated. (Like using some Windows for Workgroups driver installation procedure in Windows 11, to have SMB file sharing)

In that video the used VLAN has no function. Remove all VLAN things , just use that second bridge, and all will be set with ease

Using a separate bridge per VLAN is the oldest and obsolete method for working with VLANs.
It can still be done. Just as the VLAN can still be set at some (virtual) WLAN interface. Again an old method.
Today VLAN tagging/untagging/filtering is done with the only bridge that might or might not be hardware offloaded to the switch for performance. (Offloading is depending on the switch chip)

Even worse and much older:
This old ROS software had another model for ports on the bridge (with master port), obsolete and outdated, converted to a newer bridge model.
"Note: When upgrading from previous versions (before RouterOS v6.41), the old master-port configuration is automatically converted to the new Bridge Hardware Offloading configuration."

Either OP understands what he is doing, and adapts, or he is just copying obsolete cookbook procedures in newer devices, what seldom works.
Softwares evolve, methods change, understand what you are doing, and it is an easy case here.

Just add guest WLAN and ethernet ports to a separate bridge. Done! Over, and up to the next setup.

Mikrotik does not suck, but it is a Lego or Mecanno: you have to (learn to) build that little car, train, house, ... , and will have much more functionality than dedicated car, train, house toys

Setup your Cisco catalyst switch with IOS 9.2 procedures, and get nowhere operational.
Understand what you do, and last 50+ years as IT engineer. Just copy procedures, and be outdated in no time. (And are not an IT engineer I would hire)

Mikrotik has a steep learning curve, because there are not the Guides, Theory of operation, Reference, and other manuals, like we had with VAX/VMS (1 cubic meter, 32 binders with every release).

But you should not need those manuals or video tutorials for just this very simple Guest wifi problem.
But you can always look for a cookbook procedure, as starting point, don't copy or follow, just learn and understand .... https://www.d4d.lt/how-to-setup-mikroti ... fi-network

anav · Sun Sep 17, 2023 6:48 pm

Nicely stated BPWL!!

rextended · Sun Sep 17, 2023 7:08 pm

@bpwl

homerouter · Sun Sep 17, 2023 8:15 pm

May i kindly suggest reading a little, helped me so much:

Using RouterOS to VLAN your network: viewtopic.php?t=143620

RouterOS bridge mysteries explained: viewtopic.php?t=173692

If you want to play without too many wire, use a VMBox and a Cloud Hosted Router.
(ROS as a VDI image): https://mikrotik.com/download
VMBox nettwork explanation here: https://www.nakivo.com/blog/virtualbox- ... ing-guide/

mt99 · Sun Sep 17, 2023 8:41 pm

I understand the frustration, especially when you're in a work setting where you need to get something functioning under a deadline. Sometimes we all need to vent a little bit. But seriously, it might be worth it to hire a consultant. Not to do everything, but to help fill in some of the specific items you're struggling with and get you in a better place.

Cha0s · Mon Sep 18, 2023 12:43 am

Most network engineers understand the technology/theory and can navigate easily between different vendors' implementations to achieve the same results.

If it takes you days to set up a VLAN, then most likely you are not well-versed with the technology you are trying to use.
Just because on other vendors some things are obfuscated behind single click options, that doesn't mean you understand how the technology actually works.

RouterOS requires you to actually know how things work in order to implement them. Then it all fits together nicely.

DarkNate · Mon Sep 18, 2023 1:24 am

Most network engineers understand the technology/theory and can navigate easily between different vendors' implementations to achieve the same results.

If it takes you days to set up a VLAN, then most likely you are not well-versed with the technology you are trying to use.
Just because on other vendors some things are obfuscated behind single click options, that doesn't mean you understand how the technology actually works.

RouterOS requires you to actually know how things work in order to implement them. Then it all fits together nicely.

100% agree.

There's network engineers and there's vendor-only engineer. If this guy only knows Cisco, he's a Cisco engineer, not a network engineer.

spippan · Mon Sep 18, 2023 10:02 am

Most network engineers understand the technology/theory and can navigate easily between different vendors' implementations to achieve the same results.

If it takes you days to set up a VLAN, then most likely you are not well-versed with the technology you are trying to use.
Just because on other vendors some things are obfuscated behind single click options, that doesn't mean you understand how the technology actually works.

RouterOS requires you to actually know how things work in order to implement them. Then it all fits together nicely.

cheers to that!

millenium7 · Tue Sep 19, 2023 4:17 am

100% agree.

There's network engineers and there's vendor-only engineer. If this guy only knows Cisco, he's a Cisco engineer, not a network engineer.

About the only viable complaint with MikroTik is their VLAN and Switch menu implementation, its a bit bass ackwards and definitely requires a thought process rewire to understand it as it does not operate like other vendors
Everything else I absolutely agree, if you truly know and understand networking then MikroTik is no different to any other vendor, and infact much of it is a lot simpler to work with (troubleshooting tools and ease of insight is fantastic)

There's nothing wrong with 'Cisco Guys' if they actually know what the hell they are doing. Trouble with Cisco is how cheap their certifications seem to have become. I don't understand why, as their certifications are indeed bloody tough and really do require very solid knowledge to pass, yet the amount of people i've interviewed and spoken with you'd swear they receive their CCNA or CCNP for free out of a cereal box, as they just have NFI whatsoever. I started with Cisco and took pride in my certs as I took the time to truly understand the technologies and how/where/why to work with them, so that when I went with any other vendor I knew what the hell I was doing. Maybe there's inside track i'm unaware of, a guy I can give $500 to and he'll give me a triple CCIE? i'm all ears as I feel like i've been slogged with the hard track attaining my certs to date and many others are cruising along in ignorance

Even someone who has a CCNA yet has truly earned it and absorbed the information needed, should have network fundamentals down pat and be able work with other vendors without much issue

Cha0s · Tue Sep 19, 2023 1:46 pm

About the only viable complaint with MikroTik is their VLAN and Switch menu implementation, its a bit bass ackwards and definitely requires a thought process rewire to understand it as it does not operate like other vendors

I agree. Switching on ROS is not intuitive at all. But still, having the necessary background and with little RTFM you can work your way through.
They should have copied Cisco's way of doing switching (in terms of UI/UX/CLI). Much more intuitive and easier to troubleshoot.

mbovenka · Tue Sep 19, 2023 2:09 pm

I agree. Switching on ROS is not intuitive at all. But still, having the necessary background and with little RTFM you can work your way through.
They should have copied Cisco's way of doing switching (in terms of UI/UX/CLI). Much more intuitive and easier to troubleshoot.

I agree that you can figure it out if you know what you're doing and with some judicious RTFMing. But I agree 100% that copying Cisco's way of doing things would have been far easier for most people (but then, I am a Cisco guy from way back, so I would say that, wouldn't I?

)

joegoldman · Tue Sep 19, 2023 2:09 pm

These posts are funny - they smell of people unwilling or unable to research, test, lab, iterate, and find a solution to your problems. All the basic concepts of everything are there, and laid out in the menus if you know where to look or do a quick google. I'd like some good examples of things that are just 'hard' or 'impossible' to do.

memelchenkov · Tue Sep 19, 2023 3:25 pm

@millenium7 yes, AFAIK it is, Cisco cert is relatively easy to buy without real knowledge, there are special people for this.

kraal · Tue Sep 19, 2023 5:13 pm

Let's put this whole discussion in another context (disclaimer: this is a parody) :

A guy enters the room and shouts:
- My wife SUCKS! I don't understand her, she's doing everything differently from my ex-gf, and her breasts are smaller than they should ! And she's not doing what I want the way I want when I want ! I have 10+ experience year dating with girls and I can tell you this one SUCKS ! I'll go to my ex-gf or to the girl next door as a retaliation !!!

The people in the room look at the guy angrily: he's insulting their friend. A first one tells him:
- Start trying to understand her instead of spitting your frustration and hatred... To build a solid long term relationship you need patience. And patience will result in joy and great moments.

He's quickly followed by another one.
- Instead of yelling, do your homework and try to learn how to interact with her, you'll see that she's great and reliable !

And another one:
- And if you're not happy why do you stay with her ?

And many more:
- Young people do not understand they need to work hard to get a quality relationship, and that this will bring many pleasures...
- He doesn't even realize that she has lots of other qualities !
- He's a jerk he doesn't deserve her !
- Get lost !

And the complaining guy continues:
- You understand, in 2023 girls should have long hair, big breasts, and spread their <censored> when a guy like me tells them to ! And she should let me do things the fast and dirty way !

And her friends:
- No we don't !

Then other people joined the discussion:
- You know, he's not completely wrong, she could have bigger breasts...
- And honestly, why the hell is she so rigorous when it comes to organizing things ?
- She should have done the same surgery as his ex-gf and the girl next door to increase her breast size, this would have eased things.
- That's right she's psychorigid...
- Yep and I can't understand the way she's reasoning...

Well... IMHO the main story here is not the fact that the girl could or should try to improve herself, or if the guy is completely wrong or not. There will be another time for this analysis. The main story here is the fact that regardless of her mistakes or imperfections, the girl didn't deserved the "she SUCKS", and therefore the guy yelling this insult is a jerk.

Tue Sep 19, 2023 5:20 pm

Girls & Boys

Pull up your Mikrotik's branded S U^H OCKS and do your job

DarkNate · Tue Sep 19, 2023 5:43 pm

I agree. Switching on ROS is not intuitive at all. But still, having the necessary background and with little RTFM you can work your way through.
They should have copied Cisco's way of doing switching (in terms of UI/UX/CLI). Much more intuitive and easier to troubleshoot.

Hell no, f*ck Cisco CLI and their 1980s design, absoluetely no respect for modern day JSON, YAML-like data structure. Juniper and Nokia CLI FTW.

Any programmer worth his salt, would never build a CLI like Cisco's.

jbl42 · Tue Sep 19, 2023 9:12 pm

I still struggle to understand why so many people fail to understand the MT single bridge VLAN filtering and state it is much more complicated than Cisco etc al.
A normal Cisco switch is the same: you have one implicit bridge (the ASIC) and you add VLANs, than add ports to VLANs as tagged or untagged, than add "CPU" interfaces with IP addresses to the VLANs for routing.
The CLI syntax is different, but the principle is pretty much the same.
I tend to believe those people just learned Cusco CLI commands but not the underlying principles. So they struggle if things are the same, but slightly different.

But I agree on one thing: MT WiFi sucks. A bit less than it used to, but it still sucks in terms of configuration and stability.

Wed Sep 20, 2023 3:47 am

IMO - Vlan configuration in Mikrotik ROS ( Winbox , Web and CLI console ) is near impossible to get it right the first time.

I've been doing computer network communications since the mid-70s ( almost 50 years ). I still don't have Mikrotik Layer-2 switch Vlans working.

With other switches & router products , you see the entire port-Vlan configuration in one screen - easy easy easy.
With ROS , you are all over the place in many screens. And most on-line documentation for ROS Vlans is different and also varies by which Mikrotik product you have. I totally gave up trying to configure Mikrotik Layer-2 switch Vlan ports in ROS a few years ago.

I really really really really wish Mikrotik would come out with a SwOS package for ROS - and/or a something that supports popular & common Vlans configurations you would normally see in other big brand-name products.

IMO - Mikrotik has some really great router and wireless products - but ... complex Vlan configurations are user plausible but totally impossible to configure if you do not know how Mikrotik does Vlans.

ROS router Layer-3 Vlans - easy
ROS switch Layer-2 Vlans - errrrrrrrr not-so-easy

I miss the ability to do a "show run" and see everything to do with a port in one paragraph section between the ! and the !

North Idaho Tom Jones

woland · Wed Sep 20, 2023 12:35 pm

I think MT products are great, but oh boy did I struggle with VLANs on my different MT HW Boxes! It´s no big science, but it is easy to get confused: on your HEX PoE you need completely different config than on your CRS309. Then I have some CAP ACs which again have slightly different needs.
My networks work well now, but I think I got it at least a 100 times wrong. Read posts on the forum, read MT wikis, watched videos. Of course many guides and videos are obsolete, some posts are wrong.
As an MT beginner it is an exceptionally big hurdle to get things sorted out and to find and understand the correct guides.

I had no such issues with other vendors but then I couldn´t afford to build the same infrastrutcture with those wendors at my home. And I wouldn´t want those loud fans in my flat...

Some better wiki articles made with MT beginners in mind would probably help a lot.

Cha0s · Wed Sep 20, 2023 1:14 pm

I miss the ability to do a "show run" and see everything to do with a port in one paragraph section between the ! and the !

++

With 5-6 lines of configuration you can see the whole port config and know exactly what it's supposed to do without having to look in 10 different places.

mbovenka · Wed Sep 20, 2023 1:16 pm

Hell no, f*ck Cisco CLI and their 1980s design, absoluetely no respect for modern day JSON, YAML-like data structure. Juniper and Nokia CLI FTW.

Any programmer worth his salt, would never build a CLI like Cisco's.

Why would de CLI need to have anything to do with your automation? The CLI is for human consumption, the automation isn't.

DarkNate · Wed Sep 20, 2023 2:07 pm

Why would de CLI need to have anything to do with your automation? The CLI is for human consumption, the automation isn't.

Nobody's talking about automation in that particular context. I clearly replied to this comment by quoting it. I think you're smoking something.

They should have copied Cisco's way of doing switching (in terms of UI/UX/CLI). Much more intuitive and easier to troubleshoot.

DarkNate · Wed Sep 20, 2023 2:10 pm

My networks work well now, but I think I got it at least a 100 times wrong. Read posts on the forum, read MT wikis, watched videos. Of course many guides and videos are obsolete, some posts are wrong.

As an MT beginner it is an exceptionally big hurdle to get things sorted out and to find and understand the correct guides.

Some better wiki articles made with MT beginners in mind would probably help a lot.

What is wrong with people? MikroTik has a clear, up-to-date, concise documentation piece on basic VLAN configuration for ALL their hardware, how the hell do you get confused with this?
https://help.mikrotik.com/docs/display/ ... +switching

I suppose English comprehension is a challenge for some.

anav · Wed Sep 20, 2023 2:23 pm

No need to take cheap shots, but concur, just because the vlans are not on one screen for easy manipulation/viewing doesnt mean its impossible.
The logic is there its not magic, just apply it.
Tom, fly me up to your place and I can help with your vlans ( just call it a business expense, like maybe in ski season )........ except I do it only on routers, not on switches LOL.

woland · Wed Sep 20, 2023 2:53 pm

What is wrong with people? MikroTik has a clear, up-to-date, concise documentation piece on basic VLAN configuration for ALL their hardware, how the hell do you get confused with this?
https://help.mikrotik.com/docs/display/ ... +switching

Let me cite you some sentences with warning signs from the same page you mention. And no it has nothing to do with English comprehension.
These are probably no big issue if working every day with MT, you get used to them, but if you do it just occasionally... And you have the different QoS and L3 Offloading stuff, then the Wifi with it´s old an new (Wifiwave2) style configs. Then add Capsman, old and new User Manager, etc.

I don´t want to say that MT should dumb down ROS, but I do think, that even better docs, could help to spend less time scratching your head!

There is room for improvement. MT istself realizes it and brings some great explanatory videos, which you probably don´t need if you have spent some work years on configuring ROS.

On QCA8337 and Atheros8327 switch chips, a default vlan-header=leave-as-is property should be used. The switch chip will determine which ports are access ports by using the default-vlan-id property. The default-vlan-id should only be used on access/hybrid ports to specify which VLAN the untagged ingress traffic is assigned to.

This type of configuration should be used on RouterBOARD series devices, this includes RB4xx, RB9xx, RB2011, RB3011, hAP, hEX, cAP and other devices.

By default, the bridge interface is configured with protocol-mode set to rstp. For some devices, this can disable hardware offloading because specific switch chips do not support this feature. See the Bridge Hardware Offloading section with supported features.

For devices that have multiple switch chips (for example, RB2011, RB3011, RB1100), each switch chip is only able to switch VLAN traffic between ports that are on the same switch chip, VLAN filtering will not work on a hardware level between ports that are on different switch chips, this means you should not add all ports to a single bridge if you are intending to use VLAN filtering using the switch chip, VLANs between switch chips will not get filtered. You can connect a single cable between both switch chips to work around this hardware limitation, another option is to use Bridge VLAN Filtering, but it disables hardware offloading (and lowers the total throughput).

.....

mkx · Wed Sep 20, 2023 3:15 pm

@woland: since you picked up a particular part of documentation (a note none the less) as an example of text which should be improved ... why don't you show how it should look like to be more comprehensible? Personally I find the text pretty comprehensible ... it might be a bit terse but for person which has good knowledge of VLANs and decent knowledge of how to configure VLANs on ROS device via switch menu I'd say it says everything necessary.

There's always a problem when something needs to be explained in a way, understandable to readers with limited knowledge on the matter. Then explanation may become overly extensive and thus indigestible for more experienced readers. Ideally documentation should be two-fold: reference manuals and guides "for dummies" (no offense meant). MT has pretty decent reference manuals (yes, some features definitely need improved documentation), but lacks the "for dummies" line of documentation. But then, as a few other posters already noted: I don't think MT is targeting "dummies" as customer base. Entering SoHo / small WISP market yes, but not targeting Joe Average.

woland · Wed Sep 20, 2023 3:51 pm

@mkx
No I don´t mean it´s incomprehensible, I mean it´s a lot to process, lot of exceptions. So creating some more recepies and overviews saves time and frustration. Also expands the userbase in the direction of John Does or in the direction of people who generaly don´t want to spend too much time on just configuring VLANs (or an AP, or whatever).

I´m not sure how this is done the best, but I think some better tables or some links from the specific HW documentation to the correct examples could help a lot.
For example: direct users from the HEXs homepage to a simple VLAN config example with HW VLAN Offloading.
I think it would already be helpful to have the specific switch chip with it´s capabilities (and limitations on ROS Version) on the HW Specification page.

Example: HEXs has currently an entry stating it´s Switch Chip is: MT7621A
If I search for MT7621A in the Wiki, there won´t be any hint, that it´s the same as MT7621 and it supports HW VLAN. You find this info only in https://help.mikrotik.com/docs/display/ ... 0offload.

Example 2:
Trying to find out if L009UiGS-RM supports HW VLAN Filtering?
https://help.mikrotik.com/docs/display/ ... 88E6190%5D
The Remark Nr. 3 says:

The HW vlan-filtering and R/M/STP was added in the RouterOS 7.1rc1 (for RTL8367) and 7.1rc5 (for MT7621) versions. The switch does not support other ether-type 0x88a8 or 0x9100 (only 0x8100 is supported) and no tag-stacking. Using these features will disable HW offload.

Since 88E6190 is no RTL8367 or no MT7621, one could get confused, if not reading further down the following:

Currently, CRS3xx, CRS5xx series switches, CCR2116, CCR2216 routers and RTL8367, 88E6393X, 88E6191X, 88E6190, MT7621 and MT7531 switch chips (since RouterOS v7) are capable of using bridge VLAN filtering and hardware offloading at the same time

This info is burried in a lot of noise. That may lead to a lot of confusion.

mkx · Wed Sep 20, 2023 4:00 pm

Yeah, information overload is a pain.

For Joe Average it should be enough to follow normal bridge VLAN setup practice. Things will get flowing just fine. The matter of performance is secondary and our friend Joe should only start wondering if it sees performance problems. And that's true for any recent device. AFAIK all new devices with switch chips, launched after first CRS3xx, support HW offload so following basic bridge VLAN setup should yield wirespeed performance. Basic bridge VLAN doesn't allow for full wirespeed performance on older devices ... if our friend Joe wants to star using 5-year old device and drive it to its max, then ... sorry my friend, you'll have to learn a tad more. Or just go for a decently modern device and leave old devices to MT veterans to waste their time on them.

It's the sheer amount of those foot notes which makes introduction of (HW-offloaded) VLAN-aware bridge so much a good decision. And we really should focus on quality of documentation for decently modern devices, let's not brag about soon-to-be-EOL device documentation.

And, BTW, I agree that sometimes a rewrite would be in order. Like the noise about switch chips supporting L2 HW offload. Nowdays it would be better to enumerate switch chip models that don't work with bridge HW offload ... this list would interest less users and would likely be even shorter than the (ever lengthening) list of supported switch chips.

Wed Sep 20, 2023 7:42 pm

I would like to see Mikrotik gain a huge product market share in all Layer-2 ( switches ) and layer-3 ( routing ) markets ( and wireless products ).
I've been in the electronics and computer communications industry for almost 50 years now. I've seen countless software and hardware products come and go. I've also developed and consulted on many new emerging products. Many of those products are now big brand name products that most IT people know - however most of those products are now gone and forgotten things of the past ( because of poor manufacturer/marketing knowledge of what people want to purchase ).

I would like to see new future Mikrotik L2/L3 products change direction and follow the growing popular ONIE x86 open source software/hardware standards.

The benefits of a ( Mikrotik ) WhiteBox ONIE x86 switch/router would be real.

FYI - WhiteBox ONIE x86 systems enjoy the following positive features:
- Growing world-wide popularity x86 ONIE compatible hardware and software.
- Many different x86 ONIE switch/router operating systems natively run on many different switches/router hardware products from many different vendors.
- IT leaders have modern/popular choices for what x86 ONIE router/switch hardware they want to use and which x86 ONIE operating system they want to use.
- If you outgrow a x86 ONIE product ( example , you had a 4-port switch and now need 32 100-Gig ports and some 400-Gig ports ) , you can easily replace the hardware switch and keep your current switch configuration settings.
- If you want to change the x86 ONIE operating system ( example from Windows to Linux or something else ) , you can keep your existing x86 ONIE router/switch and simply replace the operating system.

If Mikrotik were to enter the x86 ONIE software/hardware markets , there could be a sudden demand for Mikrotik products that would make Mikrotik a major player in the IT router/switch industry. There would no longer be any unique Mikrotik forum topics where we discuss things like "How do I make a Mikrotik switch do Vlans - or - How do I configure a Mikrotik router to filter BGP/OSPF/static routes " , because these topics are already well documented and there are many great videos that have been around for many years now.

IMO - There is a huge market that would want to purchase x86 ONIE compatible Mikrotik routers and switches.
IMO - There could be a huge market for x86 compatible Mikrotik ROS/SwOS software products ( if they do it right ).

I love Mikrotik products. I have thousands of them in my server rooms & fiber networks & wireless networks & customer networks. However , I am planning to fork-lift all of my switches in all of my server rooms to x86 ONIE compatible hardware in the near future. Per server room , I need to replace dozens of switches with 2 or 4 larger x86 ONIE switches and support a large combination of 1/10/20/40/100/400 Gig redundant networks.

If Mikrotik were to head down this x86 ONIE industry standards compatible path , I would have a bunch of Mikrotik orders. I'm sure thousands of other IT departments around the world would also take a good look at Mikrotik x86 ONIE products for their long-term goals.

North Idaho Tom Jones

millenium7 · Thu Sep 21, 2023 1:03 am

VLANs and switching in general is needlessly complicated. New bridge menu method is 'ok' at best but it's far from optimal. For one I don't understand why they couldn't just make it a very simple tag/untag/exclude option for each port in a bridge instead of the way it's handled. It's not clear, it's not efficient. I don't have as big of a problem with the documentation as I do with the actual bridging/switching implementation

The second major issue is it seems half assed in its implementation. If you want to go slightly beyond just adding VLAN interfaces on a bridge i.e. port isolation well now you're really up shit creek because you need to work with both the switch menu and the bridge menu if you want to keep hw offload. Now it's different for multiple different chipsets, Ive found bugs and incorrect information in the documentation on this (posted one not long ago)

Since the bridge menu config (and routeros as a whole) is an abstraction layer anyway, why couldn't they have just done it sensibly and added yet another abstraction layer under-the-hood that handles the individual switch chip configurations automatically. Everything can then become uniform and consistent and hw offload will be retained in every possible case without having to deep dive into the switch menu config (which is simply awful on the CRS1xx products)

ntmr · Tue Sep 26, 2023 11:03 pm

A few days ago I bought a L009 as well, and as a network engineer (Cisco, HP, Pulse Secure, Arista and a lot of other exotics), I too had (and probably will have in the future) a big problem with understanding the Mikrotik way of working. Only thing that comes close to Mikrotik, configuration wise is Compumatica but I won't bother you with that.

What I am trying to say is that from all the information you can find out there, a lot does not work or is not the way to go anymore. For those who have configured MikroTik in the past it is a lot easier to adapt to a newer way of working and how to implement that in a new product than for those who are completely new to the brand and are only able to rely on there understanding of networking. In my experience so far, the consistency in how to configure different devices is a bit less on a Mikrotik router than a Cisco router but that might be the noob in me.

Just to be clear: I am not trying to offend anyone here but I can relate to the OP even with the poorly chosen ways to express the frustration.

Hopefully I won't reach that level of frustration

anav · Tue Sep 26, 2023 11:37 pm

I hope you didnt buy the L009 expecting to use a 1gig ISp provider???

ntmr · Wed Sep 27, 2023 6:24 am

No, I am on a 100M line and was looking for a router and switch replacement to reduce continuous power usage after my 10 year old ubiquiti edgerouter died.

Wed Sep 27, 2023 9:09 am

Thank you for sharing. MikroTik has a long history and is jam packed with features on top of features, so understandibly, for new users it is a steep learning curve. One big benefit is that with MikroTik there are tons of learning resources, on youtube, on the web, also the training courses can be very cheap, comparing to other big brands of similar feature set. The downside of course is, you must be willing to learn. If you only need one device for one purpose, you don't want to invest time and money in learning a whole system, so I can see how it all can be overwhelming.

HACKFRAUD · Wed Sep 27, 2023 10:21 am

I had no problem setting up my first Mikrotik in 2016 when they barely had any youtube tutorials and I was only taught basic networking for one semester.
Every time I see IT """engineer""" I remember that old error "We seem to have encountered some issue but our team of trained monkeys is already on it".

DarkNate · Thu Sep 28, 2023 11:32 am

I had no problem setting up my first Mikrotik in 2016 when they barely had any youtube tutorials and I was only taught basic networking for one semester.
Every time I see IT """engineer""" I remember that old error "We seem to have encountered some issue but our team of trained monkeys is already on it".

+1 here, 100% agree.

ingdaka · Sat Sep 30, 2023 7:06 pm

An Professional don't talk like that!
Look at you how pro you are when you say one time L900 one L9000, when real device is a L009. You just have heard Mikrotik name for 1st time.
As per training Mikrotik allow remote testing through MTCOPS, but this one does not allow you to cheat, that's is problem you have.

Just contact me and I will open an MTCOPS testing for you free of charge, and if you don't pass, you will have to post your results here and say a big SORRY to MIKROTIK.

A professional looks to features, not just talking nonsense.
Even that we like Mikrotik Trainers can have our reserves for Mikrotik like we have for all other brands, but one thing is for sure that Mikrotik make difference from others, is the BEST BRAND for "Features/Performance/Cost" if you are searching for this trio to be together in one package.

user5342 · Thu Oct 12, 2023 9:52 pm

First of all my apologies. Sometimes you stuck and get out of the mind.
That day was the day.

Instead of spending time with family i stuck there for 15 hours and could not do. With cisco - 15min. With Ruckus - 15min, with linux 30min, With mikrotik 15 hours and no luck.

I believe mikrotik is OK, but some extremely easy things here are loooks imposible.

So once again apologies for this post.

user5342 · Thu Oct 12, 2023 9:59 pm

An Professional don't talk like that!
Look at you how pro you are when you say one time L900 one L9000, when real device is a L009. You just have heard Mikrotik name for 1st time.
As per training Mikrotik allow remote testing through MTCOPS, but this one does not allow you to cheat, that's is problem you have.

Just contact me and I will open an MTCOPS testing for you free of charge, and if you don't pass, you will have to post your results here and say a big SORRY to MIKROTIK.

A professional looks to features, not just talking nonsense.
Even that we like Mikrotik Trainers can have our reserves for Mikrotik like we have for all other brands, but one thing is for sure that Mikrotik make difference from others, is the BEST BRAND for "Features/Performance/Cost" if you are searching for this trio to be together in one package.

With mikrotik i work for more then 5 years. But had basic needs. Port forward, static IP, another WiFi with SSID, alow ftp, disable some services and etc.. But this time i've burned out. i'm sorry about it.
Two years ago i was looking for online courses. But i only found option to fly to Riga and sit there for 3 days. Could not afford it for my self that.

kraal · Fri Oct 13, 2023 12:38 pm

First of all my apologies. Sometimes you stuck and get out of the mind.
That day was the day.

I wonder if these are real apologies.

Instead of spending time with family i stuck there for 15 hours and could not do.

I wonder what kind of person spends 15 hours alone without seeking help then only comes to spit his hatred.

With cisco - 15min. With Ruckus - 15min, with linux 30min, With mikrotik 15 hours and no luck.

Ok I do not "wonder" anymore, these are not real apologies.

You keep blaming Mikrotik instead of blaming yourself for not knowing how to use it / for having chosen their products without knowing how to use them / for having accepted that someone forces you to use their products without having trained you / for having wanted to "save money" not realizing that it would "cost you more" / for being forced to learn something while you would prefer chosing the easy path / for whatever reason that is personal to you.

I believe mikrotik is OK, but some extremely easy things here are loooks imposible.

Let me re-read the topic of this thread... "Mikrotik SUCKS" == "Mikrotik is OK" ?

So once again apologies for this post.

GOTO 1

Fri Oct 13, 2023 12:49 pm

You keep blaming Mikrotik instead of blaming yourself for not knowing how to use it / for having chosen their products without knowing how to use them / for having accepted that someone forces you to use their products without having trained you / for having wanted to "save money" not realizing that it would "cost you more" / for being forced to learn something while you would prefer chosing the easy path / for whatever reason that is personal to you.

In all fairness ... my first Mikrotiks (mAP and Hex) took me also quite some evening hours trying, reading, learning, reading some more, retrying, reset, start again, read again, ...
But then again, I LOVE tinkering with tech stuff. I'm still learning.

Best way to learn IMHO is to hit the wall a couple of times and search for info until the light goes on, the pieces of the puzzle will eventually fall together if one is persistent and willing to learn from mistakes.
But it is a resource intensive approach, that I admit as well.

kraal · Fri Oct 13, 2023 1:01 pm

With mikrotik i work for more then 5 years.
But had basic needs. Port forward, static IP, another WiFi with SSID, alow ftp, disable some services and etc..

That's not even tinkering, I have deployed more complex setups at my parents' place (and I'm not a professional)
Are you the type of person putting on their resume that they have "5+ years experience with Mikrotik's RouterOS" because they have bought a hAP and put it on a shelf ?

But this time i've burned out. i'm sorry about it.

Two years ago i was looking for online courses. But i only found option to fly to Riga and sit there for 3 days. Could not afford it for my self that.

So you're working with Mikrotik for 5 years, 2 years ago you looked for online courses and (you or your employer) couldn't afford to improve your skills, nevertheless you (your employer) continue(s) to use Mikrotik products for 2 years without having the required skills, but meantime your employer could afford and accepted paying for "virtual skills" ? Something is not adding up.

My guts feeling is that you sold to your employer that you master RouterOS (thinking "it must not be difficult as I know how to do it with product XYZ"), this went under the radar for 5 years, you wanted 2 years ago to increase your skills on your own, but finally could not afford it, then recently you were asked by your employer to do something and were unable to deliver, which forced you to spend 15 hours on the topic, without finding a solution, caused you high stress because of the potential consequences you may need to face and ended up writing here "Mikrotik SUCKS".

mikrotix · Fri Oct 13, 2023 2:27 pm

Actually I found OP has interesting points which users and mikrotik apologists seem to brush off, but they should not. I hope not to hurt feelings with my current post.

I stopped reading comments as most of them try to paint in unfriendly manner a user or its abilities/intentions instead to concentrate on actual points. As first I would reply to the OP: "If you dislike this model of certification/education from Mikrotik, then in your last 20 years you did not face a real pain which is as example SAP where you not only have to go to a location for a certification, but for each single version you have to recertify yourself which actually means that you have to recertify for every single project"

As next I will list few points which in my opinion are valid:

Somebody working for 20 years in IT field is not capable to quickly setup a network
Certified users and mikrotik trainers do no contribute in public as they could, business model is again at fault as why should a certified trainer waste time for free on forum if for the same consulting service can be offered to make some money
I find it interesting that many home users jump to much simpler solutions where basic functions are not available or do not work at all, but then they manage to set their networks according to their needs. It means just that features provided by routeros might be excellent, but if majority users are incapable to configure routeros the way they intend to use it then routeros is not that feature rich
This is nothing new in software development. When one creates a GUI for something, then of course not all possibilities are available in this GUI and it will always be behind in features compared to possibilities by simply writting the code without gui. In my opinion mikrotik acknowledged it and there is "QuickSet" which actually is intended for simple quick setups and QuickSet by itself is not that feature rich, meaning that QuickSet is in no way some kind of simplyfied/automated GUI, it is only good for quick testing of default settings. Mikrotik should consider to have some better solution for different type of users, current one requires at least basic knowledge which most home users or small company admins do not have. I guess for Mikrotik this is meaning of a new market (new because mikrotik is really not used by home users).
Mikrotik is used by one mobile operator, and according to what I read users are happy. On this point I am unaware if Mikrotik/Provider customized it in a way like it is done with Huawei where GUI is castrated and functions not available but in big picture usefull because it works for everybody and customers do not storm hotline for support how to configure dhcp, dns or even vpn.
For home use one does not require certification, certification is actually only required for companies and is mostly part of contracts. Home users should be able to get proper support on forum.
Forum is unfriendly, I see many replies from longterm users and gurus which are simply offending in one or another way. I guess it is like on so many other places, one is annoyed by stupidity of some and show it publicly, without to keep in mind that other people do not sit day and night on forums and some are indeed new users. I am not saying that openwrt or some other places are more friendly, but somehow I would expect Mikrotik's official forum community to be more mature and if there is something that causes a wish in veteran to write that somebody is stupid, then in my opinion veteran is stupid and wastes own time without to contribute anything to fix impressed "stupidity", as only education can fix it.
Wiki is nice but it seems it is shaped for the fact of the existing business model to actually sell training and certifications and the gurus of community are certified/trainers/mikrotik staff which again means that knowledge which would be sold will not be written in the wiki
Mikrotik does not require recertification which makes all of it to non relevant. It depends on infrastructure, but if company invests 500K in IT and hardware and if it comes from Mikrotik, then getting a junior and educate it for a year is something that has to be calculated. But if company has already in place Mikrotik hardware, then consultation of somebody who was certified with routeros 4 doing it on router os 7 would actually break all contracts known to me as the consultant might not know something that can lead to data/financial loss. The longer time goes on, the less value a certification has and is actually just a burden for customers choice because one needs to spend ressources on something which would not be required with as example another brand. Less headache is also sometimes worth paying more for less.
Certification policy has to change and in my company I would request certification level of version in use. In my eyes there is no way around it and when the time comes, then this will be another burden for Mikrotik as existing certified trainers will start to show symptoms of the OP expressing the feeling to feel stupid and not professional despite the certification.

I guess I could go on and on with the list of actually important points for Mikrotik to take a note which are mainly important for Mikrotik and I am amazed how rubbish this thread has gone without actually to have any productive outcome, guess my post does not contribute too and expect to have wasted time on writting current reply.

Have a nice day to everybody and sorry if there are some typos, english is not my main language.

kraal · Fri Oct 13, 2023 3:39 pm

I guess I could go on and on with the list of actually important points for Mikrotik to take a note which are mainly important for Mikrotik and I am amazed how rubbish this thread has gone without actually to have any productive outcome,

Well, it started with "Mikrotik SUCKS", "piece of ...", a series of "f***"... because the UI is "unfriendly" and configuration is "complicated".

As you know "trash in, trash out" and a forum is not the right place to spit his frustration.

Have a nice day too.

mikrotix · Fri Oct 13, 2023 5:02 pm

I guess I could go on and on with the list of actually important points for Mikrotik to take a note which are mainly important for Mikrotik and I am amazed how rubbish this thread has gone without actually to have any productive outcome,
Well, it started with "Mikrotik SUCKS", "piece of ...", a series of "f***"... because the UI is "unfriendly" and configuration is "complicated".

As you know "trash in, trash out" and a forum is not the right place to spit his frustration.

Have a nice day too.

Thanks. I did not appologize the way of expression of the OP nor I commented on OP's competences. Unwilling or being unable to communicate in expected manner does not prevent readers from taking some points of a post, regardless of it is expression. If admins/mods leave this thread for ability to use somebodie's time to read it, then I do not want to comply about random culture and their parents who are responsible to form adults being able to express in a proper way.

My previous post at least just got confirmed few minutes ago, this place is very unfriendly and people here are seems under some stress or just unhappy in their private lifes, I have no other explanation for it.

johnson73 · Fri Oct 13, 2023 8:47 pm

all people are not the same, some are friendly, some are not so friendly. People are different...
My experience in this forum is positive, because long-term forum specialists have provided not only the best solutions, but also very good real configuration examples.
One such forum member is @Anav and Sindy. Thank for them very much for that! Following his instructions I have configured a lot of mikrotiki and everything works really well.
The truth is it's not so crazy if you want to delve a little deeper into the configuration.
Mikrotik does not have Linksys, where you open setup - press next-next and that's it. One part of people thinks so and that's why the idea that mikrotik sucks.

mada3k · Sat Oct 14, 2023 11:39 am

RouterOS can be, very confusing if you are very in to like Cisco/Juniper for since many years. It also can be very confusning if you are a DIY Linux/OpenWRT person and are looking for files to edit.

One "drawback" is that you can accomplish things in different ways, with pros and cons. This is a lot harder to do on a typical big-name vendor.

Sat Oct 14, 2023 11:46 am

RouterOS can be, very confusing if you are very in to like Cisco/Juniper for since many years. It also can be very confusning if you are a DIY Linux/OpenWRT person and are looking for files to edit.

Exactly and it also works the other way.
I for one can not get my head around openwrt.
Tried it twice for testing/education, equal amount of times I reverted to ROS on that device after some days.

DarkNate · Sat Oct 14, 2023 4:02 pm

RouterOS can be, very confusing if you are very in to like Cisco/Juniper for since many years. It also can be very confusning if you are a DIY Linux/OpenWRT person and are looking for files to edit.

One "drawback" is that you can accomplish things in different ways, with pros and cons. This is a lot harder to do on a typical big-name vendor.

What exactly is confusing? I work with Juniper, Arista, Huawei, MikroTik, Cumulus Linux, Debian/Ubuntu+FRR.

Never found single “confusion”, all using same IETF, IEEE and ITU specifications and standards.

mikrotix · Sat Oct 14, 2023 5:02 pm

Hello @holvoetn and @DarkNate,

I for one can not get my head around openwrt.
Tried it twice for testing/education, equal amount of times I reverted to ROS on that device after some days.

I think you underestimate yourself. If you take it closely, then mikrotik is openwrt's fork which has many advantages, but being closed source is big disadvantage and good example why was mikrotik's experience with CVE-2018-14847. If you use any system, one has to know basics. With openwrt one has more possibilities, starting from simple things like direct communication with devs of the code and I am not talking about openwrt, real advantages like by ability to actually compile your own code and there is so much that can run on kernel level which everybody is free to do, that is actually the nature of open source. If you know how to configure ros, then you do know terminology and know how things work, I do not really see what is different except maybe iptables/nftables, but I am not ros expert and my judgement here has flaws, however, especially from security perspective one can get deep into the topic but it will not change a fact that due to human nature security leaks are not preventable.

@DarkNate

Never found single “confusion”, all using same IETF, IEEE and ITU specifications and standards.

Why do you assume that all specifications are implemented in same way? That all beside some hardware based differences, for sure there is confusion even for those who have to work daily on it and if it is your daily job being network engineer then I would assume that you do have to be expert in your competences. As consultant or dev partnering with all those companies does not change a fact that you actually have to follow implementation changes and its dependencies and here it gets very complicated as you have no insight. If you were talking about just simple networks and how to set them up, then I would expect any non IT oriented student to be able to follow simple instructions on wikis of those projects, I think you would be amazed by asking students to write a survey if and what was confusing for all those different implementations they experienced.

mada3k · Sat Oct 14, 2023 7:00 pm

I for one can not get my head around openwrt.

The base system and packaging is great, but the "uci" is just horrible in comparison to IOS, JunOS or RouterOS.

What exactly is confusing? I work with Juniper, Arista, Huawei, MikroTik, Cumulus Linux, Debian/Ubuntu+FRR.

For example - The VLAN concept used by Cisco is something everyone understands and is widley copied everywhere, and its the same on all devices regardless of underlaying chipsets. However in Mikrotik, it's both very chipset dependent, and you can do wrong in multiple ways both in hardware bridge and software bridge.

mikrotix · Sat Oct 14, 2023 7:21 pm

For example - The VLAN concept used by Cisco is something everyone understands and is widley copied everywhere, and its the same on all devices regardless of underlaying chipsets. However in Mikrotik, it's both very chipset dependent, and you can do wrong in multiple ways both in hardware bridge and software bridge.

that is good example.

DarkNate · Sat Oct 14, 2023 8:05 pm

For example - The VLAN concept used by Cisco is something everyone understands and is widley copied everywhere, and its the same on all devices regardless of underlaying chipsets. However in Mikrotik, it's both very chipset dependent, and you can do wrong in multiple ways both in hardware bridge and software bridge.

I don't see any confusion regarding this, it's standard with all Linux based OSes like Cumulus, VyOS etc:
viewtopic.php?p=1025418#p1026101

anserk · Sun Oct 15, 2023 2:20 am

I think we all need to understand that sometimes people get frustrated with things and need to "vent". Internet forums seem to be a popular place to do this, and it's not just about MikroTik. In practice though, many of these forums are excellent for technical discussions and not for counseling. I hope the OP didn't end up in the worse situation then before writing the post.

However, despite a lot of emotions going on here, there are some valid points. For me VLANs were not easy to understand in the beginning, but it was mainly due to new way vs old way, figuring out which method I needed to use for hardware offload. I don't do networking for a living, my CCNA expired 10 years ago, and I can tell you I don't remember a single IOS CLI command, but the networking concepts are stuck well in my head. MikroTik's way of doing it seems logical to me, despite having to configure things in multiples places (switch menu, interfaces, etc). Maybe it's because I don't have Cisco "baggage" (I used EdgeRouter and Tomato before MT). I can see how it may look inefficient for people doing this daily, but to me it better exposes how things work internally.

It did take time to read the lengthy VLAN documentation. I would agree it could be better, maybe a concise version with links to more detailed version. I totally agree with @woland, jumping around and searching for details around specific switch chips takes some effort. It's far from obvious to the newcomers.

If I can give one advice - take notes after sifting through documentation. For people like me, who touch the router only occasionally, it really helps to have your own notes that make sense to you.

kraal · Sun Oct 15, 2023 11:15 am

I think we all need to understand that sometimes people get frustrated with things and need to "vent". Internet forums seem to be a popular place to do this,
However, despite a lot of emotions going on here, there are some valid points.

TL;DR: "In expuentis recidit faciem, quod in caelum expuit"

Seriously, this whole story is not about OP having valid points or not, it's about this "need to vent", and this bad habit people have of using internet / forums for doing it:

We all "need to vent", yet we do not all come on this forum to vent.
There are better places to do it: write directly to Mikrotik support, go to the forest, his basement, priest, psychiatrist or "anonymous Mikrotik haters discussion group" (maybe it exists). I do not recommend going to his wife, brother, sister, best friend (but he should have talked with them about the problems he's facing to find a smarter solution before having felt the need to vent), boss (imagine the result), hospital or to the police station (unless he wants to be given pink pills) . Similarly I do not recommend going to his parents (he's not a small child anymore, it's not their role anymore to live his venting), nor other forums.
Most people come here to seek help, provide help, get information, tinker, or find a solution to a problem they have, not to read someone else' "venting". We are not paid to be the emotional trash bin of other people.
If he was honest, after having "vented" in the wrong place, he should have felt relief. After have read reactions his venting provoked, he should have felt that something went wrong, which should have led to some sort of "guilt". That should have triggered saying "sorry" after have realized what others may have felt. Please find the single post in this thread where the OP had this attitude (no his "sorry" one moth later, trying to explain why he was right and not saying a single word about why his attitude was wrong are not real appologies).

This person spent three evenings and 15 hours on a probably not that complex issue. He says he asked his colleagues, but we do not know what are their skills, we only know that they did not find the solution, and that none of them suggested to seek help from knowledgeable people.

He could have come and written something like this: "I have this, want to add this and I'm struggling doing it. Could someone explain how I should do it or provide a working example please ? Thank you" Instead, he wrote what he wrote, just to "vent", not even trying to find a solution.

That being said, here is a side note. The OP wrote his message on the 16th of September. I searched for messages about wireless and vlan and found the following thread which was handling the same topic between the 22nd and 25th of August 2023 (took me 2 minutes). Both authors spent three days before writing a message on the forum. Read the attitude difference of the author of the other thread and the author of this thread, and watch the type of answers the author received: viewtopic.php?p=1020603&hilit=wireless+ ... 2#p1020603

In short: "In expuentis recidit faciem, quod in caelum expuit".

infabo · Sun Oct 15, 2023 6:44 pm

Was fun to read, kraal. And I can't agree more on the content. There are so many helpful folks here. Ask politely, provide as many information/configs/diagrams as you can or you get asked for - and you'll receive help.

But we are getting off topic. Did OP say the forum sucks?

dooh · Sun Oct 15, 2023 11:00 pm

Have my problems with Mikrotik, but the author problems clearly are his own. Mikrotik on some points has a greater and better view than most of other vendors. Been using for more than 20 years almost all the routing Equipments ever produced, yes Mikrotik web/winbox/cli is a bit stranger than others, but hey, it could be worse. When you used the CLI from SAN storages like NetApp, EMC, Mikrotik is NICE.

Again, got my problems with Mikrotik, but after using it and finding solutions (not all that I like), I'd love to replace as much routers I can with Mikrotik.

Good luck to you.

Mon Oct 16, 2023 12:05 am

...(took me 2 minutes)...

It's a sign of times ... some are overhelmed with a task if looking for a solution takes more than 15 seconds and the received answer is not the very first one that the search engine suggest. That is why AI gets (IMHO) so popular as it justifies lack of "internal need" to find solution. If there is no proper answer from AI then the solution does not exists. Period.

For years i was trying to learn and understand this platform.

@user5342:
It's no shame to not know even for pros so maybe it's time to take a f***g course or set of courses (staying with your exaggerated style of expressing your disappointment) to uncover what an idea in Mikrotiks devices and software is hidden.

phascogale · Wed Oct 18, 2023 5:40 am

This thread could have been an interesting entry point to Mikrotik given I am not a network expert. I have some familiarity with OPNsense which uses a different model compared with ROS. Having lurked for a couple of months I am somewhat confident I will be able to handle this despite having done nothing more so far than follow recipes to configure a mAP for virtual wlan, to obtain WiFi WAN and LAN. As I configure some other devices I am still more confident that I will need to ask for help at some point!

Different systems have different models and formal languages. From what I have seen to date ROS is exceptionally capable. Insights from block and packet diagrams are helping me understand some of the discussions. I have seen nothing that would lead me to a view the product as sucky, personal frustrations (I have had a few over the years) or not.

GiovanniG · Sat Oct 21, 2023 5:42 pm

First of all i want to introduce my self.
I'm IT engineer for over more then 20 years. I'm not newbie, seen and know a lot of things.
<quoted from first post>
I would like to learn and understand mikrotik, but don;t want to spend all my life doing this. Believe that there are better options, with much smaller labyrinth to pass trough.

Have you tried Winbox? I suppose you talk about command prompt, I also don't like it, comparing to Cisco that can help you step by step and autocomplete. But Winbox is great, and quickly I can do everything, for me much better than Cisco

utiker · Sun Oct 29, 2023 5:28 pm

@mada3k

Would you and others experienced in OpenWRT kindly join this thread to hopefully share more of your experience?
Thank you.

TurboSocket · Mon Oct 30, 2023 10:56 pm

Leaving the OP's tone and frustration expression aside, I do think MikroTik would improve immensely by standardizing their CLI, masking certain layers of abstractions and making the CLI chipset-agnostic.

I did have my "eureka" / "aha" moment (or after finding the problem, rather "WTF" and "f... me sideways") earlier today (more in viewtopic.php?p=1033015#p1033015). Believe many hours of troubleshooting could've been saved if duplicate features/functionality of "/interface bridge" and "/interface ethernet switch" had been merged into a single control.

Shamejais · Wed May 15, 2024 11:34 am

MIKROTIK is making a good hardware products!

The oonly thing what succkkss, is user NONfriendly software interface

More then 10 years, i was trying to offer to clients (end users) a MIKROTIK products - no success.

Clients are NOT accepting such an UBEROVERPOWERED software.

But every 5 years, i am checking, are there some changes or not?!?!?

GL

infabo · Wed May 15, 2024 3:45 pm

Pretty safe to answer: interface did not change since 2019. See ya in 2029!

Wed May 15, 2024 3:47 pm

Use "mikrotik home" android app for those clients

infabo · Wed May 15, 2024 4:49 pm

yeah, that's a nice app

BrianHiggins · Fri May 17, 2024 1:00 am

Use "mikrotik home" android app for those clients

have you fixed the permissions yet so we can give a user tikapp or permissions to user the home app without needing to grant them full winbox access?

infabo · Fri May 17, 2024 1:01 am

touché

HannesKruger · Tue May 28, 2024 2:38 am

I, for one, have always appreciated the verbosity of the user interface. Yes, there are a million settings, and I understand that it can be overwhelming in the beginning, but make no mistake—Winbox is a great learning tool. In my early days, I learned much more from poking around in Winbox than I ever could have in the monolith called IOS.

My advice to the OP would be: if you want to implement VLANs, learn about VLANs from a standards point of view. RFCs make the internet work, and MikroTik follow them too.

sitambokni · Thu Mar 06, 2025 9:30 am

New in this forum, I registered just because of this comment and make me laugth.
I just love Mikrotik.

mos6569 · Thu Mar 06, 2025 6:07 pm

Hi!

I know the feeling of frustration the first time you use a MikroTik when you are used to devices from other well known brands. But hey! It's like learning a new language on how to speak networking

dang21000 · Thu Mar 06, 2025 9:29 pm

Mikrotik is complicated yes.... , cisco too, stormshield too, fortinet too, netapp too.
Repair a car is complicated too. Create ansible playbooks/roles too.

It's not mikrotik problem.

I think mikortik need to rework the documentation to be like netapp or ansible, release a doc per version and redact detailled upgrade paths and différences, lost/add/changes between versions.

-----

My first approch with mikrotik wasn't good, winbox was an horror for me at this time.... because coming from vyatta, cisco and edgerouter/edgeswitch.
But after fews days of reading docs, trying.... i found mikrotik better than edgerouter and more flexible than edgerouter/edgeswitch and cisco devices
In 2021, decision was taken to kill all others hardwares and replace all by mikrotik.

Mikrotik still support all hardware.... i can still use the latest OS with the first "lab rb2011 router" ! It's just amazing ; comparing with ubiquiti edgerouter without os release during theirs 2 last years of life with me...

infabo · Thu Mar 06, 2025 9:54 pm

I think mikortik need to rework the documentation to be like netapp or ansible, release a doc per version and redact detailled upgrade paths and différences, lost/add/changes between versions.

THIS

eltikpad · Thu Mar 06, 2025 10:45 pm

I think mikortik need to rework the documentation to be like netapp or ansible, release a doc per version and redact detailled upgrade paths and différences, lost/add/changes between versions.
THIS

Definitely agree with this. Theres a ton of various documentation floating around. Some for 6.X, some for 7.X, some of which happens to work for each. Also “wiki” vs. “help”. I tend to use fairly up to date versions, and so its pretty easy to see what pertains, but what if you had to stay on a certain older version for “reasons”? Use the way back machine!

woland · Fri Mar 07, 2025 10:10 am

That´s exactly my opinion as well, but I´d like to add: MT should add more and well documented examples to each topic.
There are many good examples on this forum, but they are hard to find.

dang21000 · Fri Mar 07, 2025 2:27 pm

I hope mikrotik support/leader will read my remark about the documentation and i hope in few monts, see an announcement about documentation.

aoakeley · Fri Mar 07, 2025 2:55 pm

Amongst our team we have a saying that "There is nothing you can not do with a mikrotik".

Yeah sure.. of course there are things you can't do. However when crap hits the fan and you need the networking equivalent of a Flipper Zero, then a mikrotik is where the team turns to for creative solutions to difficult situations.

dang21000 · Fri Mar 07, 2025 6:59 pm

Yes, anything is possible with mikrotik....
- i wasn't able to have ipv6 fully fonctionnal with edgerouter ; switching to mikrotik : everything work fine and easily
- don't want add a RPI for pihole on each remotes sites... i've just run a container on each remote rb5009
- found the cisco wifi caps and capsman so complicated and expensive > switch to mikrotik wifi caps, performance enhanced, easy maintenance... and priceless
- run wg instead ovpn for site2site with edgerouter : impossible... with mikrotik, it's easy

G00dm4n · Mon Mar 17, 2025 1:49 am

Well I kind of agree on some points of the author.
And surprise-surprise... I am just another sysadmin for more than 25 years.
As all of us I had started with Cisco...
First time I meet ROS on a white-box PC used as a wireless router in 2001 installed by my TLD ISP.
Then my experience evolved... I had become certified with about 5-6 MT certificates... used a bunch of devices from MT in years. Had at least 20 in my home lab.
But then - in last 5 years MT froze in time... they stop evolving.
Oh they still develop the ROS which is damn good and got faster networks but they stay in the same segment.
Just horizontal development (more of the same) - not vertical (new classes of products).
They just stay in the niche with no serious competition - small ISPs and CPEs. No enterprise... not even proper corporate solutions.
What about stacking, what about port security and FFE? Also serious lacks in implementing newer WiFi standards.
No central management/monitoring solution... (don't count on Dude).
No serious support structure and support contracts.
And to play with the big boys you need this.
Yes I know.... MT was used in many corporate organization in a way to provide economical solution for something small or not that important.
Well they'd implement the containers! Good! But forget to add storage options except to cheap devices with not enough CPU power.
They add ROSE on a routers...
But with time they become more and more pushed out of the way, by other cheep and more well developed brands - some of them even cheaper.
And why is this - well reasons are many ... but is not me to point to the CEOs.
In 20 years they had still not developed any network security solutions, not any firewall, not any sd-wan (even is pretty easy to be done with MT).
Documentation is a mess, scripting language is not completely documented, many new features are not fully developed and takes quite long to be finished. Why no modular structures in the scripts? Why no script library which can be imported?
Certification... oh this is another mess - why new certificates do not reconfirm the existence of the old? Why have to start from scratch if I miss the time?
And what we are getting this day? An RDS? For what??? With half the money I'll do it with old dell/hp/supermicro server and will be better.
If they had used proper approach this will be the best hyperconverged system for SBS and SOHO - now is just glorious NAS.
Don't get me wrong - I like MT - here are many good things. But this not means to close our eyes and shout "blasphemy" on every criticism.

I'm serious fan of MT, but if they do not move soon - then I will move ... and this will happens with many more.

tombs · Mon Mar 17, 2025 11:30 am

I love MikroTik. Do i find it easy to use? No. I am no sys admin, no network guru... But my home network works, wife is happy and I can still play with it in my homelab, improve mu home network and learn.

Can MikroTik improve? Yes. Do they suck? No!

mkx · Mon Mar 17, 2025 12:14 pm

I tend to agree with @tombs.

I see MT stuff as a cross-over between serious stuff (e.g. cisco) and cheap home-rated stuff (e.g. Dlink), which takes good things from each of worlds.

Do I use it at home? Yes, absolutely, and I'm happy with feature set and prices.
Would I use it in corporate environment NOW? Hell no.
Would I use it in corporate environment in the future? Gladly if it evolves.
Will I abandon MT for home use if it doesn't evolve? Most likely no.

Yes, MT is currently in a niche. Should they evolve and overgrow the current niche? Only if they (devs and management alike) feel comfortable doing it. I'd hate to see them stretch into a new segment ... fail miserably and take the current ecosystem into failure as well.

infabo · Mon Mar 17, 2025 3:08 pm

There is a lot of truth in what G00dm4n says.

mihaik · Mon Mar 17, 2025 4:29 pm

I have read this post a few weeks ago, searching for new stuff about my new router. To be honest, the author is or was not at a very good level in his field. I started my Home Lab journey a few months ago using a basic isp router with zero settings. Since then, I temorary used an old PC as a pfsense but I didn't like it that much, I was not learning anything with it too boring and simple.

Then I bought a MikroTik router, was a bit shy for like 1 month and used it in default config but after that, my Network was running in like two days as I wanted, of course I needed some help here, it was not working 100% in a correct way but a lot of the points that the author couldn't make it, I could just reading the documentation and some examples. I don't feel it is terrible hard and I have zero experiente in networking. I know I learn very fast tech-stuff and that I have some Linux at home backround, but I don't know if that helps is just that I feel already "at home" using RouterOS in like 10-12 days of using it.

My VLANS are working, my wifi are working, firewall does exactly what I want, all is segregated, L3 works. I managed to connect and configure my other switch also. If Tik would be that bad I don't think personally I would be able to do that.

And guess what ? The journey, homelab + home networking made me really think about to embrace a role in a company being a system administrator and maybe even devops. I don't know how It will be in a corporate network with Mikrotik devices but I think big companies will always use some strong firewall solutions that Mikrotik lacks. But even so, for routing it is a very good option, price it is excelent. For 150 EUR I do more than a guy with some expensive Ubiquiti stuff can do. I will for sure be more prepared to learn CISCO and others after dealing with MikroTik, and the community is nice, I like you guys.

Stay safe ! And don't forget to offbridge one of ethernet ports haha.

phascogale · Mon Mar 17, 2025 11:15 pm

I find a conflict between this

They just stay in the niche with no serious competition - small ISPs and CPEs

and the critique in the same post. Is there an objection to Mikrotik successfully identifying and exploiting a niche? What else is a business supposed to do, when they are unlikely to achieve world domination (and would probably go broke trying)?

Like @mihalk, I started with 'some' technical competence but little knowledge of network device configuration. I suspect from mihalk's latter comments that I am also far older. Sure, I am still on the long learning curve not a Zen ROS master, yet (a brief count in my head) I have at least half a dozen different Mikrotik routers (and two switches) doing different jobs in my home and away. All but a couple of my MIkrotiks differ in non-trivial aspects of their configurations.

Analogous with the original concepts of Unix, Mikrotik devices are small, efficient tools configurable alone or in groups for almost any task that might arise in a home or small business. A far greater range of options is exposed, if you wish to use them, compared with most commercial or open source software that might be considered.

Quite a bit of the 'Mikrotik sucks' denigration seems to arise from people wanting Mikrotik to be something other than Mikrotik, the world domination theory, or else complaints about things that actually (mostly) work but could be more modern or better or work infallibly in any circumstance.