Hello the Mikrotik community,
Full disclosure: I am not an IT person by any means, just a computer enthousiast who tries to understand what he is doing...
The scene: I have been running my home network with an Asus Router under Asus-Merlin firmware (50 or so devices).
This router is connected to a Mikrotik switch (CRS 326-24G-2+), and to my ISP box in bridge mode. 600MB connection.
For the same price, the same ISP proposes a 5 GB symetric fiber connection.
So, I am willing to take advantage of the extra speed, because... why not !!
I am running an unRaid server with Plex and the *arrs apps and I also have a Syno NAS.
I need a new router as my current Asus one doesn't have support for 10GB speed.
So I am considering the following options:
- buy the Asus EB88U compatible with Asus-Merlin
- buy an OPNSense box (from OPNSense or any compatible machine)
- buy a Mirkotik router
I looked at the OPNSense compatible hardware, but overall, it is quite pricey.
On Mirkrotik side, theCCR2004-16G-2S+ looks good: I can use the 16 GBe ethernets ports and connect it to my switch with the SFP+ port.
In addition, I also need to install one or two wifi AP to enhance my wifi coverage.
So I thought maybe the good solution could be the mirkotik router (it can fit well in my rack). Before taking the plunge, I bought the hEX PoE for cheap and make some testing with routerOS. I currently have dualwan with my Asus-Merlin set-up and I want to replicate the same with my Mikrotik install.
My plan is to convert the hEX PoE into a switch for the wAP AX wifi access point to install and benefit from the PoE set-up.
This is where I lost my illusions....
After the initial default set-up of the hEX, I tried to change the network address (from 192.168.88.0/24 to 192.168.0.0/24).
I went into the IP menu and tried to adjust the setting for IP address, DHCP etc...
Default config, Internet OK, after I made the changes, no internet...
After several days of reading/watching some tutos.... I failed miserably until I read a comment on a forum suggesting to start the Quick Set and modify the IP address there...and it worked!!
I understand that modifying the network range involve modify as well the firewall rules and/or routes in the Mikrotik settings.
I was not able to acheive this very simple task on my own.
So setting-up dualwan with failover (not interested in load balancing), doing IP reservations, port forwarding, VPN client etc... I have the feeling that I don't have the networking knowledge to do it in RouterOS, whereas I was able to do this kind of stuff with Netgear Router a very long time ago or with my Asus-Merlin more recently.
So... I am considering again the Asus router or to invest some hard-earned money in a OPNSense box...
I am willing to learn, but between my job and my family, my spare time is scarce.
So my question is: is it possible for a non network admin to use routerOS or this is something only for the professional and I should go back to play with the kids toys like OPNSense and Asus-Merlin?
I thank you in advance for sharing your thoughts and experience on my reflexions....
Valyno
Re: routerOS & Mirkotik for the noobs
I’m not a network expert and I have a Mikrotik hAP ax2 as my main router.
ROS is not easy, but there are many information, documentation, Youtube videos, etc online. You can ask here. You can search for other forums. IE in Spain we have a forum with a Mikrotik subforum with many Spain ISP setups premade…
For the basic things you mention, I think anyone can do it. If you want to learn more deeply, you can continue learning.
Good luck!
PD: I came from Asus & Merlin too.
ROS is not easy, but there are many information, documentation, Youtube videos, etc online. You can ask here. You can search for other forums. IE in Spain we have a forum with a Mikrotik subforum with many Spain ISP setups premade…
For the basic things you mention, I think anyone can do it. If you want to learn more deeply, you can continue learning.
Good luck!
PD: I came from Asus & Merlin too.
Re: routerOS & Mirkotik for the noobs
I am a non network admin and I use routerOS quite successfully. The learning curve can be steep, but the benefit is that once I get something working, I find that I have learned a lot about what I am doing and I am finding that for the same cost as home-user equipment I am getting a lot of configuration capability.
So my question is: is it possible for a non network admin to use routerOS or this is something only for the professional and I should go back to play with the kids toys like OPNSense and Asus-Merlin?
I thank you in advance for sharing your thoughts and experience on my reflexions....
Valyno
Re: routerOS & Mirkotik for the noobs
RouterOS generally exposes the networking system of the Linux kernel almost directly to the user. That means that you generally have to know what you're doing to configure it correctly. The other commenters are completely correct in that it doesn't require any sort of diploma or formal training, but it does require time and dedication. If you are otherwise inclined to learn about networking stuff then definitely go for it, if not you may wish to reconsider (as much as I like Mikrotik). I think you made the correct call in getting yourself a cheap device first and trying it out for yourself - one of the cool things about Mikrotik is that all their devices (excluding some really underpowered ones) use the same configuration interface and feature set, so what you see on your smaller device is what you will get if you decide to get a higher powered one.
As you have seen, the quickset feature is quite limited and only gets you so far. For any sort of advanced configuration (which would be the reason for buying Mikrotik) you will have to forget about using it.
Other than that, your choice of the ccr2004 is kind of spot on. It will route 5Gbps easily. Just be aware that for routers throughput is measured such that 5Gbps symmetric - if simultaneously maxed out in both directions - is counted as 10Gbps, which this router can only do with some "optimizations" turned on. Also, this device comes in a PC (passively cooled) variant, but this model has its CPU downclocked, and consequently has significantly lower throughput than the actively cooled version. With the stock fans these devices can be a bit noisy (the fans can be replaced by quieter ones), but as you mention a rack I would assume that it would not be located next to your bed.
When looking at throughput the usual suggestion is to look at the 25 firewall rules / 512 byte packets test result for Mikrotik devices (they will go about 20-30% faster than specified there for general traffic) and the IMIX results for OPNsense stuff.
BTW the OPNsense official boxes are quite neat, and I wouldn't categorize them in any way as being for dummies, in fact they are very capable. For home use I too would consider them a bit pricey, but that is a decision for whomever has to pay for it
In any case an ASUS or other consumer router does not even merit comparison with the category of device you are thinking about - be it the OPNsense or the Mikrotik,
As you have seen, the quickset feature is quite limited and only gets you so far. For any sort of advanced configuration (which would be the reason for buying Mikrotik) you will have to forget about using it.
Other than that, your choice of the ccr2004 is kind of spot on. It will route 5Gbps easily. Just be aware that for routers throughput is measured such that 5Gbps symmetric - if simultaneously maxed out in both directions - is counted as 10Gbps, which this router can only do with some "optimizations" turned on. Also, this device comes in a PC (passively cooled) variant, but this model has its CPU downclocked, and consequently has significantly lower throughput than the actively cooled version. With the stock fans these devices can be a bit noisy (the fans can be replaced by quieter ones), but as you mention a rack I would assume that it would not be located next to your bed.
When looking at throughput the usual suggestion is to look at the 25 firewall rules / 512 byte packets test result for Mikrotik devices (they will go about 20-30% faster than specified there for general traffic) and the IMIX results for OPNsense stuff.
BTW the OPNsense official boxes are quite neat, and I wouldn't categorize them in any way as being for dummies, in fact they are very capable. For home use I too would consider them a bit pricey, but that is a decision for whomever has to pay for it
In any case an ASUS or other consumer router does not even merit comparison with the category of device you are thinking about - be it the OPNsense or the Mikrotik,
Re: routerOS & Mirkotik for the noobs
I think you can consider a Ros device as something like a piano. 
The instrument, under the right hands, can do marvels, but to master it years of study and practice are needed.
But all you want to do is learning some basics in order to play "Happy birthday to you" or "White Christmas" at the next suitable occasion.
It Is definitely doable and you did the right thing buying the hex on the cheap to play with.
The (big) difference between a "SoHo" device (like the hex) and a "professional" device is that the first comes with a basic (but good/working) default configuration including a set of firewall rules, whilst the latter will come with no (or very minimal) configuration.
So a good idea is to start from a "clean" (reset configuration) on the hex, get familiar with Winbox and terminal and do experiments on that base, so that when you will get the CCR you will be able to "replicate" the hex configuration on it.
But unless you need anything more advanced, there are only a handful of things/concepts that you have to understand, and of course once you have these basics set you can ask for assistance here on the forum for those parts that you may have difficulties with and for a check-up of your intended configuration.
A couple good (shameless plug) basic references (essentially what I would have wanted to find when I stated):
viewtopic.php?t=215004
viewtopic.php?t=215018
The instrument, under the right hands, can do marvels, but to master it years of study and practice are needed.
But all you want to do is learning some basics in order to play "Happy birthday to you" or "White Christmas" at the next suitable occasion.
It Is definitely doable and you did the right thing buying the hex on the cheap to play with.
The (big) difference between a "SoHo" device (like the hex) and a "professional" device is that the first comes with a basic (but good/working) default configuration including a set of firewall rules, whilst the latter will come with no (or very minimal) configuration.
So a good idea is to start from a "clean" (reset configuration) on the hex, get familiar with Winbox and terminal and do experiments on that base, so that when you will get the CCR you will be able to "replicate" the hex configuration on it.
But unless you need anything more advanced, there are only a handful of things/concepts that you have to understand, and of course once you have these basics set you can ask for assistance here on the forum for those parts that you may have difficulties with and for a check-up of your intended configuration.
A couple good (shameless plug) basic references (essentially what I would have wanted to find when I stated):
viewtopic.php?t=215004
viewtopic.php?t=215018
Re: routerOS & Mirkotik for the noobs
Hello Everyone,
Thank you for your answers and the links!
I will try to stick a bit with my hEX sandbox and see if I am able to do something out of it.
My main concern, aside the lengthy process to learn, is to mis-configure and to create a security hazard...
Nothing more dangerous than an ignorant that thinks that he knows....
V
Thank you for your answers and the links!
I will try to stick a bit with my hEX sandbox and see if I am able to do something out of it.
My main concern, aside the lengthy process to learn, is to mis-configure and to create a security hazard...
Nothing more dangerous than an ignorant that thinks that he knows....
V
Re: routerOS & Mirkotik for the noobs
When working with vlans and bridge the best approach is take one port Off the Bridge and do all the configuring from this safe spot.
The best thing you can do is take one port off the bridge and do your config from there, a safe spot.
1. Take ether5off the bridge at /interface bridge port
2. Make the following additions/mods
/interface ethernet
set [ find default-name=ether5] comment=OffBridge5
/interface list member
add interface=OffBridge5=LAN ( and trusted if you have a management interface list )
/ip address
add address=192.168.77.1/30 interface=OffBridge5 network=192.168.77.0
3. Now you can plug in your laptop to ether5, change your ipv4 settings to 192.168.77.2 and using winbox access the router as per normal.
4. Now you can start configuring your router for vlans such as guest, home, iot, media, anything else, and any other vlans aka printer vlan, or spouses work vlan, or kids vlan etc.. THe idea being you dont want vendor equipment and work and home mixing with anything else,,,,,,,just internet access, etc....
The best thing you can do is take one port off the bridge and do your config from there, a safe spot.
1. Take ether5off the bridge at /interface bridge port
2. Make the following additions/mods
/interface ethernet
set [ find default-name=ether5] comment=OffBridge5
/interface list member
add interface=OffBridge5=LAN ( and trusted if you have a management interface list )
/ip address
add address=192.168.77.1/30 interface=OffBridge5 network=192.168.77.0
3. Now you can plug in your laptop to ether5, change your ipv4 settings to 192.168.77.2 and using winbox access the router as per normal.
4. Now you can start configuring your router for vlans such as guest, home, iot, media, anything else, and any other vlans aka printer vlan, or spouses work vlan, or kids vlan etc.. THe idea being you dont want vendor equipment and work and home mixing with anything else,,,,,,,just internet access, etc....