Community discussions

MikroTik App
 
jdub88
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Fri Sep 25, 2020 1:35 pm

Home Network Refresh - RB4011iGS+5HacQ2HnD-IN Router

Fri Jan 28, 2022 10:41 pm

Hey Folks,

I'm looking to upgrade my Mikrotik setup after finding the smaller units fantastic. They are too limited for my wider network needs so I'm looking to upgrade to something with IPSEC hardware acceleration and idealy with decent wifi.

The Mikrotik RB4011iGS+5HacQ2HnD-IN Router looks like a great option as it would save me having to pay for separate access points (or at least, reduce how many I would need if I have a range issue)

I have a couple of questions...

Firstly, I'd like 4 or 5 different (and isolated) network segments with their own SSID. This I presume is fine, but what I would also like is for one of those wireless segments to have a policy whereby all traffic must pass over an IPSEC interface. I have this now on my hAp Lite and it works well but I don't have any fancy VLAN config or anything like that there. Is it possible to have a policy for this tied to a specific VLAN, and furthermore does the blackhole/kill switch functionality still work here such that if the VPN dropped, traffic on that segment would simply fail?

Secondly, I'm looking to replace my BT router with this (it's FTTP) - I've found a few posts around this but should this generally be OK without too much effort to get the PPPoE session up and running? any gotchas around this?

Many Thanks :)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Home Network Refresh - RB4011iGS+5HacQ2HnD-IN Router

Sat Jan 29, 2022 6:11 am

My only advice is not to go with MT WIFI-5. If you want wifi 5 get separate devices.
For Routers I would go with the RB5009 about the same price but more horsepower and newer, and then separate access points (tp link eap245 wifi5 for example)
 
jdub88
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Fri Sep 25, 2020 1:35 pm

Re: Home Network Refresh - RB4011iGS+5HacQ2HnD-IN Router

Sun Jan 30, 2022 1:52 pm

Thanks for the advice, I didn't spot it was WiFi 5 - I'd prefer the latest & greatest

Are the Routers/AP combined devices generally not reccomended?

The 5009 certainly looks good but I see it's quite new and not many purchase options - a quick search highlights some unstable software issues, are they resolved? The mikrotik product page itself seems to note it as a 'home lab' router - but this isn't for tinkering about with as such and I'd need the finished config to be very stable
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Home Network Refresh - RB4011iGS+5HacQ2HnD-IN Router

Sun Jan 30, 2022 3:58 pm

Concur I always separate router and wifi, as routers if bought with future requirements in mind last quite some time.
WIFI6E is the latest but only see some preliiminary netgear offerings for that. In terms of wifi6, I use the eap660HD and its decent.

Yes, the 5009 has more horsepower and performs better under load than the RB4011.
Do concur that its only available with 7.X RoS and we are now at 7.1.1 stable which is not really fully production ready yet IMHO.
Its fine for a home but not sure elsewhere.
However, it will very shortly be fixed up as they are working hard and do produce frequent updates.
I still recommend the Rb5009 but yes, the RB4011 with 6.49.2 long term software is stable and good out of the box.
If you are one tbat likes the latest and greatest the rb5009 is it, will last well into the future...
 
jdub88
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Fri Sep 25, 2020 1:35 pm

Re: Home Network Refresh - RB4011iGS+5HacQ2HnD-IN Router

Mon Jan 31, 2022 10:49 am

Thankyou anav, very insightful, I will do some more looking into your suggestions. I should probably note, latest and greatest...as long as its stable and ready for prime time..so perhaps not QUITE the latest :D
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Home Network Refresh - RB4011iGS+5HacQ2HnD-IN Router

Mon Jan 31, 2022 5:10 pm

I have the RB4011 with wireless, as I didn't want a separate device. I find it quite acceptable for my needs so far.

what I would also like is for one of those wireless segments to have a policy whereby all traffic must pass over an IPSEC interface
I don't think this requirement necessarily relates to VLANs, unless you want the subnet used by that SSID to also be extended over trunk ports. If I understand correctly each SSID "Virtual AP" appears as an interface. In my installation these are added to a bridge, but I assume an IP address could be assigned directly, along with DHCP etc. You could then create a mangle rule matching that inbound interface, and assign a routing mark. If you do need to extend the subnet via a VLAN then you would match and mark by source IP.
 
jdub88
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Fri Sep 25, 2020 1:35 pm

Re: Home Network Refresh - RB4011iGS+5HacQ2HnD-IN Router

Mon Jan 31, 2022 7:34 pm

I have the RB4011 with wireless, as I didn't want a separate device. I find it quite acceptable for my needs so far.

what I would also like is for one of those wireless segments to have a policy whereby all traffic must pass over an IPSEC interface
I don't think this requirement necessarily relates to VLANs, unless you want the subnet used by that SSID to also be extended over trunk ports. If I understand correctly each SSID "Virtual AP" appears as an interface. In my installation these are added to a bridge, but I assume an IP address could be assigned directly, along with DHCP etc. You could then create a mangle rule matching that inbound interface, and assign a routing mark. If you do need to extend the subnet via a VLAN then you would match and mark by source IP.
Thanks for the insight. What sort of speeds do you get over wireless? I've since read that the performance isn't always great compared to some other standalone APs

I think your point about the routing mark is exactly what I was after, thanks!
 
jdub88
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Fri Sep 25, 2020 1:35 pm

Re: Home Network Refresh - RB4011iGS+5HacQ2HnD-IN Router

Tue Feb 01, 2022 2:45 pm

I'm curious for anyone else reading this - about thoughts on the hAp 3? It looks to have all the same features albeit in a smaller, less powerful package
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Home Network Refresh - RB4011iGS+5HacQ2HnD-IN Router

Tue Feb 01, 2022 5:18 pm

Thanks for the insight. What sort of speeds do you get over wireless? I've since read that the performance isn't always great compared to some other standalone APs
I measured 533Mbits/sec using iperf with multiple threads. 325 single threaded.

There was discussion back here ... viewtopic.php?p=826657
 
jdub88
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Fri Sep 25, 2020 1:35 pm

Re: Home Network Refresh - RB4011iGS+5HacQ2HnD-IN Router

Wed Feb 02, 2022 11:44 am

Thanks for the insight. What sort of speeds do you get over wireless? I've since read that the performance isn't always great compared to some other standalone APs
I measured 533Mbits/sec using iperf with multiple threads. 325 single threaded.

There was discussion back here ... viewtopic.php?p=826657
That discussion doesn't inspire me with a lot of confidence! I guess it was a while ago and they solved a lot of the issues? Your speeds are certainly just fine - did you have to do much to get that to work?

@maxmayer - I am limited to Openreach connected services, but I can still get good choices including BT 900
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Home Network Refresh - RB4011iGS+5HacQ2HnD-IN Router

Wed Feb 02, 2022 3:27 pm

LIke I said, I would not recommend to my best friend or any relative to procure MT wifi until they come out with Wifi6 and of course proof that they didnt screw that technology up along the way.
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Home Network Refresh - RB4011iGS+5HacQ2HnD-IN Router

Fri Feb 04, 2022 11:15 am

That discussion doesn't inspire me with a lot of confidence! I guess it was a while ago and they solved a lot of the issues? Your speeds are certainly just fine - did you have to do much to get that to work?
I had to fiddle around a bit with some other devices that were hogging the 5GHz space, meaning there wasn't a big enough gap for the RB to grab an 80MHz channel. Out of interest I had another quick look and I see my backup ADSL router (Zyxel) is now trampling on the 2.4GHz that my RB uses. It doesn't seem to retain a manual setting, and when set to "auto" it's quite happy jumping onto a channel that's already in use. But that's a Zyxel problem, not Mikrotik.

And yes, those discussions were concerning, especially as I only read them after I'd splashed out on the RB4011.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Home Network Refresh - RB4011iGS+5HacQ2HnD-IN Router

Wed Apr 27, 2022 6:04 pm

LIke I said, I would recommend to procure MT wifi when tthey come out with Wifi6.

Who is online

Users browsing this forum: Google [Bot] and 49 guests