Community discussions

MikroTik App
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Product advice for a SOHO

Mon May 03, 2021 11:12 am

Hi, I am new. Well not really, had a Mikrotik Router some 10 years ago, but I guess things have happened since. The Dude is still awesome.

So looking to replace all my aging network equipment and focus on one brand only. Mikrotik is among my first choices.

Specifically I would need 1 Firewall, 1 Router, 2 Switches and 1 AP.

Firewall. Currently running a Zyxel, and you don't seem to have FW so I might continue with that

List of basic functionality.
  • Router > Rack mounted with PoE, 1 WAN and 4-5 PoE ports. No WiFi.
  • Switch 1 > Rack mounted and 48 ports .
  • Switch 2 > Rack mounted and 24 ports
  • AP > Dual Band and high speed.

Product suggestions appreciated. Only one interface to handle everything, thank you.

Got about 50 devices, a few servers, virtual and physical.
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: Product advice for a SOHO

Mon May 03, 2021 4:04 pm

Browsing products I tend to go for the same basic series with same OS and with minimal differences between versions so looking at switches I look at
https://mikrotik.com/product/crs354_48g_4splus2qplusrm
and would very much like a 24G version of that one, but it seems there are more differences than just the amount of ports.

Exactly the same reasoning goes for https://mikrotik.com/product/CSS326-24G-2SplusRM which have some additional differences between the firstly mentioned switch and this second.

So I want the exact same switch in two port layouts - 24 and 48 -, is that even possible?
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: Product advice for a SOHO

Wed May 05, 2021 4:32 pm

Nothing?
 
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: Product advice for a SOHO

Wed May 05, 2021 5:27 pm

All seems to run RouterOS. Is that valid usage for a Firewall?

FIREWALL: https://mikrotik.com/product/CCR1036-8G-2SplusEM > RouterOS
ROUTER: https://mikrotik.com/product/rb4011igs_rm + https://mikrotik.com/product/crs112_8p_4s_in > RouterOS and RouterOS (?)
SWITCH 24 https://mikrotik.com/product/CRS326-24G-2SplusRM > RouterOS
SWITCH 48 https://mikrotik.com/product/crs354_48g_4splus2qplusrm > RouterOS
AP: https://mikrotik.com/product/hap_ac3 > RouterOS

CRS112-8P-4S-IN is listed as Switch, not as Router?

CRS354-48G-4S+2Q+RM seems like a normal switch, but what is the difference between that and the 24 port Cloud Switch? Why is there not just a 24P version of it?

CCR1036-8G-2S+EM is listed as Router and not dedicated Firewall. I know you can configure rules for I/O in a router, but unless that works really smooth, I am not interested in that kind of micromanagement. Nor CLI for that matter. At all.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12445
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Product advice for a SOHO

Wed May 05, 2021 5:43 pm

Check twice my previous post: all winbox = routeros
the 8 poe switch is for "add" PoE out capability to router

>>>Why is there not just a 24P version of it?<<<
You can use only 24 port of 48 and it still working.
(And... you can use only one port!!!)

probably your definition of firewall is not equal than mine
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: Product advice for a SOHO

Wed May 05, 2021 5:52 pm

Well, I have a Zyxel firewall that has a "gazillion" predefined rules (USG60) so assuming CCR1036-8G-2S+EM is preconfigured and also updated in a similar way...?

As for PoE, well, I could have that in the 24p switch instead, it would be possible, I think. Can you jump PoE power from one patch connection to another?

As for 24P and 48P, it is because I need a switch in my server cabinet rack, the 48P is for my incoming patch panel... so the switches won't be in the same place

CCR1036-8G-2S+EM is waaay to expensive....
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12445
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Product advice for a SOHO

Wed May 05, 2021 5:58 pm

Well, I have a Zyxel firewall that has a "gazillion" predefined rules (USG60) so assuming CCR1036-8G-2S+EM is preconfigured and also updated in a similar way...?

Actually my "dated" RouterBOARD CCR1036-12G-4S have 60-70 "handmaded" rule, auto upload drop and edrop list among others, block malicious dns, etc. (I do not do now a full list of all)
(the first thing I do is clear completly the configuration, no default)
and protect near 4000 users and ping to 1.1.1.1 still 1~2ms


>>Can you jump PoE power from one patch connection to another?<<
no, power jack on the back for 24/48 on 8P model, and internal psu for 24PoE model
 
User avatar
Paternot
Forum Guru
Forum Guru
Posts: 1021
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: Product advice for a SOHO

Wed May 05, 2021 6:02 pm

Firewall. Currently running a Zyxel, and you don't seem to have FW so I might continue with that

List of basic functionality.
  • Router > Rack mounted with PoE, 1 WAN and 4-5 PoE ports. No WiFi.
  • Switch 1 > Rack mounted and 48 ports .
  • Switch 2 > Rack mounted and 24 ports
  • AP > Dual Band and high speed.
You left one important thing out: speed.
What is the needed routing speed?
What is the internet link speed?
What is the interconnection needed speed, between the switches? I imagine that the 48 and 24 ports switches would connect to different subnets, on different router ports. Am I right?

As Jack the Ripper used to say, lets do it by parts.

Router:
The only router I found with 4 PoE ethernet ports is the https://mikrotik.com/product/RB960PGS-PB. But its routing capabilities are very weak. One possibility would be to just buy some PoE injectors and use a "normal" router. Another would be to buy a cheap 5 port switch (https://mikrotik.com/product/RB260GSP) with PASSIVE PoE on 4 ports. Yet another would be to drop the requirement. Or, of course, You could buy another brand.
Dropping the PoE requirement for the router make easier to find it: Mikrotik sells from small itsy bitsy routers to monsters like the CCR1076. One of them will (probably) be the right one for You.

Switch with PoE (RouterOS):
24 gigabit PoE ports and 4 SFP+ ports: https://mikrotik.com/product/crs328_24p_4s_rm
48 gigabit PoE ports, 4 SFP+ ports and 2 QSFP+ ports: https://mikrotik.com/product/crs354_48p_4s_2q_rm

Switch without PoE (RouterOS):
24 gigabit ports and 2 SFP+ ports: https://mikrotik.com/product/CRS326-24G-2SplusRM
48 gigabit ports, 4 SFP+ ports and 2 QSFP+ ports: https://mikrotik.com/product/crs354_48g_4splus2qplusrm

AP dual band high speed:
Here I'm not sure.
-- EDIT --
Sorry, not dual or quadruple band. Dual or quadruple CHAINS.
-- /EDIT --
We have several modern devices with dual band, and one modern device with quadruple band and 3 radios (one 2,4 and two 5GHz). All of them can be used as AP. Some of them can be used as routers as well. I don't know how well (or how bad) they perform. Better to ask someone here used to them.
https://mikrotik.com/product/wap_ac
https://mikrotik.com/product/hap_ac2
https://mikrotik.com/product/hap_ac3
https://mikrotik.com/product/audience
Last edited by Paternot on Wed May 05, 2021 6:06 pm, edited 1 time in total.
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: Product advice for a SOHO

Wed May 05, 2021 6:06 pm

Actually my "dated" RouterBOARD CCR1036-12G-4S have 60-70 "handmaded" rule, auto upload drop and edrop list among others, block malicious dns, etc. (I do not do now a full list of all)
(the first thing I do is clear completly the configuration, no default)
and protect near 4000 users and ping to 1.1.1.1 still 1~2ms
Quite impressive. Got 5 users and maybe 50 diff devices. ;)

All in all, except for the CCR1036-8G-2S+EM, i could put together a package for about 1000€ which is reasonable for a Router with PoE + 24P switch + 48P switch + AP.
Can wait a bit with FW appliance
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12445
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Product advice for a SOHO

Wed May 05, 2021 6:08 pm

...quadruple band...
Non LTE Where??? 😲
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: Product advice for a SOHO

Wed May 05, 2021 6:09 pm

Speed
You are right.

Current speed is max 1GB in Lan. No use to have faster due to I/O bottlenecks with my current drives. Have about 100Mb/s R/W via SMB3 and Jumbo Frames.
ISP Speed is 100/100MBit, can be upgraded up to 1/1GBit.

I only use one PoE as it is right now, don't really plan on expanding that. can do without.

LTE? There is no LTE involved.

Also, I want to stick to ONE brand. Fed up with having 4 admin interfaces.



What is the interconnection needed speed, between the switches? I imagine that the 48 and 24 ports switches would connect to different subnets, on different router ports. Am I right?
Nu subnets, well maybe one, if I connect each switch to its own port on Router, which would be recommended I guess. As mentioned, 100MBits is my overall internal data transfer rate, so that is enough. Better is bonus. I get higher speeds transferring data from a laptop with NVME SSD to a desktop with NVME SSD, but untested.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21351
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Product advice for a SOHO

Wed May 05, 2021 6:43 pm

It is it hard requirement to have firewall and router separate and why? Just curious as most home and SOHO dont require it.
Is the extra expense a nice to have or a real need, in which case maybe I should put my hex before my CCR1009 LOL.
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: Product advice for a SOHO

Wed May 05, 2021 7:42 pm

It is it hard requirement to have firewall and router separate and why? Just curious as most home and SOHO dont require it.
Is the extra expense a nice to have or a real need, in which case maybe I should put my hex before my CCR1009 LOL.
Yes and no. Short answer, Yes, I want it separate.

Long answer, performance wise i am concerned about the firewall being the same device as the router. Yes, it is a small network. Maybe I am being a bit paranoid, but the space where i will have this equipment is rather cramped and will reach high 40 degrees Celsius in summer and more if some device is under pressure from running both routing, dhcp, two lans, and firewall in the same device...

Having said that, I am not an expert, far from it, so if the general consensus is that this is not needed and I can run these services on the same physical device with no fear of stuff getting overheated or getting poor performance, well.

On the other hand I have a spare server with a late Xeon, 32GB DDR4 and some SSD's that I can run PFSense on.
 
User avatar
Paternot
Forum Guru
Forum Guru
Posts: 1021
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: Product advice for a SOHO

Wed May 05, 2021 9:53 pm

Ok. Although (as You can see below) the hardware is certified to high temperatures, I would try to run it no higher than 50 Celsius - ambient.

Router:
To 1Gbps internet I'd get an RB4011 (https://mikrotik.com/product/rb4011igs_rm). It's certified to work up to 70 Celsius - ambient. I think it will be fine with your 40.

Switches:
24 port: https://mikrotik.com/product/CSS326-24G-2SplusRM (up to 70 Celsius - ambient)
48 port: https://mikrotik.com/product/crs354_48g_4splus2qplusrm (up to 60 Celsius - ambient)

Just remember that traffic crossing the router costs CPU.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21351
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Product advice for a SOHO

Wed May 05, 2021 10:18 pm

For Wifi if its a vanilla indoor access point you are looking for (aka a stable decent wifi 5 variant) I would select the tp link eap245.
I have not tried their latest wifi6 units yet eap 620 and 660 (too pricey).
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: Product advice for a SOHO

Thu May 06, 2021 9:01 am

For Wifi if its a vanilla indoor access point you are looking for (aka a stable decent wifi 5 variant) I would select the tp link eap245.
I have not tried their latest wifi6 units yet eap 620 and 660 (too pricey).
Thanks but no thanks... as I mentioned, I rather keep all the products to one brand. A Cisco salesman will call me later today - I have some contacts via work - but tbh I don't see that happen, my estimate indicates a 50% bigger price tag and their product lines are, imo, really hard to understand.
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: Product advice for a SOHO

Sat May 08, 2021 11:15 am

After some pondering I might be inclined towards this: https://mikrotik.com/product/RB1100Dx4 RB1100AHx4 Dude Edition
Not really sure about what benefits comes with the extra M.2 storage and how it helps The Dude, but a good network drawing/topology tool on the Router itself is not a bad thing.

I am of course reluctant to dwell in to this https://help.mikrotik.com/docs/display/ ... figuration and this https://help.mikrotik.com/docs/display/ROS/Winbox not to mention this https://help.mikrotik.com/docs/display/ ... c+Concepts but I will just have to read up.
Last edited by SecCon on Mon May 10, 2021 2:14 pm, edited 1 time in total.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12645
Joined: Thu Mar 03, 2016 10:23 pm

Re: Product advice for a SOHO

Sat May 08, 2021 12:04 pm

Not really sure about what benefits comes with the extra M.2 storage and how it helps The Dude,

The Dude needs some storage to deal with statistical data from controlled/monitored devices. While every ROS device comes with some permanent storage that storage comes with one or two problems:
  1. As with all semi-conductor based permanent storage it has limited number of write cycles and the dude adds quite some. If wear and tear of built-in permanent storage crosses threshold, it can fail taking the ROS license with it ... so replacement of built-in storage is practically a no-go option
  2. with most devices built-in storage is too small to use it for much else than to hold ROS itself and router configuration

This is where additional (and replaceable) permanent storage comes into the picture. While external USB thimb drive could do as well, use of high-performance internal storage is preferred for professional use.
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: Product advice for a SOHO

Sat May 08, 2021 3:05 pm


The Dude needs some storage to deal with statistical data from controlled/monitored devices. While every ROS device comes with some permanent storage that storage comes with one or two problems:
  1. As with all semi-conductor based permanent storage it has limited number of write cycles and the dude adds quite some. If wear and tear of built-in permanent storage crosses threshold, it can fail taking the ROS license with it ... so replacement of built-in storage is practically a no-go option
  2. with most devices built-in storage is too small to use it for much else than to hold ROS itself and router configuration

This is where additional (and replaceable) permanent storage comes into the picture. While external USB thimb drive could do as well, use of high-performance internal storage is preferred for professional use.
No problem, got plenty of M2 drives... both 2242 and 2280... and it makes perfect sense.

Who is online

Users browsing this forum: No registered users and 20 guests