tl;dr: what Mikrotik gear would you recommend, or what AP + Mikrotik router would you recommend?
I currently have a custom arm64 router & AP running OpenWRT. I am getting to the point where I no longer have time or energy to maintain it.
The only things I’d really lean on OpenWRT for would be:
netflow / statistics gathering (flows & DNS logs)
querying the current list of DHCP leases
being able to tcpdump to debug misbehaving IOT devices
I need:
minimum 8 gigabit ports
2 2.5 gigabit+ ports (SFP+ or NBaseT, I don’t really care)
2.4 & 5ghz wifi networks, ability to control these separately
802.11ac wifi (N for 2.4, the ESP8266 will be the death of me)
Nice to have:
802.11ax wifi, although I don’t really get much benefit from it as my apartment is built out of faraday cages it seems and I’ve never seen over 600 megabit on wifi more than ~30cm away from my AP
Fanless gear, as there’s already too much noise here
Just run a distribution that doesn’t cheap and/or low-end consumer routers and you’ll be fine with current hardware. The AP isnt as crucial as the firewall/gateway and you’ll rarely any breakage in that regard.
Curious why Microtik? I’ve heard great things, fast updates, modifiable etc. Anyway, would any of the new Belkin (using the brandname Linksys that Cisco owned for about a decade) devices, they are modifiable as well, and the WRT line of linksys helps spread awareness of openWRT and promotes its use. So, I’m partial to this style of product / software releases.
I’ve always had a small conciense issue with Mikrotik on the account of them not opensourcing the firmware and drivers and all the kernel patches ; and some security issues with certificate checks they never fixed, and they didn’t support ed25519 ssh keys, … and a bunch of small “weird almost features” -
unifi6 ax gear is actually much better in terms of opensource-ing … surprisingly… the u6 line has had “mainline openwrt” support for a while - firmwares are still blobs like with all new wifi modules, but at least drivers and all the .dts stuff is in upstream openwrt.
For routing, I use an old N3150 mini itx box with one built-in pcie nic, an old 128G sata ssd - and a usb3.0 nic. It runs debian testing/bookworm, it backs itself up to google drive, it has unattended-upgrades (daily upgrade of everything), and upgrades a few things I have in containers using watchtower. It uses healthchecks.io to tell me when it needs a reboot, when backups fail, or when systemctl status is degraded.
These days with 2.5Gbps being all the rage, I’d consider these small fanless boxes from ServeTheHome ;
as for wifi, if not unifi I’d go for belkin rt3200 or whatever the linksys branded version. – they’re similar to unifi u6-lr in terms of wifi chipset, except you’re not giving money to ubiquiti.
Like your average consumer router? I wouldn’t consider 11ax unless you’re tolerant to flakeyness.
I’m running FreeBSD on aarch64 and amd64 (x86-64) and it’s much easier and less effort to keep up to date than OpenWrt however both have pros and cons.
So basically you’re just choosing a name on the outside instead of anything majorly different between any new wireless devices. Wireless is in a situation that they can’t just put something different out radio signal wise, until it’s tested, and accepted into the standards, which is a great thing. I guess they’ll all have to have similar abilities so what could be the defining features?
I have a CRS328-24P-4S+. 24 POE ports and 4 SFP+. I mostly run 10 gbps fiber on the SFP+ ports so more than enough to meet your 2x 2.5Gbps requirement. The mikrotik copper SFP+ modules work well at 2.5 Gbps as well 10G. If you need a lot of 2.5Gbps ports then add a cheap unmanaged 2.5Gbps switch to the mix.
Stay away from mikrotik wifi unless you are in the wireless ISP business. Their home/consumer stuff is sub-par. Wave2 802.11ac, much less AX, isn’t even supported on most of their gear. The wave2 issue is a SW problem in routeros and their custom tricked out drivers rather than a hardware problem. I have a Hap AC^2 that I use for some wireless tasks and the range is terrible.
As for fw/router, I really like pfsense. It will support all of that and much, much more. I run it on a small, fanless core i3 box purchased off of ali express that has 6 1Gbp sether ports. My inet is 1Gbps so 1Gbps ports are fine for me. Also, the cross-vlan routing duties it performs are not significant. You could of course, run openwrt on such a box, if that is your preference.
I lagg a couple of the 1Gbps FW ports together for the connection to the mikrotik switch. The mikrotik handles the lagg and vlan tagging all in hardware so its very fast and supports my 10Gbps use cases very well.
For wireless, many do like the unifi WAPs. I have an ASUS RT-AX86u which works very well and can be configured for mesh. You could easily get by with older generation 802.11ac gear as ax is not a huge increase over ac. The unifi supports vlans which is convienient for guest network isolation and such. I just use an old access point wired to a guess vlan port on my switch. The HAP AC^2 also does wifi vlans but, again, I dont recommend it for its wireless capabilities.
The problem recommending Pfsense to @voltagex is that he is looking for something that doesn’t take up much of his time. Unfortunately, in my opinion, Pfsense isn’t that product.
@what I would suggest for @voltagex is any ASUS router that way, he has his modem router and wireless AP all in one device. He only needs to log into the router every three months to check if there are any updates and install them. The problem with Ruckus AP’s there expensive, not designed for home use, and anyone using a Ruckus AP at home, his neighbors will bring out the pichforcks because his AP is ruing their WIFI
Yeah, in that case stay away from mikrotik. There’s a pretty steep learning curve to routeros in mikrotik. Configure it wrong and your router will quickly be part of a botnet. Honestly, openwrt is pretty painless compared to most things. A basic config is not that bad in pfsense, either. If OP truly wants something simple to maintain then just get a consumer router and be done with it. I’m partial to the ASUS routers myself and you can switch to the merlin firmware on them for a few extra feature over stock.
What I currently have is a Ten64 which has been a pretty amazing piece of kit but a very steep learning curve, especially when 2.4ghz wifi started dropping out. I have switched between Atheros and Mediatek cards to no avail, so I’m not keen to repeat this experience.
Yes, absolutely. I love them for that purpose. It really is a shame they don’t have better wifi.
The X12 looks like it will be good on paper. I looked and Its not selling in the US yet as they are pushing the 6ghz ET12 right now.
If you need more than one AP to cover a large space then try to use a wired back-haul. Thats going to be way better than a wireless back-haul. Sounds like you are familiar with ASUS so if you have a spare ASUS router already it might be AI mesh capable. You could just acquire another one instead of a set like the X12. For that matter, 2x AI-Mesh capable RT-AX86U (or the cheaper RT-AX86S) might be cheaper overall but they wont look as cool as the X12
FreeBSD is adding support (WIP) for that device (Ten64) if it’s of interest, less plainful to maintain at least. https://wiki.freebsd.org/BjoernZeeb/Ten64
I would advice you to use separat APs, ath10k ones is probably your best choice or possibly even ath9k for 2.4Ghz devices.
