Answer the question
In order to leave comments, you need to log in
Building a network on Mikrotik, which models are better?
Good afternoon!
Please advise on this issue: what is the best equipment to choose for building a network in the office.
50 employees, office - a separate building, with a long corridor of 20-30 m, and offices from left to right.
All 50 workstations are connected via local network, wi-fi is required only for smartphones/tablets.
What do I plan and what can I buy:
1pc. Mikrotik RB1100AHx4 router. (would like Dude Edition, but over budget)
2pcs. Mikrotik hAP ac2 routers (RBD52G-5HacD2HnD-TC)
The office includes two optical lines, 1 Gbps and 20 Mbps. The optics are included in two D-link media converters.
Thanks to new network devices, I want to make encryption on IPsec, the above devices support it.
I also want to make seamless Wi-Fi and Hotspot.
I want to implement a lot of different things, and increase my level of knowledge. (I didn’t work with Mikrotik before)
From network devices, there are D-Link 1226G for 24 ports and two more unmanaged D-Link switches for 24 ports (I plan to replace it in the future)
Tell me, what do you think about my choice of equipment? Maybe you should pay attention to another manufacturer, or radically change the scheme of building the network structure?
The budget for everything is 30 thousand rubles ($ 500)
Maybe build a PC on pfSense as a router?
In general, I ask for advice and your vision of the network, how to do it more competently.
There are a lot of options.
Mikrotik router + wifi router + access point
Mikrotik router + wifi router + wifi router
pfSense gateway (firewall, proxy, antivirus, etc.) + Mikrotik router + wifi router + access point
Answer the question
In order to leave comments, you need to log in
1. Why do you need encryption in such an office?
2. If as pure access points, it’s better not ac2 but cAP ac
3. I think in your case RB3011UiAS-RM would be enough for your head, and the rest on L2 switches
4. You need to clearly define what you want to see on the network and based on this already make a choice with equipment and software.
If you need gigabit in LAN, then you can put MikroTik CRS125-24G-1S-2HnD-IN (14k pcs.) Mikrotik CSS326-24G-2S + RM (9k pcs.) And two access points for wifi in the corridor under the ceiling like MikroTik hAP AC lite RB952Ui-5ac2nD (3.3k pcs). CR125 is not the strongest processor, but if ipsec is used with fasttrack, then there will be no problems. Well, it’s desirable in more detail whether vlan or vpn will rise in the office, the garbage file and backups should be through sfp or just a couple of gigabit holes on the host in the harness.
the router is completely normal. As for encryption, I did not understand - what and where to encrypt? Where did pfSense come from - after all, initially they just made a network? Or do you need another proxy?
The solution "full-fledged wheelbarrow with a router" has both advantages and disadvantages
Advantages:
- extensibility
- a lot of functionality is hung in one touch
- a large disk for logs / statistics is not a problem
- maintainability (replaced the node and works again)
Disadvantages:
- monitor and keyboard are required
- a person of sufficient qualification is required to lift it in case of a fall, and it is required locally, since there will be no connection.
Therefore, I usually put a Mikrotik as a router, and behind it a proxy and everything you need - it’s quite difficult to drop the Mikrotik.
At the moment, the network in the office works on:
1 Gbps optics, included in the D-Link DMC1910R media converter
20 Mbps optics, included in the Foxgate media converter.
A patch cord from one of the media converters is included in the Asus RT-N12 VP.
SCS has been laid throughout all the premises, patch panels are embroidered, patch cords are connected to three switches:
D-Link 1226G
D-Link DES 1024A
D-Link DES 1024A
The office has 50 workstations, on Ubuntu, almost all employees have mobile devices that need wi-fi.
There are several servers hosted by Proxmox, a domain controller, a terminal server for applications that only run on Windows.
In general, I would like to make the network more secure, implement various things: hotspot, seamless wifi, separate departments and servers into vlan, and protect the network from viruses and ddos to the maximum.
Why encryption - I just want to implement such a thing)
In addition, the company is in the lead in transportation in my city, I don’t want there to be problems with security, data leakage.
Mikrotiks have not been bought yet, I just plan to build a network from scratch almost.
Change three pieces. I don’t want old switches now, a separate budget will be allocated for this.
I want to spend $500 most correctly from the point of view of network building and security - on a router, wifi point, gateway, or any combination of these.
Before taking Mikrotik in particular RB1100AHx4, look at the diagram of the piece of iron
, the link speed between eth 1-5 <-> 6-10 is only 2.5 GB https://i.mt.lv/cdn/rb_files/RB1100AHx4v4-17081614...
Makes sense see CCR1009-7G-1C-PC there is a normal switching matrix.
Access points as an option cAP-2nD
switches - DES 1024A in the trash
, this DES-1226G can be left
replaced with something DES-1210-52 / ME - quite good, if you need a swarm then DGS-1210-52MP / ME
IPsec on devices without hardware encryption is very slow, about 20 Mbps and 100% load. If you take modems, then always with hardware encryption, your models support this. Here is a complete list of hardware with hardware encryption: wiki.mikrotik.com
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question