Correct configuration of Mikrotik 941. Mikrotik Hap AC - Router for all occasions

The HAPAC microtic comes in the following configuration:

Mikrotik Hapac (RB962UIGS-5HACT2HNT);
24V 1200MA power supply unit;
Instructions for quick start.

The appearance of the model is particularly different from the classic MIKROTIK RB951 device. From the front side there is gigabit Ethernet interfaces in the amount of 5 pieces and an SFP interface of 1.25 Gb / s. Also there is a connector for connecting the power supply.

hAP AC has the ability to receive power on PoE on the first port. The fifth port can act as a PoE source for Mikrotik devices and other compatible devices.

From above, the model includes port activity indicators, WiFi interfaces and Power light bulb. On the upper side there are ventilation holes for heat removal from the device.

From the reverse side, HAP AC has special anti-slip legs, holes for fastening to vertical surfaces, a sticker with serial number and MAC addresses of interfaces.

The side is a USB interface to connect peripheral devices. Also here is the RESET button. It is responsible for resetting the device to factory settings and can control the HAPAC loading mode.

Another function of this button is the activation of the WPS mode. Designed to quickly set up WiFi between access point and client.

If you look inside the router, you can see the internal structure of the device. The presence of 6 antennas, two of which are fixed on the device housing. They can be replaced by external antennas if necessary.

Mikrotik Hap Lite. – one of the available and famous routers in the market of similar equipment. Since 2016, the router takes great popularity and is not inferior to more expensive and proven models.

What is the advantage of Mikrotik Hap LitePo compared to other routers, and why the model occupies a leading position, we define, based on the technical characteristics of the router and user reviews.

Set

Routher Microtic Hap Light Review Like In the following video:

The product is supplied in a cardboard box, within which there are:

instruction;
power supply for 5V and 0,7A;
Router Board Hap Lite (RB 941 2ND TC) is the official name of the model.

Design

The appearance of the router is presented in the picture:

The microtic HAP Lite has a plastic housing consisting of white and blue parts. The facial side of the case is equipped with ventilation holes. On the back of the interface activity lights of four network ports, two diodes, the multifunction key and the Micro USB port (for power supply) are located on the back side. To remove heat from the central microcircuit area, the lower part of the router is equipped with ventilation holes.

The housing with the connectors is shown in the picture:

The shape of the model body allows you to use the product only in a vertical position.

Software and functionality

The functionality of MIKROTIK HAP Lite RB941 2NDs Configure the high characteristics of the Qualcomm ATHEROS QCA9533 processor. The frequency of the processor is 650 MHz. Port transfer rate - 100 megabytes. RAM - 32 MB (16 MB constant).

The gain of the two router antennas is 1.5 dB, which allows you to maintain speed up to 300 Mbps. Wi-Fi power at the HAP Lite router - up to 158 MW (22 dB).

WiFi-router Mikrotik Hap Litefunctions running a specialized operating system - Router OS.

Characteristics of Mikrotik Hap Lite (RB 941 2ND TC)
A type	Wireless router
Standard	Wi-Fi 802.11 b / g / n
Limit connection speed, Mbit / s	150
Multiple Support Support	+
Connection Interface (LAN-Port)	3x10 / 100 Ethernet
Login (WAN-port)	1x10 / 100 Ethernet
Firewall (Firewall)	+
NAT.	+
VPN support (Virtual Networks)	+
DHCP server.	+
Antenna type (internal / external)	internal
Number of antennas	2
Support MU-MIMO / MIMO	-/+
Web interface	+
Telnet	+
Support SNMP.	+
Gabarites, mm.	124x100x54.
Food (Roe / Adapter)	-/+
Bridge mode	+
	qUALCOMM ATHEROS QCA9531 (650 MHz), 32MB DDR RAM, Routeros Level4 License

Setting

For video instructions for setting up the router, see the next video:

The Router OS system is represented in English, in connection with which many users experience certain difficulties when setting up the router Microtic HAP Lite . How to configure the router and set the required parameters, consider below.

At the first stage, the following actions must be performed:

Connect to PC (tablet, laptop, smartphone) router. Activate power.
Connect the Internet to the router. Activate the connection is possible by Wi-Fi network. If there is no possibility, connect the LAN port router and the PC network card port.
Connect to the Wi-Fi network "Mikrotik".

With the network password, the settings are reset.

Regardless of the availability / lack of a network connection, you can go to the next step. To go to the router settings, you should move to the page at 192.168.88.1. We will get access to the Routeros control panel. At this stage, make sure that the device is in the "Home AP" mode.

How to find out in what mode the router works, look in the picture:

The list of parameters is distributed to three blocks and is as follows:

network connection (Internet);
Wi-Fi network (Wireless);
password to protect the system interface (System).

Settings for dynamic IP

Subject to the working Internet through Mikrotik Hap Lite, there is no need for additional settings. Thanks to the automatic connection, you can immediately set the Wi-Fi network settings.

Information about the connection type (in the absence of dynamic IP) can be obtained from the Internet service provider. It should also be clarified - whether the Internet provider allows you to bind to the MAC address.

Subject to the presence of a dynamic IP and lack of binding to the MAC address, the operation of the router at this stage is carried out in full.

If you need to binding the MAC address, you should designate the MAC address of the network equipment (or from the Internet service provider, or in the MAC address field in the router parameters). The equipment address is reflected in the Mac Address field.

Entering Parameters when connecting PPPoE

How to connect, seen in the picture:

This type of connection is not particularly popular. Here you should select the type of "PPPOE" connection and designate the username and password. Next, activate the "Reconnect" button and go to the Wi-Fi network settings. Data containing the username and password provides the Internet provider.

Customize password and Wi-Fi network

Referring to the "Wireless" section (located on the left side of the page). Change the name Wi-Fi network is offered in the Network Name field. Next, in the "Country" menu that describes the password (WiFi Password).

This looks like a window where you can change the network name and update the password:

A password for accessing the Internet must contain at least eight characters. It is also recommended to specify the user's stay region.

Here you can refine the list of clients connected to the client router, and set the parameters of the guest Wi-Fi network. Before entering from the section, you should save the settings using the "Apply Configuration" button.

Password on the web interface

In order to protect the interface ofrouteros from unauthorized persons, it is recommended to install a password. For this, it is proposed to go to the section "System" (in the lower sector on the right). Next, in the "Password" and "Confirm Password" fields specify the password. To save the parameters, use the Apply Configuration button.

The new password page looks like this:

At this stage of the user "will choose" from the system. To re-enter and gain access to the interface, you will need to re-enter the specified password. In addition to the password, you must enter the username (Admin).

The login page looks like this:

Router in operation

Numerous positive reviews of the owners of the routers of the microtic HAP LITEs have a vessels for simplicity, but at the same time reliability of this model of routers. The undisputed advantages of the RB941 2ND TC router are:

the possibility of simultaneously connecting an unlimited number of gadgets (the scale of the connected devices does not have a negative impact on the operation of the router);
price - the cost of the device does not exceed 1,500 rubles;
compactness;
functional operating system;
support - regular updates;
quality of execution;
power of a wireless signal;
convenience and simplicity of the interface;
mICRO USB;
design.

Taking into account the functionality of the router of the microtic HAP Lite and reviews about his work , with confidence you can conclude that this model is still the best in its price segment.

When at one time Mikrotik was presented by Hap Lite, it was a real impetus for the wider use of routers of this company. An excellent set of features, rich functionality, flexibility, reliability and affordable price have been turned into a real Bestseller, which to date leads the sales ratings of many online stores.

Meet, Hap AC²!

Many mistakenly consider HAP AC² to replace the previous flagship HAP, partly this is true, but not quite. We'll figure out.

HAP ACS is supplied in the usual cardboard packaging, the only thing that has changed over the past few years is the pattern added to the box and resembling embroidery.

As before, the device is supplied without patchcord and color printing. However, from a high-quality patchcord, many would probably not refused.

Because of the matte softer coating, the HAP ACQ can be packed in polyethylene, which should be saved until the device falls into the hand of the final client.

From non-standard options in the configuration there is only a fastener and a short illustrated instruction on the use of this stand.

The articula of the model turned out to be very intricate - RBD52G-5HACD2HND-TC, if for the same hex places when communicating on the forums, users could use an articulous identifier, then in the case of this model, remember the article from the first time not everyone will turn out.

However, a lot of information can be drawn from the article:

RB - Routerboard.

D - Dual-chain (FULL)

52 - Dual-Band 5 + 2.4 GHz

G - Gigabit Ethernet

5HACD - 5 GHz 802.11ac, High-Power (type 1), dual-chain

2hnd - 2.4 GHz 802.11n, High-Power (type 1), Dual-chain

As for the transmitter power, Mikrotik has 4 grades:

normal power (no index), less than 23-24 dBm;

H - increased power, 23-27 dBm;

HP - high power, 25-29 dBm;

SHP - very high power, more than 27-30 dBm;

Actually, "Type 1" is meant the index "H". But the "U" index (USB) is not used in the title, although this interface is present here.

In general, the design itself is quite unusual. The company continues to experiment with Tower-Case, at one time the first "experimental" device was the HAP Lite Tc. Then the HAP AC Lite Tc (RB952UI-5AC2ND-TC) and HAP MINI (RB931-2ND) appeared.

As polls show, almost 70% of respondents approve of the domesticated design of the HAP AC2.

Indicators and interfaces themselves are located on opposite faces, which is the standard home and SOHO solutions. The indication of ports is not too convenient, but not intrusive and will not get their work at night.

All 5 interfaces are shielded, while the case does not provide any possibility of connecting grounding.

In addition to the power indicator, there is a HAP AC² and an additional user indicator that is convenient to configure, for example, under the status of VPN connections.

The WPS and reset button are combined, there is no longer necessary to carry a clip with you, now the handle or pencil will be used - the button is still inconvenient to hold the button for a long time, which will protect against accidental reset.

One of the raisins in the design of the HAP AC² can be called a stand.

This is not just a stand, it is a fastener for installation on the ceiling or wall. We have already installed this device to one of our clients precisely on the ceiling of plasterboard. The installation process is fast and convenient, with an altitude of placement of 4 meters there is absolutely no problems with the quality of the coating.

The element is fastened on the latch to the bottom face or lid. In the first case, you will receive a tabletop standing option, in the second - a desktop lying option, or mount on the wall (ceiling). On the legs there are silicone inserts that provide anti-slip properties of the stand.

The AC2 itself is extremely compact, in size, the novelty is comparable to the usual HAP Lite, and in a standing position takes at least a place.

Filling Mikrotik Hap AC²

Many owners tried to look in the inside of AC ^ 2, but not everyone he succumbed to everyone, some of those whom he succumbed to, simply broke the latches. For this reason, uncess refrain from the opening of this model.

The first thing that is worth paying attention is the closedness of the internal space of the case. That is, how, the ventilation "cracks" are available on the front panel, but to say that they are particularly improving ventilation, do not have. The filling of the device easily warms up to 45 degrees, while simply, and during the load, up to 52 degrees can ride.

Panaching about this is not worth it, the former HAP AC was warming much more. The device that we chose as a server and is simply warmed up to 62-65 degrees.

Almost half of the top of the RBD52G-5HACD2HND-TC board is closed with a massive radiator of needle-type.

On the same side, the cards are planted 2 antennas, interfaces, the power subsystem and the USB port.

On the perimeter of the board there are 4 seating holes, the company has probably previously experimented with different embodiments of the hull, including classic.

The entire main stage of HAP AC ^ 2 is on the reverse side of the PCB.

The base of the device is the Qualcomm IPQ-4018 chip. This is a highly integrated solution that combines a 32-bed ARM processor and wireless modules.

Despite the great resemblance to IPQ-4019, these 2 chips are not interchangeable. The senior IPQ-4019 has more physical size, other execution and decay scheme.

Although in general, IPQ-4018 and IPQ-4019 differ only in the set of interfaces.

The main computing unit IPQ-4018 serve 4 Cortex A7 Arm-kernels with a clock frequency of 717 MHz. The chip includes the Hardware NAT and Crypto Engine unit, as it is easy to guess, the first unit is responsible for unloading NAT, the second is for hardware encryption.

Both wireless modules have MIMO 2x2 configuration (dual-chain), each of the modules has its own co-processor, providing hardware unloading. On the flowchart, they are indicated as CPU # 1 and CPU # 2.

At the output of each chainter, it is planted on one plot (hidden under the screens), a total of 4 pcs.

If you look at the official HAP AC2 block diagram, there is a gigabit switch AR8327, and it is indicated as the built-in directly in IPQ-4018.

At the same time, next to the processor on the board, the qca8075, which implements 5 gigabit ports.

If you return to the official Qualcomm block diagram, the "5GE L2 / 3/4 Switch Engine" is indicated, the external block "QFE8075 / 2 (5/2 ports PHY)" is specified in the IPQ-4018.

Thus, in fact, the physical level (PHY) is implemented on a separate external chip QCA8075, but the remaining strapping is directly as part of the SOC. Routeros itself determines the switch as ATHEROS-8327.

Permanent memory, as usual, not much - only 16 MB (WinBond 25Q128JVSM).

With RAM, the situation is more interesting. Officially, 128 MB of RAM has been announced for HAP AC2. At the same time, the first parties are equipped with NANYA NT5CC128M16IP-DI chips by 256 MB.

The end user is available 233 MB. In Mikrotik, this fact was confirmed, but to correct the description and characteristics for HAP AC ^ 2 will not be, because There are parties from 128 MB. Someone from the Logistics department is great.

In the meantime, we did not get a single device from 128 MB, all the copies tested by us were equipped with 256 MB of RAM.

Partially the HAP AC2 platform will be used in RB450GX4, the truth is based on the IPQ-4019 with disabled wireless interfaces. The cost of the board will be almost twice as higher than that of the tested device. In return, Mikrotik offers 1 GB of RAM, 512 MB Nand Flash, 5th License License and Support for MICROSD.

Production HAP AC 2 when working with L2TP / MPPE

Currently there is a fairly wide range of opportunities for combining remote networks into a single computing network. Of the most popular tools - PPTP, L2TP, OpenVPN and IPSec.

PPTP protocol is the oldest and not safe, at the same time, as not strange, the overwhelming number of Mikrotik users for remote connection is used precisely the PPTP protocol. Due to the fact that this protocol is completely outdated and even in Apple devices, its support is discontinued, we will not test this protocol.

The most optimal protocols can be called IPSec and OpenVPN.

IPsec is one of the safest methods for combining networks that currently exists. Thanks to the reliable AES encryption with support for 128 and 256-bit keys, this protocol provides the highest reliability and confidentiality of transmitted data that may have critical importance for business and government agencies. To date, even using supercomputer power, to decipher the data encrypted with AES, will leave billions of years. The cons of this method also has external static IP at both ends of the connection and high hardware platform requirements. In principle, the IPSec connection is possible between dynamic IP, however, in this case, you will have to reconfigure the parameters with each change in one of the addresses. The hardware platform is also not so simple, the budget start-up routerboard can provide 10-20 Mbps at best with the full CPU load.

More advanced devices, such as RB750GR3, RB850GX2 (removed from production), RB450GX4, RB3011, RB1100AHX2, RB1100AHX4 and CCR1009 are able to provide higher speed when working with IPSec. With the advent of HAP AC2, this list can be added another model, but about everything in order.

There is also the possibility of using L2TP in a bundle with IPsec, the main advantage of this combination is high security, speed and ease of settings, as well as high loyalty to NAT on the side of the end client. Of the serious disadvantages of this option, very high hardware platform requirements should be noted, perhaps L2TP / IPsec is the most demanding protocol. All wine double data encapsulation and the need for encryption.

These shortcomings are deprived of the OpenVPN protocol, which is based on the OpenSSL library and SSL / TLS protocols. OVPN itself is extremely flexible in the setting and even allows you to mask traffic under the usual HTTPS, making it possible to bypass all sorts of limitations from the provider. As a rule, OVPN works faster IPsec and at the same time supports a variety of encryption algorithms, including AES. The disadvantages of this method still have - more complex configuration and high hardware requirements (as well as for IPsec).

For the beginning, we will conduct L2TP testing with regular MPPE 128-bit encryption.

L2TP is more reliable and safe against the back of the previous generation protocol - PPTP. We strongly recommend to refuse to use PPTP in favor of more modern protocols. If you do not have a possibility and / or desire to use OVPN / IPsec / L2TP + IPsec, we recommend using L2TP / MPPE.

The main recommendation for improving the security L2TP / MPPE is the use of very long passwords consisting of a set of random letters (with different layouts), numbers and specialsimeters. The use of "vocabulary" passwords is not recommended, since L2TP / MPPE has a number of shortcomings that allow you to use the vocabulary methods of the password, which ultimately leads to a decrease in the protection of a 128-bit key, making it equivalent to 56-bit (). In any case, it is much better than the use of PPTP.

As a pair for HAP AC2, we chose a proven platform CCR1009, namely the model.

It is the most affordable representative of the CCR lineup, which includes a powerful 9-core Tile GX processor and 1 GB of RAM. A similar combination provides high performance and ability to process up to 2.5 GbSec transfers.

In the process of testing, the stability and reliability at high loads was additionally checked, performance data is indicated for user traffic (useful traffic), the average sample is taken into account. Peak performance values \u200b\u200binto the calculation of the averaged indicator are not taken if their duration is less than 30 seconds.

On both sides, PCs with iPerf are used as traffic generators, which gives more reliable values \u200b\u200band flexibility than the built-in BTest.

CCR1009 - WAN IP 192.168.106.20 / VPN 10.0.0.1 / LAN 192.168.1.0

hAP AC2 - WAN IP 192.168.106.30 / VPN 10.0.0.2 / LAN 192.168.2.0

For CCR1009, a manual configuration was used, similar to Defconf on low-level devices. As WAN uses ETH1 (not Combo), the standard Firewall rules are additionally open port 1701.

The basis of the L2TP Server configuration is taken by a standard profile with encryption, MTU changes were not subjected to, additionally activated the option "ALLOW FAST PATH".

All outdated MSCHAP1, CHAP and PAP authentication methods are disabled, only MSCHAP2 is active (MS-CHAPV2).

In modern realities, compression is better not to use to achieve maximum performance.

The client side settings are similar, the default profile is used with encryption, as well as the option "Allow Fast Path".

Routing to the remote network is provided by a static route in combination with NAT Masquerade, Default Route is not used.

On both devices in Firewall, the FastTrack Connection is configured for connections Established and related.

At the output we have a classic union of 2 networks based on L2TP / MPPE

Depending on the direction of traffic and configuration, CCR loads 1 kernel, or distributes the calculations between all 9 cores. For example, when sending data from CCR, 1 kernel is activated, while when receiving for decryption, all kernels are loaded evenly.

Batch exchange 1 1400 byte, TCP mode

The first bandwidth test is carried out for packages of 1400 bytes.

The average performance of the 1-flow test is 112 Mbps to receive and 128 Mbps to send.

With an increase in the number of session to 10, the speed changes to 111 and 170 Mbps, as we see, to send with an increase in the number of sessions there is a performance gain.

For download, there is no special absorption, regardless of the size of the packages. What is interesting, in all listed cases, the download of IPQ-4018 was an average of up to 25%. Uploaded only 1 kernel, only occasionally the system performs unloading on the other nuclei - in multi-threaded modes.

Further test is carried out for UPLOAD and increase the number of sessions up to 20 and 100, as a result, speed increases to 201 and 235 Mbps, respectively.

For additional monitoring during tests, the Tools Tools - Profile was periodically used, with which we tracked the resource allocation and download them.

In fact, it clearly shows that with increasing the number of simultaneous compounds, Routeros, although with a breakdown, distributes part of the calculations on the other kernels. Together with an increase in performance, the load on the CPU increases to 35-45%.

The last test in this block is carried out for FDX (Full Duplex) with 10 counter connections in each direction, and a total of 10 + 10 sessions.

As a result, the total bandwidth was 185 Mbps.

The final performance diagram when working with 1400-byte packages is as follows:

All these smartphones, tablets, computers, and recently also refrigerators, kettles, lighting sensors and temperature ... Soon the tables and chairs will be connected to the network to find out how much our weight has changed from yesterday's dense dinner.

Now even the lack of water or light is often perceived easier than the absence or poor Internet work. Well, the light, a clear case, is needed, but there is still LTE and 3G connections :)
For me, July was a living nightmare, my old Dlink Dir620 router slowly, but faithfully went crazy, at the same time taking my mind and me himself. Permanent disappearance of ping in both the external network, and to the router itself, the lack of ability to connect to the administration interface, and the need to increasingly change the router to lead to a sense for a while. All this finally got me and was decided - a new source of knowledge cattle in the apartment is needed.

Recently, I had a dlink and zyxel at home. Although at work came across from Ubiquiti, TP-Link and ASUS. Dlink did not want to take for certain reasons, including the hatred developed by my old man. With the rest, I was sitting and thought to take on shift. Empathy perversions with the administration system of routers were embarrassed, the firmware will stop producing, then with glitches something, then with performance, some compromise options. 100% the working horse will cost thousands of 5-7. For the unemployed, at the moment it is somehow a bit too much.

Communicating with friends, I learned that his friend distributes the Internet to the neighbors through the Mikrotik router, plus it seems like this friend himself worked on a local small provider and abubs that could hardly set. Skeptically reacting for a new name for yourself, went to look for information.

It turned out that Mikrotik - a new name only for me. This small Latvian company (just 100 with a small person) was created back in 1995. Mikrotik produces a fairly large range of network equipment, wired and wireless (routers, switches, access points), as well as their routeros, which is installed on all Karl! Company products.

I looked at the routers for 20,000+, lossed on the possibility of setting up this Routeros and decided that it would have to see something from the planned, budgetary. I was glad when I found that in the line of Mikrotik products there are devices at a very democratic price that are suitable for home.

So I found out about ...

Microtik Hap Lite.

WiFi router for a home or small office (SOHO) cost approximately 1,400 rubles (at the time of writing an article, I would like to look at the price of the old course).

Contents of delivery

A router is supplied in a box of fashionable crafting cardboard, with the application of the Routerboard logo and the monochrome image of the router. Without advertising, without describing the charms of content, only a sticker with the HAP Lite model, the board ID and MAC addresses. It is better, Mikrotik was not spent on the packaging, and we do not pay the services of the printing house.

On the box, brief instructions for connecting to the router:

Connect to WiFi or direct cable
Go to the browser at 192.168.88.1
User Admin without a password

Also, the manufacturer suggests immediately update the Routeros "For Best Product Experience". The update procedure is quite simple, go to the site Mikrotik download the SMIPS version of the firmware (specifically for HAP Lite), pour it into the router (Files section), and then overload. In the same section, there is a file with additions, install them or not - to solve the user.

Inside the box, the power supply with the microUSB connector (the standard 5V-2A is suitable), a small instruction and that.

Little LifeHack: Mikrotik Hap Lite, as you see, a small device in size, besides, it can be powered by a laptop. This is me to the fact that in life there may be a situation when the router, sinking WiFi locally - a comfortable thing. I would come in handy a year ago, when I was on a mobile Internet through a 4G whistle, and WiFi from the computer constantly cut down the mobile phone, tablet and another laptop.

There is no familiar patch cord, but when you turn on the router, WiFi starts and you can configure it without a wired connection. For me, the lack of "Ryushki" is only plus, we all understand that a color box, guidelines, wheels, patch cord worth our money with you. In my opinion, let them not be better.

Appearance

The dimensions of the router himself pleased me 90x115x30 mm, embarrassed first the lack of familiar external antennas, but, run forward, I will say that I did not find problems when working with WiFi (except for a large number of WiFi networks in 2.4GHz nearby somehow affect in future)

In general, the appearance of the device, like packaging - minimalistic. Power connector, Ethernet connectors, power and activity, and the RESET button is made on one side of the device, all other do not contain anything. In addition to the plug for the Lite version of USB ports.

A little more variety awaits us from below the case. Legs, ventilation holes, sticker with the same information as on the box: Mac, serial, model name. In addition, on the bottom of the HAP Lite, there are 2 cruciform attachments to install the device on the wall. It's great that you can hang a router and vertically and horizontally.

I see no idea to climb the womb, if you wish, you can find the necessary on the Internet, because the technical characteristics will take from the available sources for general information.

Specifications

Processor: QCA9531-BL3A-R at 650 MHz
RAM: 32 MB
LAN ports: 4
Radio module: 2.4GHz, 802.11b / g / n, 2 Internal antennas with a gain of 1.5DBI
Routeros license level: 4

In general, iron HAP Lite stars from the sky is not enough, WiFi power is enough for an average apartment or a small office, however, as stated - Soho. The most interesting in this case is the software part.

Routeros.

I suspect, many wondered what 4 license level at the Mikrotik Hap Lite router. Let's see for a start to share what this Routeros is generally. Everything is simple. All MIKROTIK devices work on a shed OS for routers, with all modern features: routing, filtering, channel management, organization of access point, VPN server and much more. It is such a functionality that expects you in all devices of Mikrotik. Including in our HAP Lite for 1400 rubles.

Routeros is the first product of Mikrotik, released in 1997. Yes, yes, at first there was a software, then (after 5 years) I also made iron for him.

Routeros is based on the Linux V3.3.5 kernel (at the time of writing the article), providing a fast and convenient interface to manage all functions. By the way, you can try Routeros completely in this way, just download the image from the official site http://www.mikrotik.com and install on any PC.

Routeros supports multi-core and multiprocessor computers configurations, installed on IDE, SATA and USB drives. For installation, at least 64 MB of free space is needed. Naturally supports multiple network interfaces, including the latest 10 gigabit cards, 802.11a / b / g / n Wireless devices, SFP modules and 3G / LTE modems.

I repeat, this filed operating system for routers will stand in your HAP Lite, ready for everything.

Routeros setting options:

Graphic interface - WinBox (application under Windows), web interface
Command Interface - Telnet, SSH, Local Console, Serial Console
API. - allows you to build your application

Going through the Web interface, the first thing that the user will see after entering the login and password (when to install) - section Quick Set..

The basic basic settings of the router are collected here:
Name WiFi Network, Access Key, Connected Wireless Device Monitoring. Here you can configure access to the provider, in my case it is a static connection: specify the IP, a mask, you can substitute the necessary MAC address if the provider restricts access on it. The settings of your local network are also available in this section.
Apply Configuration. And Internet access is configured.

This is the basic settings, something like ordinary pages in the usual routers. Details are waiting for a user in additional sections.

There is not a safe WPA that is turned on by default (on the picture is already turned off)

It is very amused when, going to the settings of the WiFi interface and looking at 4 settings page, you detect the Advanced Settings button. "And so it was Easy Mode," I thought with surprise. However, all these difficulties are needed only when you stand a certain task and most likely you already know what exactly needs to be done.

In chapter Interfaces. Settings of all router ports. By the way, you can configure as WAN any number of LAN ports. Suppose you have a desire and the ability to connect directly to 4 providers - Hap Lite will allow that. The main thing is not to get confused :) It is possible for this and invented the field Comment In many router settings, you can put a note for yourself if you suddenly try to remember what happened there in the settings and when.

Also worth paying attention to the section IP -\u003e Services. I love to keep everything excessive off, away from sin, so it turned off everything for myself, except SSH and Web interface.

In short, I will pass on the main possibilities. Routeros is very rich in the settings, because all the described items show the screenshots do not see the point, there will be a lot of things that are not talking about. If you are interested in the system itself - put yourself on your virtual machine and go. There will be more sense.

Capabilities

Full firewall

Package filtering, access control, NAT, UPNP, filtering by IP addresses, ports, IP protocols. Supports IPv6. The router can search in the contents of packets by regular expressions.

Capsman.

Controlled Access Points System Manager
Allows the device on the routeros to make the WiFi access controller. This, in turn, makes it possible to collect a configuration from a variety of access points and one SSID on all. You can move in a large office building or hotel and not lose access to WiFi for a minute. This technology also allows you to organize WiFi access for a large number of people in one place, only usually you need an expensive external controller for this, and here this role takes one of the network devices. Ubiquity Unifi, for example, requires a separate computer.

Routing

For IPv4: RIP V1 and V2, OSPF V2, BGP V4
For IPv6: RIPNG, OSPFV3 and BGP
And: VRF, routes over the interface, security policies and ECMP

But that's not all (C)

Redirection

WDS, ®Stp, HWMP +, OpenFlow

MPLS (MULTIPROTOCOL LABEL SWITCHING)

Package management can be based not only on the basis of IP titles or routing tables, and also on the labels that Firewall hung on the package.

VPN.

IPsec - Tunnel / Transport, Certificate or PSK
P2P - OpenVPN, PPTP, PPPOE, L2TP
Advanced PPP - MLPPP, BCP
Tunnels - IPIP, EOIP
6TO4 Tunnel - IPv6 via IPv4
VLAN - IEEE802.1Q, Q-IN-Q
MPLS-based VPN

Wireless.

IEEE802.11a / B / G / N
Proprietary protocols NStreme and NV2 TDMA
Client Polling
RTS / CTS.
Wireless Distribution System (WDS)
Virtual access point
WEP, WPA, WPA2 Encryption
ACL access
Seamless roaming wireless customers
Wmm.
etc.

Hotspot.

Allows you to organize public access to your Internet. The user will be shown the input screen when you first open the browser, after entering the login and password, Internet access is available.
Ideal for hotels, airports, shops and any other public places. The user management interface allows you to control the connection time, speed and volumes of the data transmitted.
Radius is supported, as well as the built-in administration utility.
There is a time limit mode and a way to show your advertising.

QUALITY OF SERVICE (QoS)

Limit speed for certain IP, subnets, protocols, ports or other parameters
Limit P2P traffic
Prioritize certain packages
Distribute channel between users
etc.

Proxy server.

You can configure the caching proxy server to speed up or restrict the Internet. It is possible to cache on an external disk (in the case of hardware solutions with the ability to connect a USB drive)

Utilities

Ping, traceroute.
Channel Speed \u200b\u200bTesting, Ping Flood
Packet Sniffer (Packet Sniffer)
Telnet, SSH.
Sending / reception utilities E-Mail and SMS
Ability to start scripts
Calea Data Mirroring (Communications Assistance For Law Enforcement Act)
Table of active compounds
Client and server NTP, RADIUS
TFTP server
SNMP for statistics and graphs
and much more

Dude Dude

Network utility manufactured by Mikrotik to manage your network utensils. Automatically scans the devices, draws a network card, monitor the services and warns if something went wrong. You can monitor not only Routeros database. Any devices available via Ping or SNMP data are supported.
But of course, all its skills The Dude shows with Routeros: Works like a syslog server for Routeros devices, manages configurations and allows you to conduct updates.

Licenses

I remind you, our HAP Lite has 4 levels of licenses.
Differences in license levels are small:
The ability to upgrade to ROS 7.0 in our case, 5 and 6 levels suggest updating to ROS 8.0 version.
PPPOE, PPTP, L2TP, OVPN Tunnels, as well as hotspot Users at Hap Lite 200. Fifth and sixth levels - 500 and unlimited, respectively (Remain only in iron).
Active sessions of managed users: 4 -\u003e 20, 5 -\u003e 50, 6 -\u003e unlimited

That's all. Otherwise, your piece of iron and the one, which for 20,000 rubles, coincide in the possibilities. Of course, you need to understand that with a complex configuration you are referred to the performance of iron, but it will not be so easy at home, and for the office you can buy a piece of gland more.

Me, for example, Impressed RB 2011uias-2hnd-in. Easy. Fashionable :)

It should be noted that not all the possibilities of Routeros are clear for me, due to the lack of experience in managing complex networks, so sorry if I did not describe or described it. I think those who know all this can figure out the details better than mine. Within one review article, it is impossible to consider anyway anyway. Yes, and the article is not about Routeros, but about a small device, the price as a starting solution from the usual representatives of the home Internet, with the possibilities of the level of a small provider and some obvious restrictions.

Testing

Before us, the router for the house, arrange the stress test I have no sufficient technical capabilities, and there is no sense, at home. Let's try to load it with the usual homemade.

Test conditions

Uploaded 2.4GHZ WiFi (46 selected networks, according to NetSpot)
4 Devices: 2 Phone, Tablet, Laptop
Phones and tablet watching a video with YouTube, a laptop shakes a torrent a couple of Ubuntu distributions, parallel to Pinguya Router and Yandex (forgive the guys). All via wifi.

The router was well done, the video did not brake on any device. Torrents swung with quite acceptable speed. As soon as the video was turned off - the download speed was raised.

SpeedTest has not bothered strongly:

WiFi @ MacBook Pro (Start 2011)

Lan there

WiFi @ iPad.

For me, it was generally a great surprise to learn about the existence of this small company, and now I know that they produce a large number of interesting hardware solutions, participate in building national networks in some countries, training centers have been created worldwide, including in St. St. Petersburg and Moscow, where you can pass training, become a certified specialist of Mikrotik and put on your own interesting and functional devices in your work.

In a nutshell about what we are here

Mikrotik Hap Lite - WiFi Router for Kopecks with Professional Routeros on board, excellent performance and truly huge opportunities. Configured quickly, works confidently.

The device is well suited to the sysadminam: younger - as a tool to improve the qualifications, by independent study "on cats", and more experienced - to connect all the houses on "feng", set up communication with the office, and you never know anything else.
Completely inexperienced people, without wanting to minimally understand Routeros, it is not worth putting home. How does the provider support engineers help you by phone?
Those who are able to configure the usual home router can be able to figure out and with this baby.

Pros:
Cost
Capabilities
Miniaturity
Performance

Minuses:
There is no model with 5GHZ WiFi (in general, Mikrotik has 5GHZ devices, but they are in a more expensive segment)
No opportunity to write your module

Periodically, we tell you about different routers. As a rule, these are TP-LINK or ASUS devices - market leaders. But with enviable regularity in the comments, people who glorify Mikrotik appear in the comments. At the same time, they are praised not just so, but for the functionality and stability of work. Today, on the example of Mikrotik Hap Lite (RB941-2ND-TC), we will try to check if it really is.

Mikrotik Hap Lite is one of the most affordable manufacturer routers. It comes in a very simple box of recycled unpainted cardboard. It causes a schematic image of the device, as well as the basic information on the initial configuration (the IP address of the router, the "admin", the URL instruction on the firmware update).

Inside lies the marchutizer itself, the power supply and a miniature brochure.

Design

RB941-2nd-Tc looks very simple and cute in his own way. The housing is made of glossy plastic, it consists of only two parts of white and blue and very light, you can even think that the frame itself was in the hands without a "filling".

As part of the manufacturer's line, this is a design with research, the device is intended, including for home use, although compared with all the mass routers I want to call the HAP Lite "Box".

The manufacturer has provided only a vertical installation, the shape of the body is exploringly hinting. On the front and lower sides there are large ventilation holes.

All items and connectors are behind. These are four network ports with activity indicators, two status diodes, one multifunction key (used for WPS connection, reset settings, switch to branded CAP mode, as well as to restore the firmware over the network), as well as the microUSB port. The latter is not used to connect drives or printers, but to power.

The box lies the power supply to 5V and 0.7 and this means that RB941-2nd-Tc will be able to work almost from any source - from charging your smartphone, PC or Pavebank. Such versatility can be useful, for example, in the event of a power disconnection - if there are UPS on the equipment of the provider, the router will be able to work for several hours from a small Pavebank (the claimed level of energy consumption to 3 W) and at this time you will have the Internet.

Software, functionality

The router is based on the Qualcomm ATHEROS QCA9533 processor, operating at 650 MHz. The amount of RAM is 32 MB, constant - 16 MB. All network ports are 100 megabit.

Inside the case, two antennas are hidden with a gain of 1.5 dBi, they provide a connection speed up to 300 Mbps according to 802.11 b / g / n. Transmitter power - up to 158 MW (22 dBm).

The router runs running the Router OS with a level 4 license - this feature affects the corporate function of the device, a little interesting home user. You can use the WebFig web interface to configure the router, the Winbox utility, console and remote access. Consider (superficially) the first option.

The familiar "admin" is available at 192.168.88.1. At first glance, the interface is similar to the one that the devices are offered conditionally competing brands - on the left there is a list of items, on the right parameters. The interface is available only in English.

For the primary setting you need to use the first Quick Set tab. It allows you to select the type of connection to the provider, the device mode, to carry out the basic Wi-Fi setting (set the password and network name, select the frequency and country). Immediately there is a simple wireless customer network card.

All other items are intended for fine and thoughtful settings of the router. I note that if in the "admin" of some TP-Link or Asus, you can deal with the basis of general knowledge, the names of specific items and so on, then the similar "number" will not pass. An understandable simple user settings for Guest networks Wi-Fi or parental control in Webfig is not, although this and much more broader functionality is present. To figure out what to look intoofficial documentation or take advantage of one ofstep-by-step instructions .

Despite the complexity of the configuration, the system allows you to make a lot of interesting, such as configure the simultaneous connection to two providers, limit the speed of access for clients connected to a specific network port, the router can operate in a bridge or repeater mode, supported VPN connections and a lot of Other. The only thing is that the fundamental knowledge of how networks and understanding the logic settings for the desired functions are working.

Testing and operation

Since the router is equipped with only 100 megabit network ports, to check the work I used home connection to the Internet at a speed of 100 Mbps. Both with cable connections and Wi-Fi, the access speed corresponded to the declared.

For a few days of use, I did not have complaints about the stability of the router, it "holds a home load" normally when, for example, on one computer you swing torrents, on the other, watch online Full HD video and in parallel surfi on the smartphone. Despite the built-in antennas, the router can create a normal coating in a single or small two-bedroom apartment. I liked the fast response to change settings, the built-in firmware update functions without having to separately select the firmware file, the possibility of overclocking the processor.

More detailed results of the speed characteristics of the router leads to the manufacturer itself:

Site rating

Pros: Simple design, incredible functionality (if you "Sharite"), powered by microUSB, price

Minuses: Customizing Settings for Simple Users

Output: Mikrotik Hap Lite RB941-2nd-TC is an excellent router that needs to be given to your girlfriend - if you transfer Windows once a month, you can administer her Mikrotik almost every day. If it is serious, then from the point of view of the "iron" HAP Lite looks like the other routers for 600 hryvnia, but the main one is software here, which will allow you to customize it so thinly how even flagship consumer routers do not allow. This device for those who do not just understand how "goes" each byte of information, but also wants to have full control over them. If you (suddenly) love to understand how something works for a long time, and then enjoy and be proud of the work done - Hap Lite is also suitable, because it is a wonderful constructor toy (or tool) for inquisitive minds and crazy handles, as well as those who want Become a system administrator. Well, if you are a simple user for which the router is a utilitarian box, distributing the Internet and requiring reboots once a month - better continue to restart the existing router.