Cisco ASA5505 to Mikrotik RB3011UiAS-RM?
- Thread starter SupraWez
- Start date
Guess it depends on what you want to achieve.
I'd not consider it an upgrade personally, though as said, it depends on a) what your ASA is licensed for, and b) what you want from a new device?
I'd rather get a 5506-X.
I'd not consider it an upgrade personally, though as said, it depends on a) what your ASA is licensed for, and b) what you want from a new device?
I'd rather get a 5506-X.
What kind of lab?
Assuming any kind of interest in IT qualifications, again the Cisco kit will be more "valuable" as an asset.
I max out my FTTC line with my 5505. If I were able to get FTTP I'd contemplate an upgrade.
Assuming any kind of interest in IT qualifications, again the Cisco kit will be more "valuable" as an asset.
I max out my FTTC line with my 5505. If I were able to get FTTP I'd contemplate an upgrade.
There are very good performance indications on the Mikrotik website if you bother to scroll down far enough https://routerboard.com/RB3011UiAS-RM
Ethernet test results
RB3011UiAS-RM IPQ-8064 All port test
Mode Configuration 1518 byte 512 byte 64 byte
kpps Mbps kpps Mbps kpps Mbps
Bridging none (fast path) 325.0 3,946.8 939.8 3,849.4 1,530.2 783.5
Bridging 25 bridge filter rules 325.0 3,946.8 384.2 1,573.7 348.6 178.5
Routing none (fast path) 325.0 3,946.8 939.8 3,849.4 1,437.6 736.1
Routing 25 simple queues 325.0 3,946.8 419.6 1,718.7 419.7 214.9
Routing 25 ip filter rules 202.0 2,453.1 204.1 836.0 188.4 96.5
Currently using an RB3011 myself, RouterOS was a little flaky when they first came out, lots of port flapping and network loop detected error messages but seems to have firmed itself up since 6.34
If you don't need the rack mount then the new Hex r3 seems to be a very hot potato at the moment however they have just done some small upgrades to the cloud core range as well which would be much more "industrial" if you want to spend enough to feel justifiably more of an upgrade.
Ethernet test results
RB3011UiAS-RM IPQ-8064 All port test
Mode Configuration 1518 byte 512 byte 64 byte
kpps Mbps kpps Mbps kpps Mbps
Bridging none (fast path) 325.0 3,946.8 939.8 3,849.4 1,530.2 783.5
Bridging 25 bridge filter rules 325.0 3,946.8 384.2 1,573.7 348.6 178.5
Routing none (fast path) 325.0 3,946.8 939.8 3,849.4 1,437.6 736.1
Routing 25 simple queues 325.0 3,946.8 419.6 1,718.7 419.7 214.9
Routing 25 ip filter rules 202.0 2,453.1 204.1 836.0 188.4 96.5
Currently using an RB3011 myself, RouterOS was a little flaky when they first came out, lots of port flapping and network loop detected error messages but seems to have firmed itself up since 6.34
If you don't need the rack mount then the new Hex r3 seems to be a very hot potato at the moment however they have just done some small upgrades to the cloud core range as well which would be much more "industrial" if you want to spend enough to feel justifiably more of an upgrade.
As I have the RB3011 sat here I thought I would give it a go, not the most user friendly of devices, my first time playing with RouterOS 
Luckily it has serial interface as I managed to lock myself out a few times and the default settings reset switch didnt seem to be working.
Luckily it has serial interface as I managed to lock myself out a few times and the default settings reset switch didnt seem to be working.
As I have the RB3011 sat here I thought I would give it a go, not the most user friendly of devices, my first time playing with RouterOS
Luckily it has serial interface as I managed to lock myself out a few times and the default settings reset switch didnt seem to be working.
Press reset in and hold it, power the router up, keep button held until ACT or USR light starts blinking and let go of the reset button. Give it 2 mins to reboot.
If you use Winbox you can connect via Layer2 so don't need serial
The issue I was having was trying to configure the VLANs, when ever I moved the address from bridge to the VLAN I would lose connectivity to it, even though I had VLAN configured on the interfaces and the switch etc.
Also set VLAN mode to check and add tag if missing, still didnt work, then setup a bridge for the VLAN and then moved the address to that but that also failed.
I have never been fond of the ASA CLI when comparing to IOS and CatOS, at the moment I starting to feel the same way with RouterOS
Also set VLAN mode to check and add tag if missing, still didnt work, then setup a bridge for the VLAN and then moved the address to that but that also failed.
I have never been fond of the ASA CLI when comparing to IOS and CatOS, at the moment I starting to feel the same way with RouterOS
That sounds wrong some how.
I've only done VLANS a couple of times on MT but I added VLANs to the Interface and then added a bridge to the VLAN (I think)
Then IP address onto the Bridge.
Your application is probably completely different to what I did though.
I've only done VLANS a couple of times on MT but I added VLANs to the Interface and then added a bridge to the VLAN (I think)
Then IP address onto the Bridge.
Your application is probably completely different to what I did though.
Try this;
In short it gives Ether1-3 as Trunk ports and then 4 a "private" cabled connection and 5 a "guest/hotspot" connection. Ignore the "hotspot" wording, it's because we ran a hotspot behind the 2nd vlan.
I've stripped this out of an RB951Ui but it should give the same results on the ports mentioned, just add/remove ports as you need.
In short it gives Ether1-3 as Trunk ports and then 4 a "private" cabled connection and 5 a "guest/hotspot" connection. Ignore the "hotspot" wording, it's because we ran a hotspot behind the 2nd vlan.
I've stripped this out of an RB951Ui but it should give the same results on the ports mentioned, just add/remove ports as you need.
Code:
/interface bridge
add name=bridge1_PRIVATE
add name=bridge2_HOTSPOT
/interface ethernet
set [ find default-name=ether1 ] name=ether1_TRUNK_MASTER
set [ find default-name=ether2 ] master-port=ether1_TRUNK_MASTER name=ether2_TRUNK_SLAVE
set [ find default-name=ether3 ] master-port=ether1_TRUNK_MASTER name=ether3_TRUNK_SLAVE
set [ find default-name=ether4 ] name=ether4_PRIVATE
set [ find default-name=ether5 ] name=ether5_HOTSPOT
/interface vlan
add interface=ether1_TRUNK_MASTER name=vlan100_PRIVATE vlan-id=100
add interface=ether1_TRUNK_MASTER name=vlan200_HOTSPOT vlan-id=200
/interface bridge port
add bridge=bridge1_PRIVATE interface=vlan100_PRIVATE
add bridge=bridge2_HOTSPOT interface=vlan200_HOTSPOT
add bridge=bridge1_PRIVATE interface=ether4_PRIVATE
add bridge=bridge2_HOTSPOT interface=ether5_HOTSPOT
/ip address
add address=192.168.1.2/24 interface=bridge1_PRIVATE network=192.168.1.0