Hi,
I'm new in MikroTik/RouterOS software, before I was mostly using DD-WRT, OpenWRT, but there was always some issues hardware <->software so finally I turn my eyes on this area and I have to admit that I'm positive surprised. Great software, hardware well I can't say yet much but after what I tested RB2011 I didn't expect as much as I found for my needs. Anyway it appears that RB2011 didnt handle my needs + firewall rules + QOS, CPU reach 70-80% with heavy network load (fasttrack off) - still I was impress considering that RB2011 have 1CPU, my WRT1200AC with DD-WRT on board sometimes was reaching similar CPU load. After small research I bought RB3011 that will be delivered today and he will replace RB2011 but I don't want to sell it, I want to use fasttrack on it + maybe some other service like DHCP Server? Here I got question for experience users, what you recommend? What services can be used on RB2011 to unload RB3011? For sure RB3011 will use firewall and QOS tree. My topology looks something like that:

Camera TV / AndroidTV /
| |
ISP modem -> RB3011 ->RB2011(fasttrack) ----- 24 port TP-Link unmanaged switch ---- users
|
2x NAS (only 6 cables connected)
2x100Mb (VirtualMachines)
4x1Gbit (torrent, Git server, WINS server, NTP server,
Media Server, file server)

Like I wrote, I'm looking for advise what can RB2011 do, to take some load from RB3011?

Network speed: 160Mb/160Mb Fiber Glass

Thank you for any suggestions

My suggestion would be to get rid of RB2011.

RB3011 should be able to handle everything without issues.

I don't see any real benefit of keeping RB2011 in the path.

谢谢但是我将保持它无论如何,一个用于测试and second my web and ftp server is in separate network running thru it. I know that I could do dhcp server on one of the lans RB3011 but like I wrote before I wanted to spread task on both of them.

Anyway thanks

One more thing

I setup dhcp server on RB2011 and I put route on RB3011 it's main network so I can see RB2011 network. Ports are redirected from RB3011 to RB2011 and on server, Firewall on RB2011 is OFF. My question is should I also add something to firewall rules on RB3011?

modem - eth1 RB3011 (192.168.10.0/24 eth6 main network)- eth7 -> eth1 RB2011 (192.168.2.0/24 test and WWW/FTP server)

--- edit---
is there a way to turn ON both firewalls but put some rule in main firewall (RB3011) so he will not filter traffic from second router (RB2011) with turned ON firewall (he will send already filtered traffic)?
My last question where I can find some good documentation about firewall rules? Some examples, maybe podcast, some good source beside MikroTik Wiki?


Thanks for any suggestions

That's a pretty smart idea. I actually started with an RB2011, and then maxed out the CPU with my needs and got a RB3011RM, great router! Everyone's needs are different, however depending on your setup, you could put the WAN connection on 2011 and connect just the servers to run off it ( Git server, WINS server, NTP server, Media Server ) and then use port 10 to POE to the RB3011 port 1 and connect all your dynamic traffic, wireless bridge for phones and tablets, NAS devices to the 3011. I would also keep the torrent activity whether its client or server only on the RB3011 because it has so much more RAM. This all depends on how your ISP gives you your connection. Ideal would be a subnet or allowing multiple endpoints if its PPPoE. Forwarding layer 2 traffic from RB2011 to RB3011 would be essential in order to offload. I use EoIP and it seems to work.

That's a pretty smart idea. I actually started with an RB2011, and then maxed out the CPU with my needs and got a RB3011RM, great router! Everyone's needs are different, however depending on your setup, you could put the WAN connection on 2011 and connect just the servers to run off it ( Git server, WINS server, NTP server, Media Server ) and then use port 10 to POE to the RB3011 port 1 and connect all your dynamic traffic, wireless bridge for phones and tablets, NAS devices to the 3011. I would also keep the torrent activity whether its client or server only on the RB3011 because it has so much more RAM. This all depends on how your ISP gives you your connection. Ideal would be a subnet or allowing multiple endpoints if its PPPoE. Forwarding layer 2 traffic from RB2011 to RB3011 would be essential in order to offload. I use EoIP and it seems to work.

Hi Darryl!
我把RB3011作为我的主要路由器和RB2011(与你rned OFF firewall, NAT and no route to RB3011) I use connected to it as a separate network with WWW/FTP Server + camera's. Home users are running thru RB3011 (firewall ON, NAT and route to RB2011) on switch connected to it. Now I want to replace my old TP-Link switch (48Gbps capacity, unmanageable) on something else, with higher capacity, hardware and managed option's, considering also SFP 10Gbps ports on future network expand.

Still need to learn more about firewall rules, maybe this weekend I will sit and read about it. For sure I can improve my network but I dont know yet what means all those rules in firewall. Also I'm interested in VLAN's to separate traffic etc. but like with firewall still no clue how to do it. I read about it a little bit and I notice that there are issues to set up VLAN on Windows 10...but dont know do I have to do it or is it all going on in router it self so no need to set up anything on client machines just specified lan ports need to be connected...anyway it's a huge jump for me in this area, before I only worked with DD-WRT, OpenWRT etc.