It is difficult to imagine how people lived before the router Mikrotik RB751U-2HnD appeared, how much time was spent waiting for reboot devices from other manufacturers to apply the settings, remember how many times you wanted to swear about the beautiful boxes and where you wanted to shove enormous size antennas, protruding helplessly behind router when the laptop could not connect to a wireless network through the wall, it is better to be silent, after all it’s the technical resource =)
But everything comes to an end , so here it is, when many providers have crossed the bar tariff plans to 100 megabits, increased productivity for good old routers also went up, so Mikrotik immediately responded by releasing a decent router - RB951G-2HnD, which not only has a more rapid processor , but is also equipped with new radio with new antennas. Besides a faster processor there is also added memory, 128 megabytes are available now instead of 32 in the previous model. This means you can flexibly control queues with deeper buffering – you have enough memory for any task now.
We will begin with an overview of the set and packaging. It is simple and concise, but strong and functional – it not only protects the router RB951G during transport, but also can be used in the home for storage of various network components, such as pigtails and prox.
There is nothing unnecessary inside, only Mikrotik RB951G-2HnD with power supply.
Like the previous model, Mikrotik RB951G has 5 gigabit network ports to provide power to PoE through the first of them, USB port for connecting a modem or an optional wireless adapter. There are activity indicators on the upper surface of the device.
There is no connector for an external antenna. RB751U and RB751G allow you to connect an external connector MMCX, located behind the case, but as a consequence of structural calculation, it was neither convenient enough nor pretty. Enthusiasts have completely removed the internal antenna and have soldered pigtails instead of it, but they had to install 3 pieces, because one channel used different antennas for transmission and reception.
On the lower side, as for all series devices RB751U-2HnD and RB951G-2HnD there are reset button and slots for wall mounting. With a use a flathead screwdriver you need to pick up tabs and gently remove the bottom cover, it is adhered to the Velcro on the back side, so you need to pick it from the side of network ports and gently pull on it.
The lower part RouterBOARD 951G 2HnD . Notice that now there is the slot in the board located beneath the antenna, thus increasing the coverage area of a wireless network not only by increasing the transmitter power, but also increasing the sensitivity.
Note that the upper left antenna is bent; just a little bit below we will return to her original form.
The insides of the new router Mikrotik RB951G-2HnD . The layout has changed completely. The wireless module is reduced in size and closed with individual screens for each channel. There are now 2 connectors for external antennas, and the antennas themselves are now also two. There are new memory modules with compact sizes, and established good radiators on the processors. There are now also not soldered terminals for connection to the touchscreen, so it is possible that soon not really needed gadgets in plastic housings will appear. If this is going to be the case, we can expect the output of Mikrotik SXT model with touchscreen for easy guidance on the level of the signal that can be monitored visually =).
Side view of the USB connector RB951G-2HnD . Located slightly to the right at the bottom of LED indicators that show the activity of network ports. You can see the bent antenna more to the right.
Back to the curved antenna. For proper operation, it is really necessary to straighten it, however this should be done carefully, so that you wouldn’t bend it in the opposite direction. Because then it would have to be incurved again, and this may result in damage even violation of geometry that would worsen the quality of work.
Now we bend it in analogy with normal one. At the same time let’s remove the screens from the radios just to make sure that there is nothing interesting there. Soldering lovers can solder connectors MMCX for external antennas or find rare pigtails to connect to existing.
Now Mikrotik RB951 board can again go to its plastic body.
Speaking of the case - it consists of two halves, in the upper part there are places for installation of 4 connectors for external antennas, another large size USB connector, small micro-USB and console port even in the RJ45 format. So that the body is not as simple as it seems and it keeps a lot of secrets that have yet to be learned.
Now, let’s proceed to configuration.
As usual, when you first start you must cancel the initial configuration by clicking on the Remove Configuration. If this window does not appear, in the menu System-> Reset Configuration reset by ticking No Default Configuration, and after rebooting you will be able to configure. Of course do not forget about firmware upgrade.
The new device has a 5-port network and a wireless adapter.
Several ways can be used to connect to the Internet; we will start with the automatic address acquisition. To do this, click IP-> DHCP Client adding a new record, where we specify the interface connected to the ISP's network, as well as we install all the checkboxes - getting DNS server addresses and addresses of the time server, the lowest checkbox allows you to set the default route through this connection . It is used to simultaneously connect to multiple providers.
If you are using the connection via PPPoE, you need to go to the PPP and get PPPoE_Client (choose from the drop down menu when you click on +). There you choose the interface to connect to your ISP and go to the next tab.
There we enter login and password to access, tick the Use Peer DNS field to obtain DNS server addresses from your ISP, and that's it.
If you want to specify the IP-address manually, then you should visit the menu IP-> Address and click on the + to specify the desired settings. At the same time you also need to choose the interface where the cable is connected to the provider. Subnet Mask is set via a slash, which may cause some confusion. For example /24 means 255.255.255.0, /23 - 255.255.252.0, /30 - 255.255.255.252 and /29 - 255.255.255.248. If it's set to the other mask you should search in Google "Calculator Subnet Mask", in which you can enter the settings to get the full transcript.
Besides IP-address you should also not forget to specify the default route. In the menu IP-> Routes add a new route, and only specify Gateway = 10.10.10.1 data or your ISP. Check Gateway = ping is possible not to set, this setting enables the availability check by pinging the gateway and is commonly used to connect to several providers with automatic reconnection in case if one of them shutdowns.
To convert Mikrotik into a small switch you should establish a bridge under Bridge. Click on the + and immediately on Ok, there is nothing else to configure. Go to the Ports tab and add network ports to a bridge, to do this, click on the +, select the desired interface and bridge from the list. It is needed to add 2-5 network ports and wireless adapter.
Specify the IP-address on the bridge. Also in the section IP-> Address add address 192.168.0.1/24 in interface bridge1.
Now to configure the DNS server and Mikrotik. Enter the server address in the menu IP-> DNS, you can specify the Google 126.96.36.199, as well as you must must-tick Allow Remote Requests, to get the permission to respond to requests from other computers as well. If you don’t tick it the Internet will not work.
For the automated generation of addresses of connected clients under IP-> DHCP Server you must run configuration wizard, pressing the DHCP Setup. In the first window, select the interface on which it will run. As all ports are combined in bridge choose bridge1.
Specify the subnet addresses for issuance. All data is entered automatically, but it is possible to adjust them. When selecting the interface a subnet was defined and installed on - 192.168.0.0/24. You don’t have to change it.
Gateway for customers is also installed automatically 192.168.0.1 - this address is entered during setup of IP-address on the bridge.
Address for the client. By default the range is 192.168.0.2 - 192.168.0.254, and addresses are given at the end. If the networks in any devices are set manually, for example in the range of 10-50, it is possible to eliminate them by specifying 192.168.0.100 - 192.168.0.254. If you are using more complex network configuration and there are several ranges manually installed, then you can click on the down arrow to open another box to specify the range. And enter for example 192.168.0.100 - 192.168.0.150 at the top and 192.168.0.200 - 192.168.0.254 at the bottom. Then addresses 2-99 and 151-199 can be specified statically on computers through the LAN.
DNS server address for the issue - 192.168.0.1, i.e. mikrotik address. Clicking on the down arrow, you can specify an alternative and immediately give an alternative, if you do not want to use your DNS server and redirect all requests to the server provider.
Address lease time. By default, three days, but can be put even at least 10 minutes. After clicking Next button you are done.
To configure NAT you need to go to IP-> Firewall NAT tab and click on the +.
This opens a window where you specify the subnet clients who may have access to the network, in this case, specify 192.168.0.0/24. That is it will only work for addresses from 192.168.0.1 to 192.168.0.254.
On the Action tab, select Masquerade.
To protect yourself against attacks from the Internet you don’t need to create filters in a firewall, it is enough to remove all ticks under IP-> Services, and you need to leave only Winbox to access the device settings. If you do not disable unnecessary services, the messages will appear on the login attempts with no proper credentials; especially a lot of them will appear on Telnet.
Let’s proceed to configuring your wireless adapter. On the Security Profiles section Wireless please open profile and specify the default.
Mode: dynamic keys.
Authentication Types: WPA PSK and WPA2 PSK - supported encryption types.
Unicast and Group Ciphers: tkip and aes ccm - first is the encryption software, second is the hardware. If you set all the checkboxes, then old and new devices will be able to connect to the network, regardless of encryption supported.
WPA and WPA2 Pre-Shared Key: 1234567890 - encryption keys. To connect to the network you will need to enter the same number / letter on wireless devices.
In tab Interfaces open the window of your wireless adapter, which indicate:
Mode: ap bridge – mode at the access point.
Band: 2GHz-B/G/N - supported modes, in this case 2GHz B/G/N, but can be selected as B/G, or only-G, depending on the desired speed.
Channel Width: 20 - width of the working strip can select either 20, 20/40 HT Above or 20/40 HT Below. Other wireless adapters for laptops and smart phones are not supported. Selecting Above or Below should be done experimentally, if at a certain frequency one mode does not work, try another.
Frequency: 2412 - operating frequency.
SSID: TEST - the name of the wireless network that will be displayed when searching for networks in a wireless environment.
Wireless Protocol: 802.11 - work in standard wifi, devices such as laptops can connect only to it. If you specify something else, the wireless network may not be available.
The Data Rates settings don’t need to be changed. To open it you first need to click on Advanced Mode on the bottom right, for now it says Simple Mode.
If you want to disable the speed of B-mode, you must set the switch to the Configured and remove the check mark from all modes Supported Rates B and Basic Rates B, but not all wireless devices will work correctly in this case is can be verified experimentally. If you want to allow work only in mode N, you should remove all the checkboxes from this tab.
On the Advanced tab set the following values:
Distance: indoors - the distance to the clients will be minimal.
Periodic Calibration: enabled - including overriding noise. Especially important if there are numerous other access points around.
Calibration Interval: 00:00:10 - time interval through which the level of noise will be determined.
Hw. Protection Mode: RTS CTS - including protection mechanism from the hidden node. Even when used indoors this mode should be switched on, especially if there are other wireless networks around.
On the HT you need to put all 4 ticks above. After the reset, there are only 2 included in channel chain0, so MIMO cannot work. You should also put a checkmark in the other 2 in channel chain1.
In WDS tab you should select Dynamic mode and specify the bridge from the list. Actually this mode is not needed to connect conventional devices such as notebook PCs, but it may be necessary in the future, and the equipment will already be configured then.
If you turn on the wireless adapter, the power will high in default, it can be seen in the tab Current Tx Power - 26dBm for each channel, or a total of 29dBm. It is very much power and should be reduced.
To reduce the power you need to go to Tx Power tab and there you must select All Rates Fixed, and set them just below 18dBm.
Look at the change in capacity – it all stands at 18dBm or 21dBm total. With this level of power equipment can operate at maximum speeds at closely spaced client devices, such as within the same room.
If your ISP gives a white IP-address, you can enable automatic port forwarding in menu IP-> UPnP. Set the Enabled checkbox and add interface Bridge1 as internal and Ether1 and PPPoE-Out1 as external.
To restrict access to the settings in the menu System-> Users you should specify a password for access by going to the properties of an existing user Admin.
And now the most interesting part. To save the configuration in text form you need to go to New Terminal window and enter the command Export Compact there.
After pressing Enter, the window will display the entire configuration of the device as a text, if you press the right mouse button on the background and select Copy All, you can copy data to the clipboard, which can then be inserted into a text editor such as Notepad:
set 0 band=2ghz-b/g/n disabled=no distance=indoors ht-rxchains=0,1 ht-txchains=\
0,1 hw-protection-mode=rts-cts l2mtu=2290 mode=ap-bridge \
periodic-calibration=enabled periodic-calibration-interval=10 radio-name="" \
ssid=TEST tx-power=18 tx-power-mode=all-rates-fixed wds-default-bridge=\
bridge1 wds-mode=dynamic wireless-protocol=802.11
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
password=test use-peer-dns=yes user=test
/interface wireless nstreme
set wlan1 enable-polling=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods=\
passthrough group-ciphers=tkip,aes-ccm mode=dynamic-keys unicast-ciphers=\
tkip,aes-ccm wpa-pre-shared-key=1234567890 wpa2-pre-shared-key=1234567890
add name=dhcp_pool1 ranges=192.168.0.2-192.168.0.254
add address-pool=dhcp_pool1 disabled=no interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
add address=10.10.10.10/24 interface=ether1
add address=192.168.0.1/24 interface=bridge1
add default-route-distance=0 disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
set allow-remote-requests=yes servers=188.8.131.52
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.0.0/24
add check-gateway=ping distance=1 gateway=10.10.10.1
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1 type=external
add interface=pppoe-out1 type=external
/user set 0 password=test
The last line of the password should be added independently – during the configuration in plain text it is not saved. In config all settings of IP-addresses are visible, you can easily change and upload the configuration back, just paste it into the New Terminal.
It is very convenient to store and insert configuration like this in a text form, for example, DMZ can be done using Mikrotik in address 192.168.0.254, except the Winbox port:
/ip firewall nat
add action=netmap chain=dstnat dst-port=1-8290 in-interface=ether1 protocol=tcp to-addresses=
add action=netmap chain=dstnat dst-port=8292-65535 in-interface=ether1 protocol=tcp to-addresses=
add action=netmap chain=dstnat dst-port=8292-65535 in-interface=ether1 protocol=udp to-addresses=
add action=netmap chain=dstnat dst-port=1-8290 in-interface=ether1 protocol=udp to-addresses=
Just insert the config, and changes can be viewed through WinBox. No reboot is required.
If you go to the section System-> Resources it can be seen that the amount of RAM is 128 MB, 600 MHz CPU frequency.
The processor can be over clocked by clicking Settings and then choosing from the list of 750MHz.
Reboot and look - 750MHz frequency.
Bandwidth test itself showed that Mikrotik RB951G-2HnD produces nearly 800 megabits per second.
Same index for Mikrotik RB751U-2HnD lies at 565 megabits per second, far below. But the frequency of the processor it has only 450MHz.
Thanks to a faster processor, a new radio module and antenna placement (of course if they are not bent), Mikrotik RB951G-2HnD gangbusters can cope with high volumes of traffic passing through your Internet connection, as well as it provides confidence within the coverage area in not large apartments or private housing. Computers on the LAN will be able to exchange data at speeds of 1 gigabit per second, which will save a lot of time during the transfer of large amounts of information, for example, instead of 2 hours, you will need only about 30 minutes.