Mikrotik Cloud core router

Small business network equipment

It is not a difficult task to chose small business network equipment. Network loads are usually not that high while hardware capabilities are on the constant rise.

So most brand name manufacturers will have decent products for this segment. Still there are a lot of traps you want to avoid while building and configuring your network.

Buying to expensive corporate network equipment
Number one reason why corporate network solutions are expensive is not performance or stability or even features. Prices are high because of support levels they imply. So big companies pay a lot of money to be sure that in cases of network failure they will have a certified support technician working on the problem in the blink of an eye. Chances are your small company will have a pretty basic network setup and you won’t need a top of the class technician to come to your office and press that router reset button.

Buying to much equipment with features you don’t need
We see this all the time: network admins with profit in hardware sales convince small business owners to buy IP firewalls, multiple switches and routers, deep packet inspection hardware and what not. As a rule of thumb, your small business isn’t that much different then your home in terms of network requirements. So if you don’t have a piece of hardware at home, you should ask the question of why you need it in your office.

Not investing in network infrastructure
Don’t expect your network equipment to compensate for poor cabling, malfunctioning network sockets or interference.
Having a poor network infrastructure might result in various network problems that are hard to detect and resolve.

Over configuring your network
Keep it simple and only add services on your network as you need them, instead of configuring and enabling all sorts of mechanisms just in case you need them.

Poor documentation
Always request detailed documentation of your network configuration. You should have good labeling on your hardware, as well as every detail of your firmware configuration as well. This will allow other technicians to administer your network when needed and not lose valuable time on trying to understand the setup.

Our recommendation

If there was one manufacturer we had to pick for a small business – it would be Mikrotik. Slowly this brand has climbed its way to the top in terms of features, reliability, speed and overall configuration possibilities. Actually now a lot of ISP’s have quietly started using Mikrotik routers in situations once reserved for only the few top brands. If you take a look at their CRS125-24G-1S-IN router model, things get clear really fast. It is a fully functional router, a 24 gigabit port Layer 3 switch, and is powered by the easy to configure RouterOS. It retails for less then 200$ and has everything you might ever need from a router in a small business environment. Without going to much into the hardware debate, instead we offer you some advice on how to configure your Mikrotik router in a small business environment.

1. Configuring IP addresses

Mikrotik IP addressesConfiguring your Mikrotik router is best done using their Winbox application. The app is a portable, simple to use GUI interface to RouterOS.
Provided you are connecting from the same switch, it will detect any “nearby” Mikrotik router and allow you to connect to it using its ARP address. This is especially usefull in situations where *something went wrong*, and you cannot ping your router or reach it via its IP.
Configuring IP parameters is done using the IP -> Addresses menu. Here you can chose to add, remove or modify any IP addresses. Once you define an IP address in a IP/subnet format the network address will be automatically resolved, and you just need to select an interface.

2. Configuring default gateway and routes

Mikrotik IP routesConfiguring routes can be done under the IP -> Routes menu. A default approach is to define an IP or subnet you want to reach, and then supply your gateway to these addresses. You can also select an interface to use as gateway, this can be very useful in some advanced VPN configurations.

3. Firewall filter configuration

Mikrotik IP firewall filtersUsing the IP -> Firewall menu you can configure the firewall filter rules. There are 2 basic tabs to configure each rule. In the general tab you define what kind of traffic you want to filter: IP address & mask, protocol, port, interface, etc. While in the advanced tab you define what to do with that kind of traffic: accept, drop, log, etc. Usually your best approach would be to allow outgoing traffic (dont create blocking rules). Also block all incoming traffic from the Internet, and then create specific rules for each service you want to allow through.

4. Firewall NAT configuration

Mikrotik IP firewall NATNAT tab in the firewall configuration is where you can setup your port forwarding rules, masquerades, source NAT-ing etc.
There are 2 basic tabs to configure each rule. In the general tab you define what kind of traffic you want to NAT: IP address & mask, protocols, ports, interfaces, etc. While in the advanced tab you define what to do with that kind of traffic: dst-nat, masquerade, log, etc. Screenshot is a basic port forward rule for RDP traffic: all incoming TCP port 3389 traffic is “src-nat”-ed to our RDP server on the same port.

5. DHCP server configuration

Mikrotik IP DHCP serverThere are 3 steps to configuring a basic DHCP server configuration. First you should use IP -> pool menu to define a pool of addresses to assign to your clients. You can then swap to IP -> DHCP server -> DHCP network and define the network parameters to use for this pool: gateway, subnet (netmask), DNS servers, etc. Finally you can “create” a DHCP server in the DHCP tab, by supplying an interface, your address pool, lease time, etc.

6. Configuration backup

Mikrotik files backupUnder the files menu you can see all your existing backups and create new ones. From here you can use simple drag & drop to either copy files to your machine or upload configuration to your Mikrotik, very neat! You should do this after every configuration change, also remember to keep your documentation up to date!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *