When using it as a demarc for a small business, we mounted it to the wall and labeled it “ISP Demarc” with ISP name on Eth1 and customer name on Eth2. Similar to a SmartJack shelf or an IAD. People look at a 751 and think it’s a jack or a modem, not a router anyway. We also put a sticker on it “Property of <ISP>”.
The problem is computer consultants, in fact I just got off the phone with one having a hissy fit because we replaced a Frontier DSL modem with a managed RB2011 and he insists on being able to make changes. I told him the customer is welcome to have you put in a router/firewall for them and then you can manage it, but not our managed router. It also drives guys installing things like security cameras and POS terminals crazy they can’t just bring up a web GUI on 192.168.1.1 and guess the password. We turn off all IP services except Winbox. To the computer consultants, it can be a real turf issue. I don’t see why. The customer can pay them to install and manage a router, that’s money in their pocket. In some cases I think the subtext is they are getting kickbacks for recommending ISPs and don’t like the customer ordering service directly from one of the ISPs that doesn’t kick back a commission or recurring revenue. I sometimes wonder if even the telcos do this, otherwise I can’t figure out why some of the computer guys recommend Frontier. From: Adam Moffett Sent: Monday, October 26, 2015 1:51 PM To: [email protected] Subject: Re: [AFMUG] CPE Mikrotik In my previous life, we liked the 450G with the plain unlabeled case from Baltic Networks and wall mount brackets. It seemed people were less likely to play around with a black box mounted on the wall than with a desktop router. On 10/26/2015 12:58 PM, Ken Hohhof wrote: We have used the RB750G or RB750 for a business demarc device. Often with a routed /29 on the customer side (business IT guys are trained to ask for 5 public IPs whether they need them or not). I think the hEX and hEX Lite are the replacements for those. From: That One Guy /sarcasm Sent: Monday, October 26, 2015 11:49 AM To: [email protected] Subject: Re: [AFMUG] CPE Mikrotik We bridge to the router. The 2011 are all big. I only need a couple ports at most available to the customer on the business side in most cases as they have their own firewall, I would just like the CPE router (not CPE radio) to be able to be a part of our L3 network when the need arises. this is more a demarc device on those business customers, for managed routers on our contract support customers we do Fortigate UTMs. I dont mind two devices to keep the separation between church and state. Contract services is a component that could leave our jurisdiction and I dont want to have taken liberties on the ISP network that would conflict with a third party IT taking over An example business customer im dealing with right now is a bank. they have 3 branches on our network A B C and two off our network D and E. We are their contract IT also. A B and C have us as their primary provider, A is their main branch. D have a cable connection with a DSL backup as well as a PtP t1 to A. E has cable/dsl as well. A B and C are all on our PmP wireless network for all intents and purposes (we have them on pmp solutions until saturation then move them to PtP), and we are turning up a 3rd party ptp fiber circuit between A and our NOC (they use our IP space). Our wireless having more capacity than the fiber contract. Their main branch, A gets to our noc via a licensed hop then an air fiber, each of those have backup 5ghz link. There is also an alt path on our network from the licensed link via another licensed link to our second provider (no bgp at present) and i am putting in an EOIP tunnel from provider 2 back to provider 1 to be able to keep their IP space in play(it is what it is). So in essence they have three paths to egress with multiple redundancies. I am planning on MPLS between their three on network sites, hence the need for demarcation between us and their fortigates. If I can do this with a 50 dollar router that we keep on hand for residential CPE as well, that makes me happy. Is this convoluted enough? On Mon, Oct 26, 2015 at 11:05 AM, Ken Hohhof <[email protected]> wrote: We use RB951G-2HnD. Yes it costs a few bucks more, but it’s worth it to stock one router, and it has been very reliable. If we were going through boatloads of them, I guess we might look at stocking more models to save a few bucks. For businesses that need more wired ports, or installations where we think we need external antennas, we use RB2011UiAS-2HnD-N. We also have a few CRS125 models out there, like as a demarc for multiple tenants. I am debating whether to look at the new Cambium models, mainly to get an 802.11ac product, but integrating the POE and ATA functions would simplify wiring for residential customers. Just not sure it would let us manage the VoIP function the way we like, also not sure I want to give up the outboard POE with surge protection. From: Josh Luthman Sent: Monday, October 26, 2015 10:38 AM To: [email protected] Subject: Re: [AFMUG] CPE Mikrotik Router? Rb2011 are great and about $100. The 951 is cheaper for the residents. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Oct 26, 2015 at 11:19 AM, That One Guy /sarcasm <[email protected]> wrote: back looking at a cpe mikrotik, I would prefer to stock one unit for residential and business customers, I just dont know what can actually handle what reliably. For the residential side, not much more than the equivalent of a ubnt air router, at that price point, i think at one point we were paying 29 a piece for 20 packs or something to that effect, i dont know if thats still accurate. on the business customer side it may need to participate in OSPF and MPLS/EOIP, wireless not being required. I would prefer Gigabit Ethernet, SPF not a requirement for the standard drop device. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
