MikroTik

TLDR: RouterOS is very powerful and versatile. Use safe-mode religiously.

There are many much better guides out there for MikroTik by people who actually know what they are doing, so this is not a how-to article. I am sharing my experience with MikroTik in the hopes that others may find it helpful, or at least mildly amusing.

I recently had some issues with my Unifi Express gateway, leading me to switch to some more powerful hardware. I figured I would go with Mikrotik since I haven't really invested much into the Unifi space, and I've heard good things. I recently saw a Reddit post from a user asking why Unifi seems to be so popular, and the most common answer was pretty simple; It's easy. It's straightforward to set up and has the features to satisfy your homelab's needs. On the same post, I saw the sentiment that MikroTik is great, but kind of esoteric and certainly not straightforward. Having now migrated to a MikroTik RB5009UPr+S+IN, I fully agree with both of these descriptions.

Going in to this I told my users I would expect a 1-2 hour down time. Someone sent the good old Spongebob "1000 years later" meme. That was a curse, apparently, because it turned into 3 days of downtime. Starting out, I set up the bridge interface and added the VLAN interface for my lab network. Immediately locked myself out and had to reset. Then I tried again, and locked myself out again. Very quickly I have learned to use safe mode to set things up, so I don't need to reset every time I screw it up.

On my next attempt I got pretty far, and even had DHCP working on the VLANs and everything seems to be correct. Now I just need to configure the switch, I thought, like a fool. I set up the switch, and in trying to configure the VLANs on the switch, lock myself out and have to reset. The switch does not have safe mode, so I need to be careful. After trying unsuccessfully for another hour or so, I gave up and went to get dinner with my spouse. Upon returning, I once again manage to lock myself out of both the router and the switch. This time I just said screw it and got the router configured enough to provide an internet connection to our PCs so we could both work the next day.

I was very strong and didn't mess with the router (too much) until after work. Instead I did what I should have done in the first place, and learned a bit about how RouterOS works and how to set up VLANs in general. After work I finally get the router configured in a way that I think should be robust and correct, and take a backup. I also manage to get the switch set up and working, and most of my services are back up and online, internally. More backups, and I locked myself out adding the port forwarding rules. It turns out, you need to specify the interface for port forwards or else the router will try to forward you upon accessing the management interface... And of course I neglected to use safe mode because it's just a port forward, how hard could it be? After restoring my well-timed backups I eventually got everything working as intended, except for a weird issue with one of the VLANs. For some reason the default VLAN wasn't giving out IP addresses through DHCP, and upon further inspection wasn't giving a connection at all even with a static IP set on the client.

I spent several hours comparing the two VLANs to make sure they were set up entirely the same, and finally when I was stumped I noticed the dynamic VLAN entries for the bridge weren't quite correct. For some reason my manual entry and the dynamic entries were conflicting, causing only the default VLAN to break. Adjusting the manual VLAN entry fixed it, and now everything is working beautifully. I also figured out how to properly create port forwarding rules.

My last, and in some ways most frustrating, endeavor involved setting up my UX as a wifi access point. After hosting the Unifi Network Application in Docker and trying to adopt the device unsuccessfully for quite some time, I found that despite Ubiquiti's claim that the UX can be operated as a gateway or an AP, this is not actually the case, at least with the self-hosted controller. It seems others in the community have been able to do this with another Unifi gateway. Luckily I had an old Netgear Nighthawk router*, which I was able to use by giving it a static IP and disabling DHCP.

All in all, I am quite happy with MikroTik now that I have a decent idea of what I'm doing, and would recommend them to anyone who wants to get their hands muddy with networking. If you just want to have a working network to focus on other things, I would steer clear of MikroTik and go for Unifi or any of the many self-hosted options.

*I do not recommend Netgear to anyone, especially their Nighthawk 'gaming' routers. They have good wifi speeds for the average consumer, but mine was very unreliable and would just randomly reboot often.