Mikrotik hAP ac: really rather nice

Mikrotik hAP ac

I got myself an early Christmas present. Various things have always bothered me about ISP-supplied routers. In particular, the BT Home Hub 6:

• Slow web interface
• Can't be made to respond to ping from the internet (or at least, the machine running my monitoring system)
• IPv6 support feels sort-of iffy - hard to pin this down, but sometimes devices seem not to get a v6 address for no good reason
• No way to get it to tell you stats, e.g. how much have I downloaded this month? (Useful to know if you're pondering the cost of switching to an ISP with usage-based billing)
• No guest WiFi network option
• Broadcasts a BT Free Wifi type network with no way to turn it off
• Occasionally gets a different IPv6 prefix when rebooted

And, although you can keep the WiFi network name the same when swapping in a new router, you still end up having to reconfigure static IP addresses, port forwarding, etc. Time to separate the job of routing from the job of speaking to my ISP...

Various colleagues recommended Mikrotik. I had a dig around their Home/SME offerings and decided on the hAP ac - for a two bedroom flat, fewer Ethernet ports and faster WiFi makes sense. It's handy that it has five ports, because all four on the HomeHub were occupied, and of course you need an extra one to link to whatever takes over the job of establishing your DSL connection. Fortunately I happened to have one of these lying around:

The classic OpenReach VDSL modem (ECI). They don't do them any more.

These aren't the most awesome VDSL modems in the world - you can't get it to tell you the sync speed, etc. - but the HomeHub claimed I was syncing at 80mbps down and 20 up, and speed tests via the above and the Mikrotik suggest I'm still in that ballpark. Maybe I'll replace it with something fancier in due course.

First impressions of the Mikrotik are good - with their quick setup and some Googling, it took me less than 20 minutes to re-establish WiFi and an internet connection with IPv4 NAT and a sensible default firewall. Someone out on the internet had written up the instructions for getting BT's IPv6 working, and it looks like their prefixes are supposed to last for 10 years - so hopefully telling the Mikrotik to supply a "prefix hint" to re-request the same one on reboots should put a stop to the occasional changes.

The web interface is nice and snappy and allows you into all the hidden corners. You do need to know a decent amount of networking, and a bit of Linux IPTables, to make sense of it all. You can also configure over SSH via the command line.

To make the transition easier, I set it to broadcast the same WiFi network name (with the same password) as the old HomeHub. Almost everything transitioned over seamlessly. The one exception was the Amazon Echo (interestingly, the newer Echo Dot was OK). A bit of Googling suggests that it does not like the default DHCP lease time on the Mikrotik. Ten minutes does seem a bit tight, so I've bumped it to 24 hours and Alexa now seems happy.

Finally, guest WiFi was easy to turn on. I have a more complicated future set-up in mind, but for now, everything is in place and it's nice to know that next time I change ISPs, I'll only need to plug in a new bridge (or even just new credentials for the PPPoE link), and everything else will stay the same. And for the first time in four years, Nagios can run active ping checks on my home connection and see that it's up.

Update: the "Torch" and packet dumping features are excellent - this sort of instrumentation capability comes in really handy for the discerning nerd, e.g. seeing what your IoT devices are up to.