As long as you want to learn,and dont mind to spend time(At least few days or weeks) to tinkering with it,then go for it.
Once you configure it properly,then the networks will be staying good for years.

Better get a arm processor based model for more function like container for ad-block or something else. (And more cpu power for more stability when using higher speed plan and function at the same time)

Any examples of arm processor models?

The space limitation I mentioned prevents me from getting any of the ones that have to sit flat, with the exception of the small squares like the hEX types. Also, I am currently on 500mbps Unifi package.

This post has been edited by blackbox14: Jul 19 2025, 12:43 PM

hap ax2



hap ax3



Chateau PRO ax

Thanks. So hAP AX2 and AX3 are also ARM. I will look into the Chateau pro AX but it is a bit over my budget at the moment.

what is your budget range?

RM400~600. The Chateau pro AX is currently RM775 on Shopee so it's a bit over that.

Most likely will go for either the hAP AX2 or AX3 since both can stand upright.

This post has been edited by blackbox14: Jul 19 2025, 03:00 PM

if like that better just get hap ax3, with those antenna it can help you with your wifi range and coverage

I had some time to check again, and I believe only the hap AX2 will fit comfortably where the Archer C9 currently sits, due to the rack being close to the ceiling. The AX3, if standing vertical, is a bit too tall.

Now waiting for a good sale to get it. Studying videos about setups in the meantime.

Been at least 1 year since I post on this Mikrotik thread...probably.

so my routerOs was probably up and running for close to 1 year in mostly default setting. finally, turn on Tx-flow control, off the fast track in firewall rules, set the queue type - mq-large >mqpfifo to 4096 queue size, plus set simple queue for Wan-sqm to max 300M/50M burst 400M/80M. finally - I have very low drop packets, and passed the Bufferbloat test with an A grade! yup... I was slow... but finally got this hobby of mine to work... ladies and Gentleman... pls use a co-pilot or some AI chat if you are clueless like me. but definitely a very steep learning curve and need the help of AI to really get me up to speed. BTW --- one major thing I had to do was recrimp all my Cat5e cable's RJ45 crystal head... making sure the untwisted pair is <5mm to the point of crimp. helped alot.


edit: my equipment is as follow.

TM-fiber unit.

L009UiGS-2HaxD
CapAx - 1 unit.
HapAx2 - 2 unit.

linksys 10 poe switch.




This post has been edited by skywardsword: Jul 24 2025, 11:45 PM

Finally ordered my hAP AX2 yesterday. Read up as much as I could and even asked the AI chat support bot on Mikrotik website for a basic configuration.

Just want to ask something that I can't seem to find a clear answer to: when exactly should I perform the first routerOS and routerboard upgrade during the setup process? I assume it's the moment I have internet access?

Also, if I plan to use ether1 as the WAN port on this, do I need to turn off the passive PoE on the port first?

And of course, there's stuff specific to TM Unifi like the MTU values that I'm not so certain about.

This post has been edited by blackbox14: Aug 2 2025, 02:57 PM

Welcome to the club.
You can upgrade the RouterOS whenever you want. But keep in mind that they only enable fasttrack by default in like version 7.18.
So just download the npk file from Mikrotik and drop it into the router. Then reboot it to make sure it is upgraded.

Go to System > RouterBoard.
Click Upgrade to upgrade the firmware.

Reboot again. Make sure RouterOS and firmware are both equal in version.
Hard reset the router and start your setup.

Passive PoE is a non-standard way for Mikrotik switch to provide power to their WiFi product. You cannot actually disable it as it is hardwired inside. Just use the port as is.

For TM's MTU problem, you need to use at least version 7.20 beta. You can jump straight to the beta version if you want. I am on this version from beta2 till beta7 now and it has been good for basic usage.

Thanks.

For the RouterBoard step, I am guessing the firmware is included in the downloaded RouterOS file from the website and the router itself does not need internet access for that?

Ok. Just want to be sure because I don't want to fry my ONU by accident or something.

How much does the MTU issue impact regular usage? I did see some posts about it around here but it wasn't too clear.

EDIT: I will post more details about how I intend to set up my home network once I receive the router.

This post has been edited by blackbox14: Aug 2 2025, 03:55 PM

Yes just download one npk file and it will do both. No internet access needed during the upgrade.
In RouterOS v6, firmware and OS are separate download.
In v7, the firmware is inside the OS package but still requires a manual trigger to update it. You can set it to automatic upgrade but it still requires two reboot.

The MTU issue exist since TM "upgrade" their BNG. Mikrotik user has been living with this problem for a few years now. Not critical.
Mikrotik user has also been living with lousy IPv6 performance until recently.

You join the club at the right time when all these long known annoyance is finally ironed out.

Wow, what exactly did they do with IPv6 on Mikrotik specifically? I thought that the issues with IPv6 in Malaysia were universal because of weird implementations.

This is Mikrotik specific.
In every router, there is a packet flow graph, which dictates what happens to the packet at each stage of a routing decision.

As part of optimization, many router manufacturer will have their own method to shortcut this process. Cisco Express Forwarding, Mikrotik FastTrack, VyOS Flowtable Offload...

In Mikrotik, this shortcut didn't exist in IPv6 until recently.
Now that it exist, there are still a lot of limitation, edge cases and gotcha when using it.

Common ones:
If you use Queue, packet won't get fasttrack.
If you use IPSec, it will chew packet aka they randomly go missing.

With L3HW Offload, you cannot use it with PPPoE. But your router don't support L3HW so this won't affect you.

Mikrotik FastPath is a totally different thing. It is just a name that says packet skip connection tracking and firewall. There is no way you can operate in this mode unless you treat it like a core router.
But then as a core router, they also have problem FastPath MPLS or VPLS, so it is still kind of the same unless your core router is really barebone.

I see. From my understanding the AX2 isn't a powerful device, so I don't plan to use QoS, IPsec or most other advanced features for the time being.

My goal for now is just to set it up similarly to my current router so there is little to no impact on basic use such as gaming (needs UPnP, if I am not mistaken), streaming, video calls, etc. I may not even use the built in WiFi and just use my Archer C9 as an AP for that instead. Heard that is better for the longevity of the network equipment anyway.

Just enable UPnP. They have a dedicated page for this setting. Make sure you correctly annotate your Inside / Outside interface or you might open yourself to UPnP attack from the Internet.

Some people absolutely want QoS because it is the only way to get A+ in bufferbloat test. What is you current Internet speed? You might be able to make it if you predominantly do big packet.
But then again no gamer will leave their torrent running while they game, so this render the whole bufferbloat test moot as it only matter when your pipe is saturated.

The rated MTBF is 100,000 hours at 25C. Honestly it is very low in enterprise gear space where 300,000+ hours at 40C is normal for hardware with fans; 500,000 - 700,000+ hours at 40C for model without fan.

Let say you never aircond your place and MTBF is down to 50,000 hours. That still gives you 5+ years so it is not too bad.

I will come back here to confirm how this works once I have everything set up, because from what I've seen there are multiple ways to set up the device (w/ w/o VLAN filtering, etc..) using TM Unifi.

500Mbps under TM Unifi. And yes, no torrent while gaming.

I will eventually get around to learning how QoS works, because my family are heavy users of Netflix & Disney+ Hotstar, so there are times when their streaming does affect gaming.

Yeah, the place where the router will be placed will have no aircon. Somehow my Archer C9 has lasted 6 years without issues, so I'm hoping the vertical setup with the AX2 + all those vent holes will help it last as long or even longer.

I don't know if Mikrotik has a standard way to do this but at least on tiny router the "Internet" port is not part of the bridge in the default setting. You then just create VLAN 500 and that's it.
If you have IPTV then you need to bridge them together with a port.

I don't really remember as I don't use the default setup. All my ports are switched to maximize hardware offload.

DO NOT enable vlan filtering without a backup. On unsupported switch chip it will stop traffic and you officially lock yourself out.
Tips: Use Safe Mode when enabling it. If you lock yourself out, just reboot and all changes you made in Safe Mode will be reverted.
Once done, disable Safe Mode and you changes will be permanent.

YOU MUST STILL BACKUP.

500Mbps is slow enough for QoS to work properly for your router. Using pcq instead of cake or fq-codel should give you more headroom as it is less CPU intensive. Test it to find out.

My house doesn't actually use the IPTV, so would I still need to bridge those together with a port? I notice the TP Link router reserves one of the LAN ports for the IPTV.

So a safer idea is just to not use VLAN filtering then? I saw some posts here that indicated that VLAN filtering is the way that the current RouterOS is meant to run, or something of that nature. Maybe I misunderstood.

The setup videos that I can find on Youtube don't seem to use that method and it seems a lot more straightforward.

Will do that once I get everything running stable.