Comparison MikroTik CRS109-8G-1S-2HnD-IN vs MikroTik RB2011UiAS-2HnD-IN

The maximum speed provided by the device when communicating wirelessly in the 2.4 GHz band.

This range is used in most modern Wi-Fi standards (see above) - as one of the available or even the only one. The theoretical maximum for it is 600 Mbit. In reality, Wi-Fi at a frequency of 2.4 GHz is used by a large number of client devices, from which congestion of data transmission channels emerges. Also, the number of antennas affects the speed performance of the equipment. It is possible to achieve the speed declared in the specification only in an ideal situation. In practice, it can be noticeably smaller (often by several times), especially with an abundance of wireless technology simultaneously connected to the equipment. The maximum speed at 2.4 GHz is specified in the characteristics of specific models to understand the real capabilities of Wi-Fi equipment. As for the numbers, according to the capabilities in the 2.4 GHz band, modern equipment is conditionally divided into models with speeds up to 500 Mbit inclusive and over 500 Mbit.

In this case, LAN means standard network connectors (known as RJ-45) designed for wired connection of LAN devices — PCs, servers, additional access points, etc. The number of ports corresponds to the number of devices that can be directly connected to wired equipment. way.

In terms of speed, 100 Mbps (Fast Ethernet) and 1 Gbps (Gigabit Ethernet) are the most popular options today. At the same time, thanks to the development of technology, more and more gigabit devices are being produced, although in fact this speed is critical only when transferring large amounts of information. At the same time, some models, in addition to the standard speed of the main LAN ports, may have a 2.5 Gbps, 5 Gbps and even 10 Gbps LAN port with increased bandwidth.

Port for remote control of equipment from a console server - a specialized network computer with the ability to configure network devices via an Ethernet connection.

Rated power of the Wi-Fi transmitter used in the device. If multiple bands are supported (see “Ranges of operation”) the power for different frequencies may be different, for such cases the maximum value is indicated here.

The total transmitting power provided by the device directly depends on this parameter. This power can be calculated by adding the transmitter power and the antenna gain (see above): for example, a 20 dBm transmitter coupled with a 5 dBi antenna results in a total power of 25 dBm (in the main antenna coverage area). For simple domestic use (for example, buying a router in a small apartment), such details are not required, but in the professional field it often becomes necessary to use wireless devices of a strictly defined power. Detailed recommendations on this matter for different situations can be found in special sources, but here we note that the total value of 26 dBm or more allows the device to be classified as equipment with a powerful transmitter. At the same time, such capabilities are not always required in fact: excessive power can create a lot of interference both for surrounding devices and for the transmitter itself (especially in urban and other similar conditions), as well as degrade the quality of the connection with low-power electronics. And for effective communication over a long distance, both the equipment itself and external devices must have the appropriate power (which is far from alway...s achievable). So, when choosing, you should not chase the maximum number of decibels, but take into account the recommendations for a particular case; in addition, a Wi-Fi amplifier or MESH system often turns out to be a good alternative to a powerful transmitter.

The main functions and capabilities implemented in the device.

This category mainly includes the most key functions — namely load balancing (Dual WAN), channel reservation, Link Aggregation, Bluetooth(various versions, including Bluetooth v 5), voice assistant, NAT, MESH modes, bridge, repeater, Beamforming function , firewall (Firewall) and CLI (Telnet). Here is a more detailed description of each of these items:

— Dual WAN. Possibility of simultaneous connection to two external networks. Most often used for simultaneous work with two Internet connections (although other options are possible); at the same time, there are two main modes of operation with such connections — redundancy (Failover / Failback) and balancing (Load Balance). So, in backup mode, the device constantly uses the main channel to connect to the Internet, and in case of failures on this channel, it automatically switches to a fallback option. In balancing mode, both channels are used simultaneously, while the load between them is distributed either automatically (depending on the traff...ic consumption of a particular device) or manually (clearly specified in the settings for specific devices). This allows, for example, to separate the channel for online games from the rest of the connection, minimizing lags and increasing efficiency.

— Link Aggregation. A function that allows you to combine several parallel physical communication channels into one logical one — to increase the speed and reliability of the connection. Simply put, with Link Aggregation, a device can be connected to another device not with one cable, but with two or even more at once. The increase in speed in this case occurs due to the summation of the throughput of all physical channels; however, the total speed may be less than the sum of the speeds — on the other hand, combining several relatively slow connectors is often cheaper than using equipment with a more advanced single interface. And the increase in reliability is carried out, firstly, by distributing the total load over individual physical channels, and secondly, by means of "hot" redundancy: the failure of one port or cable can reduce the speed, but does not lead to a complete disconnection, and when the channel is restored, the channel is switched on automatically.

— Bluetooth. The device supports Bluetooth wireless technology. The meaning of this function will depend on the format of the equipment operation (see "Device type"). For example, adapters with this capability allow you to supplement your PC not only with Wi-Fi, but also with Bluetooth support — thanks to this, you can get by with one adapter instead of two. And in routers and access points, this feature allows external devices to access the Internet (or local area network) over a Bluetooth connection instead of Wi-Fi. This format of work allows you to unload the Wi-Fi channel and reduce the power consumption of connected devices; this is especially important for smart home components and other IoT devices, some routers/access points expressly state that Bluetooth is intended mainly for such electronics. Other ways of using this technology, more specific, may be envisaged; however, this is rare.

— Voice assistant. Device support for a particular voice assistant. The most common options are (individually or together):

• Amazon Alexa
• Google Assistant

The specific functionality of these assistants can be clarified from special sources (especially since it is constantly being optimized and expanded). Here we note that in the case of Wi-Fi equipment, we are usually not talking about an assistant built into the device itself, but about improved compatibility with smartphones and other gadgets that have the corresponding assistant installed. Such functionality can be especially useful given that modern voice assistants are also used to control smart home components. Communication with such control is often carried out just through a home router or other similar equipment, and the support of such equipment for voice assistants greatly simplifies setup and expands the capabilities of the entire system.

— NAT (Network Address Translation). A function that allows Wi-Fi equipment, when working with an external network (for example, the Internet), to replace the IP addresses of all computers and other devices connected to this equipment with one common IP address. In other words, a network with such a router is seen "from the outside" as one device, with one common IP. The most popular use of NAT is to connect several subscribers to the Internet (for example, all computers and gadgets within a home or office) through one provider account. At the same time, the number of such subscribers within the network is limited only by the capabilities of the router and can be freely changed; this will not affect access to the World Wide Web (whereas without using NAT, one would have to organize a separate account for each device). NAT support is a mandatory feature for routers (see "Device type").

— Bridge mode. Possibility of operation of the equipment in the bridge mode. This mode allows you to wirelessly connect individual network segments to each other — for example, to combine two floors if it is difficult to lay a cable between them. However, communication over longer distances is also possible — in some directional access points (see "Device type"), created mainly for just such an application, the range can exceed 20 km. Actually, this mode supports most access points (both directional and conventional), but it is also popular in other types of equipment, in particular, routers.
Note that to work in bridge mode, it is best to use the same type of device — this guarantees high-quality communication in both directions. It is also worth mentioning that in addition to the two-way point-to-point mode, there is also equipment with support for multi-way bridges (“point-to-multipoint”); the availability of such a possibility should be clarified separately.

— Repeater mode. An operating mode in which the equipment only repeats the Wi-Fi signal from another device, playing the role of a repeater. The main function of this function is to expand Wi-Fi networks, providing access where the main device (for example, a router) does not reach. A classic example of repeaters is Wi-Fi amplifiers (see "Device type"), they have this mode by definition; however, it is also found in other types of Wi-Fi equipment. The exception is MESH systems that have similar specifics, but differ in the format of work. See below for more information about this format, but here we note that networks with repeaters are in many ways inferior to MESH in terms of practical capabilities. Firstly, the signals from the main equipment and from the repeater are seen as separate Wi-Fi networks, and when moving between them, subscriber devices must reconnect; this can happen automatically, but disconnections and network changes still cause inconvenience. Secondly, working through a repeater significantly reduces the speed of Wi-Fi. Thirdly, the repeater operates according to a strictly fixed, pre-established routing scheme. On the other hand, access points with a repeater function are much cheaper than MESH nodes, and the mentioned drawbacks are far from always critical.

— MESH mode. Ability to operate the device as a MESH network node. By definition, all MESH systems have this feature, but it can be provided in other types of equipment. A detailed description of networks of this type is given in the paragraph “Device type — MESH system”. Here we will briefly describe their features and the difference between this mode and the repeater mode (see above), which has a largely similar purpose.
MESH technology allows you to create a single wireless network using many separate nodes (access points) connected to each other via Wi-Fi. In this case, the so-called seamless mode of operation is implemented: the entire network is seen as a single whole, switching between access points, if necessary, occurs automatically, in such cases the connection is not broken and the user does not notice the transition to another network node at all. This is one of the key differences from using repeaters. Another difference is dynamic routing: MESH network nodes automatically determine the optimal signal traversal mode. Due to this, as well as due to some other features of this technology, the presence of "intermediaries" on the signal path practically does not affect the communication speed (unlike the same repeaters). The main disadvantage of equipment with this function can be called a relatively high cost.

— Beamforming. A technology that allows you to amplify the Wi-Fi signal in the direction where the receiving device is located (instead of broadcasting this signal in all directions or in a wide sector, as is the case in normal mode). Narrowing the radiation pattern allows you to send more power towards the receiver, thus increasing the range and communication efficiency; while the position of the receiving device is determined automatically, the user does not need to deal with additional settings. And many models of Wi-Fi equipment are capable of amplifying the signal in several directions at once (usually, several antennas are provided for this). At the same time, subscriber devices do not have to support Beamforming — communication improvement is noticeable even with the one-way use of this technology (although not as obvious as with the two-way one).
Also note that the unified Beamforming standards were officially implemented as part of the Wi-Fi 5 specification. However “beamforming” was also used in earlier versions of Wi-Fi, however, different manufacturers used different methods for implementing Beamforming, incompatible with each other. So these days, this feature is almost never found outside of Wi-Fi 5 compatible equipment.

— Firewall. A feature that allows a Wi-Fi device to control traffic passing through it. In fact, the Firewall is a set of software filters: these filters compare data packets with the specified parameters and decide whether or not to pass traffic. In this case, the processing can be carried out according to two rules: “everything that is not expressly prohibited is allowed”, or vice versa, “everything that is not expressly permitted is prohibited”. The main function of a firewall is to protect the network (or individual network segments) from unauthorized access and various attacks. In addition, this function can be used to control user activity — for example, prohibitions on access to certain Internet sites. Note that a firewall can also be implemented at the level of individual devices, but using it on a router allows you to secure the entire network at once.

CLI (Telnet). Ability to control the device via Telnet protocol. This is one of the protocols used today to remotely control network equipment; while Telnet, unlike another popular HTTP standard, does not have a graphical interface and uses only the command line. Such access is used mainly for service purposes — for debugging and changing settings in other text-based protocols (HTTP on web pages, SMTP and POP3 on mail servers, etc.); Telnet requires specialized knowledge.

— WPA. An encryption protocol created as a temporary solution to the most critical vulnerabilities of the WEP described below. It uses a more advanced encryption algorithm, as well as the transmission of passwords in encrypted form. However, the reliability of this standard also turned out to be insufficient, so an improved version, WPA2, was developed.

— WEP. Historically, the first encryption protocol used in wireless networks. It uses encryption from 64-bit to 256-bit, the latter option is considered strong in itself, however, the standard's own vulnerabilities allow a specialist to hack such a communication channel without much difficulty. As a result, WEP is completely obsolete, its support is provided mainly for compatibility with the simplest equipment (especially since it is technically easy to provide this support).

— WPA2. The most popular security standard in modern Wi-Fi equipment. At one time, it became an important update to the original WPA: in particular, the AES CCMP algorithm was introduced into WPA2, which is extremely difficult to crack. Over time, however, some vulnerabilities were identified in this protocol, which led to the development of a more advanced WPA3; however, WPA3 is just beginning to be massively implemented, and in most Wi-Fi devices, WPA2 remains the most advanced standard.
It is worth noting two nuances. First, WPA2 is available in two versions — personal and corporate; in this case, we are talking about pers...onal, corporate options are placed in paragraph "802.1x". Secondly, support for this standard is guaranteed to also be compatible with WEP and original WPA.

— WPA3. A fundamental improvement to WPA2, introduced in 2018, addressing weaknesses identified in WPA2 in the 14 years since it went live. This standard introduced four key innovations:

• Improved security for public networks. Unlike its predecessor, WPA3 encrypts the traffic between the gadget and the router / access point, even if the network is public and does not require a password.
• Protection against the KRACK vulnerability, which allowed hacking the WPA2 communication channel at the time the connection was established. The SAE algorithm is responsible for this protection — more advanced than the previously used PSK. In particular, when establishing a connection via SAE, both devices are considered equal (in PSK, the receiver and transmitter were clearly defined) — this does not allow an attacker to “wedge” between devices using KRACK methods.
• Easy Connect feature — simplifies connection to Wi-Fi networks for devices that do not have displays (in particular, smart home components). Each of these devices will have a QR code on the body, and to connect to the network, it will be enough to scan this code using a smartphone / tablet already connected to this network. However this function is not directly related to WPA3, WPA2 is sufficient for its operation; however, mass adoption of Easy Connect should be expected at the same time as WPA3.
• Improved encryption algorithms for sensitive data, suitable even for government agencies and defense enterprises. However, this feature is relevant mainly for the corporate version of WPA3 — and support for this version is indicated as "802.1x" (see below, in this case we are talking mainly about the personal version of this standard).

In many devices, upgrading from WPA2 to WPA3 can be done in software by installing a new firmware version. However, if support for this protocol is important to you, it is best to choose equipment where such support is initially provided. Also note that the presence of WPA3 is almost guaranteed to also be compatible with WPA2.

— 802.1x. In this case, it implies support for corporate security standards — most often the corresponding versions of the WPA2 protocols, in new devices also WPA3. For example, if the specifications indicate "802.1x" in addition to "WPA3", then this means that this model supports both personal and corporate versions of WPA3. As for the differences between similar versions, one of them is the support for a separate authentication server in corporate protocols. In other words, when using this function, data on accounts and access rights are stored separately from Wi-Fi equipment, on a special secure server, and it is this server that in each case checks the data of the connected equipment and decides whether to allow or deny access.

The PoE (Power over Ethernet) technology itself allows you to transmit not only data, but also energy to power network devices via an Ethernet network cable. And the presence of a PoE output(s) makes it possible to power such devices from the network connectors of a router or access point. This eliminates the need to lay additional wires or use independent power supplies. And when using so-called splitters - devices that separate the PoE cable signal into purely network data and supply power - using such outputs you can also power equipment that does not initially support PoE (the main thing is that their power characteristics match the capabilities of the switch).

As for PoE standards, they determine not just the overall power supply, but also compatibility with specific devices: the consumer must support the same standard, otherwise normal operation will be impossible. Nowadays, including in switch connectors, you can find two types of such standards - active and passive. The main difference between these varieties is that active PoE provides for matching the power source and load in terms of voltage and power; passive PoE does not have such functions, and energy is supplied “as is”, without adjustments. Here is a more detailed description of specific standards:

- 802.3af. The oldest active PoE power format in use today. Provides power output power up to 15 W (at the consumer input - up to 13 W), output voltage 44 -...57 V (input - 37 - 57 V) and power in a pair of supply wires up to 350 mA. Despite its “venerable age”, it still continues to be widely used. However, it is worth considering that this standard covers 4 so-called power classes (from 0 to 3), differing in the maximum number of watts at the output and input. So when using 802.3af, it doesn't hurt to make sure that the output power is sufficient for the selected load.

- 802.3at. The next branch, which combines two standards at once - the 802.3af described above and the newer 802.3at. The latter allows you to supply power up to 30 W to the output (up to 25.5 W at the input of the powered device), uses a voltage of 50 - 57 V (42.5 - 57 V at the input), while the power in a pair of wires does not exceed 600 mA. This combination is relatively inexpensive, but it makes it possible to power a wide variety of external devices.

- 802.3bt. The 802.3bt PoE power standard is divided into two separate branches: Type 3 and Type 4 (the first two types are the earlier versions of 802.3af and 802.3at). When working with type 3 power supply equipment, power is provided via one Ethernet cable with an output power of up to 60 W (at the consumer input - up to 51 W), an output voltage of 50 - 57 V (input - 42.5 - 57 V) and power in supply wires up to 600 mA. The 4th type provides increased power and power values: up to 90 W output power (71 W at the consumer input) and power up to 960 mA. At the same time, the PoE 802.3bt standard is characterized by reduced power consumption during standby.

- Passive. As already mentioned, the key difference between passive PoE and the active standards described above is that in this case the power output produces a strictly fixed power, without any automatic adjustments or adjustments for a specific device. The main advantage of this standard is its low cost: its implementation is much cheaper than active PoE, so such ports can be found in entry-level devices. On the other hand, the aforementioned lack of auto-tuning makes it much more difficult to coordinate equipment with each other - especially in light of the fact that different devices can differ significantly in the output/consumed voltage and power (power). Because of this, when using passive PoE, you need to pay special attention to the compatibility of the source and load in these parameters. If there is no match, then in the best case (if the voltage/power at the output is lower than required) the power simply will not work, and in the worst case (if there is excess voltage/power) there is a high probability of overloads, overheating and even breakdowns with fires - and such troubles may not occur immediately, but after quite a considerable time. And you definitely cannot connect devices with active inputs to passive PoE outputs - for the same reasons.

Power consumed by network equipment during operation. Knowing the indicator of energy consumption, you can, for example, calculate the battery life of equipment from an uninterruptible power supply or choose a suitable “uninterruptible power supply”. Also, with the support of PoE technology, it is worth considering the power consumption when choosing a PoE switch or PoE adapter.

Ambient air temperature at which the device is guaranteed to remain operational.

All modern Wi-Fi equipment can easily endure the conditions typical for use in apartments, offices, etc. So it makes sense to pay attention to this parameter mainly when choosing a model for outdoor installation (see above) or indoors , where the conditions are not very different from those outside. At the same time, the upper temperature limit is usually quite high, and even in the heat there are usually no problems with operation (of course, if the device is not installed in direct sunlight — which is not recommended anyway). But the lower temperature threshold can be different, not all "street" equipment is designed for frost. However, among frost-resistant models there are solutions where the minimum operating temperature is -10 °C and below, and sometimes even -40 °C and below.