Mikrotik Hex S is a five port Gigabit Ethernet router for locations where wireless connectivity is not required. Compared to the hEX, the hEX S also features an SFP port and PoE output on the last port.
It is affordable, small, and easy to use, but at the same time comes with a very powerful dual core 880 MHz CPU and 256 MB RAM, capable of the advanced configurations that RouterOS supports. The device has a USB 2.0, PoE output for Ethernet port #5 and a 1.25Gbit/s SFP cage.
IPsec hardware encryption (~470 Mbps) and The Dude server package is supported, a microSD slot on it provides improved r/w speed for file storage and Dude.
Why Choose Mikrotik Hex S Gigabit Ethernet Router?
MikroTik was founded in 1996 and is located in Riga, Latvia. In 1997, MikroTik created RouterOS, the software that runs their routers today. You can try RouterOS today and turn a PC into a router, if desired. In 2002, MikroTik decided to make their own hardware, creating the RouterBOARD brand.
The RouterBOARD product line includes an extensive list of network products as listed in their 73 page product manual and on their product page. MicroTik products include routers, switches, and wireless devices. In this review, I’m going to explore the MicroTik RB750GR3 hEX router.
RouterOS is the operating system for MikroTik routers, based on the Linux v3.3.5 kernel. My hEX came with firmware v6.39.2 which was easily updated to v6.40.3 by simply using the “Auto Upgrade” option in the GUI. RouterOS supports Graphical User Interface (GUI), Console, and Command Line Interface (CLI) options for applying configurations, as well as a utility called Winbox that I’ll cover next.
The list of configuration options presented when connecting to the hEX GUI for the first time illustrates the wide array of capabilities of RouterOS based routers. There are 14 main configuration options along the left side of the hEX GUI titled Interfaces, Bridge, Switch, PPP, Mesh, IP, MPLS, Routing, System, Queues, Files, Log, Radius, and Tools.
To state the obvious, the feature set of this router is extensive! MikroTik provides a specification listing here, but the entire list of features would be too long to list. Clearly, this router is not intended as a basic consumer router. There is a simple “Quick Set” option in the GUI where you can set the WAN interface to DHCP and set the router password to quickly and easily get up and running with the default settings.
But if your ISP requires another connection type such as PPPoE, L2TP, etc, you’ll need to hit the Wiki and go digging in the IP menus. The sheer number of configuration options indicate this is a router intended for those with networking knowledge. We found the RouterOS GUI and CLI to be less intuitive than other router configuration interfaces. The RouterOS GUI takes a bit of hunting around to find what you’re looking for. The RouterOS CLI is unique and is not similar to either Cisco or Juniper. Thus, from my perspective, there’s a bit of a learning curve to get comfortable with configuring a RouterOS device.
To MikroTik’s credit, their RouterOS Wiki is quite detailed and includes numerous detailed configuration examples. Many of the Wiki’s examples provide the CLI commands for applying configurations. But with all the options in the GUI, it appears you should be able to apply most of the configurations in the GUI.
We wanted to set up remote WAN access to the hEX for testing purposes and the MikroTik Wiki pointed us to using Winbox. Winbox is an interesting utility that allows you to manage the router from a small executable utility you download directly from the router. According to MikroTik, “Winbox is a small utility that allows administration of MikroTik RouterOS using a fast and simple GUI.”
Simply clicking on Winbox in the hEX GUI downloads its .exe file. You don’t install anything; you just run the file. I used Winbox on a Windows PC, but MikroTik says that Winbox can also run on MacOS and Linux using Wine.We started my testing of the hEX features by diving into IPSec VPNs.
In my experience, IPSec tunnels often require a bit of configuration tweaking to get them to work, and I wanted to see how hard it was going to be to get one working on MikroTik’s RouterOS. As an added challenge, the Wiki’s example for IPSec Site-to-Site must have been out of date, as I had to modify it a bit to get it to work.
After resetting the router to defaults, I tried the CLI configurations provided in the Wiki, which says it uses a default of 3DES encryption and SHA-1 authentication. We attempted to set up a Site-to-Site tunnel to my Linksys LRT224 with these options, but couldn’t get the tunnel to connect.
The GUI came in handy, since it showed that the IPSec defaults were actually using AES-128, 192, and 256 encryption. We changed the LRT224 to use AES-128 encryption and the tunnel from the hEX to the LRT224 came up, shown below. We tried to configure a tunnel from the LRT224 to use AES-256, but wasn’t able to get that option working.
Once the tunnel was established, we had intermittent connectivity through the tunnel between the LRT224 and hEX. We discovered one of the CLI commands provided in the RouterOS Wiki had a value that wasn’t accepted by the router. We played around with a few other options until I found one that worked, which made the tunnel stable.
We measured throughput over the IPSec VPN tunnel between the hEX and LRT224, using TotuSoft’s LAN Speed Test client and server application, and two PCs running 64-bit Windows with their software firewall disabled. With one PC on the hEX LAN and the other PC on the LRT224 LAN, we measured peak upload throughput from the hEX to LRT224 at 53.3 Mbps and peak download throughput to the hEX from the LRT224 at 85.2 Mbps, using a 100 MB file size.
Although a bit unbalanced, this throughput level compares favorably with the recently reviewed Ubiquiti EdgeRouter Lite. We measured peak throughput at 51.5 Mbps.L2TP and PPTP VPNs are other options for remote client VPN access to the hEX router. You can even try OpenVPN if you’re adventurous. We successfully set up a PPTP connection from a Windows PC to the hEX.
The hEX has four 10/100/1000 Ethernet ports. You can control MTU size, create IP and GRE tunnels, add VLANs, implement Virtual Router Redundancy Protocol (VRRP), channel bonding, and LTE interfaces for backup to your wired connections.The RouterOS firewall menu presents numerous firewall options for controlling traffic in and out of the hEX.
Filtering rules are added to an access control list and processed from top down. Traffic can be filtered by source and destination address, source and destination port, protocol, as well as inbound and outbound interfaces. NAT and VPN optimizations are also controlled via the firewall menu.
Pros
High Throughput
Very Low Cost
Can be PoE powered
Simple Secure remote via Winbox Utility
Cons
Too complex
Possible intermittent packet loss
Could not get bandwidth management to work
Key Features
LAN and Vlans
RouterOS supports port based and 802.1Q tagged VLANS. You can control MTU size,create IP and GRE tunnels, add VLANs, implement Virtual Router Redundancy Protocol, channel bonding, and LTE interfaces for backup to your wired connections.
Firewall
Filtering rules are added to an access control list and processed from top down. Traffic can be filtered by source and destination address, source and destination port and protocol. NAT and VPN optimizations are also controlled via the firewall menu.
Router Os
RouterOS is the operating system for MikroTik routers, based on the Linux v3.3.5 kernel. The hEX came with firmware v6.39.2 which was easily updated to v6.40.3 by simply using the “Auto Upgrade” option in the GUI.
Winbox
Winbox is an interesting utility that allows you to manage the router from a small executable utility you download directly from the router.
Other Features
Multiprotocol Label Switching (MPLS)
Routing Options
Queuing Options
Border Gateway Protocol (BGP)
Open Shortest Path First (OSPF)
Routing Information Protocol (RIP)
Specifications
Architecture | MMIPS | ||
CPU | MT7621A | ||
CPU Core Count | 2 | ||
CPU Nominal Frequency | 880 MHz | ||
CPU Thread Count | 4 | ||
Dimensions | 113 x 89 x 28 mm | ||
License Level | 4 | ||
Operating System | Router OS | ||
RAM | 256 MB | ||
Storage Size | 16 MB | ||
Storage Type | Flash | ||
Tested Ambient Temperature | -40°C to 70°C |
How To Use
Think the Mikrotik Hex S Gigabit Ethernet Router will be a good fit for your home or business?
Learn more about its features and current price here.
Once you’ve made your purchase, you may follow this step-by-step installation guide on how to set it up.
First use
- Connect your Internet cable to one of the two ports labeled “Internet,” depending on whether you will use an SFP module or Ethernet.
- Choose your powering solution, please see the Powering section for possibilities.
- Connect your direct input power jack if not using POE, to start up the device.
- Connect your local network computers to ports 2-5 set your computer IP configuration to automatic (DHCP).
- The IP address from the local network is 192.168.88.1, use it in your browser to access the device.
- We recommend clicking the “Check for updates” button and updating your RouterOS software to the latest version to ensure the best performance and stability.
- Set up your password on the screen that loads.
Mounting
This device is designed for use indoors by placing it on the flat surface or mounting on the wall, mounting points are located on the bottom side of the device, screws are not included in the package. Screws with size 4×25 mm fit nicely. Depending on your wall structure you can use dowels 6×30 mm and 6 mm drill bit, if needed.When mounting on the wall, please ensure that cable feed is pointing downwards. We recommend using Cat6 shielded cable for our devices. The IP rating scale for this device is IPX0.
Configuration
RouterOS includes many configuration options in addition to what is described in this document. We suggest starting here to get yourself accustomed to the possibilities: http://mt.lv/help.
In case IP connection is not available, the Winbox tool can be used to connect to the MAC address of the device from the LAN side, (all access is blocked from the internet port by default). For recovery purposes, it is possible to boot the device from the network, see section Buttons
Powering
The device accepts power from the power jack or from the first Ethernet port:
- Direct input power jack (5.5mm outside and 2mm inside, female, pin positive) accepts DC ⎓ 12-57 V.
- The first Ethernet port accepts passive or 802.3af/at Power over Ethernet in the range of DC ⎓ 12-57 V.
The power consumption of this device under maximum load without attachments is up to 6 W.
When using 802.3af/at to power this device, we recommend not using grounding for best compatibility.
Connecting to a POE Adapter:
- Connect the Ethernet cable from the device to the POE port of the POE adapter.
- Connect an Ethernet cable from your LAN to the LAN port of the POE adapter, please mind arrows for data and power flow.
- Connect the power cord to the adapter, and then plug the power cord into a power outlet.
Extension Slots and Ports
- Five individual 10/100/1000 Gigabit Ethernet ports, supporting automatic cross/straight cable correction (Auto MDI/X), so you can use either straight or crossover cables for connecting to other network devices.
- One SFP module cage supports 1.25G modules.
- MicroSD slot for expanding built-in storage.
- USB type-A.
Reset button
The RouterBOOT reset button has the following functions. Press the button and apply the power, then:
- Release the button when the green LED starts flashing, to reset RouterOS configuration to defaults.
- Release the button when the LED turns solid green to clear all configuration and bridge all interfaces.
- Releasing the button after the LED is no longer lit (~20 seconds) causes a device to look for Netinstall servers (required for reinstalling RouterOS over the network).
Regardless of the above option used, the system will load the backup RouterBOOT loader if the button is pressed before power is applied to the device. Useful for RouterBOOT debugging and recovery.
Mode button
The action of the mode buttons can be configured from RouterOS software to execute any user-supplied RouterOS script. You can also disable this button. The mode button can be configured in the RouterOS menu /system routerboard mode-button.
About Mikrotik
MikroTik (officially SIA “Mikrotīkls”) is a Latvian network equipment manufacturer. The company develops and sells wired and wireless network routers, network switches, access points, as well as operating systems and auxiliary software. The company was founded in 1996 with the focus of selling equipment in emerging markets. As of September 2018, the company had more than 140 employees. In 2015, it was the 20th largest company in Latvia by revenue.
Final Thoughts
Amazon’s prices for the routers I compared to the hEX paints an interesting story. The ASUS GT-AC5300 currently costs around $389, the EdgeRouter Lite lists for around $94, and the MikroTik hEX costs around $50. That’s an amazing difference in price for three devices with similar routing performance numbers!
To be fair, the ASUS GT-AC5300 is also a highly capable Wi-Fi router, while the Ubiquiti and MikroTik are wired-only routers, without Wi-Fi radios. Still, the hEX’s bang-for-the-buck is obvious if all you want is a capable, high-throughput, wired-only router.
At the end of the day, I came away impressed with the massive amount of features in RouterOS loaded into such a small and inexpensive package. I was also very aware that I had only scratched the surface of its capabilities.There is definitely much to discover with this device.
I had success in configuring most of the features I tried, but also had experienced a temporary issue with packet loss and an inability to apply working bandwidth management. The bottom line is, the hEX is an inexpensive but powerful router for network experts and those who aspire to be. This is not an inexpensive plug-and-play router you’re looking for, but it is just as impressive, and just as efficient.
Have you given the Mikrotik Hex S Gigabit Ethernet Router a try? What did you like? What did you not like? We would love to know what you think, and we would love it if you would drop us a line or two via our Contact Us section.
Also, after reading our review, if you are still keeping your options open, do check out other wired router articles on firewallguide.com. If you haven’t found the right router for you, there’s no need to worry, we are here to help you decide which router works best for you and your family, and we will always be here for you until you make the right choice.