sabrina is intended to replace the POE switch in the "lab" part of my network. I'm also thinking of getting her to do main router duties as well instead of helian, so that helian can be a POE switch for wifi access points. Undecided yet, as it's messing stretching the core over to the living room and then back again to the fibre cupboard in the kitchen.
helian is a Mikrotik CRS320-8P-8B-4S+RM, here's some info about it:
a review and teardown: https://www.servethehome.com/mikrotik-crs320-8p-8b-4srm-review-mikrotik-gets-poe-serious-marvell/
the homepage: https://mikrotik.com/product/crs320_8p_8b_4s_rm
The CRS320 is really a switch that can do some routing. Not as fast as helian can, which is a proper router, but it's probably more than enough for my needs anyway. The main thing is that it can hardware-offload the switching. The "proper" thing to do here would be to get a router like the CCR2004 and use that as the landing point for internet connectivity, create the VLANs and subnets there, then give it a 20G trunk across to the CRS320 and let it do all the switching.
Contents
Features and uses
- 8x POE+ gigabit ports
- 8x POE++ gigabit ports
- 4x 10G SFP+ ports for uplinking
Hardware
Marvell 98DX226S switch chip, which governs what features you can lean on and how they're handled. Mikrotik has notes about L3 Hardware Offload: https://help.mikrotik.com/docs/spaces/ROS/pages/62390319/L3+Hardware+Offloading#L3HardwareOffloading-L3HWDeviceSupport
And some notes about the switch chips specifically in the higher end models: https://help.mikrotik.com/docs/spaces/ROS/pages/30474317/CRS3xx+CRS5xx+CCR2116+CCR2216+switch+chip+features#CRS3xx,CRS5xx,CCR2116,CCR2216switchchipfeatures-Models
Of particular interest to us is hardware offloading of bridge VLAN filtering (with some listed caveats), which means performance shouldn't suffer even though we're doing something a little bit complex.
Preparation
Some notes from when I received it:
- power it up, connect any ethernet port to upstream switch
- get on serial console
- assign IP/mask to bridge
- get on winbox
- add default gateway and DNS for LAN
- set new admin password
- create new user account for myself with secure password
- login again as myself
- disable admin account
- add ssh key: /user/ssh-keys/add user=furinkan key="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIISjFHfP6t3LLM9D7uWroYCrSdcZqN17tl5eQ/eJlKgq furinkan@wa-chan 2022-03-21"
- add oxidized user: /user/add name=oxidized group=read password="upz.udf5jeq0wtr*NCK" address=192.168.3.0/26
- Set the fans as slow as possible: /system/health/settings/set fan-min-speed-percent=5%
- check for updates and apply latest stable Router OS version (7.16.x at the time)
Fun ideas
The CRS320 has lots of free real estate on the front. Why not put a custom waifu decal on it??
