I've finally decided to try and learn more about my CRS125-24G-1S-2HnD. I've had it for years, and I've never setup a guest wifi, or done any vlans.
I've had a look through several posts and videos.

Tutorials
https://www.youtube.com/channel/UC_vCR9AyLDxOlexICys6z4w

VLAN Post/Guide

I bought a book:
https://www.ispsupplies.com/RouterOS-by-Example-Book

I seem to have been successful in getting a WiFi VLAN working. I can get an IP, and get out to the internet on a seperate vlan and ssid.

However, the port based vlan (hard-wired ethernet) is eluding me.
I can get an IP, but, I can't route out to the internet.

My vlans conceptually are:
default vlan (came with the unit) - bridge-local
vlan 10 (seperate iot vlan for wifi) - bridge-iot-vlan10
vlan 30 - (trying out a port based vlan) - bridge-iot-ethernet-vlan30

See attached for giant verbose export (not sure if thats needed).
Also I'm fairly new to the code formatting features, so sorry if the txt option is bad.

Terse export:

dec/18/2019 13:31:07 by RouterOS 6.46

software id = CZB2-RAZR

model = CRS125-24G-1S-2HnD

serial number = 49C704FFF6FC

/interface bridge add name=bridge-iot-ethernet-vlan30
/interface bridge add comment="vlan 10 - iot - for wifi" fast-forward=no mtu=1500 name=bridge-iot-vlan10
/interface bridge add admin-mac=4C:5E:0C:91:61:A7 auto-mac=no comment="default bridge" fast-forward=no mtu=1500 name=bridge-local
/interface wireless set [ find default-name=wlan1 ] antenna-gain=13 band=2ghz-b/g/n country="united states" disabled=no distance=indoors frequency=auto frequency-mode=regulatory-domain mode=ap-bridge ssid=HideYoWIFI wireless-protocol=802.11 wps-mode=disabled
/interface ethernet set [ find default-name=ether1 ] name=ether1-gateway speed=100Mbps
/interface ethernet set [ find default-name=ether2 ] name=ether2-master-local speed=100Mbps
/interface ethernet set [ find default-name=ether3 ] name=ether3-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether4 ] name=ether4-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether5 ] name=ether5-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether6 ] name=ether6-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether7 ] name=ether7-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether8 ] name=ether8-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether9 ] name=ether9-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether10 ] name=ether10-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether11 ] name=ether11-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether12 ] name=ether12-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether13 ] name=ether13-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether14 ] name=ether14-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether15 ] name=ether15-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether16 ] name=ether16-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether17 ] name=ether17-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether18 ] name=ether18-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether19 ] name=ether19-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether20 ] name=ether20-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether21 ] name=ether21-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether22 ] name=ether22-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether23 ] name=ether23-slave-local speed=100Mbps
/interface ethernet set [ find default-name=ether24 ] name=ether24-slave-local speed=100Mbps
/interface ethernet set [ find default-name=sfp1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=sfp1-gateway
/interface vlan add interface=bridge-iot-ethernet-vlan30 name=vlan30 vlan-id=30
/interface ethernet switch set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether9-slave-local,ether10-slave-local
/interface list add exclude=dynamic name=discover
/interface list add name=mactel
/interface list add name=mac-winbox
/interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key= wpa2-pre-shared-key=
/interface wireless security-profiles add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=iot-profile supplicant-identity="" wpa2-pre-shared-key=
/interface wireless add comment="virtual ap for iot devices - assigned to vlan 10" disabled=no keepalive-frames=disabled mac-address=4E:5E:0C:91:61:BF master-interface=wlan1 multicast-buffering=disabled name=iot-wlan-24 security-profile=iot-profile ssid=JT-IOT-24 vlan-id=10 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface wireless manual-tx-power-table set iot-wlan-24 comment="virtual ap for iot devices - assigned to vlan 10"
/interface wireless nstreme set iot-wlan-24 comment="virtual ap for iot devices - assigned to vlan 10"
/interface vlan add interface=iot-wlan-24 name=vlan10 vlan-id=10
/ip ipsec proposal set [ find default=yes ] enc-algorithms=3des
/ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip pool add name=dhcp_pool1 ranges=10.1.10.2-10.1.10.254
/ip pool add name=dhcp_pool2 ranges=10.1.30.2-10.1.30.254
/ip pool add name=dhcp_pool3 ranges=10.1.30.2-10.1.30.254
/ip dhcp-server add address-pool=default-dhcp authoritative=after-2sec-delay disabled=no interface=bridge-local lease-time=3d name=default
/ip dhcp-server add address-pool=dhcp_pool1 disabled=no interface=bridge-iot-vlan10 lease-time=3d name=dhcp1
/ip dhcp-server add address-pool=dhcp_pool3 disabled=no interface=vlan30 lease-time=3d name=dhcp2
/queue simple add disabled=yes name=John_PC_Queue packet-marks=John_Gaming_Packets priority=1/1 queue=pcq-upload-default/pcq-download-default
/snmp community set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port add bridge=bridge-local interface=ether2-master-local
/interface bridge port add bridge=bridge-local interface=wlan1
/interface bridge port add bridge=bridge-local interface=ether3-slave-local
/interface bridge port add bridge=bridge-local interface=ether4-slave-local
/interface bridge port add bridge=bridge-local interface=ether5-slave-local
/interface bridge port add bridge=bridge-local interface=ether6-slave-local
/interface bridge port add bridge=bridge-local interface=ether7-slave-local
/interface bridge port add bridge=bridge-local interface=ether8-slave-local
/interface bridge port add bridge=bridge-iot-ethernet-vlan30 interface=ether9-slave-local pvid=30
/interface bridge port add bridge=bridge-iot-ethernet-vlan30 interface=ether10-slave-local pvid=30
/interface bridge port add bridge=bridge-local interface=ether11-slave-local
/interface bridge port add bridge=bridge-local interface=ether12-slave-local
/interface bridge port add bridge=bridge-local interface=ether13-slave-local
/interface bridge port add bridge=bridge-local interface=ether14-slave-local
/interface bridge port add bridge=bridge-local interface=ether15-slave-local
/interface bridge port add bridge=bridge-local interface=ether16-slave-local
/interface bridge port add bridge=bridge-local interface=ether17-slave-local
/interface bridge port add bridge=bridge-local interface=ether18-slave-local
/interface bridge port add bridge=bridge-local interface=ether19-slave-local
/interface bridge port add bridge=bridge-local interface=ether20-slave-local
/interface bridge port add bridge=bridge-local interface=ether21-slave-local
/interface bridge port add bridge=bridge-local interface=ether22-slave-local
/interface bridge port add bridge=bridge-local interface=ether23-slave-local
/interface bridge port add bridge=bridge-local interface=ether24-slave-local
/interface bridge port add bridge=bridge-iot-vlan10 interface=iot-wlan-24 pvid=10
/interface bridge port add bridge=bridge-iot-vlan10 interface=vlan10 pvid=10
/interface bridge port add bridge=bridge-iot-ethernet-vlan30 interface=vlan30 pvid=30
/ip neighbor discovery-settings set discover-interface-list=discover
/interface ethernet switch egress-vlan-tag add tagged-ports=switch1-cpu vlan-id=30
/interface ethernet switch egress-vlan-translation add customer-vid=30 customer-vlan-format=untagged-or-tagged new-customer-vid=0 ports=ether9-slave-local,ether10-slave-local service-vlan-format=untagged-or-tagged
/interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=30 ports=ether9-slave-local,ether10-slave-local
/interface ethernet switch port set 0 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 1 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 2 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 3 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 4 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 5 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 6 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 7 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 8 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 9 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 10 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 11 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 12 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 13 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 14 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 15 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 16 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 17 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 18 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 19 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 20 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 21 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 22 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 23 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 24 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch port set 25 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch vlan add ports=ether9-slave-local,ether10-slave-local,switch1-cpu vlan-id=30
/interface list member add interface=wlan1 list=discover
/interface list member add interface=ether2-master-local list=discover
/interface list member add interface=ether3-slave-local list=discover
/interface list member add interface=ether4-slave-local list=discover
/interface list member add interface=ether5-slave-local list=discover
/interface list member add interface=ether6-slave-local list=discover
/interface list member add interface=ether7-slave-local list=discover
/interface list member add interface=ether8-slave-local list=discover
/interface list member add interface=ether9-slave-local list=discover
/interface list member add interface=ether10-slave-local list=discover
/interface list member add interface=ether11-slave-local list=discover
/interface list member add interface=ether12-slave-local list=discover
/interface list member add interface=ether13-slave-local list=discover
/interface list member add interface=ether14-slave-local list=discover
/interface list member add interface=ether15-slave-local list=discover
/interface list member add interface=ether16-slave-local list=discover
/interface list member add interface=ether17-slave-local list=discover
/interface list member add interface=ether18-slave-local list=discover
/interface list member add interface=ether19-slave-local list=discover
/interface list member add interface=ether20-slave-local list=discover
/interface list member add interface=ether21-slave-local list=discover
/interface list member add interface=ether22-slave-local list=discover
/interface list member add interface=ether23-slave-local list=discover
/interface list member add interface=ether24-slave-local list=discover
/interface list member add interface=bridge-local list=discover
/interface list member add list=discover
/interface list member add list=discover
/interface list member add interface=ether2-master-local list=mactel
/interface list member add interface=ether3-slave-local list=mactel
/interface list member add interface=ether2-master-local list=mac-winbox
/interface list member add interface=ether4-slave-local list=mactel
/interface list member add interface=ether3-slave-local list=mac-winbox
/interface list member add interface=ether5-slave-local list=mactel
/interface list member add interface=ether4-slave-local list=mac-winbox
/interface list member add interface=ether6-slave-local list=mactel
/interface list member add interface=ether5-slave-local list=mac-winbox
/interface list member add interface=ether7-slave-local list=mactel
/interface list member add interface=ether6-slave-local list=mac-winbox
/interface list member add interface=ether8-slave-local list=mactel
/interface list member add interface=ether7-slave-local list=mac-winbox
/interface list member add interface=ether9-slave-local list=mactel
/interface list member add interface=ether8-slave-local list=mac-winbox
/interface list member add interface=ether20-slave-local list=mactel
/interface list member add interface=ether9-slave-local list=mac-winbox
/interface list member add interface=ether21-slave-local list=mactel
/interface list member add interface=ether20-slave-local list=mac-winbox
/interface list member add interface=ether22-slave-local list=mactel
/interface list member add interface=ether21-slave-local list=mac-winbox
/interface list member add interface=ether23-slave-local list=mactel
/interface list member add interface=ether22-slave-local list=mac-winbox
/interface list member add interface=ether24-slave-local list=mactel
/interface list member add interface=ether23-slave-local list=mac-winbox
/interface list member add interface=wlan1 list=mactel
/interface list member add interface=ether24-slave-local list=mac-winbox
/interface list member add interface=bridge-local list=mactel
/interface list member add interface=wlan1 list=mac-winbox
/interface list member add interface=bridge-local list=mac-winbox
/ip address add address=192.168.88.1/24 comment="default configuration" interface=wlan1 network=192.168.88.0
/ip address add address=10.1.10.1/24 comment="vlan10 for iot wifi" interface=bridge-iot-vlan10 network=10.1.10.0
/ip address add address=10.1.30.1/24 interface=vlan30 network=10.1.30.0
/ip dhcp-client add comment="default configuration" disabled=no interface=ether1-gateway
/ip dhcp-client add comment="default configuration" disabled=no interface=sfp1-gateway
/ip dhcp-server lease add address=192.168.88.254 client-id=1:0:4:4b:9:fc:ea mac-address=00:04:4B:09:FC:EA server=default
/ip dhcp-server lease add address=192.168.88.245 client-id=1:10:c3:7b:91:40:1d lease-time=521w3d mac-address=10:C3:7B:91:40:1D server=default
/ip dhcp-server lease add address=192.168.88.230 lease-time=521w3d mac-address=00:04:4B:09:FC:EA server=default
/ip dhcp-server lease add address=192.168.88.215 lease-time=521w3d mac-address=F4:F5:E8:18:5C:88 server=default
/ip dhcp-server lease add address=192.168.88.172 client-id=1:84:25:3f:3e:21:dc mac-address=84:25:3F:3E:21:DC server=default
/ip dhcp-server lease add address=192.168.88.167 client-id=ff:7b:91:40:1d:0:4:26:b5:d7:80:d8:82:11:dd:9c:6b:10:c3:7b:91:40:1d mac-address=10:C3:7B:91:40:1D server=default
/ip dhcp-server lease add address=192.168.88.166 client-id=1:74:bf:c0:75:a4:33 mac-address=74:BF:C0:75:A4:33 server=default
/ip dhcp-server network add address=10.1.10.0/24 dns-server=10.1.10.1,75.75.75.75,75.75.76.76 gateway=10.1.10.1
/ip dhcp-server network add address=10.1.30.0/24 gateway=10.1.30.1
/ip dhcp-server network add address=192.168.88.0/24 comment="default configuration" gateway=192.168.88.1
/ip dns set allow-remote-requests=yes
/ip dns static add address=192.168.88.1 name=router
/ip firewall address-list add address=192.168.88.0/24 list=DefaultVLAN
/ip firewall address-list add address=10.1.10.0/24 list=vlan10-iot-wifi
/ip firewall address-list add address=10.1.30.0/24 list=vlan30-iot-ethernet
/ip firewall filter add action=drop chain=input comment="Rule 1 - Input Chain - Drop Invalid - #LMB = Learn Mikrotik Book " connection-state=invalid
/ip firewall filter add action=drop chain=forward comment="Rule 2 - Forward Chain - Drop Invalid - Learn Mikrotik Book" connection-state=invalid
/ip firewall filter add action=accept chain=input comment="Rule 3 - Input Chain - Allow Default VLAN - Could be more restrictive for local router access - #LMB" src-address-list=DefaultVLAN
/ip firewall filter add action=accept chain=input comment="Rule 4 - Input Chain - Accept established - #LMB" connection-state=established
/ip firewall filter add action=drop chain=input comment="Rule 5 - Input Chain - Drop all others - #LMB"
/ip firewall filter add action=accept chain=forward comment="Rule 6 - Forward Chain - Allow new connections from Default VLAN - #LMB" connection-state=new src-address-list=DefaultVLAN
/ip firewall filter add action=accept chain=forward comment="Rule 10 - Forward Chain - Allow new connections from vlan 10 - iot wifi - Made by John T" connection-state=new src-address-list=vlan10-iot-wifi
/ip firewall filter add action=accept chain=forward comment="Rule 11 - Forward Chain - Allow new connections from vlan 30 - iot ethernet - Made by John T" connection-state=new src-address-list=vlan30-iot-ethernet
/ip firewall filter add action=accept chain=forward comment="Rule 7 - Forward Chain - Allow related connections through router - #LMB" connection-state=related
/ip firewall filter add action=accept chain=forward comment="Rule 8 - Forward Chain - Allow Established Connections through router - #LMB" connection-state=established
/ip firewall filter add action=drop chain=forward comment="Rule 9 - Forward Chain - Drop all other connections through router - #LMB"

/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set www address=192.168.88.0/24
/ip service set ssh address=192.168.88.0/24
/ip service set www-ssl address=192.168.88.0/24 disabled=no
/ip service set api address=192.168.88.0/24
/ip service set winbox address=192.168.88.0/24
/ip service set api-ssl address=192.168.88.0/24
/ip ssh set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp interfaces add interface=ether1-gateway type=external
/ip upnp interfaces add interface=bridge-local type=internal
/lcd set time-interval=weekly
/system clock set time-zone-autodetect=no time-zone-name=America/New_York
/system identity set name=CRS125-24G-1S-2HnD
/system leds set 0 interface=wlan1
/system leds set 1 interface=sfp1-gateway leds=""
/system ntp client set enabled=yes server-dns-names=us.pool.ntp.org,pool.ntp.org

/tool mac-server set allowed-interface-list=mactel
/tool mac-server mac-winbox set allowed-interface-list=mac-winbox
verbose-export-config-post.rsc (118 KB)

You are a very patient individual, and on those grounds, you’ve earned the right to some help. Here’s the thing though. You shouldn’t be using that hardware. That is were our conversation will begin. Now, let’s see if that is true. Can you draw a diagram for us? I need to know where and how this device will be used.

Thanks. Let me work on that diagram. Its a home device.

I was using it to learn, but, also do some home projects with.
I probably don’t even need vlans to be honest.
I just wanted to learn how mikrotik does them- and I wanted to know what was possible with the CRS125-24G-1S-2HnD

Port 1 - i.e. ether1-gateway is hooked up to a motorola cable modem.
The default vlan came out of the box - 192.168.88.0/24 (Pretty much everything I have right now is still there)
Ports 9-12 - i.e. vlan 30 - 10.1.30.0/24 was going to be my first access port vlan - i.e. hook up a couple of roku’s, iot style devices.

vlan 10 - My first attempt at a new wifi network (and it seems to work) - 10.1.10.0/24 - I wanted to use it for iot devices like an Amazon Echo Dot
vlan 20 - Probably a guest WiFI, that I haven’t built yet, for visitor phones, tablets, and laptops.

I thought I should get rid of the default vlan, but, I just haven’t had the chance to tell the wife, “Hey, give me a few hours with no internet, so I can work on my project”
So if I get rid of the default vlan, and make lets say, vlan 50 - that would be where my PC’s and laptops go (and possibly a plex server).

Thats really about it, but, let me draw it out for you. Thanks. It may take me a little bit of time with the holiday, etc.

How much Internet bandwidth are you working with?

Roughly 100 Mbps down and 10 Mbps up (if comcast last mile wiring actually gives that to me).
Most of the time its 80 down and 6-8 up.

I made a diagram of what I was trying to do.
Hopefully that helps. I confess its not Network Engineer quality with every port defined.
Let me know if it needs more.

See attached.
JTHome Network Diagram.pdf (227 KB)

Looks great. Give me time to put something together.

Thanks I appreciate it. Take your time.
Tonight I just connected to the console port (finally got myself a cable).

I’m assuming I have some things pretty mis-configured, and I probably will have to get rid of the “native vlan”.

Also if there is no way to do this with this one box, then I’m open to getting a hex poe, with a cap ac, or some other setup.
The irony there would be, I don’t need the 24 ports on this switch anymore… and I’m not sure if I could turn this crs into just a switch.
A couple of things I’m realizing though
-The roku is probably going to need to communicate with the echo dot. So maybe the IOT wifi network should be the same vlan as the hardwired IOT network?
-The Plex server would probably also have to communicate with the roku and the echo dot, so thats another hurdle.
-Inter-VLAN routing would solve it, but, then I guess you would have to firewall certain things off for security?
-These are all questions I have, and I’m sure I won’t solve them overnight.

Well, my big issue is that the CRS125 is not powerful enough to handle anything that will hit the CPU on it, like the routing. Also, no 5Ghz channels. How many wired ports do you need? You need to consider the RB3011, hAP AC 2, or the RB4011 as your router/switch combo. If you need more ports, then we buy a switch.

Ah ok. I wasn’t aware of the cpu limitation, not knowing the hardware that well. I’ll take a look at some of those models you requested.

I only need roughly 5-6 wired ports.
-Printer (although right now its wireless)
-PC
-Plex Server
-Roku
-Maybe a future sonos one
-Cable modem

5 ports really is all I need and then some room for growth (i.e. 2 or 3 more)- nothing crazy.

When I bought this unit almost 4 years ago- the 24 ports seemed like a good deal for the price.

As far as the 2.4 GHz WiFI goes, I was considering replacing it at some point, but, was debating, if I should keep the CRS or not.

I actually just purchased a hap ac 2 for my mother in law’s place, but, I basically just used the basic default setup (i.e. native vlan and firewall with 5GHz wifi)- she needed the wifi upgrade.

Have you had good luck buying from amazon?

I have bought a few units from https://www.ispsupplies.com/ in the past- just to get some support for warranty if needed.

Yes, I really like ISP Supplies. Amazon makes me leery, although I have used equipment bought from them just fine.

When you have settled on your new hardware, I’ll help you set it up. I personally use the models I listed with one caveat: I’ve not used the wifi equipped version of the RB4011. I don’t know if the new editions fix the wifi issues it had. If you choose the RB4011, get the non-wifi version and then get a cAP AC or the hAP AC 2.

As my luck would have it, isp supplies is out of stock on the RB4011iGS+RM
Any other vendors you trust?

Baltic Networks and r0c-n0c are authorized dealers in the community.

Sorry a couple more questions:

Do I need an injector with the cap ac?
Or will the RB4011iGS+RM power it on its own?

Down the road could I use the crs as an extra switch?
Just debating if I should try and ebay it to save some cost.

Port 10 on the RB4011 will power the cAP AC, which is how I use mine. Regarding the switch, sell it now. You only want to use the CRS3xx line of switches unless you have special requirements.

Ok thanks. I went ahead and ordered from baltic networks. The 4011 no wifi and the cap ac.
Hopefully someone will by the old crs

@jthompson333,

I realized I have made a potently false statement. I power an hAP AC with my RB4011’s port 10. The cAP AC, however, on its incoming port, appears to require 802.3af/at PoE. The output on the RB4011 is passive. So, you may in fact require an injector! Ugh, sorry about that. However, the cAP AC ships with the injector and power supply.

No worries. I was hoping it would work without another POE switch. If it comes with an injector, I’ll just use that until I can save up for a switch.

I was hoping to power it off at night, as its right by my bedroom (thats just a personal preference really)- I thought the POE would make that easy.
Either way it should be an upgrade that is affordable.
(I always take a peek over at ubiquiti stuff and it seems more pricey with less reliability on the router side- or so I read.)

The PoE injector supplied with cAP ac is a passive one. So powering it from RB4011 sould be fine … as long as you don’t daisy-chain another PoE-powered device off the cAP ac.