I’m about to design the network architecture of our new home. I don’t have any hardware yet and are therefore completely free to pick whatever vendor and devices I want to as long as it stays within a reasonable budget. Currently I tend to buy a CRS326 switch running RouterOS as switch and “network management unit”.
I have good general IT knowledge, limited network knowledge and nearly no knowledge regarding MikroTik device management. In order to tackle the last point I borrowed an old hAP from work to test some stuff and get familiar with it.
Boundary conditions:
I have to use a coax-router provided by my ISP with DS-lite dual-stack. The router doesn’t support VLANs. For my questions here the interesting part of the network probably begins after this router.
Wishlist:
At least 24 switch ports with 1 Gbit/s, connected with the patch panel, going to the rooms and three APs
The APs should support WiFi Roaming
I want to have several VLANS for the internal home network, guest, IOT devices…
I need some VLAN routing, so that e.g. my Smartphone from home VLAN can access my vacuum cleaner robot in the IOT network
I need to have at least home, guest and IOT VLANs also on 2.4 and 5 GHz WiFi (probably with one SSID per VLAN)
Questions:
Does my general plan make sense at all and can the CRS326 provide all the required functionality? And does it have enough computational ressources?
I read that MikroTik doesn’t support the WiFi “r” standard and has it’s own implementation for WiFi roaming through the CAPsMAN. Could I also include APs from other vendors here or am I limited to Mikrotik APs using CAPsMAN?
If I have to stick with MikroTik APs I would probably choose the “cAP ax”, since it’s the only currently avaliable WiFi 6 one. However I can’t see any information whether this AP supports several SSIDs and VLANs. Does this work out? I would use only one single Ethernet port and power the AP via PoE (using an PoE injector between Switch and Patch panel).
Of course they could, but don’t want them to. Call me paranoid, but I don’t want to have all guest devices in the same network as e.g. my computer or my NAS. And for me (almost) all IOT devices are by definition insecure, because most of them don’t receive security updates (at all of for an appropriate amount of time) and therefore I want to have them isolated (as much as possible). Plus I don’t trust (most of) the vendors.
That’s the same reason (or one of them) why I don’t just pick all components from TP Link and manage everything through Omada - because I don’t trust a Chinese based company enough to manage my whole IT with their system. But that’s very subjective, I wouldn’t mind that much using a TP Link AP though. Besides, I don’t trust American IT companies much more than Chinese ones, that’s one of the reasons why I would also rather pick MikroTik than Ubiquiti. Again, call me paranoid, but my gut feeling is just that I can trust an Latvian IT company more than an American or even Chinese one.
Qa - it does make sense. Can’t comment on computational resource part for CRS326 (it’s arm32 with 800MHz processor so depending on config and load, it might fall short comparing to e.g. RB5009)
You might also go for RB5009 (more future safe) and use a simple managed switch for the breakout of the needed ports ?
Qb- MT does support r-standard once radios are controlled by the same ROS instance (can be local or capsman). Only MT AX devices are supported on stable versions (since yesterday most of arm-based ac devices able to run qcom-ac package via ROS 7.13b1 as well. But beta so beware …).
Qc- All MT devices support multiple SSID and VLAN. For Wifi6 you also have AX3, AX2, AXLite, Audience, …
When using e.g. AX2/3, you can also use those devices to provide additional 4 ether ports on that location, perhaps reducing the need for a 24-port switch ? Just an idea.