New simple home network design with wifi6, 802.11r, and 4Gbit/s KPN Box 14

I've been a very satisfied Mikrotik user for a long time and appreciate the range of access points and routers and attractive price point.

For almost 8 years now, I've had and still have (!) two Mikrotik cAP ac (RBcAPGi-5acD2nD) wireless access points and one hEX S (RB760iGS).

Next month, I'm switching internet providers and we're switching from Odido to KPN. For Odido internet, the hEX S is connected to the NTU with the correct VLAN configuration. Approx three years ago I switched from XS4ALL (200Mbps) to Odido (1Gbps) and in the beginning months the advertised speeds matched well but quickly degraded, and sadly they only support IPv4.

With the switch to KPN, they promise an amazing 4 Gbit/s and the KPN Box 14 modem has Wi-Fi 6 (802.11ax) built-in. The KPN modem also supports 802.11b, 802.11g, 802.11n, 802.11a, and 802.11ac.

The antenna configuration for Wi-Fi 2.4GHz is 3x3 and for 5GHz 4x4.

In addition, the KPN modem has: two 1Gb LAN Ethernet ports, one 2.5Gb LAN Ethernet port, one 10Gb LAN Ethernet port, and one 10Gb WAN Ethernet port (for the fiber optic connection).

For the new setup, I want to be able to replace in phases. The replacement of the wireless access points are important here because I suspect their performance has deteriorated over the years, but I can't confirm/ proof this with logs or metrics.

I currently have two 1Gbps managed switches (Netgear), a handful of ethernet connected/ wired devices like televisions, Small servers PCs, Home Assistent green, Solar inverter, Synology NAS, etc.
And iPhones, Androids, iPad tablets (high-end 2.4+5GHz), and 2.4Ghz and WPA2 limited devices e.g. kitchen appliances, thermostat, IKOHS CREATE ceiling fans, ESP32 etc.

In the router I have configured:

• NAT catch and forward for all NTP traffic (before the block rule below).
• Block Internet connectivity for certain devices based on the MAC address.
• NAT catch and forward for all DNS traffic to internal DNS server (Adguard).
• Pinhole for webservices (e.g. home assistant).
• SSID without Adguard.
• CapsMan to manage two accesspoints

I have no idea how detailed the firewall/ router can be configured in the KPN Box 14.

My first questions before I continue:
Is 802.11r Fast BSS Transition (FT) compatible between different brands/ chipsets – Can I combine the KPN Box 14 modem/AP/router with two cAP ax (cAPGi-5HaxD2HaxD) wireless access points?

Would it be as simple as setup the same SSID, WPA key, enable 802.11r and of you go? And configure additional SSIDs (so I can decide for the client which AP to connect to) for the older appliances?

Regards, any help is appreciated….

FT can't be combined, roaming experience will degrade (take some more time) when the KPN Box is involved. Does roaming have to be instantly?

All security settings have to be identical to have roaming, not only WPA key.

The KPN Box is, AFAIK, very limited. Why not upgrade the router as well and have it configured the way you want it? Perhaps a hAP AX3 in comnbination with 2 wAP AX or cAP AX?

Or indeed the option of @victorbayas which will give you more speed.

RB5009 and multiple cAP AXs

I like this solution!

Probably adding a Mikrotik S+RJ10 to the RB5009. To allow the full 4Gbps bandwidth?

kpn_4Gbps846×669 133 KB

I can then extend/ upgrade the setup with a CRS305-1G-4S+IN and VLAN filter.

Roaming does not have to be instantly, does this change your advice. Other suggestions on the hard- and software are always welcome.

You need to understand that those ISP-provided boxes are dumb and limited, but they shine in performance. They run optimized software for the chipset, allowing all kind of accelerations that RouterOS is lacking.

To compensate for that, you need to buy higher-end MikroTik equipment than what the ISP is giving away for free (and cheap to buy on the market). An RB5009 is not so bad, but of course you will not be able to achieve your 4Gbps in a setup like above, because the RJ45 ports are not that fast. ether1 is 2.5Gbps but issues are often reported with that, so you need to be prepared that it would not negotiate 2.5Gbps in some cases. But in your case, you would have “only” 1 Gbps for each port, so only when 4 ports on the RB5009 are maxed out at the same time you can achieve your 4Gbps.

Also, you might already hit the CPU limit there. For example, PPPoE in RouterOS is software-implemented (the chips support hardware acceleration for it but RouterOS does not support it, the ISP white boxes do!) and you may see a single core maxed out when trying to achieve 4Gbps.

I was also looking at the CRS310-8G+2S+IN. According to the specs this CRS (Cloud Router Switch) supports RouterOS, and has 2.5Gbps ports. Or the CRS305-1G-4S+IN (approx. 130 euro) or CRS309-1G-8S+IN (approx. 200 euro) and the 10G SFP+ module (approx. 60 euro).

I can add two 1Gbps ethernet SFP+ (I think I still have wandering around) to connect to the switches and one S+RJ10 to connect to the NTU. Where I actually would prefer fiber to fiber and not fiber to network termination, but I don’t know the fiber specs I assume 1310-TX/1490-RX.

Do the CRS router/switches support the same feature set as the hEX-S I already own?

All MikroTik devices running RouterOS provide the same feature set, but the performance varies.

With CRS devices you have to know that they are “primarily switches that can do routing as well”, so a device with multiple 10Gbps ports can do switching between the ports at 10Gbps but not necessarily routing.

Always look in the details page of the product under “test results” and note the difference between switching and routing specs. The typical speeds a user can expect are the “routing with 25 ip filter rules” for 512 byte packets.

For the CRS310 you see that this is by far not enough for your needs.