Hi,
My first Mikrotik switch has been delivered for one of my clients, the device is a CRS326-24G-2S+.
My question is do I run it with ROS or SWOS, there does not seem to be much info of pro’s / con’s between these out there.
Also, if I run ROS, I would assume I need to config as a normal router with regards to security, i.e. disable API, FTP, etc.
The device will be used as a pure switch with Vlan’s, no routing, etc as that is done by a CCR1036
If it’s just a switch you probably could of got away with the cheaper CSS326 (2/3 the price here in the UK)
I would expect the OS to make no difference in regard to switching as it’s all done in hardware. SWOS is a bit easier to configure, and you could argue that it’s impossible to accidentally configure something (such as VLANs) in a way that ends up using software. Sounds like you have no danger of that in your case, and you don’t really have anything to configure.
I do think RouterOS seems to get more effort from Mikrotik’s side, which is obvious really as it’s their main focus. There’s an update for SWOS 2.8 out at the moment but I’ve held off updating my CSS326 so far as there seems to be various reports on the forum of upgrades not going well (coming up with old firmware instead, requiring hard reboot, etc). If I had a CRS, I probably would run ROS on it, partly just because it seems more solid.
I would probably disable services I’m not using anyway. I wouldn’t say it’s much of a security risk with only LAN access. Unless you want to physically plug into a management port to make changes, you’ll need to open some sort of admin access from the LAN anyway. If it’s basically being used as a dumb switch and I managed the router, personally I would probably leave the firewall empty and firewall any external access in one place on the router. If I really didn’t trust the LAN users, I might have a management port and lock access down to that or my remote management address. Can be more hassle than it’s worth though if something goes wrong and you find yourself trying to talk the customer through something and even getting into the thing is a struggle.
Thx usdmatt, you confirmed my thinking, ROS it is then