I plan to bye 4 switches, but i can't find detail broshure about CRS326-24G-2S+RM.
I need to know what kind of security is implemented in devices like CRS326-24G-2S+RM without scripting.
Is this devices fully support 802.11X?
Is it have function like: some kind of stacking, lock source MAC addresses to ports, limit the number of learned MAC addresses, dynamic ARP inspection, IP Source Guard, DHCP snooping, Uniform MAC address-based, Private VLAN, Storm control .....
Maybe there is more?
So i need more detailed information to can make right choice, because my client plan to grow.
I open this theme, because I want to read in one place about L2 security implemented in Mikrotik Switch devices.

Thanks in advice!
Anton

This is a great question, and a topic that needs more discussion.

I may at some point create a thread about this. I'm looking into how to address "Layer 2 Security" concerns with MikroTik switches. Cisco has solutions for these issues, but so far (from what I've been able to glean) MikroTik does not have a plan for each case. A public figure and author in the MikroTik community was not aware of a specific issue from the list below. I don't blame them, they are busy creating solutions, not researching how to break things.

As MikroTik rollouts continue to increase, these concerns do need to be taken seriously, however. The LAN can no longer be trusted.

Two documents we should all be reading, are here and here.

Issues:

• MAC Flooding
• DHCP Starvation
• DHCP Rogue
• VLAN Hopping
• Spanning Tree Attacks
• ARP Poisoning
• MAC/IP Spoofing