Community discussions

MikroTik App
Member Candidate
Member Candidate
Topic Author
Posts: 237
Joined: Tue Sep 29, 2020 6:05 pm

cascaded core network CCR-CRS-CRS with satellite swichtes+APs - an attempt of a guide from A-Z

Sun Jul 11, 2021 2:14 pm

Hi there,
since I am not so satisfied with the delivered configuration of my MikroTik vendor, I start from scratch.
The reason is that I can't easily document changes/extensions transparently and troubleshooting is difficult with so many active options.

The network topology is quite extensive for a home user.
The casscading the core switches is neccessary because the router has only one output for DAC, which is used here. Link aggregation could also be done, possibly it does not even need this but I want to get into a situation where I do not have to test this.
In addition, at the end of last year I had not found a better combination of switches for min. 10 SFP for fibre and min. 10 PoE for the intercom (with the prospect of future expansion).
The edge devices, i.e. the hEX... and cAP... result from the architectural situation of the apartment building. The network overview is not complete yet, there are still some edges missing but it is enough for a first basic configuration.

Since I will eventually reach the limits of clean documentation, I document the whole scope and detail on PackElend/MikroTik ( and would only note the steps here. Whenever necessary I will also record the configuration here.

I would like to split the journey into several steps, as already indicated on GitHub. I'll start with the pure LAN network segmentation. The ISP router (a FRITZ!Box 4040) will remain the gateway to the www to firewall my network.

Here is the network overview:

My steps:
  1. LAN with VLANs, default optimization, no added security
    I still have to "close" topics I created or discussions I participated in. Hopefully done next week
  2. WLAN, with two/three SSIDs, linked to VLANs. Working using CAPsMAN.
    There are some questions remaining, which I currently seeking answers for
  3. todo: firewall rules to allow me to remove the ISP's router
  4. todo: running log-server etc. to monitor things, as will onboard additional user for testing (in particular wireless coverage)
  5. todo: radius for WLAN authentication/VLAN assignment of clients
  6. todo: get GNS3 simulation done (maybe earlier)
  7. todo: ...?

Who is online

Users browsing this forum: Semrush [Bot] and 23 guests