I am using a combination of these switches for my home. the 4S is used for the IP cameras ans the 2S is used to terminate in each room. The 8S is the central fiber switch.
works well for my use case. especially for vLaning the IoT stuffs and their chattiness.
What is the difference between the CSS and CRS prefix on MicroTik switch model names?
CSS can only run SwOs (Mikrotik Layer 2 switching Os)
CRS models can choose between SwOs and RouterOs, that can do layer3/firewalling/other stuff
All CRS models run SwOs very well , some suck at running RouterOs/doing layer3 because of cpu and power limits, others are way better
SwOs only has a web gui and while straightforward is limited in functionality, Routeros has web gui, cli and a central management plane, and you need it as configuration options are way more and it gets complicated really quickly …
So there isn’t a version of the CSS610-8G-2S+IN with 8x 1 gig with 2x SFP+ that can be managed centrally? I only need level 2 on these switches and was hoping to maintain a single MAC filter list for each VLAN.
The CRS309-1G-8S+IN would be doing the layer3/firewalling between VLANs.
The two big groups I want to segment won’t need any layer 3 stuff. The IPCams (no intra/internet) will be on the same VLAN as one of the synology ports. Guest devices (no intra, yes internet) will connect to the 2nd port on the edgerouter.
The IoT devices will be on a VLAN to lock down their access to the intra/internet. They are chatty but have very little throughput.
Last is the user devices. Not sure if I should segment them. I don’t trust some of the users (there’s no telling a 70 yr old man not to click on things). 100 Mbps is more than enough for these devices (small SMB shares and a SQL db).
If it’s recommended and the CRS309-1G-8S+IN can handle it, I’d do one more VLAN to limit the attack surface of my servers.
If by centrally you mean like the ubiquity controller, then I am afraid none of the Mikrotik devices can be controlled like that with native software (there may e third party solutions, but I have never looked into them) … the winbox app manages one device at a time … nothing like the ubiquity controller where you define your vlans/acls/stuff once and then you apply it to different devices …