Skip to content
Mar 5 / Greg

Mikrotik CRS328-24P-4S+RM – 24 Port PoE Switch

It looks like the CRS328 is about to be a thing, and I was looking at where it fits in.

Switching Features

• Non-blocking Layer 2 switching capacity
• 16K host table
• IEEE 802.1Q VLAN
• Supports up to 4K simultaneous VLANs
• Port isolation
• Port security
• Broadcast storm control
• Port mirroring of ingress/egress traffic
• Access Control List
• MikroTik neighbor discovery
• 10218-byte jumbo frames support
• IGMP snooping
• IEEE 802.3ad and static link aggregation

Quick Specs

• 24 Gigabit Ethernet ports
• 4 SFP+ ports
• RJ45 serial console port
• Non-Blocking throughput: 64 Gbps
• Switching capacity: 128 Gbps
• Forwarding rate: 95.2 Mpps
• Maximum power consumption: 44 W (without PoE
devices connected)
• Supports PoE+ IEEE 802.3at/af and 26 V
Passive PoE (per port individually selected/auto)
• Temperature based fan control
• 1U rackmount
• Selectable power output per port (26 / 48 V)

This switch has an ARM32 CPU, and the hardware incorporates a lot of interesting features that can be thrown into hardware…once it is integrated into ROS. I say ROS, it has SWOS support, but nobody likes or uses SWOS.

Here’s a typical MDU setup; many APs going into a switch. This switch can terminate AF/AT compliant devices as well as standard passive PoE devices. Prior to this switch coming out I would be looking at something like the Ubiquiti EdgeSwitch 24(EdgeSwitch ES-24-250W).

They both support port security(mac limiting), storm control(limit broadcast/multicast storms), and I believe DHCP snooping(prevent rogue DHCP servers). The CRS has SFP+ ports while the ES only has SFP ports, so this gives it an advantage there. Price wise the CRS will sell for around $379 and the ES24 sells for around $400, so there’s a slight cost savings from the CRS.

I don’t believe either does dynamic ARP inspection(ensuring that clients can’t spoof addresses), but I can always hold out hope.

While the CRS is new(I can’t yet order one), it seems to have a bit of an edge for my scenarios(MDU environment)…especially as they begin to unlock some of those hardware features.

What say you…interested in giving it a go?

Mar 4 / thebrotherswisp

TheBrothersWISP 65 – OpenVPN, Siklu 10Gb, VAR’s Design

This week Greg, Mike, Wilson, Miller, and Tomas discuss the chick pea, it’s neither a chick, nor a pea.

This cast we talk about:
chinog in may
Wispamerica very soon
OpenVPN isn’t so hard Mikey 😉
Unimus has some US MUM vouchers, so bother Tomas about it.
Siklu has 70/80Ghz 10Gb wireless link
Link Calculator
Greg’s VAR rant
Move your website to https
Network Collective: Episode 4 – The Impact Of Increasing Encrypted Traffic
CHALLEGE – do some form of home automation.

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) or

Click the link below to view the article!

Feb 18 / Greg

Video Guide to Configure OpenVPN in Mikrotik For Remote Offices

Use OpenVPN along with OSPF to have remote offices that dynamically create tunnels to a hub site and share routes dynamically between the two.

Create a self-signed certificate in Mikrotik:

add name=ca-template common-name=myCa key-usage=key-cert-sign,crl-sign
add name=server-template common-name=server
add name=client1-template common-name=client1
add name=client2-template common-name=client2
sign ca-template ca-crl-host= name=myCa
sign server-template ca=myCa name=server
sign client1-template ca=myCa name=client1
sign client2-template ca=myCa name=client2

Diagram from video:

Questions/comments always welcome!

Feb 18 / thebrotherswisp

TheBrothersWISP 64 – CHR/Virtual Routers, MUM Spec, Your Lab

Greg, Wilson, Andrew Cox, and Mike put all those other sucker MCs to shame.

This cast we talk about:
Slack updates
CHR virtio-scsi driver/CHR additions in recent RC
Virtual routing
ASICs to CPU routing, and back to ASICs
What does your network lab look like?
Upcoming events

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) or

Click the link below to view the article!

Feb 11 / Greg

My Mobile Home Network Lab

So my lab allows me to login to a web page and power on/off all of my network gear. I also have a console server to remotely access every piece of gear. I use this lab extensively for building my Lynda and LinkedIn Learning videos. I also use it regularly for all sorts of network testing.

Everything is remotely accessible through the console server as well as remotely powered.
I have:
– 7206 G1
– 2621XM
– 3550
– 3750G

-hap lite

Digital logger power controlers
Avocent cyclades console server

Let me know what you guys do for your home lab!

Feb 4 / thebrotherswisp

TheBrothersWISP 63 – Mikrotik NL 80, Network Coach, Sales People

Join Tomas, Mike, and Greg as we roll the D20, and forage through our bag of holding.

This cast we talk about:
Mikrotik updates
Newsletter 80
USB-powered MT
Getting a network coach.
Account manager vs. sales vs. sales support vs. sales engineer
The boring company’s flame thrower

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) or

Click the link below to view the article!

Jan 26 / Greg

OTRS To Gmail Failure

When trying to fetch email from Gmail into my OTRS install I saw the following error:


CommunicationLog(ID:29,AccountType:-,AccountID:-,Direction:Incoming,Transport:Email,ObjectLogType:Connection,ObjectLogID:29)::Kernel::System::MailAccount::IMAP => IMAPS: Auth for user failed!

First, log into your gmail account. Then go to “settings => forwarding and pop/imap” and enable imap.
Second, edit your account and set it to allow “less secure apps to use your account”.

You should now be able to properly fetch…good luck and happy ticketing 🙂