I few years ago I was dealing with a big problem… my switching network had some serious limitations… I inherited some 48 port POE switches that just didn’t performed that well anymore.<\/p>\n\n\n\n
Some of the problems I had were: very slow initialization at boot up, web UI (the primary way to configure this switch) was using dated cipher suites and browsers such as Chrome wouldn’t even connect to it anymore.<\/p>\n\n\n\n
I also have a huge problem with uplinks.. I only had 4 1GB SFP ports on that switch, and the switching capacity was only just above 100 Gbps. The only thing this switch had going for it was that I had a full 740W POE budget and it could power our POE phones no problem. I also wanted to have a master switch that I would uplink to and this brand didn’t really have that.<\/p>\n\n\n\n
We were also needing to run some Fiber and I wanted to have a Fiber backbone between our switches so what I inherited only had 1Gbps Ethernet as a trunk. Finally, I noticed that when the network utilization got too high, the switches would become unresponsive or reboot – I was hitting their maximum capability.<\/p>\n\n\n\n
I had learned Cisco but we can’t afford Cisco and I wasn’t in love with the small business products. We needed something better, what I really was looking for was speed… wine on a beer budget so to speak.<\/p>\n\n\n\n
The Unifi series of switches would have been a good choice but I didn’t know enough about their product at the time to implement. And I happened upon a killer series of switches… one of which is the Mikrotik CRS354-48P-4S+2Q+RM. I had some serious reservations about this switch, it isn’t the easiest thing in the world to learn, there are many ways which I could implement it. I know that some people had experienced serious problems with stability and groups of ports freezing on that model.<\/p>\n\n\n\n
But I got a couple and did serious testing with it, and found that if I updated to the newer firmware, all my stability problems went away. I stuck with RouterOS instead of SwitchOS, and learned how to configure the hardware offloading for L2, and since I have a very, very powerful killer router with many interfaces – I let my router do all the network security and let my switches do what they do best – switch network frames.<\/p>\n\n\n\n
I don’t want to give up too much information about what exactly we all run at our work – but I had a guy ask me if our router was like a home commodity router, like a entry level Belkin… lol. Uh no… our router is an enterprise grade router with HTTPS content inspection and a full suite of security services. Our router also is connected to a massive online dashboard that gives us complete visibility into logging, clients, reporting, VPN, DNS, attacks, and more than you could imagine – like Geo-location blocking, AI powered file inspection, and so on.<\/p>\n\n\n\n
Our router (like a Unifi), has very strong polices between network zones and I only allow the traffic we need and nothing more. The main thing is that it is a very fast router so I can easily allow it to do all the security policies and routing without it even having to breath hard – so we can offload all OSI layers > layer2 to our firewall and let the switches switch.<\/p>\n\n\n\n
The Mikrotik switch has 10 Gbps uplinks… it even has 2x 40G QSFP+ uplinks (but that would be severe overkill for us) – but instead of us using Ethernet trunks, we’ve moved to 10Gbps SFP uplinks. I also like the fact that Mikrotik also has a cli that lets you run commands. I turned off all webui to the Mikrotik.<\/p>\n\n\n\n
You’re really going to have to have your act together if you are going to install a Mikrotik switch and really configure it properly, there are many, many settings and to secure it properly there a lot of configuration to do. But the backup and restore functionality is great – I have had virtually zero problems running Mikrotik switches as our core switches – they are a workhorse of a switch.<\/p>\n\n\n\n
The truth is I really prayed about it a lot – I’m not telling you to put your faith in Mikrotik. I asked God to bless our network and make it stable. I realize that might sound incredibly foolish to some of you… an I.T. guy that says technology is just a small thing compared to putting your faith in God? What difference would that make on hardware and software in a box?<\/p>\n\n\n\n
It’s important that we know our stuff, that we make wise decisions but we need to realize that is the extent of our power. Psalm 127:1 Unless the LORD builds the house, those who build it labor in vain. Unless the LORD watches over the city, the watchman stays awake in vain.<\/em><\/strong> The Lord has the last word and ultimate say in our lives. Even the best conceived network with the most shrewd configuration can fall if the Lord isn’t involved. I completely believe that. I do my best, but my best is nothing – I have to ask the Lord to bless my work and make it pleasing for him – then it can stand because I’m not holding it up – the Lord is.<\/p>\n\n\n\n Jason<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" I few years ago I was dealing with a big problem… my switching network had some serious limitations… I inherited some 48 port POE switches that just didn’t performed that well anymore. Some of the problems I had were: very slow initialization at boot up, web UI (the primary way to configure this switch) was […]<\/p>\n","protected":false},"author":2,"featured_media":1272,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[118,2,58],"tags":[1176,1147,106,1156,1164,1145,1142,1148,1149,204,1166,1161,1177,1163,1153,1178,201,1172,1165,1168,1155,1160,150,1154,1179,1167,1085,1144,1181,1151,100,1157,1141,1174,1171,1175,1150,1062,1180,1173,1170,1158,1143,1152,1146,1169,1162,1159],"class_list":["post-1270","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-faith","category-personal","category-work","tag-10gbps-networking","tag-48-port-switch","tag-ai-security","tag-chrome-ssl-error","tag-cisco","tag-cisco-alternatives","tag-crs354-48p-4s2qrm","tag-d-link-switch-issues","tag-dns-filtering","tag-enterprise-networking","tag-enterprise-router","tag-err_ssl_version_or_cipher_mismatch","tag-fiber-backbone","tag-firewall-security","tag-geo-blocking","tag-gigabit-uplink-limitation","tag-hardware-offloading","tag-high-throughput-switching","tag-https-inspection","tag-layer-2-switching","tag-legacy-hardware-problems","tag-logging-and-monitoring","tag-mikrotik","tag-mikrotik-crs354-48p-4s2qrm","tag-network-bottleneck","tag-network-optimization","tag-network-segmentation","tag-network-switching","tag-network-troubleshooting","tag-network-upgrade","tag-network-visibility","tag-outdated-firmware","tag-poe-switch","tag-qsfp-uplinks","tag-routeros","tag-sfp-uplinks","tag-slow-switch-performance","tag-smb-networking","tag-switch-reboot-issues","tag-switching-capacity","tag-switchos","tag-tls-cipher-mismatch","tag-ubiquiti","tag-unifi-alternatives","tag-unifi-switching","tag-vlan-configuration","tag-vlan-security","tag-vpn-networking"],"_links":{"self":[{"href":"https:\/\/blumenort.ca\/index.php\/wp-json\/wp\/v2\/posts\/1270","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blumenort.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blumenort.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blumenort.ca\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blumenort.ca\/index.php\/wp-json\/wp\/v2\/comments?post=1270"}],"version-history":[{"count":10,"href":"https:\/\/blumenort.ca\/index.php\/wp-json\/wp\/v2\/posts\/1270\/revisions"}],"predecessor-version":[{"id":1283,"href":"https:\/\/blumenort.ca\/index.php\/wp-json\/wp\/v2\/posts\/1270\/revisions\/1283"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blumenort.ca\/index.php\/wp-json\/wp\/v2\/media\/1272"}],"wp:attachment":[{"href":"https:\/\/blumenort.ca\/index.php\/wp-json\/wp\/v2\/media?parent=1270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blumenort.ca\/index.php\/wp-json\/wp\/v2\/categories?post=1270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blumenort.ca\/index.php\/wp-json\/wp\/v2\/tags?post=1270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}