MikroTik CRS305-1G-4S+ Cloud Router-Switch

The MikroTik CRS305-1G-4S+ Cloud Router-Switch is a physically quite small, passively cooled device capable of dual-booting RouterOS and SwitchOS (the latter is usually abbreviated to SwOS in MikroTik documentation). A dedicated switch LSI (Marvell 98DX3236) allows the offloading of L2 and some L3 functions from the CPU. The CPU is a 0.8 GHz 2-core ARM device and is integrated on the switch chip.

The switch circuitry of the Marvell chip is wired to the hardware ports, and communicates with the CPU via the internal data bus. All signals to and from the physical ports therefore pass through the switch chip, and are forwarded to the CPU only if the switch circuitry is not configured to process the required functionality. For best switching performance, the CRS305 must be configured to do all switching between the hardware ports directly in the switch circuitry. Whenever the CPU must process the data traffic, there is a heavy penalty on data throughput.

As the OS names indicate, this device can function either as a router with L2 and L3 functionality, or as a Switch with mostly L2 and some L3 functionality. Unusually for such a small and fanless device, it is equipped with four SFP+ cages capable of operation at up to 10 Gbps, and a 1 Gbps RJ45 port. The latter doubles as the default administrative interface, and in addition accepts PoE power from an external source (either PoE+ IEEE 802.3at/af, or passive PoE 12-57 V).

The CRS305 comes with a pre-installed, pre-activated RouterOS level 5 license. By default, the RouterOS image is booted, but this can be changed to SwOS in the configuration. Additionally, RouterOS can be used to configure the main SwOS settings (in /System SwOS), in preparation for booting to the latter OS.

The CRS305 cannot be directly rack mounted, but two cross-shaped sockets for attachment screws are present at its bottom. They are meant mostly for wall mounting, but can also be used to fasten the device to a rack shelf. A few other physical features are unusual as well. There are no indicator LEDs around the interface ports, but a slightly recessed panel carrying seven LEDs and a multi-function reset button is present on the right side of the case (Figure 1). Therefore, the front panel must be kept easily accessible for plugging and unplugging patch cords, and the right side for visual confirmation of the router-switch status.

The top, bottom, sides and rear of the case are ventilated, and care should be taken not to block the ventilation anywhere around the case. With four copper RJ45 10G SFP+ transceivers the device uses 18 W of power (versus only 12 W with fiber transceivers), and risks overheating unless air can freely move all around the case. The CPU is equipped with a heat sensor that throttles down the CPU clock before overheating can do permanent damage, and there are temperature sensors in the SFP+ transceivers. The transceivers should in principle switch off when they reach a temperature of about 85 °C, but operating a transceiver close to its maximum temperature for a long time does reduce its useful life span, as well as the life span of motherboard components like electrolytic capacitors.

At the rear of the case (Figure 2) are two sockets for redundant external power supplies (12-57 V DC). A 24 V DC 0.8 A wall-wart style power supply is included.

The whole case is made of ventilated aluminum plate. A clip for securing the cables of the power supplies is the only obvious plastic part.

At the right of the LED panel (Figure 1) is an icon warning users that the case is hot. In fact, the case is an integral part of the cooling system, and is thermally coupled to both the CPU and the SFP+ cages (see also below).

Rather curiously, the PC board is branded routerboard.com, not MikroTik. Nonetheless, navigating to routerboard.com with a web browser brings you to https://mikrotik.com/product/ . RouterBOARD is a series of MikroTik routers marketed as naked boards without an enclosure, but the current and past RouterBOARDs listed on MikroTik's web site do not include the CRS305, nor anything that looks exactly like the CRS305 motherboard.

In my network, this router-switch is going to work primarily as a switch, connected with a 10 G fiber uplink to a MikroTik CCR2004 router (reviewed here and here), a 10 G fiber downlink to the PC I use all the time, and possibly two or three 1 G or faster downlinks to other LAN hosts.

This router-switch normally retails for around 230 € in the EU, which is more than I was willing to pay and almost twice the US price. Eventually I found on Amazon a demo unit located in Latvia and offered by a German (!) retailer for 125 €. However, the amazon.de web site insisted that the transaction was not allowed (which I thought was strange, because within the past couple of months I did buy a few MikroTik items from the very same Amazon seller). Then I found the same, or an identical, item on eBay from the same seller at 150 €, and my order went in without a hitch.

At this slightly higher price, the CRS305 is still cheaper and more versatile than any of the small managed 10 Gbps switches of other brands I have seen offered in the past year on Amazon in the EU. In fact, for the same amount of money I would be able to buy on Amazon only a media converter with a single SFP+ cage and a 10 G RJ45 interface.

Apparently 10 G switches are still regarded as a kind of "luxury" items in the EU, and buyers charged a premium price that does not reflect their real market value. The same certainly applies also to legacy Cisco switches with 10 G uplinks, which are sold at artificially inflated prices. Come on guys, this is 2023, and all enterprise switches nowadays have 10 G uplinks, or else are not worth buying.

MikroTik also sells the CRS305-1G-4S+Out, a model likely using a very similar motherboard, and housed in a weather-proof enclosure for outdoors pole-mounting. The enclosure has a plastic front, while the whole rear is a die-cast aluminum heatsink with large cooling fins. Among a few differences from the table-top model, the outdoors model is equipped also with an RJ45 console port.

The CRS305 is not meant to be a core router, but it may be powerful enough for use as an edge router for a home network or small office. The main point of this device is its capability of working as a totally silent 4-interface 10 G optical switch. However, there are limitations to the hardware offloading of switch functionality. For example, the CRS305 only supports one bridge with hardware offloading. Additional bridges cannot use hardware offloading.

SFP+ cages, transceivers and cable

First of all, some users report that this router-switch does not work with copper Ethernet 10 G transceivers. I am passing on the warning to you. These negative experiences may be caused, at least in some cases, by hardware or firmware incompatibilities, unrealistic user expectations, or failure to read the MikroTik documentation.

What does work in these cages are 10 G fiber transceivers, both singlemode and multimode. They use much less current than 10 G copper transceivers, and run much cooler. 1 G copper Ethernet transceivers also work, should you need more of these interfaces than the lone built-in 1 G interface. They run warmer than fiber transceivers, but to a lesser degree than 10 G copper transceivers. In a way, it is a pity to "waste" a 10 G SFP+ cage by using a 1 G transceiver, but legitimate situations may demand this.

Some users report that, especially with cheap cat.6 or cat.7 cables, 10 G copper Ethernet transceivers drop down to 5 G of 2.5 G. However, if you use the cheap 10 G RJ45 single-speed Chinese transceivers that flood the market, they cannot switch to a slower speed, and will simply refuse to work if the quality of the link is not good enough. Therefore, before complaining about the CRS305 not working with 10 G RJ45 transceivers, do make sure that you are using at both ends of the link multi-speed transceivers that can switch down to 5, 2.5 or 1 G, and that you are using a high-quality cable.

Copper-clad aluminum Ethernet cable is often used as a cheaper substitute for solid copper cable, but has plenty of problems with contact reliability, higher attenuation and mechanical brittleness. If you are not careful when ordering Ethernet patch cords or bulk cable, you can easily get copper-clad aluminum instead of solid copper. In fact, copper-clad Ethernet cable cannot be certified as cat.5e and higher, so selling e.g. "cat.6" copper-clad cable as frequently seen on AliExpress, eBay etc. is a plain fraud.

Significantly, MikroTik documentation of the S+RJ10 10 G copper transceivers says: "... supported also on devices with passive cooling, but may require an extra cooling", so MikroTik is aware that cooling of these transceivers may be insufficient on fanless devices. The SFP+ cages of Cisco routers and switches are usually equipped with extruded heatsinks, but not MikroTik's. Check also the comments thread at the end of this review. Personally, I would rather go for the added fan on top of the CRS305 case as shown in the review, rather than with the small heatsinks glued to SFP+ cages and to the protruding part of RJ45 transceivers, as suggested by some reviewers. I tend to believe that a silent 60, 70 or 80 mm fan running at an inaudible speed will provide enough cooling. A larger fan is probably overkill, compared with the approximately 100 by 40 mm perforated area at the top of the case. A pair of 40 x 40 mm silent fans may also be adequate.

Direct-attach 10 G or 28 G SFP+ patch cords equipped with copper cable or fiber are less likely to overheat than 10 G RJ45 transceivers. In my opinion, these 10 G RJ45 transceivers are better avoided whenever possible in new installations. The prices of fiber transceivers and LC-to-LC fiber are decreasing fast, making optical media more and more competitive. A traditional RJ45-based corporate LAN uses a large amount of copper, which has steadily become more expensive through the years. Besides increasing the price of solid-copper Ethernet cable, this also encourages dishonest sellers to sell copper-clad cable to unsuspecting customers. A further factor in the copper-versus optical media choice is that the high price of copper scrap encourages the theft of copper cables, which is now rampant in many countries, while optical fiber is essentially worthless to thieves. A traditional corporate or campus LAN may contain a ton or more of bulk copper, which can make it an interesting target for thieves in vulnerable locations.

The four SFP+ cages of the CRS305 support transceivers capable of 10, 5, 2.5, 1.25 and 1 Gbps data speeds. An aluminum heat spreader is mounted under the circuit board, in correspondence of the SFP+ cages, and is thermally coupled to the circuit board by several dots of heatsink paste. A rubbery heat conducting mat bridges the gap between the heat spreader and the bottom of the case.

In my experience, the CRS305 is less compatible with third-party SFP and SFP+ modules than the MikroTik CCR2004 router. For example, HiFiber ASF-GE-T transceivers (RJ45 1 G) work without problems on the CCR2004, but are not recognized by the CRS305 (I tested four known-good transceivers of this model, with identical results). As a whole, more recent transceivers seem to be more compatible than the ones I bought around five years ago.

When choosing which 10 G transceivers and connecting media to purchase, there are a few considerations to keep in mind:

• It may pay off to spend a little more and get transceivers designed for a broader compatibility. In particular, multi-speed transceivers are more versatile, and easier to re-use, than single-speed ones.
• Use good quality fiber or copper cables, check that they are in good condition, and stay well below the maximum link length for a specific transceiver pair and connecting media. If the link is marginally too long, or a fiber damaged by crushing, or a copper cable kinked or slightly out of specifications, the link risks not working at all, or coming up at a lower speed than 10 G.
• It is always a better bet to use identical transceivers at both ends of a link (or complementary transceivers designed to work as a pair, in the case of a simplex link), as opposed to two transceivers of different makes and/or models.
• Prior to a purchase, search the web for confirmation that a given transceiver model is compatible with the intended pair of MikroTik devices located at either end of the planned link.

CPU cooling

The switch LSI with integrated CPU has a relatively small heatsink on top, and a silicone rubber heat-conducting mat bridging the gap between the bottom of the circuit board and a stamped indentation in the bottom of the case. The latter, together with the heat conductors between SFP+ cages and bottom of the case, cause the case to function like a heatsink and to get quite warm to the touch. Mounting a fan atop the case, as mentioned above, is likely the most practical way to substantially reduce the temperature of the device.

If the CRS305 is mounted on a shelf in a 19" rack, or simply placed atop a rack-mounted device, the space between the top of the CRS305 and the bottom of the next rack-mounted device is as little as 17 mm. If no empty rack slot is available above the CRS305, one is forced to use very low-profile fans to cool the latter, e.g. a pair of Noctua NF-A4x10 PWM, which are only 10 mm thick.

Grounding

A threaded hole at the rear of the case is used to attach a ground cable, fastened with a screw. MikroTik warns against grounding the metal case with this hole if you are using a PoE Ethernet link to the RJ45 interface, perhaps because of the risk of creating a ground loop. The external power supply that comes with the device is completely isolated and not grounded, reducing the risk of ground loops. When only this power supply is used, for safety reasons the grounding contact of the CRS305 case should be used.

Rubber feet

Four small, thin adhesive rubber feet are included among the accessories. They fit into slight depressions at the bottom of the case, and you should use these feet regardless of how you mount the router-switch. Not using the feet prevents the ventilation holes at the bottom of the case from working.

Color and style

The CRS305 is housed in a silvery aluminum case, different from the white spray-painted cases of most MikroTik high-end switches and routers. As discussed above, the case works as a heatsink, and painting it would reduce its effectiveness. This case looks and feels much better than the plastic cases of other small, table-top MikroTik switches and routers. The case is made in two pieces, fastenet together by four screws at the bottom of the case. The panel carrying the LEDs and the rear panel with power connectors are integral parts of the bottom of the case, and the front panel with cutouts for the network interfaces an integral part of the top.

Passive cooling in practice

With a 1G connection to the RJ45 port and a 10 G singlemode duplex transceiver in one of the SFP+ cages, the case gets slightly warm to the touch, albeit not worryingly so. Things change if one or more 10 G RJ45 transceivers are used, and in this case I do recommend to mount a fan on top of the case, blowing into the ventilation holes located directly above the SFP+ cages.

Specifications

MikroTik reports a total throughput with large (1,518 bytes) frames in excess of 40 Gbps when only switching is performed. Routing throughput with 25 filter rules and 1,518 bytes packets is 0.78 Gbps. On the other hand, fast-path routing reaches 1.26 Gbps. Clearly you should not expect wire speed when using the CRS305 as a router, but you can achieve it as a switch. With RouterOS, this assumes that you use the optimal configuration and configure hardware offloading of all relevant functions (as described in MikroTik's RouterOS instructions). Configuring with SwOS partly removes the opportunities for misconfiguration, but you must still follow MikroTik's SwOS instructions.

The technical specifications are available here. The motherboard has no user-upgradeable components.

Configuration

The CRS305 by default boots to RouterOS, but can be configured to boot from the much leaner SwOS. The file size difference between the CRS305 installation packages of RouterOS (13.5 MB) and SwOS (70 KB) is massive. SwOS lacks almost all the L3 functionality present in RouterOS, and in addition offers no CLI and no WinBox configuration, only a web-based GUI accessed via HTTP (not HTTPS).

Since I have beeen learning RouterOS for a couple of months, I saw no particular reason for not using it for my initial configuration of this device. Should I discover that RouterOS uses too much of the CPU resources on this small device, my second-choice plan is to boot to SwOS and test whether it runs faster and without losing any of the limited L3 functionality required in my network. However, at least one reviewer of the CRS305 did find that RouterOS on this device gives a slightly better throughput (by 5%) than SwOS, so RouterOS may be a better choice in this respect.

In my test network, the CCR2004 edge router also functions as DHCP server. Therefore, it makes sense for this DHCP server to assign a reserved address to the CRS305. To do this, you need to know the MAC address of the latter device. The default MAC addresses of a CRS305 are printed on a label at the bottom of the device. Alternatively, after connecting the CRS305 to the LAN, WinBox will discover its MAC address and display it in the list of available connections. There are additional ways, e.g. after manually configuring the CRS305 with a LAN-compatible static IP address, you can get its MAC address from a MikroTik router on the same LAN via the MikroTik neighbor discovery protocol:

/ip neighbor print

With the MAC address, it is a simple matter to configure on the DHCP server of the router a reserved IP address for the CRS305, for example:

/ip dhcp-server lease
add address=10.10.10.2 mac-address=48:A9:8A:79:EE:09 comment=CRS305 server=dhcp1

Afterward, don't forget to configure the CRS305 to receive its IP configuration via DHCP (se the next section).

Booting the CRS305 to RouterOS

RouterOS is available for different CPU platforms, but not for specific device models. The CRS305 requires the version for the ARM (not ARM64) platform. At the time of writing, the RouterOS stable version is 7.12.

The CRS305 is delivered from factory with a default RouterOS configuration as a switch. After connecting for the first time to the CRS305 with WinBox, my recommendation is to use the QuickSet dialog (above) to:

1. Manually change all settings that need to be changed for the switch to work in your network. My settings in Figure 4 are only an example. For example, you may decide to assign an IP configuration to the CRS305 with DHCP (click the Address Acquisition, Automatic radio button).
2. Physically connect an interface of the CRS305 to your network, and make sure it has contact with the Internet (e.g. ping the switch from your router).
3. Update RouterOS to the latest stable version and reboot. Given the relatively low-end CPU, the boot process is fairly slow, so allow for a minute or two.

In my case, all settings needed to be changed, except for Mode (already set to Bridge, which is the right choice for a switch) and VPN.

Booting the CRS305 to SwOS

Unlike RouterOS, SwOS is available for specific Mikrotik models and model families. At the time of writing, the CRS305 requires the specific swos-css305-2.13.bin package. Note that RouterOS and SwOS version numbers do not track each other.

Example configuration

Rather than discussing in detail selected aspects of the configuration, I decided to provide the entire current configuration of my CRS305 as exported from the device. As such, it does contain a few commands that are not strictly necessary. For general advice on learning RouterOS and a basic explanation of RouterOS configuration principles, see my page on CCR2004 configuration.

The configuration of this device as a general-purpose switch is quite straightforward and concise. However, specific uses as a switch may require additional configuration not covered by this example. Specific regional settings lite NTP servers and time zone likely do not apply to your case. Software id (i.e. the RouterOS license number) and serial number have unique values for each device. Just in case, save these values somewhere safe, because you may need to tell them to MikroTik support if the flash memory somehow is wiped clean.

# 2023-11-22 13:54:55 by RouterOS 7.12
# software id = ****-****
#
# model = CRS305-1G-4S+
# serial number = *********

The first setting below is created by Quick Set, a bridge called bridge. In many OSs this would be a reserved word that you cannot use as the name of a user-defined variable or entity, but apparently this is not a problem in RouterOS. Also, comment=defconf denotes a setting automatically created by the router as part of a default configuration.

/interface bridge
add admin-mac=48:A9:8A:79:EE:09 auto-mac=no comment=defconf name=bridge

The three following settings are automatically created by the router. They do not appear to be relevant in the context of a CRS305, so they are probably generated by RouterOS regardless of the type of device, and regardless of whether the serial port hardware exists..

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/port
set 0 name=serial0

All hardware interfaces are added to the bridge.

/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge comment=defconf interface=sfp-sfpplus3
add bridge=bridge comment=defconf interface=sfp-sfpplus4
/ip address
add address=10.10.10.2/24 interface=bridge network=10.10.10.0

Below I configure a DHCP relay out of an abundance of caution. On the same IP network, often the initial DHCP client requests are forwarded to the DHCP server even without specifying a DHCP relay. Nonetheless, it does not hurt to specify the right DHCP server, to reduce the risk of clients nor receiving a dynamic IP address.

/ip dhcp-relay
add dhcp-server=10.10.10.1 disabled=no interface=sfp-sfpplus1 name=relay1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip route
add gateway=10.10.10.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=10.10.10.100/32
set www-ssl address=10.10.10.100/32 disabled=no
set api disabled=yes
set winbox address=10.10.10.100/32
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Europe/Stockholm
/system clock manual
set dst-delta=+01:00 dst-end="2023-10-29 03:00:00" dst-start=\
"2023-03-26 02:00:00" time-zone=+01:00
/system identity
set name=CRS305
/system leds
add interface=bridge leds=user-led type=interface-activity
/system note
set note=CRS305 show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=europe.pool.ntp.org
add address=se.pool.ntp.org
/system routerboard settings
set boot-os=router-os
/system swos
set identity=CRS503 static-ip-address=10.10.10.2

Summary

The MikroTik CRS305-1G-4S+ is a versatile router-switch usable as a router in a small network, or a 10 G switch. Compatibility with third-party SFP+ transceiver is good, but there are exceptions. Wire speed can be reached when using the CRS305 as a switch, but throughput as a router is not so high (but may suffice for a home or small-office network). The case is an integral part of the passive cooling, and gets warm to the touch. 10 G RJ35 transceiver in the CRS305 get way too hot and require active cooling, preferably with a fan mounted on top of the aluminum case.

Price-wise, the CRS305 is one of the cheapest 10 G managed switches currently available on the market, and more versatile than most.

.