I honestly recommend to replace the CRS125 with the RB4011 if you have any of these conditions:
- More than 1 VLAN that requires HW Off-loading to not load the CPU of the router and not loose wired speed on the LAN.
- VLAN filtering (a.k.a) Firewall rules to control traffic between VLANs. Even if you can handle more than 1 VLAN with HW off-load this feature disables in all the Mikrotik devices when VLAN Filtering is turned on except on the CRS series (specially the CRS 3.xx)
I was on a similar dilemma (and still are) in which I want all the features on a single device: IPSec HW Acceleration, Great Performance as Router and as Switch, Wired Speed on VLANs (and also using VLAN filtering). Based on my own personal analysis Mikrotik doesn't have a single device with all these features built-in.
I have seen for years (and suffered myself) tons of posts of people struggling with the VLANs and its features. I finally opened my eyes when I spent a good quality time reading this wiki page (URL:
https://wiki.mikrotik.com/wiki/Manual:S ... p_Features). So to get all the features that I am looking for I cannot do it with a single device (even the RB4011 that was one of my first options when it came out last year).
Basically I do cross check now the diagram block of each device (found on the hardware specs) with the switch chip and the features (VLAN tables and rules tables) of each switch chip (plus the IPSec HW support or not). As non of the Mikrotik devices supports VLAN filtering with wired speed except the CRS3xx series basically is a non-go for me to go with a single device.
So my plan is (unless Mikrotik announces a product that has all these features integrated that I seriously doubt) is to do the following:
- For routing function only (to get IPSec HW Acceleration, Firewall, NAT, etc) and all the cool features on WAN connectivity my plan is to go with a hEX S that is an ARM dual core with IPSec HW Acceleration. I could go with the RB4011 but for the type of the connection that I do have it will be an overkill and I want to keep my costs low as I need to add a second device.
- For switching function that does Layer 3 VLAN intra-routing, VLAN filtering and get full wired speed I am planning to go with a CRS3.x series. My main candidate is the CRS326 that has 24 x 1 Gbps ports + 2 SFP+ ports BUT I am waiting for the CRS312 that was announced last year that has 10 Gbps interfaces (all copper).
With this approach I get all the features that I am looking for. I think you need to evaluate also your needs to make sure that the RB4011 can meet your requirements. If you have switching specific features like VLAN filtering I suggest you to follow a similar approach that I am doing.
Good luck!