Is there such a thing as a "beginner" level managed switch?

asbath · Apr 29, 2024

I'm looking into getting a managed switch to learn how to setup VLANs. Ultimately I want to setup separate VLANs to segregate devices in the future home. Right now I only have a handful of unmanaged switches (4x TP-Link TL-SG105) handling the many wired devices and naturally everything can see everything else.

I'm just starting my research into managed switches, but I thought I'd start polling first to see if there's such a thing as a basic or beginner level managed switches versus say something you'd get from Cisco for a large corporation. Think SOHO vs Enterprise.

So far, I only know (I think) that I'll need a Layer 3 switch since I want to be setting up VLANs. I also don't want a large full rack-size unit. I'm thinking something sized similar to the Cisco SG300-10MP

Nugget · Apr 29, 2024

Anything from the Cisco small business line (like the SG300 you mention) qualifies as beginner-level managed switches.

Have you considered how you plan to do intra-VLAN routing? It can be done on-switch (can be unwieldy, but will be fast) or in a suitable router (generally easier to set up, but almost certainly less performant).

Kyuu · Apr 29, 2024

You don't need a layer 3 switch for VLANs, since VLANs are explicitly layer 2. Although, nowadays many managed switches have layer 3 functionality regardless.

But to more directly answer your question, yes you'll be looking at entry-level SOHO/business equipment to get what you want, very similar to the Cisco model you mentioned (which is certainly an option). I use TP-Link Omada gear at home, and their switches will do what you want for relatively cheap, such as the TL-SG3210. There's also Ubiquiti, though I'm personally not a fan of their current lineup of networking gear. If you want really cheap, Netgear has managed switches, though from what I hear the configuration can be a bit challenging.

Speaking of challenging configuration, you can always look at Mikrotik if you really want a challenge...

asbath · Apr 30, 2024

Nugget said:
Have you considered how you plan to do intra-VLAN routing? It can be done on-switch (can be unwieldy, but will be fast) or in a suitable router (generally easier to set up, but almost certainly less performant).

Not as yet. I have a rough idea, but it's not even hit a whiteboard yet for brainstorming.

Here's roughly what I'm thinking:

security cameras on 192.168.1.0/24
smart home and IoT devices (google home minis, google nests, rokus, smart plugs, etc.) on 192.168.2.0/24
computers, tablets, phones on 192.168.3.0/24
servers (1 Unraid, 1 QNAP) and other networking equipment (routers, access points, pi-hole) on 192.168.4.0/24
a "guest network" router on 192.168.5.0/24

For example, I'd like for devices in group 1 to have no internet access and to be able to only communicate with devices in group 4. Devices in group 2 should be able to communicate only with devices in group 3 and 4. Devices in group 4 should be accessible only to devices in group 3. Group 5 would be entirely on its own and would not know the other groups exist.

That's how I intend to break down the devices, but I still need to educate myself on how that will be formally broken down at the switch or router. my current routers (2x Asus RT-AC68U and 1x Asus RT-AC66U_B1) don't have VLAN capability, so it's all new to me how it'll be done.

Kyuu said:
You don't need a layer 3 switch for VLANs, since VLANs are explicitly layer 2. Although, nowadays many managed switches have layer 3 functionality regardless.

But to more directly answer your question, yes you'll be looking at entry-level SOHO/business equipment to get what you want, very similar to the Cisco model you mentioned (which is certainly an option). I use TP-Link Omada gear at home, and their switches will do what you want for relatively cheap, such as the TL-SG3210. There's also Ubiquiti, though I'm personally not a fan of their current lineup of networking gear. If you want really cheap, Netgear has managed switches, though from what I hear the configuration can be a bit challenging.

Speaking of challenging configuration, you can always look at Mikrotik if you really want a challenge...

Again, my understanding of Layer 2 vs Layer 3 is currently quite rudimentary, but my understanding is that Layer 3 allows you to route traffic by MAC or IP address, whereas Layer 2 is done only by MAC address.

I'm thinking that I want to break down my VLANs in IP pools as above (for quicker at-a-glance identification), so I would likely need Layer 3. I could be completely wrong about that, and I'm open to suggestions. But right now this is all still just unorganized thoughts in my head as I begin looking into prosumer networking beyond just using plain old DHCP and IP address binding inside of a router.

w00key · Apr 30, 2024

2/3/4 generally use broadcast to find each other. I doubt you're planning on using the smart home stuff all on their own and never use a phone to control them. Those apps rarely have a button for "talk to IP x for the lamp".

Same for TV looking for the video/Plex server or laptop looking for other things on the network. They go broadcast on L2 and don't see anything else on a different VLAN.

Sounds good in theory, horrible in practice.

tiredoldtech · Apr 30, 2024

Here is some help that should ease setting up VLANs in a Cisco environment Practical Networking: Routing Between VLANs & Layer 3 Switches
And Practical Networking: Configuring VLANs on Cisco Switches

These modules put things in fairly simple terms, but also in simplifying- help one learn how configuration changes will affect how things talk to each other and the Internet on varying addresses through the same physical hardware.

Once you have your Layer 3 hardware (you implied possibly going Cisco), play with the settings and these VLAN configurations to get a feel/idea for how it's going to work. Once you feel more comfortable with it and have a better understanding of how you'd like your array of devices to speak to each other and the Internet, then factory reset the configurations on the unit and set the VLANs and Layer 3 routing the way you'd like. This way, it not only alleviates some of the stress from trying to do a "live config" that may not go smoothly at first and it also helps ensure a more efficient process later (as @w00key indicated, your initial may not be the best/most efficient way to go about it; you may find a revision to the 'structuring' after doing some testing to be better or completely different than what you envisioned).

Arty50 · Apr 30, 2024

asbath said:
Again, my understanding of Layer 2 vs Layer 3 is currently quite rudimentary, but my understanding is that Layer 3 allows you to route traffic by MAC or IP address, whereas Layer 2 is done only by MAC address.

I'm thinking that I want to break down my VLANs in IP pools as above (for quicker at-a-glance identification), so I would likely need Layer 3. I could be completely wrong about that, and I'm open to suggestions. But right now this is all still just unorganized thoughts in my head as I begin looking into prosumer networking beyond just using plain old DHCP and IP address binding inside of a router.

You need to setup a new subnet (the technical name for pools) for each VLAN no matter what. This is supported by both layer 2 and layer 3 switches. Nugget covered why you might want a layer 3 switch over layer 2.

Xelas · Apr 30, 2024

The SG300-MP is the max-PoE power version (the "MP" in the model - it supports 120W+ of PoE power). Unless you are planning to run powerful WAPs or PoE phones off of every single port, it's unnecessary and the power brick for those is actually larger than the switch . The SG300 series has a web GUI. Their interface is a bit dated but is very easy to use and well laid out. The switches have a pure Layer-2 mode, or can be changed to Layer-3 mode. Switching modes wipes the config.
The SG300 series is ancient, though. We still have a hundred or so of them in use (retail), but we're starting to see some of them fail. Either their flash is wearing out or some internal CMOS battery is failing or something, and we occasionally now see them lose their config completely when the power fails, which FUBARs the network because they come back with the default flat VLAN 1 and the subnets get mixed.
Cisco has the much newer CBS350 series switches, or the slightly older SG350 series switches, but I'd not use the SG300s.

Paladin · May 1, 2024

I think if I got to the point of buying a $400+ small business switch like the CBS350 series, I would just bite the bullet and figure out the command line for something like WS-C3850-12X48U-S (it's really not hard for basic VLAN and layer 3 setup). They go for around $250 or so on ebay and you get 48 ports, 12 of which are good for 100 megabit up to 10 gigabit, if I remember right. Crazy amount of features and lifetime support. I bought one used and it ended up dying on a firmware update due to a known issue (different model but similar model line from Cisco) and after a chat on their website and an email of the serial, they shipped me a new replacement overnight and a return label for the dead one. On a used switch from ebay I paid $75 for. Probably cost them $75 for the shipping. That shocked me.

KD5MDK · May 1, 2024

Kyuu said:
I use TP-Link Omada gear at home, and their switches will do what you want for relatively cheap, such as the TL-SG3210.

If you just want web configuration at TL-SG116E is almost half the price:
View: https://www.amazon.com/TP-LINK-Gigabit-Ethernet-Network-TL-SG116E/dp/B07GRG63P6/

w00key · May 1, 2024

We're happier with Ubiquiti's EdgeSwitch (plain and PoE) than Netgear and TP Link. Cheap too.

Don't get the Unifi version.

Xelas · May 1, 2024

Paladin said:
I think if I got to the point of buying a $400+ small business switch like the CBS350 series, I would just bite the bullet and figure out the command line for something like WS-C3850-12X48U-S (it's really not hard for basic VLAN and layer 3 setup). They go for around $250 or so on ebay and you get 48 ports, 12 of which are good for 100 megabit up to 10 gigabit, if I remember right. Crazy amount of features and lifetime support. I bought one used and it ended up dying on a firmware update due to a known issue (different model but similar model line from Cisco) and after a chat on their website and an email of the serial, they shipped me a new replacement overnight and a return label for the dead one. On a used switch from ebay I paid $75 for. Probably cost them $75 for the shipping. That shocked me.

The CBS350 8-port is $200, is very small, and will quietly work on about 5W-10W of power, and it has 2 SFP ports, too.
That Catalyst you point out is a full-sized, rack-mounted switch with loud, screaming fans that probably sucks down at least 100W during use. I have a random set of 24 and 48 port Cisco switches of various vintages and models, and I don't use them any of them for my home LAN because of the heat, noise, and electrical consumption.

EDIT: Aruba also has the 9300- series switches, which retail about that same price point (~$200-400, depending on port counts) that have local web page manageability. As far as I know, you don't need to connect them to the cloud and you actually have more options locally than via the cloud.

I stay away from Netgear because their VLAN management interface in the GUI is terrible and needlessly confusing.
My experience with TrendNet devices has not been good. We tested about 20 switches at a handful of sites a few years back and found basement hardware quality (LEDs, ports would die randomly), buggy firmware (switches would crash, settings not working correctly) and terrible support.

asbath · May 1, 2024

Yeah, I'm basically looking for something that won't be loud, hot, and drink electricity, and won't break the bank. I know that I'm not looking at sub-$100 CAD prices, but I'm also not going to buy a $1000 CAD switch for this project. Ideally I'd like to spend around the $400 range. I have time to do my research on models and prices, though, so I won't rush into it.

That said, I'm leaning the hard way that some managed switches are called "unmanaged" switches as well. For example the TP-Link TL-SG116E is advertised as an "Unmanaged Pro Switch". Great, no I need to read up on WTF makes something managed vs "unmanaged".

KD5MDK · May 1, 2024

asbath said:
For example the TP-Link TL-SG116E is advertised as an "Unmanaged Pro Switch".

Where are you seeing "Unmanaged Pro"? (I didn't see it on Amazon or the TP-Link US site in a Quick Look)
The TL-SG116 is "Unmanaged" and the TL-SG116P is "Unmanaged PoE". The TL-SG116E is "Easy Smart Managed" or "Enhanced Features".

Totally agree their product line can be as obscure as anyone else.

Paladin · May 1, 2024

Xelas said:
The CBS350 8-port is $200, is very small, and will quietly work on about 5W-10W of power, and it has 2 SFP ports, too.
That Catalyst you point out is a full-sized, rack-mounted switch with loud, screaming fans that probably sucks down at least 100W during use. I have a random set of 24 and 48 port Cisco switches of various vintages and models, and I don't use them any of them for my home LAN because of the heat, noise, and electrical consumption.

EDIT: Aruba also has the 9300- series switches, which retail about that same price point (~$200-400, depending on port counts) that have local web page manageability. As far as I know, you don't need to connect them to the cloud and you actually have more options locally than via the cloud.

I stay away from Netgear because their VLAN management interface in the GUI is terrible and needlessly confusing.
My experience with TrendNet devices has not been good. We tested about 20 switches at a handful of sites a few years back and found basement hardware quality (LEDs, ports would die randomly), buggy firmware (switches would crash, settings not working correctly) and terrible support.

Yeah I was looking at the bigger models. If I were going for a small switch, I would get one of the TP-Link or even one of these funky things.
View: https://www.amazon.com/dp/B0CLK5R1PC

I actually got the 4 port 2.5Gig + 2 port SFP+ for my little lab and for testing and the web interface is not very intuitive but about on the level of Netgear switches from 10 or so years ago. Clumsy but effective. For under $50 you get 4 faster than gigabit ports and 2 10 gigabit and reasonable managed switch features (basic VLAN, spanning tree, and manual LAG features).

The newer Cisco fixed config switches like the 3850 series can be a bit loud but mostly right at power on. I have a couple of them in a stacked setup in the walk-in closet behind my desk at work for wiring up the office space and I just stuck my head in there. Not hot at all and just a mild fan noise, like you might get from a 'less than silent' PC under moderate load. Nothing like you used to get from their large rack mount switches. Granted, not what I would want for a switch in my living room to connect TV, Streaming box, Xbox, receiver, PS5, etc. but for a wiring closet, laundry closet or similar where I can close the door, it's perfectly tolerable. Obviously if you only need 3 or 4 ports connected, then you don't need a 48 port switch.

asbath · May 2, 2024

KD5MDK said:
Where are you seeing "Unmanaged Pro"? (I didn't see it on Amazon or the TP-Link US site in a Quick Look)
The TL-SG116 is "Unmanaged" and the TL-SG116P is "Unmanaged PoE". The TL-SG116E is "Easy Smart Managed" or "Enhanced Features".

Totally agree their product line can be as obscure as anyone else.

When I Google the "TP-Link TL-SG116E" I see the name "Unmanaged Pro". See this screen shot:

But I guess this just means it's mostly an unmanaged switch with some additional software on it to allow basic management. Maybe it's not a managed switch at all

Paladin said:
The newer Cisco fixed config switches like the 3850 series can be a bit loud but mostly right at power on. I have a couple of them in a stacked setup in the walk-in closet behind my desk at work for wiring up the office space and I just stuck my head in there. Not hot at all and just a mild fan noise, like you might get from a 'less than silent' PC under moderate load. Nothing like you used to get from their large rack mount switches. Granted, not what I would want for a switch in my living room to connect TV, Streaming box, Xbox, receiver, PS5, etc. but for a wiring closet, laundry closet or similar where I can close the door, it's perfectly tolerable. Obviously if you only need 3 or 4 ports connected, then you don't need a 48 port switch.

There won't be any closets for this gear I'm hoping to setup. It'll basically be in a small and cheap network rack - maybe 6U - if space permits. So I'm looking for a unit that isn't going to be hot nor loud, because I don't think there will be any closet space to store this thing in the future. Townhomes aren't especially huge here.

Kyuu · May 2, 2024

asbath said:
But I guess this just means it's mostly an unmanaged switch with some additional software on it to allow basic management. Maybe it's not a managed switch at all

Yeah the naming/advertisement on that model is... weird. It's definitely a managed switch. Depending on where I look, I see (from DoubleRadius's listing):

Which is obviously contradictory. On TP-Link's site I see:

Which is more sensible (even if mostly meaningless from a technical perspective). I think the intent, maybe, is to impress upon the idea that you can do management if you want to, but that the setup can be as easy as an unmanaged switch if you don't need it. Of course, most managed switches I'm aware of will work fine as a dumb switch with the default configuration, so again this is really a managed switch by my understanding of the terminology.

Nugget · May 2, 2024

Paladin said:
I think if I got to the point of buying a $400+ small business switch like the CBS350 series, I would just bite the bullet and figure out the command line for something like WS-C3850-12X48U-S

How's the fan noise on those? I assume OP is talking about a residential install and the switch might need to live in their living room next to the cable box (potentially).

w00key · May 2, 2024

What to buy:

Netgear, TP-Link: hell no. I don't trust them at all. They are all wonky with config and things you learn there are of limited value, doesn't transfer to real network admin. Have used them, will be replaced by real ones.

Unifi: if you don't mind running a controller vm it sure is beginners friendly.

EdgeSwitch: big brother of Unifi, ssh / advanced local config, but still very user friendly. Good choice, have a bunch of them in prod (2x 24 PoE as core, per location).

Mikrotik: look here if you want to learn. RouterOS is very powerful, can do basically anything with it. The 8x 2.5g copper, 2x 10G SFP+ (optical) router/switch is only $200ish.

Or the simpler SwitchOS based CSS610-8P-2S+IN, 8x 1G with PoE for APs, 2x 10Gb uplink/NAS/workstation. Same price.

I have both for a fiber run between electrical closet and home office, and home office uses the 2.5Gb ports for PCs and (future) NAS. Downstairs PoE switch powers the 3 APs around the house. NAS could also use a 10G port, used two for uplink so got 2 spares.

No VLANs so far though, don't have a need for it, but it is nice to have a ssh console to verify link status and rx tx power levels to confirm the fiber run is good.

The router one does everything a "proper" Mikrotik mini router does, we have them running gateway on multiple locations. BGP, wireguard, OpenVPN, basic L2 switching and bridging, dual wan with failover, handles everything we throw at it just fine.

Juniper: really nice (ssh) console, barely usable web interface, way to expensive for home.

HP SMB: it's okay. I prefer EdgeSwitch

Others: no personal experience with them.

Paladin · May 2, 2024

Nugget said:
How's the fan noise on those? I assume OP is talking about a residential install and the switch might need to live in their living room next to the cable box (potentially).

It's not bad at all considering the features/capability and density. In my use at work, a 48 port per switch dual unit stack, it sounds basically like a slightly loud PC. Essentially you can hear the fans and they do put out some heat but nothing like the constant noise the older 2950, 3560, and some of the 3750 series did. Not great for a desktop switch or something to go in a home theater setup but for a garage or basement rack setup where no one spends much time around it, it's totally reasonable.

spiralscratch · May 2, 2024

w00key said:
EdgeSwitch: big brother of Unifi, ssh / advanced local config, but still very user friendly. Good choice, have a bunch of them in prod (2x 24 PoE as core, per location).

Isn't the entire EdgeMax line basically on life support at this point, with no new models in some time and firmware updates few and far-between?

Kyuu · May 2, 2024

The EdgeSwitch line doesn't seem to have had firmware updates since late 2021, for the most part, and many are out of stock (on Ubiquiti's store, at least). Not something I'd buy into if you're counting on long-term support, certainly.

w00key · May 2, 2024

Oh. Hmm it was the same hardware, just different software than Unifi. I guess they deprioritized it, people do like that simple web interface they have on controllers. Well Mikrotik it is then. The command line / os really is quite good, even compared to Junos and Arista.

No idea on Cisco, rarely worked with it.

iljitsch · May 3, 2024

You may want to look into Mikrotik. Even the cheap ones basically have all the features you'll ever need (I run BGP on my ~ $100 hAP ac3 wi-fi router...), and they have a web interface for (relatively) easy setup.

Edit: should have read the entire thread first... IMO, basic stuff is not hard to configure with Mikrotik. It's just that "a managed switch for beginners" is an unmanaged switch. (Those will generally pass through VLAN-tagged packets so you can do some basic VLANning over them.) Any switch managing will require at least some study.

stevenkan · May 7, 2024

asbath said:
Here's roughly what I'm thinking:

security cameras on 192.168.1.0/24

smart home and IoT devices (google home minis, google nests, rokus, smart plugs, etc.) on 192.168.2.0/24

computers, tablets, phones on 192.168.3.0/24

servers (1 Unraid, 1 QNAP) and other networking equipment (routers, access points, pi-hole) on 192.168.4.0/24

a "guest network" router on 192.168.5.0/24

I just went through a very similar exercise on a Netgear GS110TPv3 and a set of Unifi WAPs, with help from the same folks participating in this thread.

I needed a POE smart switch because the devices I'm segregating traffic from are the aforementioned WAPs.

Please review my thread so you don't repeat my mistakes

.

asbath · May 8, 2024

stevenkan said:
I just went through a very similar exercise on a Netgear GS110TPv3 and a set of Unifi WAPs, with help from the same folks participating in this thread.

I needed a POE smart switch because the devices I'm segregating traffic from are the aforementioned WAPs.

Please review my thread so you don't repeat my mistakes .

Indeed! I saw your thread and have been slowly going through it to try and understand what you're doing and how you're doing it. I have time to learn all of this stuff, so I'm in no rush, and I want to "do it right" (if that's even a possibility for a first-timer!) as much as possible for the first round of things. I suspect that nothing will go right and I'll have to re-do everything in short time, but that's just how it goes!

stevenkan · May 8, 2024

stevenkan said:
I just went through a very similar exercise on a Netgear GS110TPv3 and a set of Unifi WAPs, with help from the same folks participating in this thread.

The other managed switch I have is the TP-Link TL-SG108PE, which has a management interface similar to that of the Netgear GS110TPv3, but with a significant limitation that there is no way to set the Management VLAN ID, e.g. on which VLAN will it accept a management login request. For this reason I probably wouldn't buy another one, unless I wanted it just for the POE features and didn't configure VLANs on it.

iljitsch · May 9, 2024

I'm not familiar with pure switches that are on the market today, but let me reiterate my suggestion to look at Mikrotik. Their RouterOS has so insanely many features that whatever you end up wanting to do after making your first round of mistakes, you're covered. (I'm not sure all of the products support RouterOS, though, so check.)

And as someone who learned Ciso IOS the hard way and then Juniper, Foundry/Extreme, IMO Mikrotik RouterOS as as beginner-friendly as these things get.

waqar · May 9, 2024

mikrotik SwitchOS is pretty straightforward for layer 2. RouterOS only if you need to do layer 3. All depends on how you wish to structure the network.

iljitsch · May 9, 2024

Although the original question was about switches, the OP later mentioned wants/needs that may not be doable purely at layer 2.

stevenkan · May 10, 2024

stevenkan said:
The other managed switch I have is the TP-Link TL-SG108PE, which has a management interface similar to that of the Netgear GS110TPv3, but with a significant limitation that there is no way to set the Management VLAN ID, e.g. on which VLAN will it accept a management login request. For this reason I probably wouldn't buy another one, unless I wanted it just for the POE features and didn't configure VLANs on it.

It's less secure, but then again it's also harder to lock yourself out, which is nice.

waqar · May 12, 2024

I would suggest a decent pro firewall like a fortinet, and use that as your layer 3 device/default gateway for all your networks.
Create the VLAN networks/interfaces on that..
Trunk that onto your layer 2 infrastructure. Manage ingress/egress with firewall policies for the intervlan networking.
That should give you the bones of granular control of nodes and the internode communication across VLANs

asbath · May 27, 2024

waqar said:
I would suggest a decent pro firewall like a fortinet, and use that as your layer 3 device/default gateway for all your networks.
Create the VLAN networks/interfaces on that..
Trunk that onto your layer 2 infrastructure. Manage ingress/egress with firewall policies for the intervlan networking.
That should give you the bones of granular control of nodes and the internode communication across VLANs

Hm, that's a pretty good idea actually. Get to learn a couple of new things versus just the one. I'm still not ready yet to pickup a switch and start using it yet (packing takes up every waking moment), but definitely something I think id like to consider...

Mat8iou · May 30, 2024

w00key said:
We're happier with Ubiquiti's EdgeSwitch (plain and PoE) than Netgear and TP Link. Cheap too.

Don't get the Unifi version.

That would be my suggestion too. Good value and robust.

asbath · Jun 4, 2024

OK so after doing some more surface level research, i.e. determining if I really need Layer 3 networking over Layer 2, I have learned that I would need both a switch AND a router that can handle VLANs. I might be overcomplicating my situation in thinking that I need so much stuff for what I'm trying to accomplish. I need to take a step back and KISS.

So then my new way of thinking was changed to the following:

Option A would be to get a non-wireless router and then 3 wireless access points connected to it.
Option B would be to get a very good wireless router, and then setup 2 of my existing older wireless routers as access points.
Option C would be to get a firewall, and then setup 3 wireless access points to connect to it.

I feel like Option A is the best way to go about all of this, requires the most financial investment, but offers the most flexibility down the line when I'm more confident in what I'm doing. (To note: I still don't know what I'm doing other than reading).

But from doing some more reading, based on the recommendation above about looking into a firewall, I found out that OPNsense can run on just about anything, including a potato as long as that potato has ethernet ports on it. I happen to have a Lenovo M75q-1 that I have migrated most services off to docker containers. I only power that thing on when I need to slice a STL for 3D printing. So why not re-purpose it with OPNsense?

So I think that's what I'm going to try to do. First I'm just going to setup the 3 wireless routers as a mesh network using the Asus AiMesh feature. That will at least get us wifi in the new home. Then I'll upgrade that M75q to include a 4-port NIC via PCI expansion card, toss on OPNsense, and start breaking my internet for the purposes of education, "Because I can!", and the pursuit of maintaining my geek cred.

In case you've read this far, here's what I'm thinking I'll do with the hardware

Starting network diagram, just to get internet going at the new place.

Code:

ISP modem
|--ISP router in bridge mode
|----Asus RT-AC68U router in Router mode
|------8-port Unmanaged switch
|--------Asus RT-AC68U router in access point mode
|--------Asus RT-AC66U_B1 router in access point mode

I think I might be able to ditch the ISP's router altogether, since it's physically a separate device, but I'll see what I can do.

Then, when I have OPNsense running (IF I can get OPNsense running), I'd switch to the following:

Code:

ISP modem
|--ISP router in bridge mode
|----OPNsense firewall
|--------Asus RT-AC68U router in access point mode
|--------Asus RT-AC68U router in access point mode
|--------Asus RT-AC66U_B1 router in access point mode

This assumes I still need the ISP's router at all. If I can remove that from the equation, so much the better.

Xelas · Jun 5, 2024

OPNSense is fine, but it's powerful and give you full freedom to shoot both of your feet off and do stupid things. There are a zillion settings and not many guardrails.

If you plan on having multiple subnets/VLANs, I would consider a managed switch to be essential. Let the router to the routing, and use the switch to carry the VLAN traffic to where it needs to go. Switches handle packets via dedicate ASICs and can do so even if they have the slowest and dumbest CPU because the CPU is only used to handle management functions, write stuff to a config file on flash, operate a web page, etc. Routers handle all traffic through the CPU, so you will be burdening it with broadcast traffic and other noise.

I'm not sure if those re-purposed routers will handle channel allocation, signal strength, and client hand-offs (such as 802.11t/k) or if they can handle multiple SSIDs tied to different VLANs.

tiredoldtech · Jun 6, 2024

I didn't happen to catch your saying specifics (I may have missed it), but unless you have some stupid crazy config or speed from your ISP (think certain types of fiber interconnects/networking, ATM, FDDI, MPLS/SONET, Token Ring, etc)- after the modem, it doesn't matter what's attached when it comes to ownership of equipment as long as the modem output is standard RJ45 Ethernet or standard SFP port to what-have-you. Really.

Your modem gets the initial connection and outgoing IP and passes an address (usually same said IP) to the internal port that would go to your networking gear (switch, router, etc).

That being said, if the unit is one of those cursed all-in-ones that has modem, WiFi, and router in one- that becomes a different story, where you'd have to work with them (ISP) to adjust the config for your local network gear/configuration.

Yes, I said ATM, FDDI, and Token Ring. There are psychopaths still roaming loose in the world still using this stuff and Token Ring technically had gigabit speed capabilities and equipment created before discontinuation.

Side note:
Out of a disturbing sense of wanting to learn as many networking technologies as possible in parallel, I had a Nortel Networks/Bay Networks Layer 3-ish unit (Centillion 100 series) with ATM, Token Ring, and 10/100 Ethernet connected to my 100Mbit cable modem (late 90's/early 2000's and broadband at my location at the time was actually a few bucks cheaper than 56k dial-up!) and to a Cisco Catalyst 4500 series (big monster of a unit back then), distributing to 100Mbit Ethernet, 100Mbit fiber, and 16/9 Token Ring (later swapped with a board that allowed a converter to be installed that allowed to go with a single 100Mbit Token Ring). Nothing like learning Nortel Networking, Cisco CatOS, and later Cisco IOS while also learning topologies, interfaces, and how much the power company loves you when you see the bill for running all that. I dumped most of that in a disastrous location move in the early 2000's. I digress...

waqar · Jun 8, 2024

Wow. Token Ring. That's not a name I've heard in a long long time. Big noise back in the 10mb ethernet days

asbath · Jun 10, 2024

Xelas said:
OPNSense is fine, but it's powerful and give you full freedom to shoot both of your feet off and do stupid things. There are a zillion settings and not many guardrails.

If you plan on having multiple subnets/VLANs, I would consider a managed switch to be essential. Let the router to the routing, and use the switch to carry the VLAN traffic to where it needs to go. Switches handle packets via dedicate ASICs and can do so even if they have the slowest and dumbest CPU because the CPU is only used to handle management functions, write stuff to a config file on flash, operate a web page, etc. Routers handle all traffic through the CPU, so you will be burdening it with broadcast traffic and other noise.

I'm not sure if those re-purposed routers will handle channel allocation, signal strength, and client hand-offs (such as 802.11t/k) or if they can handle multiple SSIDs tied to different VLANs.

Good to know. I've indeed seen that OPNSense is like duct tape, and the mess can grow very quickly if you're dumb enough to let it. I'm still in the midst of packing, and so the network planning is pushed aside for later. I'm still not sure if I want to go with a router, a managed switch, or an OPNSense for all of this. I kind of want something that I can configure, and then it's set and forget until I update the firmware/OS.

tiredoldtech said:
I didn't happen to catch your saying specifics (I may have missed it), but unless you have some stupid crazy config or speed from your ISP (think certain types of fiber interconnects/networking, ATM, FDDI, MPLS/SONET, Token Ring, etc)- after the modem, it doesn't matter what's attached when it comes to ownership of equipment as long as the modem output is standard RJ45 Ethernet or standard SFP port to what-have-you. Really.

Your modem gets the initial connection and outgoing IP and passes an address (usually same said IP) to the internal port that would go to your networking gear (switch, router, etc).

That being said, if the unit is one of those cursed all-in-ones that has modem, WiFi, and router in one- that becomes a different story, where you'd have to work with them (ISP) to adjust the config for your local network gear/configuration.

No, it's nothing special here. It's 1G symmetrical fibre from Telus (in Canada). Everything goes into a fibre gateway, then you can plug in anything to the available RJ45 ports on said gateway (1x 10G and 4x 1G ports). Currently I have the ISP's wireless router plugged into the gateway so that we have internet while we're doing some packing/cleaning there. But I intend on replacing that with other devices, be it a switch, wired router, or wireless router., and then the rest of the network equpiment goes in behind that.

Is there such a thing as a "beginner" level managed switch?

Ars Legatus Legionis

Smack-Fu Master, in training

Ars Tribunus Militum

Ars Legatus Legionis

Ars Praefectus

Smack-Fu Master, in training

Ars Scholae Palatinae

Ars Praefectus

Ars Legatus Legionis

Ars Legatus Legionis

Ars Praefectus

Ars Praefectus

Ars Legatus Legionis

Ars Legatus Legionis

Ars Legatus Legionis

Ars Legatus Legionis

Ars Tribunus Militum

Smack-Fu Master, in training

Ars Praefectus

Ars Legatus Legionis

Ars Tribunus Militum

Ars Tribunus Militum

Ars Praefectus

Ars Tribunus Angusticlavius

Ars Legatus Legionis

Ars Legatus Legionis

Ars Legatus Legionis

Ars Tribunus Angusticlavius

Ars Praefectus

Ars Tribunus Angusticlavius

Ars Legatus Legionis

Ars Praefectus

Ars Legatus Legionis

Ars Praefectus

Ars Legatus Legionis

Ars Praefectus

Smack-Fu Master, in training

Ars Praefectus

Ars Legatus Legionis