2 layer or 3 layer???

[hallm]

My simple little network at home is growing and my Linksys router/switch has come to the end of its life and I am looking to upgrade my switch to something a little better. I would like to get a 24 port gigabit switch and I think I would like a smart switch.

Here is what I have currently on my network.

Apple TV X 2
HD TV X 2
Theater units X 2
Printers X 2
Desk Top computer
NAS
A/P’s x 2

There is also a chance that I may add 5 IP video security cameras in the future.

My question is would I benefit from a layer 2 or layer 3 smart switch for this application? I know that System Error Message uses a mikrotik CRS switch but I feel it may beyond my ability to configure properly. I was looking at a HP 1920-24G which is 3 layer or a HP 1810G-24 which is layer 2 or switches similar to these.


Thanks

Mike

 

[System Error Message]

you could always add more layers of switches
The mikrotik CRS requires someone who understands networking well but at the very least it runs the same routerOS with the difference in the switch section. The mikrotik CRS is a fully manageable layer 3 switch without the performance of a cisco layer 3 switch if you did use cisco features and a lot of filters (the performance list on mikrotik website is relevant for this use case) but i was looking at the switch with 24G ethernet and 2 SFP+ for wirespeed. Without the SFP+ while using the same switch chip it would still be wirespeed with rules since it'd have half the throughput needed.

HP and cisco do make good switches and some would recommend you buy 2nd hand switches.
You could also go lower end and get netgear, linksys, tp-link switches but i wouldnt suggest dlink.

Layer 3 works at the IP layer if you want to do IP segmentation while layer 2 will work up to VLANs. Unless you specifically need layer 3 features for your network than you wont need one. Layer 3 uses IP addresses while layer 2 uses MAC address. On LAN IP addresses get converted to mac addresses and recent layer 2 switches are able to see if 2 IP address are in the same network and just use the usual tables.

 

[Cloud200]

A layer 3 switch will only help if you are trying to cross subnets/vlans at wirespeed. Unless you plan on doing this, you won't get any benefit from a layer 3 switch.

I personally use a layer 3 fully managed switch at home just because I like being able to practice for work.

The HP 19xx series is quite nice as an access switch. I would avoid the 1810 series. The web interface is very limited although it is easy to use. The 1820 isn't bad though.

As SEM stated, used HP switches are always nice. They generally have a lifetime warranty that transfers owners.

 

[coxhaus]

I think a layer 3 switch requires an understanding of networking and allows you to work beyond one network quit well. If you are going to run multiple VLANs then a layer3 switch is the way to go. If you want to run security cameras in a separate secured network but maybe change access to allow one or 2 machines access the layer 3 switch is perfect for it. If you are going to plug all Ethernet devices into just one flat network, no VLANs then don't bother with a layer 3 switch. Configuring an layer 3 switch is not the easiest thing to do. but with a good network understanding and planning you will have a good network. I have a white board where I plan my network out so everything is drawn with IP addresses before I start configuring the switches and routers. Most layer 3 switches will run as layer 2 so if you change your mind you can still use what you have.
PS
Having a true guest VLAN is probably best run from a layer 3 switch. This seems to be bringing more people over to VLANs. Security cameras would be another one. Of course you could run separate physical networks but the beauty of a layer 3 switch is to interlace the networks with control.

 

[System Error Message]

I think a layer 3 switch requires an understanding of networking and allows you to work beyond one network quit well. If you are going to run multiple VLANs then a layer3 switch is the way to go. If you want to run security cameras in a separate secured network but maybe change access to allow one or 2 machines access the layer 3 switch is perfect for it. If you are going to plug all Ethernet devices into just one flat network, no VLANs then don't bother with a layer 3 switch. Configuring an layer 3 switch is not the easiest thing to do. but with a good network understanding and planning you will have a good network. I have a white board where I plan my network out so everything is drawn with IP addresses before I start configuring the switches and routers. Most layer 3 switches will run as layer 2 so if you change your mind you can still use what you have.
PS
Having a true guest VLAN is probably best run from a layer 3 switch. This seems to be bringing more people over to VLANs. Security cameras would be another one. Of course you could run separate physical networks but the beauty of a layer 3 switch is to interlace the networks with control.

VLANs are layer 2. Layer 3 is for IP segmentation.

 

[coxhaus]

VLANs are layer 2. Layer 3 is for IP segmentation.

You are correct. To keep me from getting confused I always assign an IP network to a VLAN so I can treat all networks the same and work at layer 3. In a big network with thousands of ports you do not want to flip back and forth between layer 2 and layer 3. You will make a mistake. So my simple rule is to treat all VLANs the same as networks by assigning an IP network to each VLAN. Old habit I have done 15 or 20 years. It is kind of ingrained in me.

 

[azazel1024]

You are correct. To keep me from getting confused I always assign an IP network to a VLAN so I can treat all networks the same and work at layer 3. In a big network with thousands of ports you do not want to flip back and forth between layer 2 and layer 3. You will make a mistake. So my simple rule is to treat all VLANs the same as networks by assigning an IP network to each VLAN. Old habit I have done 15 or 20 years. It is kind of ingrained in me.

Yes, except you don't need to. I am not saying your way doesn't work well or better, but in terms of the OP, a semi-managed Layer 2 switch probably will cover all of their needs. VLAN support is all that is really needed, which all semi-managed L2 switches I have looked at have.

 

[coxhaus]

It is always best to develop good networking skills. You have much better control using layer 3. You can limit access by port and stuff not just by IP address.

 

[hallm]

Thanks to everyone for their replies, this is exactly the information that I was looking for. I am a bit of a tinkerer and I like to experiment /learn more about networking than what is typical with some of the consumer related PNP switches.

I know what coxhaus means about keeping your thoughts organized in regards to designing the network on a white board. I did the same thing when I was configuring the Wi-Fi network for use in a campground which used several of the Ubiquiti radios. Planning it all out on paper made it easier and less risk of errors when it came time to configure the radios.

I have a better understanding of the features between a layer 2 and 3 switch. I think in the end I might be leaning towards using a layer 3 switch (HP 1920-24) since as coxhaus has mentioned that I could use it in 2 layer mode if need be. I was going to place this behind an Ubiquiti EdgeRouter lite which I was going to purchase as well. My current wired router is toast and I am looking for a replacement for it. I have been doing lots of reading and checking out some YouTube videos on layer 2 & 3 switches. Perhaps a layer 3 switch might be a bit of a challenge for me to configure but I think in the end it might give me the features I am looking for in my small network. I still have lots of reading and research to do yet and I look forward to any further guidance you might have to offer.

Mike

 

[System Error Message]

Thanks to everyone for their replies, this is exactly the information that I was looking for. I am a bit of a tinkerer and I like to experiment /learn more about networking than what is typical with some of the consumer related PNP switches.

I know what coxhaus means about keeping your thoughts organized in regards to designing the network on a white board. I did the same thing when I was configuring the Wi-Fi network for use in a campground which used several of the Ubiquiti radios. Planning it all out on paper made it easier and less risk of errors when it came time to configure the radios.

I have a better understanding of the features between a layer 2 and 3 switch. I think in the end I might be leaning towards using a layer 3 switch (HP 1920-24) since as coxhaus has mentioned that I could use it in 2 layer mode if need be. I was going to place this behind an Ubiquiti EdgeRouter lite which I was going to purchase as well. My current wired router is toast and I am looking for a replacement for it. I have been doing lots of reading and checking out some YouTube videos on layer 2 & 3 switches. Perhaps a layer 3 switch might be a bit of a challenge for me to configure but I think in the end it might give me the features I am looking for in my small network. I still have lots of reading and research to do yet and I look forward to any further guidance you might have to offer.

Mike

I would not suggest you use the edgerouter lite because of firmware issues. Go for the one higher a bit. Ive seen some articles showing the edgerouter lite and 5 port POE doing above 800Mb/s of NAT or 1.3Gb/s of NAT both using hardware acceleration which doesnt allow tinkering as would any hardware NAT on any router. If you want 2Gb/s of NAT with configs and features consider other routers like pfsense or a high end mikrotik like the RB1100AHx2 or higher. After going through both ubiquiti and mikrotik's forum support is basically non-existant for anything other than basic features which a consumer router can do. Anything more that makes their routers absolutely better than consumer would be treated with silence for any questions asked.

I posted a serious problem about mikrotik's web proxy feature and it was treated with silence on the forum and emails and it is a problem which has been bugging me for months now but for a tinkerer who doesnt need a web proxy cache any of the 3 would work as long as you it has the speed and features that you need.

 

[Cloud200]

The ERlite and ERpoe both share the exact same CPU and RAM. The only difference is a 3 port switch chip on the last ports and POE on all ports.

Also, what firmware issues does it currently have right now? Are you talking about an Alpha or Beta release?

 

[hallm]

The most recent firmware for the ERL is version 1.7.0 and most of the comments that I have read say that the GUI for setup is much improved which is most likely targeted towards the folks like myself. I have seen posts where experienced IT folks have had a bit of trouble setting it up but I think that also involved earlier versions of the firmware that was lacking.

SEM does the Mikrotik RB1100AHx2 require a yearly license fee to use the router?? It is fairly expensive especially given the exchange on the Canadian dollar right now. I will certainly read up more on the unit and see if it fits my needs. You also mentioned used HP switches; is there another source for these other than EBay??

Thanks for the info.

Mike

 

[System Error Message]

The most recent firmware for the ERL is version 1.7.0 and most of the comments that I have read say that the GUI for setup is much improved which is most likely targeted towards the folks like myself. I have seen posts where experienced IT folks have had a bit of trouble setting it up but I think that also involved earlier versions of the firmware that was lacking.

SEM does the Mikrotik RB1100AHx2 require a yearly license fee to use the router?? It is fairly expensive especially given the exchange on the Canadian dollar right now. I will certainly read up more on the unit and see if it fits my needs. You also mentioned used HP switches; is there another source for these other than EBay??

Thanks for the info.

Mike

The ERL issues stem from when you update it and that it uses a flash drive on the inside. You will see many complaints about it all over the web whereas the edgerouter POE 5 which is one step higher has the storage on an onboard flash chip like all other routers do and doesnt suffer from the same issue.

If you want a router that does 2Gb/s NAT the edgerouter pro is twice as fast as the ERL in hardware NAT.
Your options for router would be:
Edgerouter pro
Mikrotik RB1100AHx2, CCR1009
pfsense

mikrotik uses an unlimited update licence starting from routerOS 6. If you have routerOS from version 5 than this isnt a problem as updating to 6 removes the maximum version limit. None of the routerOS licenses have time limits except for their demo for x86. 2 things to know about the RB1100AHx2 is that it is loud and it has a weird port config. It has 2 5 port switches and 3 cpu connected ports. There is a fanless CCR1009 but it is pricey though it gives a single SFP+ and SFP. With mikrotik you can do partial hardware NAT acceleration on a mixed network where QoS is needed and change when you enter the packet for hardware acceleration so it can go through your firewall rules first.

I dont know anywhere else to buy used HP switches. They are generally good if you need layer 3 as well as cisco and juniper. Both mikrotik and ubiquiti have layer 3 managed switches but they have a very high learning curive and their switching features arent at par with the enterprise ones in terms of snooping, etc though they are still growing. Amazon does sell used items, just look at the options below the shown price and you can look at various computer forums that have a trade section which you may see people selling them. Fully managed switches may not do wirespeed when you use too many rules but it depends on the switch chip and how much of it's maximum throughput is needed for wirespeed. Lower end models that have the same chip as higher end ones will be more suitable to tinker around and still get wirespeed.

One fact is that switch chips on routerboards are fully managed since you can configure them with filters and the usual things but do not have all the features that a full layer 3 switch will give you except for the mikrotik CRS but that is much harder to learn than a HP or cisco switch.

 

[hallm]

SEM you might remember my original post in the ‘wired router’ forum. I was looking to replace both of my old Linksys units because they were behaving very strange (power surge affected) and I needed more ports.

In researching the Mikrotik RB1100AHx2 this router seems very capable and it comes with 13 Gb ports which is a huge improvement over my old Linksys BEFSR81 8 port router. Just this unit itself would get me back on line as it would serve as my router/switch for 13 ports which would be fine for now and then I could add a larger switch at a later date.

Poking around the web I came across this posting RB1100AHx2 Memorygate and while I sort of understand what they are getting at in regards to the NAND memory; I was wondering if you ever had a problem/concern in regards to this issue. Would this be a deal breaker for purchasing this router?

I was wondering if this would be a noisy device? Since I have home run every ethernet drop back to a location in my workshop the noise may not be such a big problem. Thanks for the heads up on the ports configuration as well. 10 regular ports still makes it an interesting router.

Interesting that the one reseller here lists both the RB1100 and the CCR1009 as being the 'last in stock!' is there an upgrade to these units in the works that I should wait for???

RB1100AHX2 = $453.00 Cad
CCR1009-8G-1S-1S+ = $643.00 Cad

Mike

 

[Cloud200]

Serversupply.com sells used equipment such as routers and switches.

 

[System Error Message]

Because mikrotik doesnt make different hardware variants for the same router you can however buy a used RB1100AHx2 as they've been around longer than the CCR1009. Im not sure how much the canadian dollar is compared to the US dollar but that seems quite pricey.

On amazon UK the RB1100AHx2 costs £260 about the same price as the edgerouter pro. Using the RB1000Ahx2 is like having 2 6 port switches, each with a connection to a router so if you want information to go between switch 1 and switch 2 you can plug a cable between them (you get 8 switched ports this way) or use the CPU to do the bridging which will affect WAN speeds if there are LAN transfers at the same time. Link to block diagram: http://i.mt.lv/routerboard/files/Block-RB1100AHx2.pdf

I bought my CCR1036 for $1000 directly shipped from latvia (mikrotik's main supplier). It seems like the entry level CCRs are quite highly priced when they should cost less. Both the RB1100AHx2 and the CCRs are noisy except for the a CCR1009 with the massive heatsink sticking out the back. The CCR1009 has 8 ethernet ports, 5 of those are switched and have the usual 1Gb/s link to the CPU. All routers with switch chips will have 1Gb/s link to the CPU from the switch chip. The RB1100AHx2 and CCR while it is noisy the fans only kick in once the CPU has reached a certain temperature so if you have hot seasons or hot rooms than it is going to be very noisy just like the CCR but the CCR1036 is noisier since the fans will want to spin at 8000 RPM each during summer and it uses 3x more power than the CCR1009 or RB1100AHx2.

Look at amazon and different resellers as they will have different pricing and warranty. If you do end up with the 1 month support from mikrotik, make sure to use it by flooding them with emails whenever you have a problem to help get your questions answered.

When getting a surge protector look at the warranty guarantee because some will cover the cost of your equipment up to a certain amount if it gets destroyed while you used their surge protector. Some even have rj11 ports you can use for protecting the DSL modem as a surge could flow from the modem to the ethernet network.