Switch recommendation to isolate LAN clients

[Denna]

(7) Ethernet clients are connected to an Asus RT-AC88U which provides Internet access.

I want to isolate the Ethernet clients from seeing / having any access to each other.

To do this, the clients will be connected to a managed switch. The switch's uplink will be connected to the router.

Each switch port will be configured with a separate port-based VLAN that only has access to the switch's uplink.


Question

Is there a good managed switch with a console port (up to $100) that supports port-based VLANs ?​

 

[CaptainSTX]

TP Link offers managed switches. An 8 port switch is US $31. It allows you to easily set up port based VLANs. Larger switches are also offered by TP-Link.

It does not have a console port. You simply log into the switch using its assigned IP.

Uplink ports are not used/necessary anymore. You simply run a cable from your router to any of the LAN ports 1-8, though I expect most people would probably use port 1.

 

[Denna]

@CaptainSTX ,

Thanks for the quick reply.

Switches in the $50 - $100 budget fall into the "smart managed" category.​

1. The TP Link T1500G-8T V2 costs US $60. The firmware was last updated 8/08/18.
   • A review on Newegg implied the switch was running an old 2.6 Linux Kernel, but technical support hasn't confirmed that.
   • Amazon reviews for this model go back to April 2018, so this may be a fairly new model.
   
   
2. The D-Link DGS-1210-10 vF costs US $89. The firmware was last updated 11/14/18.
   • Amazon reviews for this model go back to June 2015, so this is a fairly old model.
   
   
3. The Zxyel GS1900-8 costs US $60. The firmware was last updated 9/6/18.
   • Newegg reviews for this model go back to February 2014, so this is a fairly old model.
   
   
4. The Netgear GS108Tv2 is US $70. The firmware was last updated 9/10/18.
   • Reviewers on Amazon and Newegg remark that the interface is not intuitive.
   • Given the price, it's suspicious that Netgear offers a lifetime warranty implying it's a marketing gimmick similar to As Seen on TV product warranties. The power supply is not covered by the lifetime warranty.
     
   • Amazon reviews for this model go back to August 2010, so this is an extremely old model.
   
   
5. The Trendnet TEG-082WS (Version v2.0R) costs $80. The firmware was last updated 11/2/18.
   • Amazon reviews for this model go back to May 2015, so this is a fairly old model.
   
   
6. The Linksys LGS308 costs US $50. The firmware was last updated 5/22/18.
   • Newegg reviews for this model go back to April 2014, so this is a fairly old model.
   • It's been 6 months since the last firmware update. Either this model is highly reliable and has no issues to fix or Linksys is slow to provide firmware updates.

Does anyone have experience they'd like to share regarding these switches ?​

 

[CaptainSTX]

@CaptainSTX ,

Thanks for the quick reply.

Switches in the $50 - $100 budget fall into the "smart managed" category.​

1. The TP Link T1500G-8T V2 costs US $60. The firmware was last updated 8/08/18.
   
   
2. The D-Link DGS-1100-08 costs US $35. The firmware was last updated 11/7/18. This model doesn't support PoE which is why it's so much cheaper than the others.
   
   
3. The Zxyel GS1900-8 costs US $60. The firmware was last updated 9/6/18.
   
   
4. The Netgear GS108Tv2 is US $70. The firmware was last updated 9/10/18.
   
   
5. The Trendnet TEG-082WS costs $70. The firmware was last updated 11/2/18.
   
   
6. The Linksys LGS308 costs US $50. The firmware was last updated 5/22/18.
   
   
7. The Ubiquiti US-8 costs US $99. The firmware was last updated 9/27/18.

Does anyone have experience they'd like to share regarding these switches ?​

Since you added POE to your requirements after your original post I suggest you look at POE Texas web site www.poetexas.com as they specialize in POE solutions. If you can't find an all in one POE switch solution they offer single and multi port power injectors that might better meet your requirements than trying to find a combined function switch and the cost might be less than a POE switch.

 

[abailey]

I can't say specifically on the model you are asking about but I have 6 TP Link switches in my house and have been very happy with all of them. I have 2 Smart Managed, 3 Easy Smart, and one non-managed POE switch.

 

[Denna]

@CaptainSTX,

I don't need PoE, but that feature is common in the US $60 - $70 budget for 8 port smart managed switches.

If there were non-PoE versions of the above switches like the D-Link DGS-1100-08, I'd prefer to consider those.

Having never purchased a smart managed switch before, I don't know what defines a reliable and feature rich managed switch.

The main requirement for the switch is being able to isolate the clients from each other.

I've removed the Ubiquiti US-8 from consideration since it's overpriced in comparison and I won't have other Ubiquiti products to manage with the UniFi Controller software.

I've updated the list above with notable negatives.​

 

[CaptainSTX]

I have three TP-Link switches with one being a smart switch. The oldest switch being over three years old. No problems they just run.

 

[sfx2000]

The Netgear GS108Tv2 is US $70. The firmware was last updated 9/10/18.

• Reviewers on Amazon Newegg remark that the interface is not intuitive.
• No CLI.
• Given the price, it's suspicious that Netgear offers a lifetime warranty implying it's a marketing gimmick similar to As Seen on TV product warranties. The power supply is not covered by the lifetime warranty.
  
• GUI console requires Adobe Air.
• Newegg reviews for this model go back to June 2015, so this is a fairly old model.

GS-108Tv2

* No CLI - but that's likely not a deal breaker in this market segment... (there are ways to hack into it and get a CLI)
* GUI and Adobe Air - not needed, it has a WebGUI
* WebGUI Interface - not intuitive for NooB's, but familiar to those who do this stuff everyday... once one gets a handle on things, and reading the friendly manual...
* Product Age - it's been on the market for a long time, and Netgear is keeping it up to date
* Features - pretty much a Layer 3 Lite/Layer 2 Plus - it does support ACL's and Radius for port authority/control - along with all the other things that one would expect, VLAN's, LAG's, QoS/CoS and the like - it's a bit more than a Layer2 "Smart Managed" device
* PoE - consumer, not an injector - and I really don't consider this box as a PoE device in any case...

 

[FatherLandDescendant]

1. The Linksys LGS308 costs US $50. The firmware was last updated 5/22/18.
   • To make configuration changes survive power cycles, you have to remember to copy the Running configuration to the Startup configuration before exiting the console.
   • Newegg reviews for this model go back to April 2014, so this is a fairly old model.

Does anyone have experience they'd like to share regarding these switches ?

I just put my LGS308 back into service last night, nice little switch, easy to configure and set up VLANs. I went with it because of space issues in my new apartment and the way I set up my equipment here, I bought it a couple of years ago and had it sitting around. And yes you need to copy the running file to the startup file when your configuring is done or a power loss will wipe out all of your settings, but this isn't that big of a deal, click of the mouse.

I retired a TP-Link TL-SG1016DE, it's a good switch too, just to big physically for where I wanted my switch, if I'd have had another 1/8" width in the entertainment center I put everything in I'd still be using the TP-Link. I had it because at one point I had Raspberry-Pi and a Shield hardwired and needed another port for when I had my laptop or was working on someones computer here at the house. Now the Pi is gone and streaming on the shield never did work well enough to make it worth the aggravation so with those 2 ports freed up an 8 port switch is enough for my network.

 

[Denna]

Update: Replaced the D-Link DGS-1100-08 with the newer DGS-1210-10.

Most of these switches are at least a few years old, implying there's not much new technology needed in the hardware. Functionality appears to be firmware driven.

Given the above information, why would you choose one over the other ?

 

[Denna]

I would have added the Cisco SG250-08 as it's in the < US $100 range.

Unfortunately, Cisco has given a firmware end of life date of Oct. 2019.

 

[abailey]

You might be overthinking things. Any of these managed switches will probably be fine. Like you said they mostly all do the same thing. There are little differences. One reason I like TP-Link is because on the Smart series and above, you can name the ports in the software. That way when you go into the config you can see exactly what is attached to each port (if that is how you named the ports). Not all switches at this price point let you name the ports in the software. Anyway what is your concern about firmware date? For this type device I would not worry to much about it. As long as it is stable. I'm not concerned so much about security on my home switches. They are behind the firewall. If someone has gotten through my firewall I have much larger problems than an out of date switch OS.

 

[Trip]

Not to beat a dead horse, but as @abailey said, choosing your L2 fabric these days is pretty generic, due to commoditization. It's basically the same silicon and firmware images running on these things, give or take a small variance in features, and certain level of "bug-free ness" between brands/models. For the basics, though, this is why a TP-Link will tend to perform very similar to an Adtran, all other things held equal. You'll still find variations in support and build quality, but as far as most SOHO and SMB users are concerned, it's never really enough to warrant choosing, for example, HPE over TP-Link, for a home network. I, myself, still prefer HPE or Cisco SG, as I *still* think their firmwares come out of the oven less flaky, better documented and supported than the likes of TP-Link, but try making that argument to the average SOHO user who simply sees that stuff as multiples of the cost... and it won't hold up. So I digress there.

All that said, moving up to L3 and L3+ is where product differentiation still exists, at least to a large degree. The enterprise switching brands are still a leg above the SMB stuff when it comes to performance at scale, total capacity and support. But it's largely a mute point to this crowd, as most don't really require L3-capable switching unless they want to truly segment LAN from WAN in their SOHO networks. In that case, stuff like Cisco SG350 is a good example the next step up.

 

[Denna]

@sfx2000, @FatherLandDescendant, @CaptainSTX, @abailey and @Trip,

Thanks for the detailed responses.

The performance and features these models provide are virtually the same. When you pass the US $70 mark, you start seeing features you might not need like SFP or PoE.

The main concern was the ability to isolate LAN clients from each other. Secondarily, was the manufacturer's ability to provide product updates.

Ironically, it's difficult to tell if frequent bug fixes are a result of poor design or an excellent commitment to keep the product up to date. Or, you could say infrequent updates are a sign of product stability or a lack of interest by the manufacturer to respond to bugs.​

 

[FatherLandDescendant]

it's difficult to tell

Not really, reviews would answer a lot of those questions. And given your choices are well known across the industry, stability and commitment aren't issues that often times come to mind