Menu
What's new
By:
Filters Better Search

TP-Link TL-SG2216 vs Linksys LGS318

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

What would you reccomend?

  • TP-Link TL-SG2216

    Votes: 3 60.0%

  • Linksys LGS318

    Votes: 1 20.0%

  • Other

    Votes: 1 20.0%
  • Total voters
    5
I have the SG2216 and I like it a lot. Been rock solid for something like 3 years, minus one incident where some ports were dropping packets. That was post blackout/powersurge however. A quick reset of the switch and it has worked great (about 16 months 24/7 operation without any issues before the power surge and almost 18 months since then. The surge fried my FIOS ONT box).
 
I also have the SG2216 and have had no problems what so ever. I am not doing anything real fancy with it but I do have several VLANs configured as well as a mirrored port. It has been rock solid. I actually have 6 TP-Link switches in my house and they have all been rock solid. I have two Smart Switches, three Easy-Smart switches, and one of their unmanaged POE switches. I use the SG2216 as my "core" switch. Very happy with them.
 
I think a used, off eBay, Cisco SG300-28 switch nonPOE version is a better switch than the 2 you are deciding between. The Cisco SG300-28 is a layer 3 switch where the ones you are looking at are layer 2. I much prefer to work at layer 3 the IP level. You can do a lot at layer 3 like sharing resources across VLANs at the IP level or at the port level.
 
if everyone keeps suggesting used network hardware from ebay than they may increase their prices lol.

The only cisco hardware worth getting are configurable ones. The security you can do with them would put you ahead of most networks that area still vulnerable to spoofing, pineapple hak, rogue servers, etc.
 
System Error Message said:
The only cisco hardware worth getting are configurable ones. The security you can do with them would put you ahead of most networks that area still vulnerable to spoofing, pineapple hak, rogue servers, etc.
Click to expand...

I think if you have physical access to network equipment you are not going to be able to stop the haks. Since you bring it up a lot how would you stop the haks you mention above?
 
I can tell you I have setup many Cisco's 6509 switches. They were the standard in the old days. Networks which would use a 6509 switch would be fairly large probably bigger than 1000 nodes. We had just under 5000 PCs on every day in a couple of time zones. Large networks are pretty dynamic especially with DHCP. Trying to track Mac addresses were too difficult for the limited staff we had. We never used DHCP snooping or DIA on our 6509 switches. We were able to track rogue DHCP servers down pretty fast without it. We used physical security for network equipment to stop access. We could not stop access to physical ports in all the rooms of all the client machines. Just not a way to do it. If you plug into an active Ethernet port by unplugging a valid machine of someone sick you would have access. I don't think there is a way to stop rogue devices if there is physical access.

The pineapple hak seems to be a man in the middle for wireless. If you are close enough you can pickup the wireless signals. The same thing can be said for fiber running from building to building or just within the building. You have exposed connections. Maintenance men have access either within the building or to the tunnels between buildings. Communication company's have access to all your locations. It is pretty hard not to have exposed networking hardware in large networks.

Yes I guess if you have a couple of switches or routers limited to your controlled space you could protect your self. Get a little bigger, maybe multiple locations and you will be exposed some how.

We used Radius for equipment access and it works fairly well and is easy to use. The only problems is when the radius server goes down for some reason or you lose the communication line to the radius server. It is a pain to go around.

Trying to apply all this to a home network you probably will not find me doing it. It is just too much work and maintenance overhead for me. I want a network which just works. If someone walks in or my wife buys a new device I want it to work. I don't want to have to authenticate the device. I am retired and I only do the fun easy stuff with no recurring maintenance.

Security which I build in to my home network is to lock down DNS so I do not have all my traffic routed through China or somewhere else. I lock down only the valid networks which I use. Rogue IP networks are not allowed internet access. These are easy one time setups with no maintenance.

What do you do security wise on your network to stop all this stuff?
 
Last edited:
RADIUS, automated logging and only allowing verified devices internet access via the firewall aside from the layer 2 stuff. You can also use active NAT detection to defeat MiTM but RADIUS will work very well against the pineapple hak. Consumer hardware has the hardware to run RADIUS server but they lack the software.

Locking down DNS doesnt stop traffic getting routed somewhere.
 
System Error Message said:
Locking down DNS doesnt stop traffic getting routed somewhere.
Click to expand...

I lock down DNS because I was hacked 12 years or so ago. I was running Microsoft 2003 server using DNS on my server at my home. Someone was changing my DNS forward IP address from my chosen one to an IP address in China. I assume they had fake web pages setup for you to hit from their DNS server. They would resolve DNS to a bad IP address and no one was the wiser. Your computer just goes to the web page where DNS tells it to go by IP address. I lock my router so only my chosen DNS works. Anything else goes offline if the IP address for the outside DNS does not go where I allow it.
 
Last edited:
System Error Message said:
RADIUS, automated logging and only allowing verified devices internet access via the firewall aside from the layer 2 stuff. You can also use active NAT detection to defeat MiTM but RADIUS will work very well against the pineapple hak. Consumer hardware has the hardware to run RADIUS server but they lack the software.
Click to expand...

Radius cannot stop a pineapple attack, and it can run it's own DNS/DHCP - more discussion on pineapple style defenses here on this thread..

http://www.snbforums.com/threads/stopping-wireless-pineapple-hack.29276/
 
You must log in or register to reply here.

Similar threads

intArray
MoCa Packet Loss with TP-Link Equipment
Replies
0
Views
160
intArray
intArray
S
Looking for a wireless and wired router, getting confused
Replies
9
Views
2K
L&LD
L&LD
L
Question about Beamforming technology and Wi-Fi signal coverage
Replies
3
Views
1K
sfx2000
sfx2000
B
Dynamic IP not refreshing, mistakes were made, related?
Replies
1
Views
657
ColinTaylor
C
B
drastic speed difference ethernet AP vs ethernet Aimesh
2
Replies
28
Views
8K
bobblet
B
Similar threads
Thread starter Title Forum Replies Date
OakleyFreak anyone use TP-Link AV2000 Powerline Adapter for asus mesh on 2.5Gb ports Switches, NICs and cabling 12
F TP-Link the stupid company Switches, NICs and cabling 28
S D-Link DGS-1016C Switch Switches, NICs and cabling 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 987 (members: 22, guests: 965)
Top