Need some recommendations for 2 switches

Avery

Regular Contributor
Can anyone point me to a few options for switches that would meet the below needs? I will ultimately need around 40ish ports, and would look to break it into two switches, such that I can have some critical devices on a UPS, but not others.


- Switches could be 24port (primary)+ 24 port (secondary) -OR- 10-16 port (primary) + 48 port (secondary)
- POE+ is needed on the secondary switch, and nice to have on primary switch (I could use injectors on the AP's, if needed). POE++ is even better.
- Quiet operation is key due to proximity to theater. Either finless or (better yet) quiet fan models
- Price is important, but I am imagining SMB/SMB+ level equipment
- L2+/L3 - I'm not entirely clear which is needed (L3?) Here's what I want to be able to do:

- Provide separation of traffic for security reasons for the following device types. I'm assuming through VLANs as:
  • Main Network for trusted devices/computers
  • Cameras
  • IoT devices
  • Renter
  • Guest
With the 'Main network' able to see the Cameras and IoT VLANs, but not the other way around.

Good long-range hardware/firmware/security patching support is important to me.

A year or so back I started looking at the Zyxel GS1920-24HPv2 switches, and I think some are still available - but not sure that these 'smart managed' class switches would do what I need. Is 'Smart managed' the same as L2+?

What recommendations do you have?
 

thiggins

Mr. Easy
Staff member
I have no specific model numbers, but TP-Link switches have been good for me.
 

coxhaus

Part of the Furniture
Cisco small business switches are very good. There are a lot of used ones out there.

One switch back plane is best but you will not find high densities switches quiet with POE++.
 

Avery

Regular Contributor
Thanks, coxuahs and Higgins.

Coxhaus, I think you mentioned previously I could accomplish this with either L2 or L3.

Is it safe to assume smart managed switch will not allow for the rules between the VLANs? I am struggling to understand the minimal layer to be able to setup VLANs, and rules for which VLANs can be accessed by which VLANs.

If I have multiple switches (and the primary switch is smaller, for power/ups reasons), do they need to be the same product line, or any two switches of the same layer (smart managed, L2, L2+, L3) will work together fine?
 

follower

Very Senior Member
Can anyone point me to a few options for switches that would meet the below needs? I will ultimately need around 40ish ports, and would look to break it into two switches, such that I can have some critical devices on a UPS, but not others.


- Switches could be 24port (primary)+ 24 port (secondary) -OR- 10-16 port (primary) + 48 port (secondary)
- POE+ is needed on the secondary switch, and nice to have on primary switch (I could use injectors on the AP's, if needed). POE++ is even better.
- Quiet operation is key due to proximity to theater. Either finless or (better yet) quiet fan models
- Price is important, but I am imagining SMB/SMB+ level equipment
- L2+/L3 - I'm not entirely clear which is needed (L3?) Here's what I want to be able to do:

- Provide separation of traffic for security reasons for the following device types. I'm assuming through VLANs as:
  • Main Network for trusted devices/computers
  • Cameras
  • IoT devices
  • Renter
  • Guest
With the 'Main network' able to see the Cameras and IoT VLANs, but not the other way around.

Good long-range hardware/firmware/security patching support is important to me.

A year or so back I started looking at the Zyxel GS1920-24HPv2 switches, and I think some are still available - but not sure that these 'smart managed' class switches would do what I need. Is 'Smart managed' the same as L2+?

What recommendations do you have?
Netgear.
 

follower

Very Senior Member
Thanks, coxuahs and Higgins.

Coxhaus, I think you mentioned previously I could accomplish this with either L2 or L3.

Is it safe to assume smart managed switch will not allow for the rules between the VLANs? I am struggling to understand the minimal layer to be able to setup VLANs, and rules for which VLANs can be accessed by which VLANs.

If I have multiple switches (and the primary switch is smaller, for power/ups reasons), do they need to be the same product line, or any two switches of the same layer (smart managed, L2, L2+, L3) will work together fine?
Usually fine.
 

Avery

Regular Contributor
I was able to setup the Peplink 20x router with an additional subnet network, and tagged it with VLAN ID 111, then on the Ruckus AP, set the corresponding VLAN ID for the IoT SSID. I then added a firewall rule to the 20x to deny any traffic from the IoT subnet (VLAN 111) to the TrustedDevice subnet. I tested it out and confirmed packets were dropped when initiated from the IoT network, trying to reach the TrustedDevice network, but not the other way around. I was also still able to reach the internet from the IoT network.

Am I setting this up appropriately, or is there a better/different way to go about it?

For this multiple subnet approach, would I have to run multiple ethernet cables to the switch from the 20x, off dedicated ports on the 20x? I think I read somewhere that a L3 switch may be required to handle multiple subnets, but was also thinking this is only logical separation of traffic with the VLAN tagging.
 
Last edited:

thiggins

Mr. Easy
Staff member
Is it safe to assume smart managed switch will not allow for the rules between the VLANs?
No. VLAN implementation varies among products. You need to dig into the user manuals to see if what you need is supported.
 

Avery

Regular Contributor
Ok, thanks thiggins, I'll dig in!

Can anyone confirm if the suggested approach is a good way to go about this? I don't know what I don't know.

Summary: Create separate network at subnet layer on router, tag traffic from networks (and wifi SSIDs) with vlans, use the router firewall to control traffics, and buy a switch that supports VLANs.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top