What's new

Switch help please

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

SSri

Regular Contributor
Hi all,

I am sure this has been asked many times before. I need some advice re-48 port gigabit switch.

What I have:
  • Virgin 200 mb business grade broadband. This is connected to Asus AC 68U through Virgin hub (used as a modem now).
  • I have turned off the wifi in Asus
  • 2 UAP AC pro - currently connected via powerline adapters.
Changes Made at home:
  • CAT 6 (in-wall) cables have been laid and terminated using a patch panel at the loft
  • The Virgin Model and Router will stay at the living room but will be connected via one Cat6 and a few as spares.
What I need:
  • 48 ports gigabit switch to connect the router.
  • I want to replace the router with Mikrotik routerboard or a Qotom Mini PC as PfSense FW + Router.
  • About half a dozen + VLANs including VLANs for the Wifi
  • I am not sure if I need stackable feature as a future proof.
  • I do not need POE+ switches as I have just a couple of UAP AC pros. I want to save some £££ here.
  • This is for a typical home and home office uses.
Considered:
  • US 48 port or ES 48 Lite. I am not impressed, given the large number of issues re-PSU especially UK, several DoAs and 1 year warranty. Price point and features are a huge plus.
  • Netgear GS748T-500EUS or a 752 model. I read the GUI needs Abobe Air and can be sensitive to the version I run. I am not sure if this is a problem.
  • HPE 1920 48G, HPE 2530 48G and HPE 2920 48G. I am aware the 1920 is price attractive but the 2530 and 2920 are way too expensive (£700 - £1000 at least.
  • I considered Cisco SMB 200-300, these are more expensive than HPE 1920 48G. I am also aware that the community generally do not recommend going down the HPE 1800s and 1900s.
I would appreciate any help and suggestions.

Thanks,
SSri
 
I have a setup here almost similar to yours (mini pc with pfSense, managed switch, 2*uap, 300 internet) . If you have no need for very specific features for the switch, have a look at the zyxel 1900 series. I am using a zyxel gs1900-24e and am happy with it (using vlans and lacp)
For a managed switch I think the price is quite competitive

Verstuurd vanaf mijn A0001 met Tapatalk
 
Last edited:
i hope VM is not stingy on the uploads as they usually are and for business thats not really good which is why i went with BT instead.
I have had PSU failures before with my mikrotik CCR, it was an earlier model as it was released but nothing that a little of basic soldering, glue and a decent PSU fixed. I ordered my PSU from a network supplier usually where you buy ubiquiti and mikrotik, recycled the slot and wires from the original PSU and got a DC barrel connected and soldered the wires, glued it to the case on an insulator to prevent any shorts. I have a thread where i show my modifications to the mikrotik CCR1036 making it silent and replacing it with a better PSU. I am using my CCR1036 on BT 80/20 internet which lets me have many thousands of rules if i want to and still have plenty of CPU leftover.

If you are doing house + business on the same network your switch needs to be semi managed at least. Layer 3 switches help if you do layer 3 segmentations. If you dont need POE from a switch mikrotik does have the CRS line but in order to get 48 ports you will need the crs226-2s+ as you will need to connect the SFP+ ports between them to get 48 ports if you want a fully managed switch. If you dont need fully managed than there are many good semi managed switches like the netgear prosafe line. If you have to choose between tplink and dlink go with tplink as dlink switches arent reliable and tp link's switches may not be reliable too but still better than d link. Mikrotik CRS switches do have bonding but lack LACP. VLANs are layer 2

Zyxel in general is good but they tend to be more expensive.

netgear prosafes have stackable switches but stackable isnt necessary. Switches with SFP+ are another way to avoid bottlenecks when adding switches.

The main difference between mikrotik and pfsense router is that mikrotik requires a lot of manual work whereas pfsense has modules with the setup already done. Both have radius server. However mikrotik has more layer 2 options whereas pfsense has more layer 7 options (you can do web filtering easier with pfsense than mikrotik if you install the plugins). With pfsense realtek NICs can cause problems sometimes.

From my experience i have used the mikrotik CRS, CCR, RBs and they have all been great except a few minor issues with the CRS that has now been sorted. I also have used the ERPRO and netgear prosafe is very reliable. if you want stackable the model you're looking for is the GS748TS (S at the back means stackable). They tend to have minor bugs relating to firmware functionality but nothing that disturbs the switch's reliability. The ERPRO is great as an alternative to pfsense if you want a dual core MIPS debian based linux server, its not ideal though and pfsense is better.
 
if you want to have something cost-effective, no one can beat TP-Link at prices. They not only have very decent switches, but also at pretty low prices, lower than most other vendors. The advantage of TP-Link is that they build their stuff in-house and don't outsource it. Their firmware tends to be very solid too

Don't listen too much at SEM above. He's our local Mikrotik troll
 
if you want to have something cost-effective, no one can beat TP-Link at prices. They not only have very decent switches, but also at pretty low prices, lower than most other vendors. The advantage of TP-Link is that they build their stuff in-house and don't outsource it. Their firmware tends to be very solid too

Don't listen too much at SEM above. He's our local Mikrotik troll
i recommended the netgear prosafe line :p

I've seen the experience others have had with tp link, they arent bug free but still decent.
 
I have a setup here almost similar to yours (mini pc with pfSense, managed switch, 2*uap, 300 internet) . If you have no need for very specific features for the switch, have a look at the zyxel 1900 series. I am using a zyxel gs1900-24e and am happy with it (using vlans and lacp)
For a managed switch I think the price is quite competitive

Verstuurd vanaf mijn A0001 met Tapatalk
i hope VM is not stingy on the uploads as they usually are and for business thats not really good which is why i went with BT instead.
I have had PSU failures before with my mikrotik CCR, it was an earlier model as it was released but nothing that a little of basic soldering, glue and a decent PSU fixed. I ordered my PSU from a network supplier usually where you buy ubiquiti and mikrotik, recycled the slot and wires from the original PSU and got a DC barrel connected and soldered the wires, glued it to the case on an insulator to prevent any shorts. I have a thread where i show my modifications to the mikrotik CCR1036 making it silent and replacing it with a better PSU. I am using my CCR1036 on BT 80/20 internet which lets me have many thousands of rules if i want to and still have plenty of CPU leftover.

If you are doing house + business on the same network your switch needs to be semi managed at least. Layer 3 switches help if you do layer 3 segmentations. If you dont need POE from a switch mikrotik does have the CRS line but in order to get 48 ports you will need the crs226-2s+ as you will need to connect the SFP+ ports between them to get 48 ports if you want a fully managed switch. If you dont need fully managed than there are many good semi managed switches like the netgear prosafe line. If you have to choose between tplink and dlink go with tplink as dlink switches arent reliable and tp link's switches may not be reliable too but still better than d link. Mikrotik CRS switches do have bonding but lack LACP. VLANs are layer 2

Zyxel in general is good but they tend to be more expensive.

netgear prosafes have stackable switches but stackable isnt necessary. Switches with SFP+ are another way to avoid bottlenecks when adding switches.

The main difference between mikrotik and pfsense router is that mikrotik requires a lot of manual work whereas pfsense has modules with the setup already done. Both have radius server. However mikrotik has more layer 2 options whereas pfsense has more layer 7 options (you can do web filtering easier with pfsense than mikrotik if you install the plugins). With pfsense realtek NICs can cause problems sometimes.

From my experience i have used the mikrotik CRS, CCR, RBs and they have all been great except a few minor issues with the CRS that has now been sorted. I also have used the ERPRO and netgear prosafe is very reliable. if you want stackable the model you're looking for is the GS748TS (S at the back means stackable). They tend to have minor bugs relating to firmware functionality but nothing that disturbs the switch's reliability. The ERPRO is great as an alternative to pfsense if you want a dual core MIPS debian based linux server, its not ideal though and pfsense is better.
if you want to have something cost-effective, no one can beat TP-Link at prices. They not only have very decent switches, but also at pretty low prices, lower than most other vendors. The advantage of TP-Link is that they build their stuff in-house and don't outsource it. Their firmware tends to be very solid too

Don't listen too much at SEM above. He's our local Mikrotik troll

Thank you very much. I have overlooked TP-Link for similar reasons outlined by SEM.

I definitely need an L3 switch. The switch does not therefore has to depend on the front door every time. I would ideally prefer using these features through GUI than SLI.

I am not sure what the choices are. I was looking at the following:

Cisco SB300-52 (Is it an L3 and web based?)
Netgear 752 tsb (it seems to have L3 but does it still depend on the router). The 748TS seems to be an L2 only.
HP 2920 48G (v expensive, though).
Zyxel - I am not sure.

I would appreciate recommendations, the better choice and a cost effective choice. Thanks
 
Cisco if you can afford it.
between netgear and zyxel i would pick netgear if it is not the budget line. Netgear's low cost semi managed switches arent very good but at the featureset you need it is good. Zyxel tends to make their products well but cost more however i wouldnt rule out firmware issues anymore than netgear so as far as price go i would suggest netgear but if you can get the cisco switch go for it.

Im not quite sure you need L3. VLANs are layer 2, subnetting IP addresses is layer 3. Even than the switch must support the layer 3 subnetting you do for example if you use ipv6 than the switch most support ipv6. Layer 3 will also require some configurability on being able to set routes as well on how you want traffic to flow but if you want fully isolated networks than you dont need a layer 3 switch.

A switch can be layer 3 but you will surely need a router, this is because the switch can only route whereas a router can do more complex routing, NAT and firewall. Features like DHCP server, radius/hotspot and such arent available on switches Except for ubiquiti's switch line as like mikrotik its basically a managed switch/router but mainly a switch with a CPU running a router based OS. If you had ubiquiti switch you could've salvaged it the same way i did with my mikrotik CCR and some modifications for silence.

HP and dell both make managed switches that i would consider very similar in their feature set, price and focus. They certainly cost a lot and are designed for use with servers as HP and dell both make dedicated servers. Their switches would fit you well too if you can afford them but from what you've described i dont see you needing their featureset.

The main difference between semi managed and fully managed isnt just the price. Fully managed is configurable, you can configure the rules and make it do things you cant with a semi managed switch. For example on mikrotik i can perform NAT on layer 2. Semi managed doesnt allow any configuration outside of its featureset. Security wise fully managed allows you to do more (cisco has tutorials on layer 2 security in preventing hacks like droidsheep, DHCP stuff ARP poisoning, switch memory flooding and authentication, you can easily find it through google search and read up but the tutorials involve something like mikrotik and cisco switch using CLI to configure).

The only reason to pick layer 3 switch is because of layer 3 segmentation but if you are doing inter subnet routing such as allowing some of subnet 1 to communicate with subnet 2 without having it go through the router.
 
Cisco if you can afford it.
between netgear and zyxel i would pick netgear if it is not the budget line. Netgear's low cost semi managed switches arent very good but at the featureset you need it is good. Zyxel tends to make their products well but cost more however i wouldnt rule out firmware issues anymore than netgear so as far as price go i would suggest netgear but if you can get the cisco switch go for it.

Im not quite sure you need L3. VLANs are layer 2, subnetting IP addresses is layer 3. Even than the switch must support the layer 3 subnetting you do for example if you use ipv6 than the switch most support ipv6. Layer 3 will also require some configurability on being able to set routes as well on how you want traffic to flow but if you want fully isolated networks than you dont need a layer 3 switch.

A switch can be layer 3 but you will surely need a router, this is because the switch can only route whereas a router can do more complex routing, NAT and firewall. Features like DHCP server, radius/hotspot and such arent available on switches Except for ubiquiti's switch line as like mikrotik its basically a managed switch/router but mainly a switch with a CPU running a router based OS. If you had ubiquiti switch you could've salvaged it the same way i did with my mikrotik CCR and some modifications for silence.

HP and dell both make managed switches that i would consider very similar in their feature set, price and focus. They certainly cost a lot and are designed for use with servers as HP and dell both make dedicated servers. Their switches would fit you well too if you can afford them but from what you've described i dont see you needing their featureset.

The main difference between semi managed and fully managed isnt just the price. Fully managed is configurable, you can configure the rules and make it do things you cant with a semi managed switch. For example on mikrotik i can perform NAT on layer 2. Semi managed doesnt allow any configuration outside of its featureset. Security wise fully managed allows you to do more (cisco has tutorials on layer 2 security in preventing hacks like droidsheep, DHCP stuff ARP poisoning, switch memory flooding and authentication, you can easily find it through google search and read up but the tutorials involve something like mikrotik and cisco switch using CLI to configure).

The only reason to pick layer 3 switch is because of layer 3 segmentation but if you are doing inter subnet routing such as allowing some of subnet 1 to communicate with subnet 2 without having it go through the router.
Thanks SEM. I do want to leverage the features the L3 switch would offer. Cisco SB300-52 seems to be the logical answer. If I want to retain the features of SB300-52 and have a stackable feature as an add-on, what would that be, apart from SB500-52, Mikrotik and Ubiquity, please?

One thing I would like to ask is: would I able to share the network printer and nas, on a segmented (VLAN) traffic please? I was thinking if I could connect the network printer and NAS on the switch, create a separate VLAN for each of them and allow Home + Office VLANs to access them.
 
Last edited:
If the switch isnt layer 3, you would set up the routing on your router. Otherwise if the switch is layer 3 you will need to route between subnets on the switch and set the printer to be a member of both vlans.

netgear prosafe has stackable too but stackable or having 4 SFP+ tends to cost quite a bit. Still cisco would be the best choice, other choices would be ubiquiti, netgear prosafe

hp, dell and the like are good too for their configurability but you will get that with ubiquiti's switch i hope. Mikrotik doesnt have 48 port switches.
 
I am not following/understanding the desire for a Layer3 capable switch here? Everything you have described leads me to think you need a basic VLAN capable Layer2 switch. All routing and FW functions will be handled by your router/FW which you said would be a Mikrotik or a pfSense box. If you have a full featured router/FW, why spend the money on a Layer3 capable switch?
 
If the switch isnt layer 3, you would set up the routing on your router. Otherwise if the switch is layer 3 you will need to route between subnets on the switch and set the printer to be a member of both vlans.

netgear prosafe has stackable too but stackable or having 4 SFP+ tends to cost quite a bit. Still cisco would be the best choice, other choices would be ubiquiti, netgear prosafe

hp, dell and the like are good too for their configurability but you will get that with ubiquiti's switch i hope. Mikrotik doesnt have 48 port switches.

Thanks. I will buy the Cisco SB300-52.

Re-Pfsense, do you have any mini-pc recommendation please? I need a 1U rackmount please.

One popular choice is Qotom, though I would like a 1U rackmount:

https://www.amazon.co.uk/d/Computer...?ie=UTF8&qid=1490603652&sr=8-5&keywords=qotom

The other one is building a Intel Atom c2000 using supermicro motherboard. The recent news on the C2000 series is a cause for concern.

I am not following/understanding the desire for a Layer3 capable switch here? Everything you have described leads me to think you need a basic VLAN capable Layer2 switch. All routing and FW functions will be handled by your router/FW which you said would be a Mikrotik or a pfSense box. If you have a full featured router/FW, why spend the money on a Layer3 capable switch?

Thanks Michael. I appreciate your question and the need to spend extra £££. One, I want to spend a little extra therefore I do not have to go and buy anther switch, if I am constrained by any change in requirements in the future. Second, I would rather prefer to use the L3 to offload work where ever possible from the router to the switch, all inter-VLAN routing and a bit of future proofing to unexpected network bandwidth bottlenecks
 
Thanks Michael. I appreciate your question and the need to spend extra £££. One, I want to spend a little extra therefore I do not have to go and buy anther switch, if I am constrained by any change in requirements in the future. Second, I would rather prefer to use the L3 to offload work where ever possible from the router to the switch, all inter-VLAN routing and a bit of future proofing to unexpected network bandwidth bottlenecks
Not a bad plan to help future proof. I am by trade a Network Security guy....rarely ever am I a fan of bypassing the FW for anything. :)
 
you could always go with past generation chipsets and boards. If you want 1U its more of a question of how deep. The cheapest is to get one that accepts ATX.

You dont necessarily need to get intel xeons and if you dont plan to overclock than there are plenty of choices.
For example intel sandybridge and newer, AMD ryzen are both something you can build cheaply. Integrated graphics is going to be important and you will need a PCIe riser for the NIC.

A very simple example would be:
2nd hand intel haswell i3 (sandybridge/ivybridge is fine as long as the board IGP works. Mine doesnt)
Any ATX/micro-ATX motherboard with PCIe x16 up top and IGP
some ram
300W 1U PSU
x16 PCIe riser
2nd hand intel quad port server NIC (it would require 4 pcie lanes and make sure it is gigabit).
scythe kodati heatsink if using intel, if using AMD they have all copper 1U compatible heatsinks but scythe will also do well too. Dont bother with the all copper intel server heatsinks, they are a huge pain to deal with.
room for a couple of drives. Not only for the OS but you can use for caching as well.

Intel Atoms do a good job if you dont plan on using the extra features that pfsense provides in the form of plugins such as IDS and layer 7 filterings or even doing a proxy. The issue with the C2000 is dependent on which bus the clock generator is on. So you will have to put in extra effort to check and this could also mean that 2nd hand market for these would be littered with the problematic ones.

If the cisco switch doesnt let you set up routes than return it.
 
Thanks all.

Not a bad plan to help future proof. I am by trade a Network Security guy....rarely ever am I a fan of bypassing the FW for anything. :)
Fair enough. I will remember it though :)

Intel Atoms do a good job if you dont plan on using the extra features that pfsense provides in the form of plugins such as IDS and layer 7 filterings or even doing a proxy. The issue with the C2000 is dependent on which bus the clock generator is on. So you will have to put in extra effort to check and this could also mean that 2nd hand market for these would be littered with the problematic ones.

I do not want to risk going down the Intel Atom route at this juncture, given the scale of the problem with the c2000. The trade off is of course a lack of low-power CPU. I have no plans of overclocking them. I want to keep the firewall/router system separate, although I would not mind adding one file server and NAS later on.

If the cisco switch doesnt let you set up routes than return it.

Sorry. I lost you on this one. BTW, what technology stack (I mean chip) does cisco SG300-52 use please?

If you are based in the UK, whom do you usually buy ? I find a few deals, where prices vary between £450 and £700 for Cisco SG300-52. I guess, Cisco provides a global guarantee, even if I were to buy the switch from a EU shop providing UK plug. Cisco merely said, when I checked, they guess so!

http://transparent-uk.com/cisco-srw...gle_shopping&gclid=COKL2tja9tICFUqNGwodZPEFPQ
http://compadvance.co.uk/en/item/123714/CISCO-SRW2048?gclid=CNSiu9na9tICFWYq0wodKd0HoA
http://www.tekshop247.com/network-s...1439191.html?gclid=CNORzKbw9tICFQmeGwodFTwGxQ
http://www.misco.co.uk/product/1644...0-100-1000-plus-2-x-combo-Gigabit-SFP-desktop

They all provide the UK plug.
 
Last edited:
i look at various UK suppliers and EU suppliers too. Sometimes amazon can have good deals too. The 2nd hand/refurbished is also something you can consider. Usually if you order from EU just tell them to include a UK plug. Prices can change so i usually go for the one with the best price and return policy/warranty.

Im not sure what chip the cisco uses, i never managed to find the datasheet for it.

Intel i3 is also low power too. They can idle at really low power but can provide the power you need when you need it. While the intel atom may be a few watts, an i3 may use up to 45W (including IGP if also rendering). I have measured the power use of laptops using a wattmeter and they typically use around 20-30W for a dual core iseries laptop while in normal use. Take the screen away and if you're not doing any rendering with the IGP (you wont be, its only for the setup), you can expect around 30W-50W usage accounting for 3.5 inch hard drives and the NIC itself. Some xeons can work with consumer boards so thats something you can consider if you want ECC memory and i have tested as well using the 1st gen iseries xeon in a desktop board with ECC ram overclocked by 50% using a 2U heatsink. This isnt what i use for networking, rather what i use for my file server and game server (seperate machines). I have made both 1U and 2U servers using 2nd hand, refurbished and desktop components and it went well. Not easy for the GPUs but since you dont plan on using GPUs in the chassis you wont have any issue.

You can also find low power variants of intel iseries, basically boards that come with a laptop variant of the CPU. The CPU will most likely be soldered on but hopefully it will allow you to use the heatsink you want even mini ITX.

Dual channel DDR3 memory is fine for a few Gb/s of internet, but for 10Gb/s up more memory channels and bandwidth is useful. Unfortunately while i do have a router for 10Gb/s symmetrical internet we still dont even have gigabit internet in the UK.
 
Thanks SEM. I have ordered Cisco SG300-52.
I am looking around for a platform for Pfsense Fw router.

Thanks every one
 
for the Pfsense FW/Router, I will be deciding one of the three choices:

  • Refurbished HP z220 sporting Xeon E3-2270.v2 / E31220.v3 / i7 3770 workstation costing about £250-£300
  • New build using i3 7100 costing about £600
  • Netgate 2000 series for PfSense.
 
A couple of things I would like to add after reading this thread.

The Cisco SG300 switches in L3 mode do support DHCP for multiple networks on the switch. I use it.

If you use L3 mode on the SG300 switches to share printers off of one VLAN you do not need to make the printers members of multiple VLANs. Using networking you can share only the printers off of a VLAN. I have a thread on this site where I do this on a SG300-28 switch. Think layer 3 not layer 2 on VLANs. It works so much easier when using VLANs on a large scale.

If you buy hardware for pfsense now days you need to buy 64 bit hardware as version 2.4 of pfsense will only run on 64 bit.

I have been running a SG300-28 switch in L3 mode for a couple of years now without any problems feeding a pfsense box. There have been a few firmware updates along the way from Cisco. I use Cisco's Findit version 1.0 to track firmware updates for my Cisco Switches and wireless APs. You probably want to upgrade to the latest firmware before you configure your switch. You can download it for free from Cisco's web site for the SG300 switches.

If you are interested in how I setup pfsense for the Cisco SG300 switch in L3 mode there is a thread on pfsense's web site under installation.
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top