Budget switches for starter pf/opnsense router

bedHedd · October 30, 2023, 10:57pm

Is this a good starter switch to pair with a pfsense router and a wireless access point? It looks like it’s managed and has PoE
https://www.amazon.com/gp/aw/d/B00M1C03U2?psc=1

I couldn’t find any deep reviews of these

bedHedd · October 31, 2023, 1:20am

But on the topic of buying switches, I heard I should get managed switches for vlans. Should I be searching for vlans in reviews or managed in the product description?

Because I’ve come across some cheaper ones that claim to be “smart” managed or having a web/cloud manager.

For example this

One review mentions

If you plan to use this switch to segregate say webcam traffic from your main network, be aware that their 802.1q implementation does not conform to standards. The major flaw is you can’t remove any of the ports from default VLAN 1, which means any untagged traffic will leak to ALL of the ports! Most wecams do not support VLAN tagging so there’s really no easy way to isolate traffic from the the other ports. Also, the switch allows for multiple untagged (Native) VLANs. This is the first switch I’ve worked with that does this. Normally you can only have 1 native VLAN. To complicate matters, you can also set PVID to be the same as your untagged VLAN. I’ve tested this by setting a port to vlan 8 and another port on standard vlan 1 untagged and both devices can ping each other. Reason being the port with vlan 8 is still a member of vlan 1.
If you just need a POE switch, this switch is great, but if you want to use any of the VLAN functions for security, I’d suggest passing on this one.”

On the original listing, there’s a review that mentions the same issue

Might be better to move to its own thread

Jelmer · October 31, 2023, 9:44am

It’s not as bad as they say.
Vlan1 is just vlan1, like vlan 2103 is just vlan 2103. The ‘problem’ is that the management interface is available from every vlan.

Not sure why these cheap switches have PVID settings, not really a realistic use case for people at home. Setting a (default) untagged vlan and/or multiple tagged ones per port should be more than enough.

skullabyss · October 31, 2023, 12:39pm

I have a used 48 port switch from Juniper Networks that has PoE. I’d look into the used market for a managed switch with PoE.

jode · October 31, 2023, 3:56pm

The reviewers lack imagination. It’s totally possible to disable access to the web management gui on the Tplink switch.

Create VLAN for management access (say VLAN100, IP range 192.168.100.0/24),
set the IP of the switch into the range of the management VLAN
Prevent any port of the switch access to management VLAN.

Tested and working.

jode · October 31, 2023, 4:01pm

Also incorrect.

You cannot remove a port from VLAN1 unless the port has access to another VLAN. That makes sense because otherwise the port would have no communication at all.

You may want to treat VLAN 1 as a guest network, because any port will default to VLAN1 in case of a switch reset.
Should someone get access to the switch to cause a reset this event will not suddenly provide access to sensitive networks, such as a management network.

mutation666 · October 31, 2023, 4:02pm

I have a three NETGEAR ProSafe GS108Tv2 in the home net, have gotten them for as low as $22 used shipped

Cool part is if you end with a poe switch later you can run the switch off poe power

bedHedd · October 31, 2023, 4:07pm

So what should I be looking for in a cheap starter switch? So far I have managed and vlans

The 099 episode mentioned enterprise switches were either gigabit or 10gb without any 2.5 gigabit. Also the video didn’t go as in depth as they did when looking for WAPs

Also forgot to mention looking to pair it with this box
https://forum.level1techs.com/t/deals-tech-software-and-everything-else/185120/114?u=bedhedd

I know darwinlabs from pgp twitch chat said I should look into Next Gen Firewalls and mentioned Sophos

Interesting are they passively cooled or have minimal noise?

bedHedd · October 31, 2023, 4:08pm

So this switch is a safe bet if I can’t find

jode · October 31, 2023, 4:14pm

This one without POE is $26 new:

I use both at home and they work well for my homelab.

They have one annoying insecurity: their management interface does not support HTTPS. For this reason you should only have them on a dedicated firewalled management VLAN.

Good enough for me.

mutation666 · October 31, 2023, 4:20pm

passive pretty sure

bedHedd · October 31, 2023, 4:23pm

Hmm might have to consider the other one for poe because I want a wap. In a building complex, so lots of interference from wifi provided by the isp

jode · October 31, 2023, 4:27pm

Great device to learn. Also, it is spec’ed to only consume 3W idle (I am sure it’s more as you populate ports).

Make sure to turn on Flow Control by default.

bedHedd · November 1, 2023, 4:39am

Am I looking at the right page?

This is saying it’s poe compatible, but does not supply it

How is it different from the previous version?

mutation666 · November 1, 2023, 10:03am

Yeah has poe in not out. If you just have 1 ap just use an injector

diizzy · November 1, 2023, 6:42pm

Zyxel 1900-series might be of interest, they also support OpenWrt afaik if you want to go that route at some point.

ucav117 · November 5, 2023, 2:10pm

ZyXel 8 port POE+ gigabit switch (GS1900-8HP) - $50

I have a ZyXel switch I am trying to sell. It is a managed 8 port with poe+.

Yasoda_Sanjel · November 5, 2023, 3:11pm

Yes, the NETGEAR GS108PEv3 Gigabit Ethernet Smart Managed Plus Power over Ethernet (PoE) Switch seems like a suitable choice to pair with your pfSense router and wireless access point. It offers 8 ports, 4 of which support PoE, making it convenient for connecting devices like IP cameras or VoIP phones that require power over Ethernet.

Additionally, its smart managed features provide some level of control and customization, making it ideal for small to medium-sized networks. The 53W PoE budget should be sufficient for powering several PoE devices, and the ProSAFE Lifetime Protection offers added peace of mind regarding your investment.

However, when considering networking equipment, it’s also worth exploring refurbished switches. Refurbished switches, especially those certified by reputable providers, offer a cost-effective alternative without compromising on quality. These switches are thoroughly tested, restored, and certified to ensure they meet industry standards, making them a reliable and affordable choice for your networking needs. By opting for certified refurbished switches, you can save on costs while still enjoying the benefits of high-quality networking equipment.

bedHedd · November 17, 2023, 3:37am

Did some additional research on yt

Ok I don’t need layer 3, I’m not going to have to many devices talking to each other that are latency specfic

$200 is a bit too much

Ok I need a smart or managed switch. Smart == web interface instead of cli

$369 for the switch featured is a little too much

Poet vs poe injector?

I probably should just get a injector and if I need more, I can take my existing switch and plug a poe switch into the port. I really just need poe for a WAP.

Now it’s a matter of the price. Good managed poe switches even on the used market are still at least $70. If I can get a injector and a managed switch for less than the cost of a poe managed switch $100+.

Looking around and poking eBay, seems that I can’t go wrong with the netgear. It isn’t a CLI managed switch, but seems like I just don’t plug anything into vlan 1.

I ended up going with this one because I couldn’t find a managed switch new with poe and the ports.

I considered it, but after looking at the cost of it + a poe injector made the price the same as the one linked above.

I looked at the page, but it required filling out a form

bedHedd · November 17, 2023, 3:50am

Now to find a AP that is <$100 and does not require a cloud subscription.

Rukus or Aruba seem like possibilities. I don’t know if I want to do a receiver with unifi