I’m about to replace my cheap, 1 gig, unmanaged switches with cheap, 1gig, managed ones to put POS, IP Cams, IoT devices, and servers on to separate VLANs. But maybe I should future proof a bit?
Should I spend a little more to have a 2.5/5/10 gig uplink?
Does running 2x 1gig lines between switches equate to 2 gigs of uplink speed?
How important is it to stay within a brand for manageability?
I have a half dozen locations in the building, some need 4 ports, some need 8, some need PoE+, and some don’t (or get by with a single PoE injector). Then I need a 4 or 8 port rackmount switch for the uplinks to connect to. All runs are less than 50m.
Any specific hardware recommendations? I’ve never worked with VLANs before.
So do each of these 6 locations have an unmanaged switch? And then does each location uplink to your “core” switch? Or do the locations just daisy chain on each other?
Depends on overall throughput. You’re not going to get better performance on a 1GB vs 10GB uplink if the throughput never exceeds the interface speed.
This is referred to as link aggregation but it’s usually used for redundancy/failover with the added benefit of increased throughput when both links are up. But I personally would not use multiple 1Gbps links to achieve 2Gbps throughput. Look at using 10Gbps uplinks if you need higher throughput.
If you’re overhauling the network with all new switches it doesn’t make sense to mix and match brands. Yes, they all will support 802.11q trunking but you’ll lose some quality of life features such as only having to define your VLANs once on Cisco or UniFi.
We really need to know what you overall budget is to make a recommendation.
Yes, there’s a drop from each location to the center.
Right now, 1 gig is mostly fine, but does future-proofing make sense?
I’m figuring it’ll be under $1k for consumer-grade, 1 gig, managed switches. I guess I’d be willing to spend $2-3k if it means I’m good to go for a decade.
If 1Gbps is all you currently need then there is no need to run 10Gbps fiber uplinks now. But I wouldn’t buy a switch that doesn’t have an SFP+ port. That’s how I’d future proof it.
I don’t know of any enterprise offerings that could include 6 access switches and a core switch in that budget range. But my world is limited to Cisco, HP, Juniper, and Adtran. Something like UnFi or MicroTik would probably fit into that budget range and are leaps and bounds better than the unmanaged switches you’re running.
I think I’d lean toward recommending UniFi as it has a nice web UI for configuration and would be less of a learning curve than MicroTik. Does anyone else have better suggestions for him around that same price point?
Depending on your building layout this may not be practical but it could be cheaper to “home run” all your workstation drops to an central location. You can definitionally get a 48 port enterprise switch for under $3k.
I looked at UniFi first, but their sub-enterprise gear doesn’t make sense. There’s a ‘Standard’ 8x SFP+ aggregator, but nothing else has SFP+. SFP is missing completely in Lite and Flex, which is all 1 gig (except for a 4x 10 gig switch):
10 years ago, I ran a home run to every workstation. Since then, everything - the phones, cc terminals, bar code printers, security cameras - are moving towards IP. I’ve been adding 4 and 8 port switches as I go, but I’m realizing I got a lot of stuff on my net I don’t trust.
A UniFi grade version of this or this would be perfect. Something with a mix of 1 gig for VLAN’d peripherals and 2x 2.5/5/10 gig ports for the workstation and homerun. Having SFP+ would be a plus…minus a copper home run in the 50m range and fiber being overkill.
Their Pro model includes 2x SFP+ but you’d be installing a 24 port switch (USW-Pro-24) at each of your 6 locations. And as you’ve already noticed they don’t make any 8 or 16 port switches with SFP+. This is why I touched on consolidating all your drops to possibly a single location (or to only a few).
They have a 10G uplink + another 10G port for a workstation or a NAS + a bunch of 2.5G
you’ll need some switch with a couple of 10G SFP+ centrally for your NAS / future internet router. unifi has an 8 port for about 250
Do you have a drawing or an inventory list of what you have in each location?
I think this should be good for approximately the environment you described over the next couple of years, but is probably financially not very optimal today.
Yes, or no, depending on what your real budget is how much you value having a unified managemnt plane vs doing your config on each device.
For something new in 2022 I would not consider 1GB copper for the uplinks and go straight to 10Gb fiber
If you value your time, it is the only option you have, getting up to speed with proper VLAN configs/trunking and such is usually already a challenge on its own. You don’t want to add different UIs, terminology, different implementation of the concepts by going with different brands
Please note the pricing do not include the cost of the transceivers (around 30USD each for fiber, 70USD for copper)
Not really, it’s more a matter of finding the brand that has the most sensible options for your use case, and then deciding based on price/features how much you want to overspend.
Mikrotik for me is the best bang/fetaure for bucks option at the moment, as their devices are more than reasonably priced and have line rate performance when used as switches (when doing layer3 performance isn’t really there yet unless you go fo the much pricier and server room grade models) and have the most non server room sensible specs I could find. Almost all ‘server grade’ gear assumes they’ll be running in a rack/server room and have fans sized accordingly (i.e. they are loud as fuck in a non server room environment)
I have just deployed 3x CSS610-8G-2S+IN across my house, using fiber runs and fiber transceivers, and hooked up my old Cisco SG200-26 for all the gigabit runs I have in my attic. I have also bought a passive POE injector with 8 ports, that I use for powering the three switches, a pair of ubiquity access points and a pair of wifi WAN routers. As said, layer2 perfromance is line rate (970Mbit/s on the gigabit ports, couldn’t really test the 10Gbit properly as I only have one workstation with a10Gb card, so far)
Also, they come with support for prometheus and you can get your compulsive control OCD on with stuff like this:
…becomes a day-long project when you find the top plate of interior walls is a 2’ thick steel and mortar footing (the center of the building is a giant vaulted ceiling).
Exterior walls are a no-go since they’re 18" thick brick and concrete. Hell, I had to rent Thor’s hammer drill to get through half the 10" thick interior walls.
I don’t blame you, that looks like a nightmare. Under no circumstance could anyone talk me personally in to doing that wiring. But it wouldn’t hurt to get a quote from structured cabling contractor to do all new Cat6 drops and get a price on 10Gbps fiber at the same time. Might be cheaper to hire someone to rewire the office than buy a bunch of managed switches
That’s what I was thinking. I wish I had an extra EdgeRouter4 so I learn on a homelab setup with the new switches, VLANs, and firewall config.
MicroTik looks interesting. Do they have any kind of annual licensing for their centralized management?
I didn’t want you to think I was ignoring a valid suggestion for no reason. I’ll prob need to get a quote as I’m leaning towards the SFP+ route. Since I already have at least 1 (if not 4) cat cable home runs at each location, it’ll be easy to use them as leaders to pull one fiber replacement.
… oh sorry, didn’t connect the two threads immediately …
I’m mostly wondering because of the POE stuff and cameras. There’s things where POE is immensely useful, and there’s places e.g. like a home office, where you might need 1-2 POE ports e.g. for a wifi accesspoint maybe and not much else.
@Four0Four suggested going with a single big switch instead of many smaller ones - it’s not unreasonable… depends on - whether or not you already have wiring installed, but it also sidesteps the switch versatility issue. (that way you could probably get away with 2 switches for the whole thing, maybe 3 if you wanted to split off cameras onto a cheap 16 port gigabit unmanaged switch).
–
No, Mikrotik gives you a “Perpetual License” to use their software that’s is included in the device price, and most devices receive updates for a fairly long time.
You use VLAN s for implementing virtual segregation at the layer 2 level when it’s not practical to have physically separated ones. So yes.
You don’t want to overdo it though as all inter VLAN traffic needs to go through a firewall/router and that gets complicated really fast …
You can implement VLAN segregation on most APs nowadays, I am running mikotik switches and ubiquity APs without any issue, with multiple wifi SSID s on segregated networks (home, guests,iot)
Do you happen to have vaulted / panel ceilings or ceiling mounted raceways… that would simplify your cabling setup a lot, to a point where it may be interesting to consider going with 10G/ 25G/40G for workstations today (because fast access to shared storage is cool, no other special reason).
BTW, I don’t think you need a separate guest access point device. Most (probably all) APs support multiple SSIDs ( can put that traffic into a VLAN).
Also, guest network is good for your own phones and other internet only portables.
No, there’s nothing like that. I usually run stuff 25’ up to the attic, then over to the rack outside the vault, and back down 25’. It’s an old suspension ceiling. There are big steel trusses that suspend a steel mesh coated in 1" thick mortar.
I didn’t know a copper SFP+ port can go straight to an RJ45, multi-gig card in a PC. So with a switch like this:
You have 8x 1 gig’s for peripherals, 1x SFP+ for uplink, and 1x SFP+ for a 2.5 gig RJ45 workstation, correct? I thought the extra SFP+ port was for daisy chaining.
I’m also thinking more about a homerun for the cams like @Four0Four was suggesting. All the IP cams are ceiling/roof mounted and could easily run to the mechanical room this picture was taken from:
The room is insulated, but it’s not conditioned space. I’m guessing the average ambient temp in the summer is 80F/25C. Let’s say it’s 95F/35C max. Plus, there’s noticeable humidity (I’m in the south).
The other issue is PoE runs in the 150’ / 50m range. On thin gauge wire, will the cameras work with that much voltage drop? Will the heat from that drop in a 175F/80C attic affect signal quality on 10 Mbps devices like cameras?
The MicroTik 48 port PoE is perfect for the camera home run. It says it’s tested up to 140F/60C, but I’m sure these things are designed for conditioned spaces and not attic mechanical rooms.
You can use the sfp+ port either as trunk (uplink/downlink to another switch or router) or in access mode (connection to a single host on a specific VLAN)
I didn’t know a copper SFP+ port can go straight to an RJ45, multi-gig card in a PC. So with a switch like this: