Return to Level1Techs.com

Which Switch brands are reccomended

I tried purchasing a $458 model of a Cisco switch. But, that just has telnet, and they rarely upgrade the firmware for it. They’re dropping support in two months too. I care about security and performance primarily. A managed switch is probably what I need. It would be nice if if had a functional webgui for basic configurations. I’ll drop into the CLI for configuring it further.

Cisco just feels like they have issues, and are mainly still around from the certification program leading to IT professionals sticking with Cisco.

Which other brands are reccomended? Which ones have an active open source community?

Brands: Dell, HP, Juniper.

Open Source: Eeerrrrrrr… :thinking:

Nope, nothing. :roll_eyes:

That said, Juniper does offer their course materials for free (like Cisco, they do certifications. Apparently, they’re quite good)

The Open Compute Project (OCP) is one of the more leading drivers of opensource in that space.
They have switch solutions but nothing i have really seen available to the public.

Operating systems on those bigger Switches are named oni and sonic.
Sonic might be the successor to oni.

Other well liked brands are Brocade and Microtik as well as apparently Arista? Ruckus is mostly Brocade relabeled.

For more info on any of those, have a look at Serve the Home (STH). They have large Forum-threads on the Brocade switches for instance.

Nintendo?

Seriously, worked with HP switches a decade or so a go and they were pretty good then. Haven’t worked much in networking since, so I’m not sure if HP has kept up the quality.

2 Likes

HP has pretty much dumped the Procurves line for Aruba branded switches.
Similar, but different in some ways. Not so much open source.
I had remembered seeing some switches at trade shows that touted an open source OS. Don’t know if they are still around, fuzzy memory.
I did see OPX ( Openswitch ), which is open except that it currently runs on Dell/EMC switches. https://www.openswitch.net/

I’ll check STH out too. Here’s more about my specific needs.

I’m looking to lock down my network by segregating all of my computers in case someone gets in.

They all need at least gigabit. I would like jumbo frames support, and the ability to bond two ethernet connections on a few. I’ll have gigabit internet, and probably upgrade that. These machines don’t need to communicate between each other mostly, though. I might want to use a few for distcc, but I don’t believe going above gigabit would improve performance for that.

vlan wise I need at least six. I’m splitting up to ten computers into different vlans, (maybe more) and will have a GT-AX11000 behind one of the vlans with a cheap switch connected to it for gaming consoles, and personal computers. I’d like a VLAN for a honey pot running on a Raspberry Pie. On one vlan I’ll have my Qubes system running, and on the other I’ll have at least two computers, but probably up to ten eventually. I might split the ten computers into separate vlans as well. Network performance needs low latency for these machines. I’ll probably also have another raspberry pie running a node for a search engine.

I should not need POE.

Currently, looking at Netgear. How does this compare to their more expensive models? What features am I lacking for that severe price drop?

i don’t have any experience with netgear managed stuff.

If i were to buy something different then the Ubiquiti stuff i have right now, i’d probably go with Microtik or Brocade/Ruckus.

Ubiquiti is also rather popular but not opensource.
The Controller so far has been good but the looming cloud BS they are pulling is starting to be worrisome.

Still, a 24port non poe Gen 1 switch should set you back about 100$?

Open source would be pretty nice. I don’t know if a major project exists for switches, though. I’d probably have to build my own switch with Linux, (which I could do) but that would be way too much of a time commitment.

actually, i remember there being stuff for certain switch ASICs being merged into the linux kernel. Debian got tools and support as Management capability.

Most big Datacenter switches have PowerPC management PCs inside, or nowadys x86 Atoms or similar.

So you could try and role your own.
Or might find something already doing that

Getting a pfsense router, and whatever they recommend for the switch it manages. Cisco requires a bunch of personal information to update their firmware, and I’d rather not have to deal with that.

I’m not sure I’d recommend a PFSense setup just now, the episode with the botched wireguard implementation doesn’t reflect very well on them (although generally speaking I’ve used pfsense in production for years with no real issue).

For your needs you might be best getting a router that you can install openwrt on - it seems some switches may now be supported also.

You may be being slightly dramatic about the Cisco personal info requirements, they publish MD5 and SHA512 numbers publicly for all their firmware images, so if you obtain the files elsewhere then you can easily enough confirm that they haven’t been tampered.

I feel your pain. I’m currently drowning in environments full of web-managed switches which makes mapping out the network impossible. SNMP only takes you so far. My hate is particularly strong for Cisco and Netgear at the moment.

ONIE-enabled switches that support Sonic are as open source as you can get but $$$. Sonic is pretty new so these haven’t hit used markets in any big way.

Open Network Linux is a thing but seems pretty dead. Last update to the source code was in Feb (GitHub). I found people complaining about expired certs on the repo, lack of recent updates/documentation, etc. Sonic is different in scope (runs containers and all sorts of stuff beyond barebones switching) but OCP resources seem to have completely shifted to sonic from ONL.

Arista EOS is Linux but the updates are paywalled. Apparently you can load sonic on top of EOS. No idea how that works though. Used Arista switches that aren’t EOL start around $700 from my experience.

Honorable mention to Cumulus Linux and the other “open-source” ONIE OS’s. A Cumulus Linux license is $900 IIRC (owned by nvidia). It is technically a Debian fork. It has much wider support in ONIE switches than sonic.

I bit the bullet recently and ordered an Arista switch. Emailed them to see what it would cost to get access to EOS updates. Haven’t heard back.

1 Like

Check out OPNSense. Fork of PFSense that has addressed alot of my issues with PFSense.

I’ve had some good experience with these guys: https://www.bsdnetworks.com/product_categories/gigabit/

You could also go with a TP-Link managed unit. About $250 CAD for a layer two 24 port. Note that TP-Link doesn’t always have CLI and sometimes they are web control only.

Really, just get a switch that contains the features you want at a low cost. Unless this needs to be up 24/7.

i’m really looking forward to OCP network gear hitting the used market.
still probably a few years out though.

The OPNSense boxes look even better than PFSense. I need two for state synchronization, while keeping both up?

One is more than enough depending on the down time while updating. Talking to sales at Netgate to see what they recommend. I’ll probably go with the equivalent OPNSense box.

I would prefer reliability. BSDNetworks looks good. I’m guessing they’re running a BSD install? Those guys are paranoid about security. That’s probably the switch I’d go with.

It does need to be up 24/7.

For a small home network, or a small business (<100 devices, L2 / L2+ web/cli managed), where you only want basic support, and the thing to work securely without a subscription. You can stick to one of Ubiquiti, TP-Link (Omada series), Mikrotik. Zyxel and Netgear and some less manageable TP-Link might work too.

Assuming you typically don’t care to change stuff up daily once it’s set up and considering you don’t have to manage a large fleet of network devices (e.g. up to a 100 or so, not counting wifi lightswiches and vacuum cleaners)

If you need more reliability than a single switch provides, then you use two, and you ensure there are alternative routes between devices and that they’re connected through more than 1 switch simultaneously. (2 nics and either spanning tree, or separate IPs and pick some load balance friendly routing protocol).


For routers, for high availability of end user devices you can use VRRP. What’s usually synced is the firewall state tables contents. You can do this using a pair of pfSense devices, or you can do it on Linux as per openwrt wiki.

If you don’t care about 5 min of downtime while software auto updates at 3am once a month, stick to a single router.

If you’re ok with some dropped connections during VRRP handover, don’t bother with firewall state syncing.

Whenever you’re adding VRRP, you’re entangling the two devices that are supposed to be redundant and independent from each other somewhat, making config changes more complex. Firewall state syncing, required for not dropping connections makes the entanglement worse and changes more complicated.

e.g. how do you add port forwarding if states are synced - which router does the firewall rule go into first? You, need to start thinking about this stuff in that case, and that may be more hassle than it’s worth.

2 Likes

They have some nice things that cost an arm, a leg and your first born. Not worth it to anyone really.

I had good experience with MikroTik, Lancom and the better Netgear switches (Smart, Plus and Fully Managed).

Edit: Have to check when I get home, but I think Allnet is running open source on their modems/routers/switches.