| View previous topic :: View next topic |
| Author |
Message |
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20386
|
 Posted: Thu Sep 19, 2024 4:31 am Post subject: New hardware VLAN questions |
 |
|
I need to replace my wifi switch / router.
What I'd like to do is use another downstream switch with two VLANs. 1 general use, and 1 for tftp booting or similar.
I've never used a "plug-and-play network extender" switch, but I presume they would only be able to do what the upstream wifi router told that specific port to do. I'm also guessing 1 port can handle only one VLAN?
To clarify RTR1 (wifi) provides a VLAN on port 1 to which RTR2 (PNP net extender) is connected.
What kind of switch would RTR2 need to be to handle at least 2 VLANs. I presume it could not be one of the "network extender" varieties, but I don't know what to look for.
The TP-Link BE3600 lists "Tag VLAN", but I'm anticipating that it is RTR2 which should handle the VLANs.
On the wifi side, how useful are the 6 & 5GHz bands? The BE9300 has both, and there seems to be a natural emphasis on "total" bandwidth, but it believe I've read of at least 5GHz not being that reliable.
The BE series probably aren't worth it as I have no immediate need for 2.5Gbps ports, but they're on the upper end of what I'd consider for low-end broadband internet. Aside from a One-Device-To-Rule-Them-All solution that wasn't enterprise priced.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
 |
Ralphred
Guru
Joined: 31 Dec 2013
Posts: 571
|
| Posted: Thu Sep 19, 2024 1:17 pm Post subject: Re: New hardware VLAN questions |
|
|
| pjp wrote: | What I'd like to do is use another downstream switch with two VLANs. 1 general use, and 1 for tftp booting or similar.
I've never used a "plug-and-play network extender" switch, but I presume they would only be able to do what the upstream wifi router told that specific port to do. I'm also guessing 1 port can handle only one VLAN |
When you get into the realm of VLAN aware switches it's not "what the upstream wifi router told that specific port to do" but what you configured that port to do.
| pjp wrote: | | What kind of switch would RTR2 need to be to handle at least 2 VLANs. I presume it could not be one of the "network extender" varieties, but I don't know what to look for. |
Just a "managed" switch, sometimes referred to as "layer 3", but not necessarily.
| pjp wrote: | | The TP-Link BE3600 lists "Tag VLAN", but I'm anticipating that it is RTR2 which should handle the VLANs. |
In this use case, possibly, it depends how many LAN ports you need, if it's more than 4 in total then you are better off just getting a managed switch downstream of your router.
The problem is that it's become ubiquitous amongst the average user to think of a router as something that is a modem-router-WAP-switch all rolled into one, and the use of VLAN's is generally an SME level solution, meaning you are buying SME level equipment for all 4 components when you go "all in one", in your case you'd only justify the use of an SME level switch. When it comes to specifying switches I use d-link for cheap domestic, draytek for decent domestic, HP for cheap commercial, Cisco for decent commercial, but if you anticipate wanting a 2.5G switch within 2 years then TP-link will do, 4 years and you'll get away with netgear.
NAT type routing ("masquerading" or "overload") and firewalling happens in software, so personally I've always just stuck a second nic* in my "server" and done it there - seems a waste of time, energy, space and cash to have a little box do what can be done by pppd the kernel and iptables. This also leaves you free to buy a PoE powered WAP and stick it somewhere sensible with a single cable, or get a normally powered one and still not drag your switch/modem and it's associated cabling with it.
If I were you, I'd get a second hand one gig managed ProCurve or Cisco switch with enough ports to serve your whole network, and consider it the the first step in unrolling the modem-router-WAP-switch bundle.
*though, with a managed Gbit switch you could do it virtually on one nic for most "broadband" set-ups. |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 22420
|
| Posted: Thu Sep 19, 2024 3:06 pm Post subject: |
|
|
| VLANs are a software construct, so how much or little you can do with them depends heavily on the quality of the software involved. A quality switch can allow multiple VLANs on the same port, and restrict which VLANs that port is allowed to send on. |
|
| Back to top |
|
|
GDH-gentoo
Veteran
Joined: 20 Jul 2019
Posts: 1651
Location: South America
|
| Posted: Thu Sep 19, 2024 4:19 pm Post subject: Re: New hardware VLAN questions |
|
|
| Ralphred wrote: | | pjp wrote: | | What kind of switch would RTR2 need to be to handle at least 2 VLANs. I presume it could not be one of the "network extender" varieties, but I don't know what to look for. |
Just a "managed" switch, sometimes referred to as "layer 3", but not necessarily. |
To clarify, you'd need a "VLAN-aware switch", that is, one that supports IEEE standard 802.1Q. I believe most "managed switches" —i. e. those that provide a user interface for configuring the switch— sold these days should be VLAN-aware.
VLAN-aware switches can be just "layer 2 switches" (only capable of "bridging", i. e. MAC layer forwarding), or "layer 3 switches" (capable of both bridging and IP forwarding). Depending on how you plan to "handle 2 VLANs", you might not need the "layer 3" functionality.
| pjp wrote: | | I'm also guessing 1 port can handle only one VLAN? |
A single port can handle multiple VLANs, as Hu said, provided the device supports transmission and reception of VLAN-tagged Ethernet frames, which any VLAN-aware switch should do.
_________________
| NeddySeagoon wrote: | I'm not a witch, I'm a retired electronics engineer  |
| Ionen wrote: | | As a packager I just don't want things to get messier with weird build systems and multiple toolchains requirements though |
|
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20386
|
| Posted: Thu Sep 19, 2024 8:43 pm Post subject: Re: New hardware VLAN questions |
|
|
| Ralphred wrote: | | When you get into the realm of VLAN aware switches it's not "what the upstream wifi router told that specific port to do" but what you configured that port to do. |
Thanks for clarifying, but that is what I meant. I have sufficient experience to know I should ask questions (my CCNA was from the mid 00s, and I never held a role where it was my primary responsibility). I also thought a port could handle more than one VLAN, but doubted my vague recollection.
Part of the issue is that I've read of some Netgear hardware not handling VLANs well, and these being those labeled for business use. As well, some models being labeled with a "E" and/or "Ev3" may support VLANs. So it isn't at all clear to me at the consumer level that any of this stuff works.
| Ralphred wrote: | | Just a "managed" switch, sometimes referred to as "layer 3", but not necessarily. |
I'll have to revisit what I've seen available, given what I've read about what Netgear hardware supports.
| Ralphred wrote: | | In this use case, possibly, it depends how many LAN ports you need, if it's more than 4 in total then you are better off just getting a managed switch downstream of your router. |
That's what I'm leaning towards. 4 probably isn't sufficient.
| Ralphred wrote: | | The problem is that it's become ubiquitous amongst the average user to think of a router as something that is a modem-router-WAP-switch all rolled into one, and the use of VLAN's is generally an SME level solution, meaning you are buying SME level equipment for all 4 components when you go "all in one", in your case you'd only justify the use of an SME level switch. |
I've tried to identify the distinct components, but it seems impractical. I'd still have to identify the switch (which I should have called SW1 instead of RTR2... I hastily tried to be more clear using fewer words). Then I need a WAP. The modem-router is currently provided by the ISP.
I was trying to avoid Ubiquiti because they seem to have tried making their product line as complicated as possible, with a push toward cloud and other special devices to manage their equipment. Cloud Key / Gateway and I forget what else.
| Ralphred wrote: | | When it comes to specifying switches I use d-link for cheap domestic, draytek for decent domestic, HP for cheap commercial, Cisco for decent commercial, but if you anticipate wanting a 2.5G switch within 2 years then TP-link will do, 4 years and you'll get away with netgear. |
I probably don't need 2.5G, but it is available without too much additional cost. Residential fibre is supposedly on it's way, but no specific schedule. I've seen ISP related vehicles in the area and have heard it's close by, so who knows. As a hedge, the port could be used to connect to SW1, and eithe rof those TP-Link BE models I think should be able to replace my ISP's modem/router device, though I'd have to verify.
My dying all-in-one is a D-Link, but they seem to have abandoned physical retail, at least locally. I've never heard of Draytek. My only interest in TP-Link is they seem to get decent reviews, and I can get them locally. I would have preferred Netgear, but having read of questionable performance vs. claims, I'm leery of them. My original thought was a decent Netgear switch and WAP. That seemed easy until I tried to identify capabilities.
| Ralphred wrote: | | NAT type routing ("masquerading" or "overload") and firewalling happens in software, so personally I've always just stuck a second nic* in my "server" and done it there - seems a waste of time, energy, space and cash to have a little box do what can be done by pppd the kernel and iptables. This also leaves you free to buy a PoE powered WAP and stick it somewhere sensible with a single cable, or get a normally powered one and still not drag your switch/modem and it's associated cabling with it. |
Well, the device seems much more convenient with less power draw. I'd like to use WoL to shut most of the hardware down when not in use. I've looked for low power devices to take on that role, but few have enough ports or capacity to do much of anything else. On the plus side, the first result for a 4 port NIC was only ~$70.
| Ralphred wrote: | | If I were you, I'd get a second hand one gig managed ProCurve or Cisco switch with enough ports to serve your whole network, and consider it the the first step in unrolling the modem-router-WAP-switch bundle. |
I'm not familiar with HP, but Cisco tend to be very loud due to the small screaming fans. Then there's availability and cost. I don't use e-bay, and most companies idea of support is to not provide it. In particular I'm thinking of getting used hardware that has problems.
| Ralphred wrote: | | *though, with a managed Gbit switch you could do it virtually on one nic for most "broadband" set-ups. |
In theory a good switch should make it easier. I once configured a PC to act as a router, and also used TUN/TAP for VMs on a system. But for 8 or 16 ports, the dedicated solution seems easier. Except for the lack of ssh acccess. All web interfaces are heinous and only exis to make life difficult (in my experience).
I'll try looking again. Maybe I'll see something I overlooked. Thanks!
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20386
|
| Posted: Thu Sep 19, 2024 8:50 pm Post subject: Re: New hardware VLAN questions |
|
|
| Hu wrote: | | VLANs are a software construct, so how much or little you can do with them depends heavily on the quality of the software involved. A quality switch can allow multiple VLANs on the same port, and restrict which VLANs that port is allowed to send on. |
I didn't realize how bad consumer grade equipment was, even when target at business use. I doubted my memory on the multiple VLANs/port thing. If I recall, it may have been (then) recommended against for performance considerations.
| GDH-gentoo wrote: | To clarify, you'd need a "VLAN-aware switch", that is, one that supports IEEE standard 802.1Q. I believe most "managed switches" —i. e. those that provide a user interface for configuring the switch— sold these days should be VLAN-aware.
VLAN-aware switches can be just "layer 2 switches" (only capable of "bridging", i. e. MAC layer forwarding), or "layer 3 switches" (capable of both bridging and IP forwarding). Depending on how you plan to "handle 2 VLANs", you might not need the "layer 3" functionality. |
Managed seems to be the minimum, which I presumed to be the case. The more difficult challenge finding one of sufficient quality to claims made ratio.
And I naturally remember why I didn't do this any of the previous times I looked into it.
I'll try to see what I can find as there isn't much can left to kick.
Thanks everyone!
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20386
|
| Posted: Fri Sep 20, 2024 2:14 am Post subject: |
|
|
It's not looking good so far for anything better than an all-in-one but not enterprise $.
TP-Link JetStream TL-SG3428 (24port) and TL-SG3210 V3 (8port) both list Omada centralized management. At least for some devices it requires a separate "on premises" device to not manage it from the cloud. I'm not sure which ones if it is limited.
HPE Networking Instant On 1930 8-Port
configure using web-based or mobile app
Cloud-hosted web interface management
ZyXEL GS1900-8HP 8-Port
ZyXEL One Network, Intuitive Wizard, designed to relieve users
TRENDnet EdgeSmart TPE-TG82ES 8-Port
intuitive web-based interface
(I don't know if it means cloud.)
Hah! Ubiquiti's is a subscription service. Although anything cloud likely is.
Even the sub $100 NETGEAR ProSAFE GS108Tv3 8-port is "w/ Cloud Management"
Without checking I presume most will work without cloud management.
For used ProCurve, Amazon lists something like "Amazon Renewed". I stopped using Amazon because I can't trust them to sell me the product I ordered from the seller I chose, so I certainly can trust their renewal process (one review included a picture with a poorly retouched rusty chassis fan exhaust area).
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1132
Location: Richmond Hill, Canada
|
| Posted: Fri Sep 20, 2024 3:41 pm Post subject: |
|
|
| May be consider OpenWrt supported devices. This way you will have full control, no more "cloud management" |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20386
|
| Posted: Fri Sep 20, 2024 4:05 pm Post subject: |
|
|
Oh my. It's worse than I thought, at least for one of the "improved" v3 Netgear models (GS108T v3): | Quote: | The switch will prompt you to create a Netgear cloud account to manage the device and offer you 'limited access' to the device until you do so. According to the Netgear knowledge base, however, this 'limited access mode' should still allow you to update the firmware.
There are two ways to work around this:
Block access to 8.8.8.8 from the device in your router's firewall.
Connect the switch to a computer without internet access.
This method sometimes fails. Be prepared to open the device and solder a pin header for serial console. The holes are filled with solder, so having desoldering tools is also highly recommended! |
That pretty much guarantees I won't buy Netgear.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
Ralphred
Guru
Joined: 31 Dec 2013
Posts: 571
|
| Posted: Fri Sep 20, 2024 5:15 pm Post subject: |
|
|
I'm still gonna advocate for a local used re-seller: I borrowed a dumb-switch from a mate to power some extra cameras, and he needs it back, so I picked up a JG926A for under £30 this afternoon.
I'd offer to ship you the freshly redundant JG921A, but the shipping would probably cost more than it's worth...
It seems the smaller SME level stuff nowadays is trying to bypass local network admins entirely, not a great "security feature" IMHO. |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20386
|
| Posted: Fri Sep 20, 2024 5:28 pm Post subject: |
|
|
Hah, yeah, shipping. I once paid "too much" for a friend to send me an old Pentium. It was an interesting experiment, but it locked up while compiling one day, presumably due to the CPU fan having died.
I'll see if I can find any resellers. If I recall, Cisco used to be bad about allowing any updates without a contract. I don't know about any other enterprise gear. Noise is still my concern with those.
OpenWRT seems like a great idea, but I can never find anything on the site that's available, and it generally seems to focus on the all-in-one devices. Which makes sense.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1132
Location: Richmond Hill, Canada
|
| Posted: Fri Sep 20, 2024 5:35 pm Post subject: |
|
|
| pjp wrote: | | OpenWRT seems like a great idea, but I can never find anything on the site that's available, and it generally seems to focus on the all-in-one devices. Which makes sense. |
Try this link switches.
I tried with ZyXEL GS1900-16, I was able to find it on Amazon and few other places. |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20386
|
| Posted: Fri Sep 20, 2024 7:06 pm Post subject: |
|
|
Amazon is the only place I see with which I'm familiar. I can find the 8-port on some other sites, as well as the 24 and 24E models.
Oh, the 16 is unmanaged. I still can tell what version though. I'd buy it without hesitation if I thought I could just use simply use it.
Unfortunately openwrt doesn't list a page for those, only the 8 and 10. I'm also unable to determine versions of those available.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1132
Location: Richmond Hill, Canada
|
| Posted: Fri Sep 20, 2024 7:38 pm Post subject: |
|
|
| pjp wrote: | Amazon is the only place I see with which I'm familiar. I can find the 8-port on some other sites, as well as the 24 and 24E models.
Oh, the 16 is unmanaged. I still can tell what version though. I'd buy it without hesitation if I thought I could just use simply use it.
Unfortunately openwrt doesn't list a page for those, only the 8 and 10. I'm also unable to determine versions of those available. |
This is same problem everywhere. There is no way to easy identify exact product. You can't even do this in a store because the packaging. And Marketing usually intentionally made it unclear for lesser liability.
May be you can get into the real online store (Not Amazon) and ask for tech support for detail information. I see the 24 port version can do vlan. So OpenWrt just a good to have. |
|
| Back to top |
|
|
Banana
Moderator
Joined: 21 May 2004
Posts: 1640
Location: Germany
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
