POE network switch

[terry274]

I want to upgrade my network switch setup. I am currently using two Netgear switches, one five port and one eight port. I want to replace them with a twenty four port switch. It needs to be a managed switch so I can use VLANS. I am looking on Ebay and I see a lot of Cisco and Juniper switches. But most seem to be cloud managed. Does that mean a subscription is needed?
Also, for home use with five security cameras, would it be worthwhile to upgrade to a 10 gig switch? The Netgears that I am currently using are 1 gig and they seem to work fine, so I probably wouldn't see any performance improvement with the faster switch, correct?
I need suggestions on what switch to buy. Requirements are 16 ports or more with POE+ minimum. Prefer no spyware be preinstalled. Looking at used Ebay to save money.

My internet is with Xfinity and I am on with download speed of 400 Mbps.

Hoping @OVERKILL can chime in, he seems really up to speed on this type question.

 

[rijndael]

If you want a Cisco, find a used WS-C2960X-24PS-L. It requires no cloud stuff and is enterprise class. It's not a fanless silent switch either, which can matter depending on where you plan to install it.

You mentioned your internet speeds .... it doesn't do SOHO router functions. It's primarily a Layer-2 switch.

The vast majority of people don't need 10G at home, and most people who think they do ... don't, they just want it.

 

[TheOilWizard]

Ubiquiti is kind of the standard for SOHO networks.. I'd start there.

But I agree with the above, with a 400mbps internet connection, 10gbps gear seems unnecessary.

 

[terry274]

If you want a Cisco, find a used WS-C2960X-24PS-L. It requires no cloud stuff and is enterprise class. It's not a fanless silent switch either, which can matter depending on where you plan to install it.

You mentioned your internet speeds .... it doesn't do SOHO router functions. It's primarily a Layer-2 switch.

The vast majority of people don't need 10G at home, and most people who think they do ... don't, they just want it.

Thank you for the recommendation. The fan noise will not be a problem. I would be more concerned the fan might fail. Are they easy to replace? Exspensive to replace?
Router functions won't be needed from the switch.

 

[rijndael]

We had thousands of 2960Xs at work, fan failures aren't common.

 

[rijndael]

If you do want to do some Layer 3 stuff on the 2960X, you'll have a few options, but it's pretty limited. I really intended my initial routing comment to be typical home gateway stuff, like NAT and DNS forwarding, etc. It won't do that.

 

[Pew]

Another choice is the Aruba Instant On 1830 or 1930. Both are layer 2+ and have options of 24-port or 48-port with SFP ports, PoE+, VLANs, and STP.

 

[SwampSurvivor]

If you want a Cisco, find a used WS-C2960X-24PS-L. It requires no cloud stuff and is enterprise class. It's not a fanless silent switch either, which can matter depending on where you plan to install it.

You mentioned your internet speeds .... it doesn't do SOHO router functions. It's primarily a Layer-2 switch.

The vast majority of people don't need 10G at home, and most people who think they do ... don't, they just want it.

Those little fanless catalysts were garbage. If you were pushing PoE and they got warm, it would burn up the PoE on multiple ports.

I'm not running Vlans at home, so I have a basic TP-Linke PoE+ switch in my garage running 3 cameras. 1 gig back to a server in the house. More than enough for 5 or 10 cameras.

I have a few 100 meg 48 port switches but didn't really want one of those running 24/7 even though they would do the job

 

[OVERKILL]

If you want a Cisco, find a used WS-C2960X-24PS-L. It requires no cloud stuff and is enterprise class. It's not a fanless silent switch either, which can matter depending on where you plan to install it.

You mentioned your internet speeds .... it doesn't do SOHO router functions. It's primarily a Layer-2 switch.

The vast majority of people don't need 10G at home, and most people who think they do ... don't, they just want it.

This is a solid recommendation, any of the C2960X series switches will do what you need, though you will need to learn Cisco's CLI, if that's not something you want to do, I'd recommend finding an HP/Aruba offering, as they can be managed with a webUI and are also pretty robust.

You definitely don't need 10Gig for security cameras, my Unifi 4K cameras only link at 100Mbit and use about 8-15Mbit depending on the encoding.

The Cisco Catalyst switches mentioned above DO have an optional WebUI, but it's not really something one should use for management, it's better for monitoring health "at a glance" so to speak, as it gives you fan status, temperature, PoE load...etc, though you could setup a SNMP server to collect that information and put it on a dashboard for you, if you are feeling creative

 

[terry274]

If you do want to do some Layer 3 stuff on the 2960X, you'll have a few options, but it's pretty limited. I really intended my initial routing comment to be typical home gateway stuff, like NAT and DNS forwarding, etc. It won't do that.

The switch will be connected between a Ruckus R650 access point and a OPNsense firewall. It will need to switch three subnets, one for computers and cell phones, one for IoT and another subnet for cameras.
Nat and DNS will be handled on the firewall. I don't have a good grasp on the layer 2 vs. layer 3 but the 2960X can handle VLAN, can't it?

 

[rijndael]

Yep, VLANs are no problem.

A really simple view of routing vs switching:

Routers, and multi-layer/L3 swiches, move packets between subnets. Route from VLAN 11 in to VLAN 12.
Switches just move ethernet frames around, same subnet to same subnet ... really same VLAN to same VLAN.

A switch would help your desktop packets make it to your firewall/router, so it can get off that VLAN and into another.

Your firewall is a router in our scenario.

 

[terry274]

Yep, VLANs are no problem.

A really simple view of routing vs switching:

Routers, and multi-layer swiches, move packets between subnets. Route from VLAN 11 in to VLAN 12.
Switches just move ethernet frames around, same subnet to same subnet ... really same VLAN to same VLAN. A switch would help your desktop packets make it to your firewall/router, so it can get off that VLAN and into another.

Very helpful, thank you. Off to Ebay to shop.

 

[OVERKILL]

The switch will be connected between a Ruckus R650 access point and a OPNsense firewall. It will need to switch three subnets, one for computers and cell phones, one for IoT and another subnet for cameras.
Nat and DNS will be handled on the firewall. I don't have a good grasp on the layer 2 vs. layer 3 but the 2960X can handle VLAN, can't it?

L3 switches route (and some of the Cisco ones can even NAT), L2 switches are not supposed to, though some have some limited routing functionality that sort of blurs the lines between L2/L3. Both handle VLAN's.

Your OPNsense box would be on a trunked uplink port that carries all your VLAN traffic, your AP would also be on a trunk port, so that it has access to all the VLAN's and then you can assign the "access port" role to those you want on specific VLAN's. You can do multiple ports at once with the range command.

conf t
int range gi1/0/12-24 selects ports 12 through 24 for example, and any config you assign to them, like say switchport mode access vlan 2, applies to all ports in that range.

 

[terry274]

Ok, I ordered this:
Network switch

 

[mk378]

The ones with 4 SFP ports on the right side, those ports only support 1Gb each. The model with two SFP ports (FPD-L) can SFP at 10Gb.

Also there were fake 2960X switches back in the day. They work exactly like real ones except they will brick if you try to upgrade the firmware.

 

[rijndael]

The ones with 4 SFP ports on the right side, those ports only support 1Gb. The model with two SFP ports can SFP at 10Gb.

The 2960X-48TS-LL has (2) SFP slots, not SFP+.
IE -They're only 2 ports of 1G.

 

[rijndael]

Ok, I ordered this:
Network switch

If you need help with the config, LMK.

 

[terry274]

If you need help with the config, LMK.

Thank you

 

[OVERKILL]

If you need help with the config, LMK.

Was going to make the same offer, lol.

OP: You'll want to upgrade to the latest IOS image, which requires spinning up a TFTP server (or FTP server) to host it. These are free to download for switches (don't require SmartNET).

 

[mk378]

The 2960X-48TS-LL has (2) SFP slots, not SFP+.

The -LL models are non-PoE and "Lite" instead of standard networking features, so avoid them entirely.

upgrade to the latest IOS image, which requires spinning up a TFTP server

Firmware can also be transferred to the switch by writing it to a standard FAT-formatted USB flash drive then mounting that drive in the front panel USB port.