Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




4171 posts

Uber Geek
+1 received by user: 58

Moderator
Trusted
Lifetime subscriber

Topic # 228525 10-Jan-2018 11:41
Send private message quote this post

I am after some feedback on my planned home network. While I will cable as much as I can, it will rely on switches due to the difficulty of running cables.

 

 

 

1) Currently I am using a HG659b on VDSL, waiting on Fibre to come in the next year or so. I will look at replacing this with an edgerouter once fibre is installed.

 

2) I want a managed POE gigabit switch, with 4 POE ports for 2-3 security cameras. I don't think I will need any more than 16 ports total. It will be connected to a 2x 8port dumb switches, which supply the office and living room. A single NVR (single ethernet with no swtich), and 1 RPi running the VPN server will be connected directly. The 2x 8port gigabit switches supply TV's, PC's, home theatre, server, mibox, vero4k and gaming consoles.) I am new to managed swtiches, but want to be able to keep the cameras on their own VLAN. While I may look at getting some dedicated AP's for now I am relying on some bridged routers. 

 

My two dumb switches are TLSG1008D's, which as best I understand it should passthrough the VLAN tagging as they support 15KB jumbo frames.

 

 

 

Any comments/suggestions would be appreciated.


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
What does this tag do
886 posts

Ultimate Geek
+1 received by user: 172

Subscriber

  Reply # 1935469 10-Jan-2018 11:59
Send private message quote this post

Yeah if they're just dumb switches they'll passthrough the VLAN tags

 

If you were considering the Edgerouter and some APs you could always consider UniFi Security gateway instead and an 8 or 16 port managed switch from Ubiquiti, then if you were to go down the Ubiquiti route for APs can manage everything from one place

 

Otherwise if the only VLAN you want is for security cameras, you could just use the second network port on the Edgerouter or USG to a dumb PoE switch to power the cameras, connect the NVR to that etc.




4171 posts

Uber Geek
+1 received by user: 58

Moderator
Trusted
Lifetime subscriber

  Reply # 1935478 10-Jan-2018 12:33
Send private message quote this post

Ideally I would like to get the switch now, and wait on the Edgerouter, as it could be 18-24months until fibre gets here. 


 
 
 
 


3222 posts

Uber Geek
+1 received by user: 1022

Subscriber

  Reply # 1935485 10-Jan-2018 12:48
Send private message quote this post

UBNT EdgeSwitch is a good switch. All the VLAN options you would ever need. Not sure if they do a small one though.... maybe the TouchSwitch range?

 

The VLAN stuff on Unifi is way too basic and is just annoying.


mdf

1578 posts

Uber Geek
+1 received by user: 409

Trusted
Subscriber

  Reply # 1935611 10-Jan-2018 14:27
Send private message quote this post

If I can get in on this one too, I have a very similar current set up to @rscole86: HG659 --> dumb 8 port POE switch --> internal network. The internal network currently has both trusted and IOT (i.e. potentially untrusted) devices. The 8 port switch doesn't have enough ports. I'd like to upgrade that to a 16/24 port managed switch to give me more capacity and (hopefully) manage the trusted/untrusted stuff better.

 

But I'm confused about "layers" of management. PBTech for example seems to offer "smart/web managed", "managed L2" and "managed L3" switches. Basically I want (I think) to have everything on the "trusted" subnet be able to talk to everything else (both trusted and untrusted), but anything on the untrusted subnet isolated from everything else.

 

Will I be able to do that from a smart/web managed switch (which seems to be the cheapest)? e.g. anything plugged in to ports 1-12 assign to trusted subnet, anything in 13 to 24 assign to untrusted subnet. I'm kind of working on the theory that if I don't know what L2/L3 is for, I probably don't need it?

 

As an aside, is it worthwhile picking a switch with SFP ports? Google leads me to believe I would only really need this if connecting two switches that are physically a long way apart from each other.

 

I've got Cambium E400 WAPs, which seem to let me assign different VLANs to different SSIDs, so think I should be able to handle the wireless stuff that way. But it also means I need something with POE since I don't want multiple POE injectors if I can help it.


What does this tag do
886 posts

Ultimate Geek
+1 received by user: 172

Subscriber

  Reply # 1935621 10-Jan-2018 14:47
Send private message quote this post

mdf no you'll need more than just a smart/web managed switch to be able to do that. VLANs give you layer 2 isolation, but you then need a router (or a layer 3 switch configured like a router) to be able to pass traffic from the trusted to the untrusted subnet.

 

Pair a smart/web managed switch up with a EdgeRouter Lite or similar router and you'll be able to achieve what you've asked for however.

 

Essentially you need a few basic things - a 'trunk' port configured on the switch connected to the router (and wireless access points if using multiple SSIDs), this will send traffic from the trusted and untrusted VLANs to the router and let it deal with bridging and firewall rules between the networks.

 

You won't need SFP ports

 

Some more (albeit heavy) reading for the EdgeRouter might be

 

https://www.grc.com/sn/files/Ubiquiti_Home_Network.pdf

 

 


6061 posts

Uber Geek
+1 received by user: 178

Trusted
Subscriber

  Reply # 1935674 10-Jan-2018 15:30
Send private message quote this post

Hi, for small managed switch I have used a fair number of these D-Links, they work well and support all the features you could want, there is also a 5 port for around $65.

 

Also there is an 8port POE version for $240ish

 

Cyril




4171 posts

Uber Geek
+1 received by user: 58

Moderator
Trusted
Lifetime subscriber

  Reply # 1935709 10-Jan-2018 16:08
Send private message quote this post

Thanks for the replies so far, @mdf, you needs to sound similar to mine. I had forgotten about some of the IoT devices here, partly as we have not fully moved in so they are not all set up. I would also like them on their own VLAN.

 

From what I understand I am also going to need a fully managed layer3 device, so the D-Links posted above will not work for our/my needs.

 

Am I right in thinking that ES-16-150W and US-16-150W are effectively the same device, but the later would need a Unifi security gateway to be used to its potential? Although I may end up adding some AP's, I would only lose the single point of configuration if I went down the ES-16-150W route instead of US-16-150W?


6061 posts

Uber Geek
+1 received by user: 178

Trusted
Subscriber

  Reply # 1935710 10-Jan-2018 16:12
Send private message quote this post

Is not your edge router your L3 device?, otherwise an HP1910 is a good cost effective basic L3 switch if you want to route internal traffic on a switch.

S

3222 posts

Uber Geek
+1 received by user: 1022

Subscriber

  Reply # 1935714 10-Jan-2018 16:23
Send private message quote this post

No need for a layer 3 capable switch, your router will be the layer 3 device for your network. (funnily enough though, the edgeswitch's are L3 capable).

 

Yep so the "ES" range run EdgeOS - built-in web GUI and CLI management. The "US" range doesn't need a USG but needs to be adaopted to a Unifi Controller to be managed - as mentioned above the Unifi VLAN management is just a bit rubbish IMO. They have made it too simple which is just annoying.


7224 posts

Uber Geek
+1 received by user: 2289

Subscriber

  Reply # 1935715 10-Jan-2018 16:25
Send private message quote this post

these ones look ok
http://www.computerlounge.co.nz/components/componentview.asp?partid=30006

 

16 port with 8 port PoE+ with 110w power budget. supports VLAN tagging so you can separate the Cameras




4171 posts

Uber Geek
+1 received by user: 58

Moderator
Trusted
Lifetime subscriber

  Reply # 1935778 10-Jan-2018 19:06
Send private message quote this post

Yes the Edgerouter could be my L3 device, but in a bid to appease the wife I was going to wait until we have Fibre in around 2 years before getting that. Are we suggesting I don't wait?

What does this tag do
886 posts

Ultimate Geek
+1 received by user: 172

Subscriber

  Reply # 1935808 10-Jan-2018 19:27
Send private message quote this post

If you don't need internet/network access to the cameras they could just sit on their own isolated VLAN happily until you get an EdgeRouter

 

Alternatively if you only needed to access the cameras from one other device i.e. the server you could add another virtual interface on that device with access to the camera VLAN

 

EdgeRouter probably better than the USG like others have said but not sure what VLAN options you guys want to set and can't on the USG - certainly wouldn't be limiting what I'd be trying to do at home :)




4171 posts

Uber Geek
+1 received by user: 58

Moderator
Trusted
Lifetime subscriber

  Reply # 1935847 10-Jan-2018 21:24
Send private message quote this post

I will need internet access to the camera's, via VPN, and internally to set them up/make changes. So it sounds like the best solution for me is the ES-16-150W.

mdf

1578 posts

Uber Geek
+1 received by user: 409

Trusted
Subscriber

  Reply # 1938557 14-Jan-2018 12:42
Send private message quote this post

Thanks all. Have been reading up on L2 vs L3 networking (this was the best article I found) and think I have a bit more clarity about what I need (cough, want).

 

I'll get router that can handle the L3 stuff (ERL or equivalent). Now looking at switches to pair with it. PB Tech has a couple of 24 port switches with 12 POE ports. That's probably more POE ports than I need, but otherwise seems to tick the boxes. These are both around the $400 mark (though I will wait until PB Tech has them on sale and so hoping to pay a little less):

 

NETGEAR ProSAFE JGS524PE, 24-Port Gigabit Web Managed PoE Switch with 12 x PoE (Max 100W)

 

D-Link DGS-1100-24P 24-Port Gigabit EasySmart PoE Switch with 12 x PoE/PoE+ (Max 100W)

 

These seem roughly comparable to my untrained eye. Any thoughts on Netgear vs D-link?


What does this tag do
886 posts

Ultimate Geek
+1 received by user: 172

Subscriber

  Reply # 1938578 14-Jan-2018 13:55
Send private message quote this post

Personally I don't like either of those as I think they both will have noisy fans which are always on. Maybe you'll have it in a location which doesn't matter but even so I can't stand unnecessary fan noise

 

Question - would 2x 8 port switches be an option? i.e. put one where you were planning to put this one, then replace one of your other 8 port switches with a POE model if cabling allowed, or do you have most stuff going back to this central location so need more than 8 immediately?

 

I haven't used a TP-Link for a while but I'd probably look at something like two of these https://www.pbtech.co.nz/product/SWHTPL1001/TP-Link-SMB-TL-SG108PE-8-Port-Gigabit-Desktop-PoE

 

If you want 16 ports in one unit, the Unifi 16 port switch (although it needs to be managed through controller software) is silent under normal operation; or look out for a second hand fanless HP gigabit PoE switch (can't see any on TradeMe at the moment)

 

 

 

 


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand hits peak broadband data
Posted 18-Jan-2018 12:21


Amazon Echo devices coming to New Zealand early February 2018
Posted 18-Jan-2018 10:53


$3.74 million for new electric vehicles in New Zealand
Posted 17-Jan-2018 11:27


Nova 2i: Value, not excitement from Huawei
Posted 17-Jan-2018 09:02


Less news in Facebook News Feed revamp
Posted 15-Jan-2018 13:15


Australian Government contract awarded to Datacom Connect
Posted 11-Jan-2018 08:37


Why New Zealand needs a chief technology officer
Posted 6-Jan-2018 13:59


Amazon release Silk Browser and Firefox for Fire TV
Posted 21-Dec-2017 13:42


New Chief Technology Officer role created
Posted 19-Dec-2017 22:18


All I want for Christmas is a new EV
Posted 19-Dec-2017 19:54


How clever is this: AI will create 2.3 million jobs by 2020
Posted 19-Dec-2017 19:52


NOW to deploy SD-WAN to regional councils
Posted 19-Dec-2017 19:46


Mobile market competition issues ComCom should watch
Posted 18-Dec-2017 10:52


New Zealand government to create digital advisory group
Posted 16-Dec-2017 08:47


Australia datum changes means whole country moving 1.8 metres north-east
Posted 16-Dec-2017 08:39



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.