I have always been resolute in avoiding managed switches for home use. I figure I don't need the headaches of worrying about configuring another device in my free time when I can pay less to have simple boxes that just send packets around without complaint.
I even managed to find an unmanaged 16-port 2.5GbE PoE switch so now I have 2.5Gbps and PoE at every wall jack in my house. (PoE is amazing. Get PoE if you're upgrading anything.) It's a no-name Chinese brand, but who cares? It's not like anything in this house is even trying to saturate 1GbE, much less 2.5GbE. So QoS or whatever on an internal network doesn't seem particularly useful.
I guess I could try to segregate the Internet of Shit devices I have (they're already on their own WiFi SSID which is most of the battle) but I mostly fight that fight by owning as few IoS things as I can.
What am I missing? Why bother with managed switches at home?
> I even managed to find an unmanaged 16-port 2.5GbE PoE ... It's a no-name Chinese brand, but who cares?
Does it have a NRTL certification (UL or the like)? This is something I'd look for in a PoE switch, which often have internal power supplies specced for several hundred watts. Potential fire hazard. If it were a non-PoE switch plugged into a standard 12V/2A external power supply or the like, then I'd be with you, who cares if it's a no-name Chinese brand.
(btw, MokerLink, a previously-unknown-to-me Chinese brand, gave me excellent support last night. I complained a switch wasn't working. They asked for a video, then told me they're sending me a replacement. It's being delivered tomorrow. So at least some of these no-name Chinese brands are earning some trust.)
> What am I missing? Why bother with managed switches at home?
I have managed switches now. Can be useful for link aggregation. I also use vlans, so I can have redundant nat gateways in different locations, without having to wire up a separate 'public net' lan... I could just put them in the same location, but I get a tiny amount of disaster resiliance this way. Vlans are also handy so I can do private and public on the same port and not need more nics; but maybe my setup doesn't need to be so esoteric that I want a separate port for host networking and for the nat gateway running in a jail (or maybe I could get srv-io to work somehow)
It's also handy to be able to check link status without having to go to where the switch is.
There are a ton of features that fall under 'managed' umbrella, but for most home usecases you don't really need to manage the switches often. Once you setup WiFi SSIDs with VLAN tags, you almost never have to touch the switch. I like to separate networks with VLANs.
If your WiFi doesn't have client isolation, IoT devices can still scan your network. WiFi client isolation will prevent that, having them on separate VLAN also makes sense.
Another usecase is a Guest network, when friends come over. You might not want to isolate clients there and allow devices to talk to each other, but also don't interfere with your home network.
If you work from home, depending on what you do, you might want to have 'office' VLAN. Or a 'Kids' VLAN, where internet turns off every night at 8pm.
At this point, it may be easier to QoS and give only 10% of your internet bandwidth to Guest network, and 5% to IoT device network, etc.
I cannot imagine adding this complexity to my home life. Work is frustrating enough. At home I use the box from the cable company and don't change anything. That way if it doesn't work it's their fault.
Network switches, even managed ones, are usually "set and forget".
But sure, if you don't want to take control of your home network, then the corporate overlords will be more than happy to control it for you --- possibly against your wishes.
I work on networks in my day job. Just like the parent at home I'm cool with a single L2 network behind a firewall. The box that plugs into the fiber is my NAT/Firewall. The rest is just off the shelf stuff I never have to touch or configure, mostly WiFi. No idea why you need link aggregation or vlans at home for most home use. what's next? VRFs and VXLAN? IPsec? Racks in your home data center with spine/leaf? ECMP?
EDIT: I have kids and never felt the need to isolate their network. I've never had a guest/friend that needed to access my network, everyone is on a network via their phone. But if they did they can jump on my WiFi.
Sure, "I wish to learn about this stuff" or "I think playing with this stuff is fun" are both fair reasons.
But apart from those, I just don't understand how adding the complexity makes my life better. People are saying "VLANS!!!" but why would I want to do that? How does my life improve if I do?
Sometimes managed switch is the only way to find out faulty cable. I'm speaking about a bit bad cable, which corrupts some data, not all of it. Just by looking on interface error counters you can easily tell if something is off. Without it you either need somehow come up with very expensive cable tester or just pretend that slow network speed is due to some other popular blame destination (e.g. it's just bad macos update) ;)
I use VLANs to isolate the IoT devices. Their separate WiFi is VLAN tagged by the access points.
And my internet/IPTV provider uses broadcast for TV streams which requires IGMP support if you want to run it over your existing network. Otherwise you have to use their modem and run a cable direct from the TV box to the modem.
Managed switches have become much cheaper since that article came out -- you can get a Netgear 8 port managed switch for $25 versus $18 for the unmanaged version.
It's a little harder to compare TP-Link switches (which is the brand used in the linked article), since their $53 managed switch also has 4 ports of PoE, while their $18 unmanaged switch doesn't have PoE.
There was a period when I was paid to look after a bunch of managed switches, and they had a variety of interesting and useful features but that's a large corporate-like environment (a University) and it was part of a research programme.
[This is back when IPv6 is relatively novel and so the refit of a large building with brand new high end Cisco managed switches was justified as research, also leading to a hilarious "bidding" process in which Cisco's lone authorised supplier tells us what the price is, which of course is completely unaffordable, then we tell a Cisco exec what we want to pay, then they calculate a research "discount" which we are to be offered so that magically we pay exactly this much to the lone supplier].
Feature I really liked 1.: Time Domain Reflectometry. Port #123 failed? Ask the switch, it says the fault is 19 metres from the switch, measure by eye or with tape, oh yeah, there's the problem.
Feature I really liked 2.: Port history. You can see at a glance that ports #120 through #140 are not in use now but with history you can see that port #130 and #136 were used last Tuesday night. Aha! The only thing these ports actually do is support a madcap arrangement where Astronomy run laptops on the roof for stargazing. They can just use WiFi! No need to run all this extra stuff.
For the research we had MLDv2 group multicast support - e.g. 80 people have 100baseT networking, 10 watch video channel A at 40Mbps, 10 watch channel B at 40Mbps, yet the network is only moving 80MBps (40 + 40) and their links only have 40 Mbps each, the 60 non participants have all 100Mbps free - in principle that could be done in a relatively dumb switch, but also at home scale it's irrelevant anyway, and even at corporate it's cool but hardly worth diverting serious effort when you probably don't need such a feature.
I use MAC based VLANs to automatically segregate types of devices no matter where they plug in. Works pretty well. I don't know if it's a feature available on all smart switches, particularly the low end ones, but it's common on higher end devices.
I have always been resolute in avoiding managed switches for home use. I figure I don't need the headaches of worrying about configuring another device in my free time when I can pay less to have simple boxes that just send packets around without complaint.
I even managed to find an unmanaged 16-port 2.5GbE PoE switch so now I have 2.5Gbps and PoE at every wall jack in my house. (PoE is amazing. Get PoE if you're upgrading anything.) It's a no-name Chinese brand, but who cares? It's not like anything in this house is even trying to saturate 1GbE, much less 2.5GbE. So QoS or whatever on an internal network doesn't seem particularly useful.
I guess I could try to segregate the Internet of Shit devices I have (they're already on their own WiFi SSID which is most of the battle) but I mostly fight that fight by owning as few IoS things as I can.
What am I missing? Why bother with managed switches at home?
> I even managed to find an unmanaged 16-port 2.5GbE PoE ... It's a no-name Chinese brand, but who cares?
Does it have a NRTL certification (UL or the like)? This is something I'd look for in a PoE switch, which often have internal power supplies specced for several hundred watts. Potential fire hazard. If it were a non-PoE switch plugged into a standard 12V/2A external power supply or the like, then I'd be with you, who cares if it's a no-name Chinese brand.
(btw, MokerLink, a previously-unknown-to-me Chinese brand, gave me excellent support last night. I complained a switch wasn't working. They asked for a video, then told me they're sending me a replacement. It's being delivered tomorrow. So at least some of these no-name Chinese brands are earning some trust.)
> What am I missing? Why bother with managed switches at home?
I have managed switches now. Can be useful for link aggregation. I also use vlans, so I can have redundant nat gateways in different locations, without having to wire up a separate 'public net' lan... I could just put them in the same location, but I get a tiny amount of disaster resiliance this way. Vlans are also handy so I can do private and public on the same port and not need more nics; but maybe my setup doesn't need to be so esoteric that I want a separate port for host networking and for the nat gateway running in a jail (or maybe I could get srv-io to work somehow)
It's also handy to be able to check link status without having to go to where the switch is.
There are a ton of features that fall under 'managed' umbrella, but for most home usecases you don't really need to manage the switches often. Once you setup WiFi SSIDs with VLAN tags, you almost never have to touch the switch. I like to separate networks with VLANs.
If your WiFi doesn't have client isolation, IoT devices can still scan your network. WiFi client isolation will prevent that, having them on separate VLAN also makes sense.
Another usecase is a Guest network, when friends come over. You might not want to isolate clients there and allow devices to talk to each other, but also don't interfere with your home network.
If you work from home, depending on what you do, you might want to have 'office' VLAN. Or a 'Kids' VLAN, where internet turns off every night at 8pm.
At this point, it may be easier to QoS and give only 10% of your internet bandwidth to Guest network, and 5% to IoT device network, etc.
I cannot imagine adding this complexity to my home life. Work is frustrating enough. At home I use the box from the cable company and don't change anything. That way if it doesn't work it's their fault.
Network switches, even managed ones, are usually "set and forget".
But sure, if you don't want to take control of your home network, then the corporate overlords will be more than happy to control it for you --- possibly against your wishes.
I work on networks in my day job. Just like the parent at home I'm cool with a single L2 network behind a firewall. The box that plugs into the fiber is my NAT/Firewall. The rest is just off the shelf stuff I never have to touch or configure, mostly WiFi. No idea why you need link aggregation or vlans at home for most home use. what's next? VRFs and VXLAN? IPsec? Racks in your home data center with spine/leaf? ECMP?
EDIT: I have kids and never felt the need to isolate their network. I've never had a guest/friend that needed to access my network, everyone is on a network via their phone. But if they did they can jump on my WiFi.
I run IPsec at home, on two HA OPNSense firewalls/routers precisely because I don’t get to do it all day. It’s a learning experience.
Sure, "I wish to learn about this stuff" or "I think playing with this stuff is fun" are both fair reasons.
But apart from those, I just don't understand how adding the complexity makes my life better. People are saying "VLANS!!!" but why would I want to do that? How does my life improve if I do?
Sometimes managed switch is the only way to find out faulty cable. I'm speaking about a bit bad cable, which corrupts some data, not all of it. Just by looking on interface error counters you can easily tell if something is off. Without it you either need somehow come up with very expensive cable tester or just pretend that slow network speed is due to some other popular blame destination (e.g. it's just bad macos update) ;)
I use VLANs to isolate the IoT devices. Their separate WiFi is VLAN tagged by the access points.
And my internet/IPTV provider uses broadcast for TV streams which requires IGMP support if you want to run it over your existing network. Otherwise you have to use their modem and run a cable direct from the TV box to the modem.
Vlans. I don't think I'll ever buy a switch that doesn't support them. That rule goes back to me having a 3com super stack in my garage.
People who are enchanted by this sort of thing should check out openwrt:
https://www.openwrt.org
Many common off-the-shelf routers can run openwrt, and it is very nice to not only own your router, but your network as well.
People who do the sort of hacking like the author of this article get newer unsupported routers up and running on openwrt and share the results.
Managed switches have become much cheaper since that article came out -- you can get a Netgear 8 port managed switch for $25 versus $18 for the unmanaged version.
It's a little harder to compare TP-Link switches (which is the brand used in the linked article), since their $53 managed switch also has 4 ports of PoE, while their $18 unmanaged switch doesn't have PoE.
I’m still not certain what the advantage of a managed switch is.
I’m sure there is one because they’re more expensive.
The only thing I was able to discover is that they detect a network loop.
There was a period when I was paid to look after a bunch of managed switches, and they had a variety of interesting and useful features but that's a large corporate-like environment (a University) and it was part of a research programme.
[This is back when IPv6 is relatively novel and so the refit of a large building with brand new high end Cisco managed switches was justified as research, also leading to a hilarious "bidding" process in which Cisco's lone authorised supplier tells us what the price is, which of course is completely unaffordable, then we tell a Cisco exec what we want to pay, then they calculate a research "discount" which we are to be offered so that magically we pay exactly this much to the lone supplier].
Feature I really liked 1.: Time Domain Reflectometry. Port #123 failed? Ask the switch, it says the fault is 19 metres from the switch, measure by eye or with tape, oh yeah, there's the problem.
Feature I really liked 2.: Port history. You can see at a glance that ports #120 through #140 are not in use now but with history you can see that port #130 and #136 were used last Tuesday night. Aha! The only thing these ports actually do is support a madcap arrangement where Astronomy run laptops on the roof for stargazing. They can just use WiFi! No need to run all this extra stuff.
For the research we had MLDv2 group multicast support - e.g. 80 people have 100baseT networking, 10 watch video channel A at 40Mbps, 10 watch channel B at 40Mbps, yet the network is only moving 80MBps (40 + 40) and their links only have 40 Mbps each, the 60 non participants have all 100Mbps free - in principle that could be done in a relatively dumb switch, but also at home scale it's irrelevant anyway, and even at corporate it's cool but hardly worth diverting serious effort when you probably don't need such a feature.
The killer application for me is that my wired Ethernet security cameras are on a VLAN that I firewall from the internet.
Vlan tagging at the port level is great. They probably do other things as well.
VLANs are often useful.
I use MAC based VLANs to automatically segregate types of devices no matter where they plug in. Works pretty well. I don't know if it's a feature available on all smart switches, particularly the low end ones, but it's common on higher end devices.
I wish cheap serial-port managed switches were a thing.
The reasonably cheap managed switches often expose the management interface on all ports, even all VLANs (with no way turn it off).
It’s frustrating that this is just a software limitation - the hardware is damn capable of much more.
Hell, I’d love to have a switch where the management interface was an I2C port that I could plug into just for reprogramming.
Really just want dumb VLANs, no fancy RSTP or such.
FYI Zyxel consumer switches seem to be more secure in this regard (I had a GS1200).
But yeah, even the enterprisey switches have braindead defaults like loading configuration from tftp at startup.
My brain was struggling to parse this until I realized it should be "Dumb-to-managed switch conversion"
(2010)?
Having vlans in a home feels insane to me. What's the point?
I segregate using VLANs based on usage.
- IoT
- Personal
- Work
- Kids/guests
- Lab
The first four have their own WiFi SSID.
I don't want various cameras/sensors/lightbulbs that rarely get updates to have access to my personal network.
I don't want to mix personal use with work use (I work from home).
In a similar vein, I trust my kids about as much as I trust random IoT devices.
The lab network is just random stuff, like an archive team warrior vm that I have running.
I could do everything on one single network, but if a single host or device is compromised everything is, and I'm too paranoid to run like that.
oh my.
My quality of life changed SO MUCH when I put in vlans.
machines go onto the appropriate vlan.
the winner was the "jail" vlan. Any machine on it can't get out. Maybe for updates through a filtering proxy like privoxy.
Every house should have vlans like this.
the status quo of "every machine can talk to the internet" or "buy our cloud-based router" is just uncomfortably common.
Terrible experience on mobile even Firefox reader doesn't work I don't think
Safari mobile reader mode works fine. It even recognizes the “next page” links and renders all four at once.