MEGA 2.5GbE Switch Guide Update with 21 New Models Added

[Rohit Kumar]

In our new Mega 2.5GbE Switch Round-up 2024 edition, we cover 21 new switches. New options have more ports, PoE+, management, and more

The post MEGA 2.5GbE Switch Guide Update with 21 New Models Added appeared first on ServeTheHome.

Continue reading...

 

[is39]

I think having a comparison spreadsheet would benefit greatly.

 

[SDLeary]

Sooo... @Patrick ... With all these switches with single SPF+ ports, ostensibly to be used as uplink ports, where do we uplink them to when on a budget? Perhaps THIS or something like it? As a corollary to the MEGA 2.5GbE Switch Guide, perhaps you could test this to see how well it would work?

SDLeary

 

[MountainBofh]

Sooo... @Patrick ... With all these switches with single SPF+ ports, ostensibly to be used as uplink ports, where do we uplink them to when on a budget? Perhaps THIS or something like it? As a corollary to the MEGA 2.5GbE Switch Guide, perhaps you could test this to see how well it would work?

SDLeary

That's actually what I'm doing. I have a Horaco 8 port SFP+ switch that I've linked via OM3 to a Sodola 8 port 2.5gb switch that has a single SFP+ port. I've tried a handful of different transceivers and all have worked just fine.

The 8 port SFP+ switches are a little tougher to find, but they do exist. I got mine for $90 from Aliexpress. https://www.aliexpress.us/item/3256806038981360.html

 

[mattlach]

I find it really disturbing that STH is normalizing the use of these garbage spyware brands popping up like weeds out of China.

These things are a HUGE security risk. No one should be using them. It doesn't matter how cheap they are, or how expensive the alternatives are.

Of the switches in the guide, I'd trust:
- Mikrotik
- Netgear
- QNap

I might be persuaded to trust the following (but I am not there yet)
- Zyxel (hey, I remember them from the modem days!)
- TrendNET (may not be from an authoritarian country, but is synonymous with cheap and disposable garbage tech as far as I am concerned)
- Asustor (Asus is a well known brand, but maybe not for their serious network tech...)

I would not trust any of the rest:
- Davuaz
- Hasivo
- ienRon
- Keeplink
- Mokerlink
- Nicgiga
- Sodola
- Tenda
- TP-Link
- Vimin
- Xikestor
- YuanLey
- YuLinca

If something doesn't have design authority in the US, Europe, Japan, Taiwan or South Korea, it's not going anywhere near my network. That is sketchy as all hell.

Derivative designs, many of which are the same on the inside, with spammy "product name generator" brand names, many of which don't even have Wikipedia pages or publish any background or location information on their websites...

..and they come out of an authoritarian state, where inserting spyware is just an order from a Military Intelligence officer away.

This should be sending big flashing red warning signs to anyone who sees them.

Are people really that naive?

I'd suggest you buy established western brands, or don't buy at all. If that means that things get more expensive, and you can't afford your network, you are probably better off not having a network, than having this junk on your network.

 

[SDLeary]

I find it really disturbing that STH is normalizing the use of these garbage spyware brands popping up like weeds out of China.

These things are a HUGE security risk. No one should be using them. It doesn't matter how cheap they are, or how expensive the alternatives are.

Of the switches in the guide, I'd trust:
- Mikrotik
- Netgear
- QNap

I might be persuaded to trust the following (but I am not there yet)
- Zyxel (hey, I remember them from the modem days!)
- TrendNET (may not be from an authoritarian country, but is synonymous with cheap and disposable garbage tech as far as I am concerned)
- Asustor (Asus is a well known brand, but maybe not for their serious network tech...)

I would not trust any of the rest:
- Davuaz
- Hasivo
- ienRon
- Keeplink
- Mokerlink
- Nicgiga
- Sodola
- Tenda
- TP-Link
- Vimin
- Xikestor
- YuanLey
- YuLinca

If something doesn't have design authority in the US, Europe, Japan, Taiwan or South Korea, it's not going anywhere near my network. That is sketchy as all hell.

Derivative designs, many of which are the same on the inside, with spammy "product name generator" brand names, many of which don't even have Wikipedia pages or publish any background or location information on their websites...

..and they come out of an authoritarian state, where inserting spyware is just an order from a Military Intelligence officer away.

This should be sending big flashing red warning signs to anyone who sees them.

Are people really that naive?

I'd suggest you buy established western brands, or don't buy at all. If that means that things get more expensive, and you can't afford your network, you are probably better off not having a network, than having this junk on your network.

Some of us have to manage our tech focused hobbies with restrictive budgets. Would I like to equip my apartment with a Netgate firewall, and Ubiquiti switches and an AP? Sure but it's just not in the cards right now. For me and others like me, these reviews are helpful.

SDLeary

 

[nabsltd]

Some of us have to manage our tech focused hobbies with restrictive budgets.

It's pretty easy to get decent network equipment for reasonable prices if you look at used enterprise gear. The problem is that people feel they need 2.5Gbps, which never was part of the enterprise lineup. I run 1Gbps for most machines, and anything that needs more gets 10Gbps. I do have a few devices with 2.5Gbps ports, but none of them needs more than 1Gbps (HTPC, domain controller, etc.).

My main core of switches is:

• Microtik CRS326-24S+2Q+RM (purchased new)
• Netgear XS712T (used)
• 2x Netgear GS752TXS (used)

This is insane overkill, but used 48-port switches were generally cheaper than 24-port. I also have cheap, fanless 8 to 16 port managed switches in a couple of rooms, but only one of these has a 10Gbps uplink.

The key for me is that my server rack is in a room that is far enough away that I don't need quiet switches there, and where I do need quiet switches, I don't need features that raise the price.

 

[SimplyComplicated]

I am still in search of affordable 8+ 2.5Gbit ports and POE+ to run 3 POE+ APs and a few cameras. (I want something SMALL half width / wall mount)

Less expensive than the Unifi USW-Enterprise-8-PoE (120W) or Qnap QSW-M2108R-2C. These are basically what I am looking for but a bit outside my budget especially since I want two one for my little server rack and one for my wiring closet.. Only one of them needs to be POE.

My main issue with the current mega guide is it a MEGA list of nearly identical boards with different brands and minor port differences / bad firmware. I could see these being OK unmanaged but the managed ones are down right trash from the various forum posts I am seeing. (duplicate MAC addresses, slowing down / crashing after a few days, janky firmware update / support)

I want the following:

- Brand I know will exist and can get support from at least for a year but preferably more.
- Firmware updates for security .. BARE MINIMUM for a year but preferably more.
- Power supply / brick that I am not going to be concerned will burn my house down.
- Management UI that reliably does VLANS, Access ports, LACP / Trunks.

I think I am just going to have to continue waiting / hoping that Microtik releases a POE+ version of their switch

 

[MountainBofh]

It's pretty easy to get decent network equipment for reasonable prices if you look at used enterprise gear. The problem is that people feel they need 2.5Gbps, which never was part of the enterprise lineup. I run 1Gbps for most machines, and anything that needs more gets 10Gbps. I do have a few devices with 2.5Gbps ports, but none of them needs more than 1Gbps (HTPC, domain controller, etc.).

My main core of switches is:

• Microtik CRS326-24S+2Q+RM (purchased new)
• Netgear XS712T (used)
• 2x Netgear GS752TXS (used)

This is insane overkill, but used 48-port switches were generally cheaper than 24-port. I also have cheap, fanless 8 to 16 port managed switches in a couple of rooms, but only one of these has a 10Gbps uplink.

The key for me is that my server rack is in a room that is far enough away that I don't need quiet switches there, and where I do need quiet switches, I don't need features that raise the price.

A counter point - the used enterprise gear is still considerably more expensive vs the cheap realtek switches, and uses a HELL of a lot more power. Plus you have to deal with hunting down firmware updates from vendors that don't want to deal with you, transceiver crippling by said vendors, etc.

You're quick to discount 2.5gb, but a LOT of consumer systems are coming with it built in. I agree that if you're going to do anything really complex network wise (beyond simple vlan's) that the used enterprise gear would be the best option.

But for someone that needs a couple of 10gb links and wants to keep their power consumption and noise down, the cheap switches are a fine option for a home network.

 

[nabsltd]

You're quick to discount 2.5gb, but a LOT of consumer systems are coming with it built in.

I'm quick to discount it because it's 1/4 the speed that the entire computing world has used for "high speed required" systems for 20+ years.

The use cases where 2.5Gbit is useful/necessary are pretty slim. It's still nowhere near fast enough to even handle 6Gbps SATA SSD throughput, much less the NVMe drives on the new systems with 2.5Gbit NICs. OTOH, 1Gbps is far more than enough to handle real-world workloads that "consumers" want, like streaming video, playing games, etc.

The one very niche use case where 2.5Gbit might help is multiple users connecting to a NAS and doing far more than streaming video. But, in those use cases, the one device that needs the extra speed (the NAS) to handle multiple simultaneous connections can easily be outfitted with a 10Gbps NIC.

But for someone that needs a couple of 10gb links and wants to keep their power consumption and noise down, the cheap switches are a fine option for a home network.

I'd still rather pay for a Netgear MS510TXPP for the security of not being made in China. It's generally not cheap (although I got a used one for $150 a while back), but it also has more features than any of the cheap switches:

• 1x SFP+ (supports 1, 2.5, 5, and 10Gbit)
• 1x RJ-45 (supports 1, 2.5, 5, and 10Gbit)
• 2x RJ-45 (supports 1, 2.5, and 5Gbit and POE+)
• 2x RJ-45 (supports 1 and 2.5Gbit and POE+)
• 4x RJ-45 (supports 1Gbit and POE+)
• Layer 2.5 managed (supports static IPv4 and IPv6 routes, VoIP, traffic shaping, etc.), with easy to find and apply firmware updates
• Optionally rack mountable (comes with ears, but has stick-on feet, and is only 12" wide)
• Has a fan, but I've never heard it run except on startup
• A warranty that includes Lifetime Next Business Day Hardware Replacement

This switch will still be useful for years after the cheap 2.5Gbit switches have been replaced.

 

[MountainBofh]

I got bad news for you - the Netgear switch is also made in China. So is probably 95% or more of the networking gear all of us use. Phones, switches, NIC's, transceivers, you name it.

I'm not knocking your choice of gear, I'm sure it works great for what you need. But not everyone has the exact same needs.

Myself for example - I don't need vlan support, or POE, or layer 3 features. I just need my switches to pass frames quickly and efficiently. The el-cheapo chinese switches do that just fine.

Security - lets be honest. The Chinese government can't backdoor everything, and even if they tried it would kill their economy overnight. I'm not saying they don't backdoor stuff. Rather I think they go about it smartly, and go for the high end stuff that will generate a lot of results without a huge amount of effort.

What makes more sense to backdoor?
A: a cheap sub $100 switch that will be used on a home network.
B: a $50,000 telco enterprise router that will be handling all the network traffic for a major Fortune 500 business

There's a reason why Huawei and the other big name Chinese telecom players got curb stomped by sanctions - they're the ones selling backdoor gear. Not Mr NoName realtek rebadge vendor on Amazon or Aliexpress.

And as a final though... If every single Chinese network device was back door'ed, don't you think every single security researcher, IT blogger, review site, etc would be SCREAMING from the top of the mountain about it ? It's not that hard to fire up wireshark and look for something that doesn't belong.

 

[Patrick]

Good points. Some thoughts.

A big part of this series was really a nudge to vendors like MikroTik to do 2.5GbE, to Netgear to make cheaper 2.5GbE, and so forth. The difference between what it costs for Realtek switch chips that are tens of dollars and switches we saw in 2022 for $500 was crazy.

On a lifetime NBD replacement warranty, just remember that I said on a call with a well-known network vendor that offers a lifetime warranty something like "you offer the lifetime warranty because the AFR is like 0.5% or something small like that." The response I got was something along the lines of that being way too high of an estimate. It is nice as insurance, but if you are paying even a 10% premium for it, you are overpaying.

On the whole backdoor side, sure. It is possible. Just to give you an idea, since late Q2/ early Q3, we have been sitting switches on networks hoping to capture unsanctioned phone home traffic and not telling folks we had the project running because we did not want to tip off that it was happening. In the video, I said we sniffed for 7 days, but I see that as a lower bound for the switches to get reviewed. Really, we have had 40+ switches with >120 days each, so after over 5000 days of uptime. I am not sure any other review site has done anything similar. I thought it would be a remarkable piece if we found something, but we did not.

Realistically, these devices do not have the processing power to break encryption at 2.5Gbps per port or 30Gbps+ across the switch. If the switches did some sort of port mirroring to a WAN address, it would be computationally doable but very easy to spot.

If you do not want to use switches from some brands, that is great. That is why we have many brands represented. Remember, Netgear can buy the same Realtek switch chips and produce switches in volume, and if there is demand to do so at a price point, they can make similar switches for you.

Now, of course, there could be something in firmware that activates after a decade, and we will not see it. There can be some kind of push notification that can get through firewalls turning something on at a later date. Also, state actors have more resources and personnel than we do.

The goal is to get to everything we can.

 

[ms264556]

I think the spying/exfiltration risks from these cheap switches is waaaaay overblown.

As @MountainBofh says, it makes no sense at all to put implants in vast numbers of devices: this is a sure way to have your plans discovered very quickly. Just look at how quickly OpenWRT enthusiasts have dumped the firmware off these switches and analyzed them.

And if you're inserting yourself into the supply-chain to put implants on the equipment of high-value targets, then why limit yourself to under-powered Chinese switches?
It's much more straightforward to implement supply chain implants on 'safe' western network equipment brands. I'm not some Mossad trained hacking genius, but I've created easy-to-install 'customizations' for several network devices from US headquartered companies which survive factory resets and upgrades.

 

[nabsltd]

I got bad news for you - the Netgear switch is also made in China. So is probably 95% or more of the networking gear all of us use. Phones, switches, NIC's, transceivers, you name it.

Yes, we all understand that. I'm sorry that you intentionally avoided the point about "manufacture without oversight" that is implicit in this discussion.

I think the spying/exfiltration risks from these cheap switches is waaaaay overblown.

The fact the firmware on most of these switches is very flaky tell me that it would be hard to determine if something is just a bug or is actual compromised gear.

And, to be honest, I care more about the lack of bugs (or quick patching of them) from more reputable manufacturers.

 

[SDLeary]

It's pretty easy to get decent network equipment for reasonable prices if you look at used enterprise gear. The problem is that people feel they need 2.5Gbps, which never was part of the enterprise lineup. I run 1Gbps for most machines, and anything that needs more gets 10Gbps. I do have a few devices with 2.5Gbps ports, but none of them needs more than 1Gbps (HTPC, domain controller, etc.).

My main core of switches is:

• Microtik CRS326-24S+2Q+RM (purchased new)
• Netgear XS712T (used)
• 2x Netgear GS752TXS (used)

This is insane overkill, but used 48-port switches were generally cheaper than 24-port. I also have cheap, fanless 8 to 16 port managed switches in a couple of rooms, but only one of these has a 10Gbps uplink.

The key for me is that my server rack is in a room that is far enough away that I don't need quiet switches there, and where I do need quiet switches, I don't need features that raise the price.

2.5GbE wasn't part of the enterprise lineup, true. But it is the next step. I've been using 1GbE for a long time now, and the reason that I'm looking at 2.5/10 GbE stuff is that I keep things for quite a while. If I'm going to spend real money, I want the stuff to last.

The inexpensive equipment that Patrick and the rest of the STH team are looking at is very helpful, as I need a new switch, but don't have the the dollars right now for "real equipment". Also because apt living, power budget is important too. I've been keeping an eye on used things on eBay, but never seem to be in the right place at the right time!

Thanks Much
SDLeary

 

[izx]

The use cases where 2.5Gbit is useful/necessary are pretty slim.

I'd respectfully disagree.

If only because 2.5 GBase-T is becoming the default bundled Ethernet port on consumer/prosumer systems. And high-end consumer/DIY server mobos also seem to be bundling 10GBase-T.

If ya got it, why not use it?

Sure, I'd much rather they bundled a 10/25G SFP instead, or at least stopped using the awful BCM57416 which doesn't support 2.5G/5G when providing 10GBase-T, but...

And for the occasional bursty transfer from my old systems, a $15 Realtek 2.5GbE PCIe card is a no-brainer upgrade as long as I have a compatible switch.

 

[SimplyComplicated]

The use cases where 2.5Gbit is useful/necessary are pretty slim. It's still nowhere near fast enough to even handle 6Gbps SATA SSD throughput, much less the NVMe drives on the new systems with 2.5Gbit NICs. OTOH, 1Gbps is far more than enough to handle real-world workloads that "consumers" want, like streaming video, playing games, etc.

- Consumers are about to get WiFi 7 which by and large can make use of greater than 1Gbit switches.
- Consumers are already getting access to 1Gbit and higher fibre in some markets 10GBe gear is still much more expensive.
- 2.5Gbit is in many cases more useful than 2x 1Gbe LACP connected NAS solutions in a home SOHO enviroment as one client can get more than double the throughput.

You are right however that home users are not going to be getting the full speed out of a remote NVM setup.. but then again most of them can right now top out out a 1GBe setup with cheaper spinning rust already.

 

[nabsltd]

If only because 2.5 GBase-T is becoming the default bundled Ethernet port on consumer/prosumer systems.

If ya got it, why not use it?

Plugging in and connecting at 2.5Gbps doesn't mean you are "using it". It just means that's the max speed. 99% of those devices and use cases would be fine at 1Gbps.

And high-end consumer/DIY server mobos also seem to be bundling 10GBase-T.

And, this is be even more unused speed, but it will be more power used and heat generated.

I'm not saying that speeds higher than 1Gbps don't have any reason to exist...of course they do. But, for most users, the one place they will need that extra speed is on whatever home server they have. And, for that, they could use a 10Gbps connection (RJ-45 or SFP+), which means a cheap used switch with 1-2 10Gbps ports and 8-12 1Gbps ports would be perfect.

 

[nabsltd]

- Consumers are about to get WiFi 7 which by and large can make use of greater than 1Gbit switches.
- Consumers are already getting access to 1Gbit and higher fibre in some markets 10GBe gear is still much more expensive.
- 2.5Gbit is in many cases more useful than 2x 1Gbe LACP connected NAS solutions in a home SOHO enviroment as one client can get more than double the throughput.

Again, most people are not moving around enough data to make 2.5Gbps useful. This is not as true for people who post here, but despite our buying habits, manufacturers would not make money if we were the only ones buying 2.5Gbps gear. Overall, though, people don't move large enough chunks of data from their NAS to a client system that 1Gbps isn't enough. Maybe for initial ingest or a full backup, but those are very rarely done.

I have 1Gbps business fiber to my home (no oversubscription), and the only use I get out of the extra 500Mbps since I upgraded is that Steam can download a bit faster. It won't saturate the ISP line, though. So, internal speeds of 2.5Gbps aren't likely much use when the end point of the connection is somewhere on the Internet. Overall, I've transferred about 10TB across my ISP link since my pfSense box was rebooted 124 days ago. That averages out to 7Mbps, or 0.7% utilization of my link, and I suspect I'm one of the larger users of home ISP bandwidth.

Even WiFi 6 can (in theory) use more than 1Gbps on a single access point. Even so, if you are streaming 4K video at 100Mbps (probably the biggest possible real-world, in-home use of bandwidth), that's easily 5-6 streams without touching a 2.5Gbps uplink. So, if you are outfitting a workplace, then, yeah, 2.5Gbps is a big deal. But for a home with fewer than 8 people, not so much.

 

[louie1961]

Not to change topics, but I would love to see some reviews of the bigger 2.5gbe/10gbe switches. The ones with 16+ 2.5gbe ports, especially the managed switches.