Which small, managed, fanless, PoE switch?

[homeserver78]

I need a managed switch for my home network. Intended use is hooking up APs (with multiple SSID-specific VLANs) and isolating IoT stuff and IP cameras. Routing will be done through a separate OPNsense router. The switch needs to be:

• Fanless.
• Small: it needs to fit in a wall mounted metal box which means max 260 mm width, 160 mm depth, and 40 mm height (I cannot fit a 1U = 44 mm thick switch).
• PoE, at least on 4 ports but much better if 8.
• Fully usable locally (without any type of cloud management). If it calls home I don't trust it.

So I've been looking at switches like these (prices in SEK, divide by 10 to get ~EUR):

• Netgear GS108EP, 1301:-
• Netgear GS308EP, 974:-
• Netgear GS110TP (v3), 1531:- (does not seem to have a product page, only support page + datasheet which is timestamped 2012) WARNING: needs online registration to open up local config interface to setup e.g. VLANs!!! (See below.)
• Netgear GS310TP, (datasheet exists but completely MIA otherwise)
• TP-Link TL-SG2210P, 1416:-. "Cloud managed", unclear if fully usable via the web GUI. Also has port LEDs on the opposite side to the actual ports which seems extremely user-unfriendly. So not really a candidate. End-of-Life, replaced by the not-confusingly-at-all named "SG2210P" model (no initial "TL-"), which is not available for purchase anywhere, is seems...
• TP-Link Omada ES206GP (v1) 683:-. Only 6 ports out of which 4 are PoE.
• TP-Link Omada SG2210XMP-M2 (v1), 3523:-. Like the Zyxel XMG1915-10EP below but even more insanely expensive.
• Zyxel GS1900-8HP, 1312:-
• Zyxel GS1915-8EP, 1403:-
• Zyxel XMG1915-10EP, 3012:-. 8x 2.5 GbE + 2xSFP+ so not really the same class as the others.

...

Yeah, there's a lot of them and most seem very similar. It also seems like most of them exist as several hardware versions? (And what's the deal with Netgear's almost identical GS1 and GS3 series? Or Zyxel's GS1900 vs GS1915?)

According to this reddit thread many of the above have serious deficiencies, like not supporting VLAN trunk ports, or their management GUI being accessible on all VLANs -- which seems absurd to me since the whole point of a managed switch would be to isolate e.g. IoT and WiFi guests from things like, well, management interfaces...

So what's your experiences with this class of switches? How do I find one that works well? Obviously GS308EP is enticing since it's considerably cheaper than all equivalent alternatives; will it work well for my use case? Edit: its datasheet expressly says "Configurable Management VLAN: No".

---

A related question: I also have unmanaged switches on my network for connecting e.g. NAS and desktop at higher speeds. How does the above small managed switches handle untagged traffic from these computers? Say management traffic from my desktop, entering the managed switch through a trunk port, aimed for the AP (which runs OpenWRT BTW). I assume/hope trunk ports will let untagged traffic through?

I ask because of this weird sentence in the GS308EP manual: "You can /.../ change a port to trunk mode so that it automatically belongs to all VLANs on the switch and tags the traffic that it processes." I hope this is wrong and what it should say is that trunk ports "... does not modify tags of the packets that it processes"?

 

[homeserver78]

their management GUI being accessible on all VLANs
/.../
its datasheet expressly says "Configurable Management VLAN: No".

I read conflicting info on this. If the management interface is only accessible through untagged packets, as hinted on by some posts on Netgear's forum, then that's fine. Just as long as the management interface doesn't ignore VLAN tags.

I guess the whole thing is needlessly complicated by the fact that Netgear seems to call ports that add VLAN tags to incoming packets (and strips them from outgoing) "untagged" ports. And ports that just filters on VLAN tag are called "tagged" ports? Very confusing terminology there!

Edit:

management interface only accessible through untagged packets

But this can't be it either. According to the manual, when VLANs is first switched on, "VLAN 1 is added to the switch and all ports function in access mode as members of VLAN 1". So all packets internal to the switch would then be tagged VLAN ID 1, and the management interface would become instantly inaccessible on all ports. So obviously the management interface must be accessible at least on VLAN ID 1 as well as on untagged packets.

*sigh* I'm confused.

 

[MountainBofh]

Maybe the CSS610-8P-2S+in ?

 

[homeserver78]

Maybe the CSS610-8P-2S+in ?

Thanks, but it's WAY too big unfortunately, at 272x217x51 mm³.

 

[gregsachs]

Switch Lite 8 PoE - Ubiquiti Store

An 8-port, Layer 2 PoE switch supporting silent fanless cooling.

store.ui.com

Just run a local controller and disable metrics.

 

[homeserver78]

Switch Lite 8 PoE - Ubiquiti Store

An 8-port, Layer 2 PoE switch supporting silent fanless cooling.

store.ui.com

Just run a local controller and disable metrics.

Thanks for the suggestion! Only 4 PoE ports though, and it seems like a PITA to have to run a local controller (along with setting up the environment to box it in). And the mere fact that Ubiquiti feels that it's reasonable to send metrics from my network is a huge red flag for me. So... probably not the switch for me.

I'm actually leaning towards a Zyxel GS1900(-10HP?) right now: I saw these are supported by OpenWRT which is a huge plus to me! Also, while their VLAN management seems outrageously amateurish -- for example it seems possible to configure multiple untagged VIDs on a single port! :facepalm: -- it does seem like these switches can be configured to do what I want. At least nothing has turned up (yet ) that would be a complete showstopper. (And if anything would turn up once I'd bought it I'd have the backup option of flashing OpenWRT.)

But isn't it crazy that all these switches suck so much?

 

[Muppet17]

For what it's worth, I run both the Zyxel XMG1915-10EP with multiple VLANs (in standalone mode) and the TP-Link SG2210P as well (but running in omada, soon to go back to standalone). I feel the Zyxel is a rather solid switch with an excellent feature set. I have been running VLANs without issues, and the only hiccup I had was a poorly configured IGMP snooping setup which was my error. There are some unintuitive parts to the interface, mainly making sure you save the config after hitting apply, but overall I like it a lot. I disabled the Nebula cloud and it does not seem to phone home at all.

The TP-Link is a bit meh. I've had issues with the blinky lights not working but apart from that it's standard TPLink/Omada stuff.

The Zyxel and the TPlink are connected with 1G SFP fibre modules, while the other port of the Zyxel has a 10G DAC, so it seems like having two different speeds on the 10G ports works (I know some other switches or NICs have this problem - looking at you Netgear).

 

[sko]

a wall mounted metal box which means max 260 mm width, 160 mm depth, and 40 mm height (I cannot fit a 1U = 44 mm thick switch).

If that thing wasn't meant for networking gear, just dump it. Especially if it really is a "box", i.e. closed with no ventilation to get rid of dissipated heat of a PoE switch. (yes, even at 8 ports they need to get rid of excess heat *especially* if you want a passively cooled one!)
A proper 19" wall mount is less than 10bucks: 19" 2U wall rack bracket zinc plated
(They also sell via amazon in europe, but at considerably higher prices to cover the amazon fees; their shipping rates within europe are usually *much* cheaper than the amazon premium prices (at least for germany and austria, haven't checked all countries though). Their quality is also far superior to cheap brands like Logilink, InLine or Digitus)

As for the switch: have a look at the Huawei S220S-8P4J: https://support.huawei.com/enterprise/en/doc/EDOC1100406398/abe55f00/s220s-8p4j
At ~150EUR its hard to beat. The "eKit" app/cloud management is completely optional, just ignore/don't enable it and run the normal initial setup locally. I've deployed some of those S220 and S310 switches and they are dead simple to configure if you have touched a switch before (CLI almost identical to cisco apart from some nuances, web GUI also looks pretty usable) and they are 'fire and forget' - never had any issues or defects with them.

 

[MountainBofh]

Another possibility.

https://www.servethehome.com/the-mini-asus-ebp15-poe-switch-is-tiny/

 

[nabsltd]

And what's the deal with Netgear's almost identical GS1 and GS3 series?

The 108 series is an all-metal enclosure with a lifetime warranty. The 308 is mostly plastic with a 1-2 year warranty.

Note that the "lifetime" warranty is limited by other factors, like if Netgear still makes an equivalent switch. I had a 108 die at around 10 years old and Netgear didn't honor the warranty since they couldn't replace it without a major upgrade in features.

 

[tgl]

I've read that all of Netgear's managed switches have phone-home behavior, so pay close attention to that point. (I love their unmanaged switches, but would be hesitant to buy a managed one.)

I have a managed Zyxel switch (XGS1250-12) that I quite like, but it doesn't do PoE so that particular model wouldn't suit you.

I concur with @sko that you need to think hard about whether your physical requirements are actually sane. A fanless PoE-supplying switch will have a lot of heat to get rid of, so cramming it into a tiny box is a recipe for failure.

 

[gregsachs]

Thermal heat rise calculator.

Enclosure Cooling Calculator: Step 1 | Kooltronic

Kooltronic's Enclosure Cooling Calculator can help you find the right electrical enclosure cooling solution. Step 1: Enter your preferred units of measure.

www.kooltronic.com

The key bit is the thermal load of the switch, which may or may not be published. That little Unifi is 28 BTU/hr

 

[sko]

Thermal heat rise calculator.

Enclosure Cooling Calculator: Step 1 | Kooltronic

Kooltronic's Enclosure Cooling Calculator can help you find the right electrical enclosure cooling solution. Step 1: Enter your preferred units of measure.

www.kooltronic.com

The key bit is the thermal load of the switch, which may or may not be published. That little Unifi is 28 BTU/hr

excluding PoE:

So this is only taking the few watts into account the switch is using at idle. A realistic figure for a PoE switch with ~50-60W power draw is around 175-200BTU/h.
Plus you also need to run their controller somewhere, because ubiquiti basically only sells dumb switches, but they somehow managed to make that acceptable - other vendors were demonized for pulling that off in the past...


Edit:
rough rule of thumb for watts to BTU/h is a factor of ~3.1-3.3 (direct Watt to BTU/h conversion would be 3.41 to be precise, omitting all efficiency factors and just going with the worst case of "all power that goes in eventually turns into heat").
Or just omit that weird BTU/h unit - Watts is already the correct unit to calculate cooling requirements (unless you also want to use random body parts, grain kernels and washing machines as units...)

 

[homeserver78]

Thanks to everyone who's replied!

First of all, let's get the "box" thing out of the way: Maybe I used the wrong term; cabinet might be more correct? Anyway, it's a ventilated cabinet where the ISP fiber enters and where the patch panel for my (rental) apartment's Cat6 cables are. So I'm very much stuck with it.

It already today contains two unmanaged switches: one 5x 2.5 GbE + 1x SPF+ switch (Zyxel XMG-105) and one 8x 1 GbE PoE switch (Netgear GS108LP). The new, managed switch would replace the latter. I have them standing on their sides (with supports under for air circulation) so that convection can do its thing through their side vents. Heat has not been a problem at all; they're lukewarm at most.

I could replace them both with a single managed switch with, say, 4x 2.5 GbE (non-PoE) + (4-)8x 1 GbE PoE + 1-2x SFP+. And this switch could then be 1U thick. Still, space is very limited (at ~260 mm width, ~160 mm depth max -- or possibly 350 mm width x 120 mm depth, but this placement would be very impractical and worse from a convection standpoint).

I feel the Zyxel [XMG1915-10EP] is a rather solid switch with an excellent feature set.

I've read only positive things about this one so far, and it would solve everything for me. It's just annoying that it's so darn expensive at >275 EUR here (in combination with the fact that I really don't need more than 1 GbE on the managed PoE ports). The two SFP+ ports though would be very nice.

Where is its 1 GbE equivalent for, say, 175 EUR?

Huawei S220S-8P4J

Thanks, but again, way too big at 43.6 mm x 320 mm x 210 mm. They seem a bit odd with their 2.5 Gbit/s SFP ports; what kind of transceivers do one use with those? Do they work with SFP+ DACs? Or at 2.5 Gbit/s with SFP DACs?

Another possibility.

https://www.servethehome.com/the-mini-asus-ebp15-poe-switch-is-tiny/

Cute, but it's as expensive as the 8-port switches above? And a privacy EULA on a switch? Come on!

The 108 series is an all-metal enclosure with a lifetime warranty. The 308 is mostly plastic with a 1-2 year warranty.

Okay, so the GS1xx is the premium/business version? I've noticed they also have larger packet buffers than the GS3xx. According to the datasheet all of them have a metal enclosure. I did find one review saying they are plastic though. Have you actually seen a plastic one or is this just some rumor that's gotten a life on its own?

I've read that all of Netgear's managed switches have phone-home behavior, so pay close attention to that point.

Okay well that would be really bad. Do you have any link or such? A quick search fails to turn up anything...

 

[tgl]

Okay well that would be really bad. Do you have any link or such? A quick search fails to turn up anything...

See for example this article from The Register: "product registration is required to unlock full access to the local browser user interface". The policy may not apply to every Netgear managed switch, but for sure at least some. It also aligns with my experience with Netgear Orbi wifi gear: you had to register with them to get the things configured at all. (It was not "limited access", it was "no go at all" until you made a cloud account.) I have not bought any more Netgear stuff since getting rid of the Orbis.

 

[homeserver78]

That's just horrible. Thanks for the heads-up! It seems to apply to at least these switches:

    GS110TPP
    GS110TPv3
    GS110TUP
    GS710TUP
    GS716TP
    GS716TPP
    GS724TPP
    GS724TPPv3
    GS724TPv2
    GS724TPv3
    GS728TPPv2
    GS728TPPv3
    GS728TPv2
    GS728TPv3
    GS752TPP
    GS752TPPv3
    GS752TPv2
    MS108TUP
    MS510TXM
    MS510TXUP

I'm glad I didn't buy e.g. a GS110TPv3 just to have to return it.

 

[tgl]

Thanks for doing the research on that --- I'd poked around Netgear's site a little, but failed to locate that list.

 

[nabsltd]

Okay, so the GS1xx is the premium/business version? I've noticed they also have larger packet buffers than the GS3xx. According to the datasheet all of them have a metal enclosure. I did find one review saying they are plastic though. Have you actually seen a plastic one or is this just some rumor that's gotten a life on its own?

The 3xx are a mix of plastic and metal. I don't have any at the moment, but I have had them in my hand. They are still good switches, and if money is tight, they are fine choices.

That's just horrible. Thanks for the heads-up! It seems to apply to at least these switches:

What's really terrible is that it's only the suffix (like TPP or TXM) that distinguishes the switches that "support cloud management" (i.e., require registration). I have GS752TXS and MS510TXPP switches that have no cloud management, but your list shows 3x GS752 and 2x MS510 variants that require it.