VLAN network switches
-
I'm setting up a VLAN for a few IP security cameras and planning to get an unmanaged switch that supports poe (or maybe poe+). Was looking at a Netgear GS105P if it's just for the cameras but may get a GS108PP and use the extra ports for Unifi APs (in the future).
The VLAN will consist of an SG-3100 firewall connected directly to a Mikrotik CSS326-24G-2S+RM managed switch connected to the unmanaged POE switch and then the individual cameras and a Home Assistant box running Frigate. Planning to block this VLAN from WAN and SG-3100 management with a pass rule for the Home Assistant box.
I know that the Mikrotik switch supports tagging since it handles my current VLANs and I imagine that the unmanaged Netgear switches have no VLAN support. What I don't know is will they pass tagged traffic? If they won't then there's really no point in having extra ports for future APs since they would need the tags.
Would welcome any suggestions/advice. Maybe there are better POE switches? I would really like to keep the price < $100US though.
Box: SG-4200
-
@wgstarks
I use the Vlan enabled D-Link DGS-1100-08P - PoE switch (64W Power budget).https://www.amazon.de/-/en/D-Link-DGS-1100-08PV2-Gigabit-Capacity-Fanless/dp/B08MWJVWW1/
The D-link DGS-1210-10P has even more features, but is usually a bit more expensive, this is unusually cheap (Out of stock).
https://www.amazon.de/-/en/D-Link-DGS-1210-10P-Gigabit-Switch-including/dp/B003KJTZYK/But below $100, you'd prob have to get a used switch off eBay.
If you're looking for a used 1210-10P , make sure to get the new one with DC-Power plug , and the external power brick. The older model with built in power supply, gets cazy hot.
DC-Plug
Edit: Wonder why D-link is cheaper in EU, it's usually the other way.
/Bingo
If you find my answer useful - Please give the post a đź‘Ť - "thumbs up"
pfSense+ 23.05.1 (ZFS)QOTOM-Q355G4 Quad Lan.
CPUÂ : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
LAN : 4 x Intel 211, Disk : 240G SAMSUNG MZ7L3240HCHQ SSD -
@wgstarks said in VLAN network switches:
What I don't know is will they pass tagged traffic?
While any modern switch shouldn't strip a tag.. That is really not the overall issue.. Since the switch doesn't understand them it won't be able to isolate the traffic.
So any sort of broadcast or multicast traffic would be sent to all ports, not just the ports in that specific vlan. This breaks your L2 boundary.. So you run into the problem if any untagged or native devices on this switch you would see this traffic.
Now if the only thing on this switch going to be APs that only allow tagged traffic you could prob get away with it. But you should really understand that you could have have issues not actually isolating the traffic based on tags or lack of tags.
Without the switch understanding tags, its possible for any device on this switch to easy jump to any vlan they want. Or view any broadcast/multicast traffic.
If your going to do something like this, all traffic entering that switch should be tagged.
Personally I wouldn't do such a thing unless you have no choice, you need something to work now. And you don't have a vlan capable switch, and the vlan capable switch is not going to be here for a few days, etc. If this is a new setup, just spend the extra few bucks and get a vlan capable switch with the features you want to use, be that poe or whatever.
If your talking entry level low density port switches, I really don't see how it could be more than a few bucks difference between a switch that does poe, and switch that does poe and also understands vlans. That they would even make a poe switch that doesn't understand vlans is beyond me ;) I guess there must be some market out there for users that want poe, and all the devices on this switch are just in one vlan.. That wouldn't be APs normally. Phones maybe where all of them are in the voice vlan anyway. Or camera's I guess - so I guess there is a market for such devices ;)
You would think poe switches should be "smart" if not fully managed - for starters I would want to be able to control the power to a port, turn it off or on for example. Which would require some sort of management capabilities on the switch, so why wouldn't it be vlan aware, etc. The ability to turn power on or off on a port is great advantage with poe stuff, because it allows you to power cycle something without having to actually go to the device and pull the cable. For example your outside camera up on a wall somewhere crashes or something - wouldn't it be easy to power cycle it via command on the switch from your desk vs having to go physically unplug the camera cable.
-
@johnpoz
You make a good point. The POE switch will be used exclusively for devices all in the same VLAN initially but at some point I’ll probably want to get rid of the injectors I’m using for my Unifi APs (and one raspberrypi) and add them to the switch instead. Better to do this right from the start. I’ll probably see what Mikrotik has to offer in an 8 or 10 port POE switch since I’m already using SwitchOS for my primary switch. -
@bingo600
Thanks. If I go with a switch in this price range I’ll probably stick with Mikrotik since that’s what I’m already using. -
Or maybe I won’t go with Mikrotik. Really don’t want or need RouterOS.
-
@wgstarks what are are you specific poe wants? poe, poe+, poe++ version 3 or 4? What sort of power capacity? 60W, 100W, etc..
To be honest, while poe switches are cool and all. If budget is of real concern, unless you have a lot of poe devices its just easier to use the injectors.. Adding poe to a switch normally is a significant cost bump.. So unless your wanting to connect 4 or 5 poe devices off the same switch and don't want the mess of all those injectors.. Just using the injectors is cheaper for sure.
Don't get me wrong poe can be slick and cool and can provide some functionality, like ability to power cycle devices without having to actually touch anything ;) And also quite often provide info like how much power is being drawn.. So there are for sure advantages.. But with almost anything, more features/abilities corresponds to higher price ;)
edit:
Just for sake of discussion - why I don't run poe switch.. So I have 2 poe AP hanging off my core switch. So for me to get rid of the injectors I could either add a poe switch.. So ok I get rid of 2 injectors.. But now I have another switch hanging off my core switch.. Does it save me any space, does it look better? Not really ;) And now since this is a downstream switch, my 2 AP are going to have to share the uplink, so verse both having gig into the core switch, they would have to share the 1 gig uplink, unless I took another port off my core switch and setup lacp or different uplinks for different vlans, etc. I don't see that being worth cost of getting a new switch, and sure not worth the cost of getting a new core switch that supports poe at my 28 port density... Now when I get a new switch, I might look to getting one that supports poe and if not too crazy priced do it then.My second switch is in my av cabinet - and its a very full featured sg300-10.. I only have the 1 poe AP hanging off that switch. Do I get a poe switch to add there? Do I replace the switch there with a poe switch, is it going to be as full featured as current switch without being too expensive? Why the switch and injector are hidden in a cabinet ;)
Now what do I do with that switch, I really have no use of another switch.. It would be spending money for really just spending money and not getting much of anything..
You for sure need to do what makes sense to you.. And fits in your budget.. And for sure if I was in the market for a new switch, I would want poe support as long as not crazy difference in price for features I want without poe, etc. My new dream switch would be full multi-gig 2.5/5/10 atleast on a few ports, same or more features than my current switch.. And sure support every type of poe there is ;) But if I had to choose over multigig ports or poe, multigig would win for sure..
-
@johnpoz
I guess really my biggest reason for a Poe switch is getting rid of all the injectors. They’re starting to take up more and more space.Reolink specs show the cameras at <12 watts but I would probably still go with POE+ and perhaps 75 watts available. Active POE sounds good but I don’t have enough experience with POE to know if it’s really needed or not?
-
@wgstarks biggest thing is knowing what poe your cameras need.. at or af, passive, etc. etc.. unless they are really new I would not expect them to use bt (poe++)
How many cameras do you have? Are you planning on adding more anytime in the near future?
edit: poe can for sure trim down a mess of connections and power plug requirements that is for sure.. If I had want to add cameras into my network.. yeah poe would be much higher priority than my current needs.. I keep toying with the idea, and I got a camera to play with to see what kind of bandwidth, and storage would be used, etc. Just not sure makes much sense for the cost - yeah they are all the rage and all.. Just not sure cost/setup/maint justifies the benefit.. I haven't needed or wished I had a video of something that happened ever ;) Well other than this one time guy had a car indecent in front of my house - I and would of been cool if I had a video to help him out..
-
@johnpoz
Right now I’m installing 2 Reolink RLC-410-5MP cameras. The Reolink support website states that all Reolink cameras are IEEE 802.3AF/48 volt Active and that this model has a power draw <10 watts. -
Might just make more sense to go with something like a 4 port injector? I know POE Texas makes one.
link text -
@wgstarks Yeah that falls under your 100 budget ;)
Switch would be "cooler" but whatever gets the job done..
-
Will an 802.3at injector support an 802.3af camera?
Was thinking about getting the at version of the injector so I could add my Ubiquiti APs to it. I think they are 802.3at.
