Switch Recommendations for pfsense capabilities

burlinwa

Hello,
Does anyone have an opinion on a switch I can purchase that would allow for all possible pfsense capabilities?
This is for a lab, and I already have 2 unmanaged switches.
A 5 port Netgear 1GB
A Trentnet 5 port 2.5GB
I have read some of the other forum posts, and looked on Amazon site at several dozen or more, but it is actually quite confusing as there are so many switches.

I would like 16-24 ports.
No SPF ports, just ethernet.
2.5 GB ports are a plus, but 1GB will work just fine.

And the switch would need to have the capabilities for all things pfsense and being able to learn, test, and setup all the different type options in the lab for training.

I am on a tight budget so the lowest cost reliable switch that will work would be what I am looking at purchasing. Approx. budget $80-300
Would this one have the features I need:
https://www.amazon.com/Zyxel-24-Gigabit-Managed-Rackmount-GS1900-24E/dp/B00GU1KSHS?ref_=ast_sto_dp&th=1&psc=1
They have a POE version one also.
One forum post( But it was from 2018) said Tp-link had issues with their switches and VLAN. Another post recommended D-Link Smart switches.

AndyRH

Check ebay for retired enterprise switches. I found an Aruba s2500-48p switch for about $120 to the door. As a bonus it has 4 SFP+ ports and all 48 ports are PoE. No 2.5 as it is quite old. It has exceeded my needs.
Other have found different brands for around the same price.

johnpoz

@andyrh while you could for sure grab older enterprise gear for a "lab" the only caveat I would add to grabbing such gear is noise and power.

If you only plan on firing up this while your actually working the lab might not be a big deal - but if you plan on actually leaving it run these can be real issues.. And depending on power consumption and cost of electric in your area, savings of say 100$ or so can get eaten up fairly quickly.. Some that enterprise gear can suck 100W just sitting there idle.. Vs say a 20W max on something new meant for smb, fanless, etc.

If your looking for budget buy, if you don't actually need poe, then don't get it - its only going to add cost and normally power consumption, noise - as you get higher in port density for sure any poe switch is going to have fans.

You can normally find a 24 or less port switch without poe that is fanless.

As you move up in port density you will find many of them have sfp, or combo ports where you can use ethernet or could use the port for sfp module.

Are you just looking to do vlans, or do you want more - like possible L3 (routing) on the switch, and or other features like ACLs for filtering traffic, snmp features, console access.. lag support? Off the top to be able to do pretty much anything you want with pfsense you would really just need vlan and lag support.

Multigig support on a high density port switch is for sure going to raise the price point on it.

While I don't have any personal experience with Zyxel switch - it does seem to check all the boxes. Low power, vlan and lag support for switch to allow you to do pretty much anything you would want in your "lab/network" And price isn't all that bad.

burlinwa

@johnpoz Andy's suggestion is a great idea, but the cost of power operation is a concern, and noise is a huge factor. I actually wear hearing aids so constant noise leads to headaches and irritability near end of the day.
I do just currently leave everything on. I am having to jimmy-rig my internet, which is only wireless availability and connect via laptop wifi, share my internet connection on laptop with a 1GB Nic to the pfsense. I have a laptop with hyper-v, a 6 nic mini appliance running the pfsense and the 2 unmanaged switches ( Which currently I really do not use or need for the lab)
For the lab and pfsense I am a noob ( Blushing, Sorry) . I am mainly wanting it for creating the wan, lan, dmz, learning about vlans, separating traffic or forcing traffic through say vpn, the captive portal, and setting up the wireless ap, and any other features I might be able to learn about.
My goal is to get a switch that will do everything possible in my price range that pfsense may offer in features and learning. I originally bought that Trendnet 2.5 GB switch only to have wasted the money because I did not realize I needed a specific type switch with certain features. I just don't want to find out later I need something different and have to spend more money.

burlinwa

@andyrh Andy, that is a great price, and I am sure full of features. I'll look it up. I may possibly look for an old enterprise switch if I can find one sort of green power-saving/cost-effective. That is probably the best way to get a super feature-packed switch without the new price tag. I will have to check on noise levels as they are quite bothersome and I am in a very limited living space.
I really appreciate you taking the time to reply. Thank you sir.

AndyRH

Some people replace the fans with Noctua fans to help with the noise. They are not for everyone, but I thought you might like the suggestion.
Mine does get a little loud when it gets warm, but most of the time it is fairly quiet.

johnpoz

@burlinwa said in Switch Recommendations for pfsense capabilities:

wasted the money because I did not realize I needed a specific type switch with certain features

Keep in mind that dumb switches can still be useful even in a vlan capable network. For example that 2.5ge switch even though its dumb could be used all in the same vlan downstream of your vlan capable switch, and now those devices can talk to each other via 2.5ge.

Dumb switches can be useful in adding more ports in a specific area, as long as all those devices are only going to be in 1 vlan.. As long as your upstream switch does vlans your fine.

Now sure in a perfect world, all your switches would be vlan capable then you can have any vlan anywhere you want on any port in your network. But dumb switches can still be leverage for ports. And can be helpful if you need ports in a specific area.

So don't just throw that 2.5ge switch in the trash ;) or return it - unless you won't need to leverage its 2.5g ports for stuff talking to each other at that speed, etc.

edit: BTW I found this thread that mentions the that S2500-48P switch drawing 67.7W "idle"

https://forums.servethehome.com/index.php?threads/power-consumption-thread.34673/

If you add up all my infrastructure, Switches 28 port, 10 port cisco sg300s, and dlink 8 port smart switch and my cable modem and my 3 APs - they don't draw that much ;) Shoot even if you add in my 2 pi's with stuff all working and not just idle that don't draw 68W ;)

AndyRH

@johnpoz Could be true. My UPS output is 559.45 kWh, with a xg-7100, 2 drive QNAP, ATT modem, ATT ONT, monitor, i7-2700 security PC and the 2500-48p switch that is powering 2 APs, 6 cameras, and 4 Pis.

burlinwa

@johnpoz LOL @john "..throw away that switch..." I bought 4 2.5GB USB NIC's to play around with to go with the switch, but I did think originally that I was buying the right switch needed for pfsense.
I ordered that Zyxel I gave url to in original post so I hope it works and is the right thing I need. ( Biting fingernails).You convinced me when I thought of burning money on the powergrid! LOL No JK, actually it is the newer, quieter device is why I did the purchase, and it was on sale.
You are right about the switches. I actually am using the trendnet from pfsense to it for my interfaces, and a 192.x devices on the netgear I have with one connect cable to the Trendnet.

One thing I find funny to myself being a desktop support guy is thinking it is easier than it really is setting this stuff up and getting it all talking or communicating.I'm much more familiar with and ease of setting hyper-v systems, a Microsoft Deployment Lab with sccm, etc...Hyper-v dynamically sets up or assists in the networking a lot and I did not realize how much so until I started getting physical gear to use.

johnpoz

@burlinwa said in Switch Recommendations for pfsense capabilities:

burning money on the powergrid! LOL No JK

Yeah, it adds up faster than most people think.. Lets call it 50W difference in that switch that you save lets say 100$ on vs getting some new less power hungry switch.. In 2 years even at typical 12 cents per kwh you would eat up that savings..

And if your in a part of the world were cost is much higher.. You could eat up any savings you might get buying low cost old enterprise gear in a few months.

If your just going to lab with it - or you don't care about electric cost or noise, then hey go for it.. But if its going to be part of your everyday network running 24/7 It rarely going to be a cost savings in the long run buying old enterprise gear even if sounds cheap.

burlinwa

@johnpoz I went ahead and got the Zyxel switch. LOL Mainly because I am a horder and wanted the 24 ports. But also it was a low price for a managed switch. I did not get the POE version but I am a noob so there is plenty for me to learn without that functionality presently.
I am only using it with current 24 ports and no vlans, port security, or anything else so when I get to those features I wanted to share that experience and if everything works properly.

Also, regarding the 2.5GB switch I have which seems to work well, on the other hand, the 4 2.5GB Sabrent USB Nics are really flaky and I have constant trouble with my Windows 10, and having to uninstall and reinstall drivers currently. I believe I am current with Win10 OS, patches, security and the nic drivers and firmware but still they are really annoying at this point. I want to try and get those working as desired though as soon as possible but for stabilities sake I am using 1GB USB NICS from another vendor.

darcey

@burlinwa said in Switch Recommendations for pfsense capabilities:

I went ahead and got the Zyxel switch.

I bought one of the zyxel GS1900 switches last year and pretty much followed johnpoz's advice above, avoiding POE and unnecessary ports. to save on noise and power.
The GS1900s can be easily and safely flashed to openwrt while retaining the oem firmware. They have a serial header and dual flash rom.

netblues

@burlinwa
Traditionally usb and ethernet never played well.
There are exceptions, and in some cases (i.e. wifi only laptops) its the only solution. (but then ethernet is mostly offerd with some kind of docking station, and since these are a bit more well tested, they tend to work)

But for the original tinker, usb ethernet is always something to stay away when experimenting.
Make everything else work, and then consider usb lan.

The reason is that usually in usb to ethernet adapters there are features missing, e.g. vlan tagging is often missing.

johnpoz

@netblues said in Switch Recommendations for pfsense capabilities:

usb ethernet is always something to stay away when experimenting.

While I would agree with in general terms for sure. Sometimes your stuck - my nas for example has no way to add an actual nic. So I had to use usb, I have had good luck with the 2.5ge Club 3D one (CAC-1420). Both with the bb-qq driver for my ds918+ and on windows its been really stable. Windows driver is whatever driver windows had.

When I first set this up couple years back, my current pc at the time had no free slots for another actual nic either. So I got 2 and really has worked out well.

But yeah if at all possible I would use actual nic if you can.

netblues

@johnpoz I was thinking more on linux/bsd terms
In windows things are a bit better, since without windows support, product will be a huge flop.

johnpoz

@netblues well my nas runs linux OS..

ash-4.4# uname -a
Linux NAS 4.4.180+ #42661 SMP Fri May 27 17:10:49 CST 2022 x86_64 GNU/Linux synology_apollolake_918+

I use the driver put out by bb-qq
https://github.com/bb-qq/r8152

But in general I don't think freebsd has had overall good luck with usb nics.. Or really anything realtek - a usb nic on any os really would never by my first choice ever, but sometimes your stuck getting something to work with what you can use. I sure wouldn't choose usb to save a few bucks, but if no other way - then they can work, and can be stable. Depending on the driver support from your OS.