Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
exmadscientist 4 days ago

I have always been resolute in avoiding managed switches for home use. I figure I don't need the headaches of worrying about configuring another device in my free time when I can pay less to have simple boxes that just send packets around without complaint.

I even managed to find an unmanaged 16-port 2.5GbE PoE switch so now I have 2.5Gbps and PoE at every wall jack in my house. (PoE is amazing. Get PoE if you're upgrading anything.) It's a no-name Chinese brand, but who cares? It's not like anything in this house is even trying to saturate 1GbE, much less 2.5GbE. So QoS or whatever on an internal network doesn't seem particularly useful.

I guess I could try to segregate the Internet of Shit devices I have (they're already on their own WiFi SSID which is most of the battle) but I mostly fight that fight by owning as few IoS things as I can.

What am I missing? Why bother with managed switches at home?

scottlamb 4 days ago | parent | next [-]

> I even managed to find an unmanaged 16-port 2.5GbE PoE ... It's a no-name Chinese brand, but who cares?

Does it have a NRTL certification (UL or the like)? This is something I'd look for in a PoE switch, which often have internal power supplies specced for several hundred watts. Potential fire hazard. If it were a non-PoE switch plugged into a standard 12V/2A external power supply or the like, then I'd be with you, who cares if it's a no-name Chinese brand.

(btw, MokerLink, a previously-unknown-to-me Chinese brand, gave me excellent support last night. I complained a switch wasn't working. They asked for a video, then told me they're sending me a replacement. It's being delivered tomorrow. So at least some of these no-name Chinese brands are earning some trust.)

exmadscientist 3 days ago | parent [-]

That is a very good point. Mine is from an actual brand and obviously OEMed by someone who makes a lot of these (there are many, many brands selling something with "S25-1602P" in the part number and slightly different stickers, and even more closely related designs), so I feel fairly confident, but yes.

MrVitaliy 4 days ago | parent | prev | next [-]

There are a ton of features that fall under 'managed' umbrella, but for most home usecases you don't really need to manage the switches often. Once you setup WiFi SSIDs with VLAN tags, you almost never have to touch the switch. I like to separate networks with VLANs.

If your WiFi doesn't have client isolation, IoT devices can still scan your network. WiFi client isolation will prevent that, having them on separate VLAN also makes sense.

Another usecase is a Guest network, when friends come over. You might not want to isolate clients there and allow devices to talk to each other, but also don't interfere with your home network.

If you work from home, depending on what you do, you might want to have 'office' VLAN. Or a 'Kids' VLAN, where internet turns off every night at 8pm.

At this point, it may be easier to QoS and give only 10% of your internet bandwidth to Guest network, and 5% to IoT device network, etc.

SoftTalker 4 days ago | parent [-]

I cannot imagine adding this complexity to my home life. Work is frustrating enough. At home I use the box from the cable company and don't change anything. That way if it doesn't work it's their fault.

justinrubek 3 days ago | parent | next [-]

How many layers of complexity live in in your current arrangement? They're still there. I've owned my own networking hardware for a long time, and it's stable to the point that I essentially never touch it after minimal setup. Some of us choose to go further down this path for our own reasons: features we want to use, to grow our knowledge, or just because we can. I find this take dismissive, reductive, and ultimately not a productive.

userbinator 4 days ago | parent | prev [-]

Network switches, even managed ones, are usually "set and forget".

But sure, if you don't want to take control of your home network, then the corporate overlords will be more than happy to control it for you --- possibly against your wishes.

YZF 4 days ago | parent [-]

I work on networks in my day job. Just like the parent at home I'm cool with a single L2 network behind a firewall. The box that plugs into the fiber is my NAT/Firewall. The rest is just off the shelf stuff I never have to touch or configure, mostly WiFi. No idea why you need link aggregation or vlans at home for most home use. what's next? VRFs and VXLAN? IPsec? Racks in your home data center with spine/leaf? ECMP?

EDIT: I have kids and never felt the need to isolate their network. I've never had a guest/friend that needed to access my network, everyone is on a network via their phone. But if they did they can jump on my WiFi.

wpm 4 days ago | parent [-]

I run IPsec at home, on two HA OPNSense firewalls/routers precisely because I don’t get to do it all day. It’s a learning experience.

exmadscientist 3 days ago | parent [-]

Sure, "I wish to learn about this stuff" or "I think playing with this stuff is fun" are both fair reasons.

But apart from those, I just don't understand how adding the complexity makes my life better. People are saying "VLANS!!!" but why would I want to do that? How does my life improve if I do?

userbinator 3 days ago | parent [-]

Everyone has already stated what they find VLANs useful for. If you don't think they're useful then I suspect you don't think VMs are useful either.

toast0 4 days ago | parent | prev | next [-]

> What am I missing? Why bother with managed switches at home?

I have managed switches now. Can be useful for link aggregation. I also use vlans, so I can have redundant nat gateways in different locations, without having to wire up a separate 'public net' lan... I could just put them in the same location, but I get a tiny amount of disaster resiliance this way. Vlans are also handy so I can do private and public on the same port and not need more nics; but maybe my setup doesn't need to be so esoteric that I want a separate port for host networking and for the nat gateway running in a jail (or maybe I could get srv-io to work somehow)

It's also handy to be able to check link status without having to go to where the switch is.

delamon 4 days ago | parent | prev | next [-]

Sometimes managed switch is the only way to find out faulty cable. I'm speaking about a bit bad cable, which corrupts some data, not all of it. Just by looking on interface error counters you can easily tell if something is off. Without it you either need somehow come up with very expensive cable tester or just pretend that slow network speed is due to some other popular blame destination (e.g. it's just bad macos update) ;)

t0mas88 4 days ago | parent | prev | next [-]

I use VLANs to isolate the IoT devices. Their separate WiFi is VLAN tagged by the access points.

And my internet/IPTV provider uses broadcast for TV streams which requires IGMP support if you want to run it over your existing network. Otherwise you have to use their modem and run a cable direct from the TV box to the modem.

seany 4 days ago | parent | prev [-]

Vlans. I don't think I'll ever buy a switch that doesn't support them. That rule goes back to me having a 3com super stack in my garage.