Posted in

My $25 managed switch was only supposed to patch a hole, but it became the backbone…

The topic My $25 managed switch was only supposed to patch a hole, but it became the backbone… is currently the subject of lively discussion — readers and analysts are keeping a close eye on developments.

This is taking place in a dynamic environment: companies’ decisions and competitors’ reactions can quickly change the picture.

The vast majority of switches with port numbers in the single digits are purchased as a stopgap measure, and mine was no different. I had a shortage of ports on my router and wanted a way to connect my home lab devices and workstation to my network without a tangle of cables, so I purchased an 8-port managed switch. The $25 TP-Link TL-SG108E was meant to do nothing more than patch a quick hole, but as my home lab grew and my network topology evolved, it became the backbone of my entire network.

The feature that earned this switch its backbone status is 802.1Q VLAN support. My office is fed by a single Ethernet run from the router, and everything in the room hangs off that one uplink: my daily-driver workstation and a Proxmox host running services like Immich and Samba, plus whatever experiment I’ve got on the bench that week. Before the SG108E, all of that shared one flat network. My lab traffic and my personal machine sat side by side, and anything misbehaving in the lab was misbehaving on the same segment of the network as everything I actually cared about.

With actual 802.1Q tagging, I can break devices up into multiple logical networks that make sense. Lab traffic can live on its own VLAN, and my trusted devices live on another, so if I spin up an LXC for something I don’t necessarily want having full access to the rest of my network, it can be as broken as it wants without affecting anything else. And when something in my lab needs external access, it gets it through a VPN tunnel rather than a hole in my network.

VLANs are the feature that got used immediately in my network, but it was the things around it that really solidified it as a linchpin without me consciously knowing. Port mirroring is the sleeper hit: I can mirror any port’s traffic to another port and capture it from my workstation, which makes diagnosing issues with services very simple, and it’s a feature I didn’t expect on a switch this affordable.

Beyond that, you get what you’d expect from a managed interface: IGMP snooping to keep multicast traffic from flooding every port, QoS with prioritization based on port, 802.1p, or DSCP markings, link aggregation if you want to bond ports (though a single transfer still rides one link, so it won’t fix a gigabit bottleneck), loop prevention, and even basic cable diagnostics that can flag a damaged cable, which I have used on more than one occasion.

Because I didn’t plan for this switch to be so important, I opted for gigabit speeds. Besides my workstation, no other device on my network was multi-gig capable when I bought it, either. Now, however, almost all of the devices on my network are capable of 2.5 GbE at a minimum, and I’m even paying for a 2.5 Gbps uplink from my ISP. My ZFS pool can also read far faster than a gigabit link can carry; every large transfer between my workstation and my Proxmox host is bottlenecked by the backbone, not the storage.

Then there’s the “management” part of the managed switch. Management happens exclusively through a web UI, meaning there’s no SNMP for monitoring integration. The worst part is, the management interface sits on VLAN 1, which is a member of every port and can’t be changed. For local use, I don’t see a problem, but for true isolation with best practices, a “real” managed switch would be a much better fit.

I regret ignoring my switch’s loop detection provisions for years

A 2.5 GbE switch with a true management interface isn’t exorbitantly expensive, but it’s also not cheap. As a stopgap, spending $25 to get up and running with most of the features I’d want is perfectly fine. The next step-up in speed while maintaining a management interface is a prosumer unit, and those just wouldn’t have been appropriate at the time. Now that I actually have the capability to support 2.5 GbE and above, it makes sense. And at this price, replacement isn’t a painful decision. When I do move to a 2.5GbE backbone, the SG108E gets demoted to a different role where it’s not as load-bearing.

A switch that is bought for nothing more than its additional ports can quickly become the keystone of your entire network, and it all depends on what you plug into it. Thankfully the $25 model I got, despite not being multi-gig, has a competent web UI that gives me control of most of the usual management features you could ask for, which have come up big on multiple occasions.