Can anyone recommend a small switch (say 8 ports, reasonably priced) with the following properties: - Gigabit - Port Mirroring (at least 3 sets of 2 port mirrors) - SNMP (for bandwidth monitoring) - Management (SSH or Web is fine especially if SNMP is available as well). - Native IPv6 (nice to have, since my env is fully dual-stack)
Was looking at the netgear 8 port thingies but I don't think they support SNMP and I'm too lazy to manually check usage with a web-ui. I've also experienced some issues with older netgear switches (purple ones) where MAC address per-port assignment was horribly broken (same MAC applied to all ports in MGMT & SNMP interfaces).
Originally looking at the Ubiquiti switches to replace a 24 port unmanaged switch but realized I could just deploy this tactically with a smaller separate switch instead.
The use is to be able to monitor usage as well as being able to tap specific points without futzing with cabling.
I may end up just going fully managed (for device location hunting) but could use some product suggestions from the above described scenario.
i use mikrotik routers. have all i need plus ... very reasonably priced and full features.
On Thu, Jun 1, 2017, 12:06 Sean Cody, sean@tinfoilhat.ca wrote:
Can anyone recommend a small switch (say 8 ports, reasonably priced) with the following properties: - Gigabit - Port Mirroring (at least 3 sets of 2 port mirrors) - SNMP (for bandwidth monitoring) - Management (SSH or Web is fine especially if SNMP is available as well). - Native IPv6 (nice to have, since my env is fully dual-stack)
Was looking at the netgear 8 port thingies but I don't think they support SNMP and I'm too lazy to manually check usage with a web-ui. I've also experienced some issues with older netgear switches (purple ones) where MAC address per-port assignment was horribly broken (same MAC applied to all ports in MGMT & SNMP interfaces).
Originally looking at the Ubiquiti switches to replace a 24 port unmanaged switch but realized I could just deploy this tactically with a smaller separate switch instead.
The use is to be able to monitor usage as well as being able to tap specific points without futzing with cabling.
I may end up just going fully managed (for device location hunting) but could use some product suggestions from the above described scenario.
-- Sean _______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
On 2017-06-01 Sean Cody wrote:
Can anyone recommend a small switch (say 8 ports, reasonably priced) with the following properties: - Gigabit - Port Mirroring (at least 3 sets of 2 port mirrors) - SNMP (for bandwidth monitoring) - Management (SSH or Web is fine especially if SNMP is available as well). - Native IPv6 (nice to have, since my env is fully dual-stack)
Starting from least feature-packed to most (all have Gb + web mgmt at minimum):
gives you Gb, port-mirror (probably 1-1 or n-1) TP-Link TL-SG108E ~$50-$65 http://www.tp-link.com.au/products/details/cat-41_TL-SG108E.html#overview
above, plus adds SNMP, mirror is n-1 only: Netgear GS108T-200NAS ~$90-$110 http://www.downloads.netgear.com/files/GDC/datasheet/en/GS108Tv2.pdf
above, plus adds IPv6, mirror is still only 1-1/n-1 DLink DGS-1210-10P ~$120-150 http://us.dlink.com/products/business-solutions/10-port-gigabit-web-smart-po...
above, plus *might* add multi-set mirroring: "Port mirroring provides the capability of mirroring four source ports to improve network traffic monitoring and troubleshooting", but this quote was from a 3rd party site, and the vendor site doesn't specify Dell 2808 ~$170-220 https://www.shi.com/Products/ProductDetail.aspx?SHISystemID=SHICommodity&...
*maybe* gives you multi-set mirroring? TP-Link TL-SG3210 $200-$210 (see interface, might allow setting per "mirroring" port?) http://www.tp-link.com/us/faq-526.html
I think this can do 4-set mirroring! Engenius EGS5212FP $300-$400 https://www.engeniustech.com/wp-content/uploads/2017/01/EnGenius_L2_Switch_C...
So there's the cheapest that does all you want, and it's not cheap! Interesting that that's the first one with a CLI interface.
If you want one, they are in distie stock and I can drop-ship to your location cheaper than the prices I just checked at the big e-guys. Email me off-list.
ones) where MAC address per-port assignment was horribly broken (same MAC applied to all ports in MGMT & SNMP interfaces).
Sounds like a one-off problem, doubt that's the case on all their switch lines.
I may end up just going fully managed (for device location hunting) but could use some product suggestions from the above described scenario.
Looks like only fully-managed (CLI) switches can do the advanced stuff you need. Funny that the stumbling block is the mirror thing.
ones) where MAC address per-port assignment was horribly broken
(same
MAC applied to all ports in MGMT & SNMP interfaces).
Sounds like a one-off problem, doubt that's the case on all their switch lines.
Nah. Quite a few switches do that. "It's a feature, not a bug." Seriously. Actually, it's an artifact of the way the switch silicon is designed; pretty much the only switches that *don't* do this are from Cisco or Juniper or someone else who designs their own switch silicon, because it's a design feature of all the standard switch silicon vendors. It's also not unique to switches - consider that Sun also thinks "it's a feature, not a bug" - all SPARC systems use one global MAC address across all interfaces by default. And even from a theoretical standpoint, the switch mgmt. interface is usually just a VLAN'd interface (embedded in silicon, talking directly to a special internal switchport) and last time I checked, when I instantiate VLAN subinterfaces on Windows, Linux, OpenBSD, FreeBSD, etc. the subinterfaces get the same MAC address as the parent interface. IMHO, Cisco is the outlier here.
Unless I'm misunderstanding Sean's original complaint?
I may end up just going fully managed (for device location hunting) but could use some product suggestions from the above described scenario.
Looks like only fully-managed (CLI) switches can do the advanced stuff you need. Funny that the stumbling block is the mirror thing.
That's not surprising. The CLI-enabled switches are using the higher-end OEM silicon. So Broadcom (or one of their competitors) had to go up a die size to get enough CPU & RAM to handle three interfaces (Web, CLI, settable SNMP) and a couple more daemons (telnetd, sshd), they likely had enough extra gate capacity to bump up the feature set a little bit on every feature. The OEMs provide a single "column" of switch chips where you as a switch-maker get to pick from XS, Small, Medium, Large, XL, 2XL, etc., not a full feature-matrix.
-Adam
On the particular switch line I was working with you couldn't find what MACs were behind specific ports as the switch didn't record them and instead in the SAME MIB field recorded just the MAC of the switch management interface. Made finding devices difficult as I could trace it down to a trunk (via core or distribution) but not past it at access. Super frustrating.
On 2017-06-02 07:30, Sean Cody wrote:
On the particular switch line I was working with you couldn't find what MACs were behind specific ports as the switch didn't record them and instead in the SAME MIB field recorded just the MAC of the switch management interface. Made finding devices difficult as I could trace it down to a trunk (via core or distribution) but not past it at access. Super frustrating.
Oh! Yeah, that's a bug. Or at least a really shitty mis-feature. Most likely the specs for the switch carefully don't claim that it supports BRIDGE-MIB but some twit decided to provide a stub response instead of "noSuchName" in the error status.
-Adam
Based on the prices of new items that meet your needs, I'd almost recommend buying a Cisco Catalyst 3560-48TS -- 48+ gigabit ports (48+SFPs). I picked up one for around $200 shipped for my birthday in late 2016. I also picked up an HP Procurve 2910al-48 for around the same price, its also got 48 gigabit ports + some SFPs, SNMP, CLI, etc.
The only drawback on the HP stuff is the spanning-tree on the Procurve is pretty funky when you enable it (its not enabled by default), I would recommend against mixing these with other vendors.
On 2017-06-02 12:38, Theodore Baschak wrote:
Based on the prices of new items that meet your needs, I'd almost recommend buying a Cisco Catalyst 3560-48TS -- 48+ gigabit ports (48+SFPs). I picked up one for around $200 shipped for my birthday in late 2016. I also picked up an HP Procurve 2910al-48 for around the same price, its also got 48 gigabit ports + some SFPs, SNMP, CLI, etc.
The only drawback on the HP stuff is the spanning-tree on the Procurve is pretty funky when you enable it (its not enabled by default), I would recommend against mixing these with other vendors.
HP's spanning-tree implementation works perfectly fine. What they fail at is making it obvious which STP variant you're running, which is (IIRC) 802.1w by default, *not* 802.1d. Which then interoperates poorly with 802.1d switches, since HP's implementation of 802.1w's backward-compatibility mode employs different timers (again IIRC) than most others. This is not wrong, they're within the standard, but ...
...yeah, ok, funky was a good word in the first place :-/
Beware the HP-branded gear that started out life as 3Com instead of HP; it's awful. Horrible. Terrible. My thesaurus is inadequate for this task. The lower-end Procurve switches are all most Procurve-lineage devices, and while they certainly have quirks (VLAN handling would have been my #1 pick) they're solid. Better hardware than the Cisco, in my experience (fewer port failures).
-Adam
that? http://www.balticnetworks.com/mikrotik-crs112-8g-4s-in-cloud-router-8-port-4...
On Fri, Jun 2, 2017 at 2:59 PM, Adam Thompson athompso@athompso.net wrote:
On 2017-06-02 12:38, Theodore Baschak wrote:
Based on the prices of new items that meet your needs, I'd almost recommend buying a Cisco Catalyst 3560-48TS -- 48+ gigabit ports (48+SFPs). I picked up one for around $200 shipped for my birthday in late 2016. I also picked up an HP Procurve 2910al-48 for around the same price, its also got 48 gigabit ports + some SFPs, SNMP, CLI, etc.
The only drawback on the HP stuff is the spanning-tree on the Procurve is pretty funky when you enable it (its not enabled by default), I would recommend against mixing these with other vendors.
HP's spanning-tree implementation works perfectly fine. What they fail at is making it obvious which STP variant you're running, which is (IIRC) 802.1w by default, *not* 802.1d. Which then interoperates poorly with 802.1d switches, since HP's implementation of 802.1w's backward-compatibility mode employs different timers (again IIRC) than most others. This is not wrong, they're within the standard, but ...
...yeah, ok, funky was a good word in the first place :-/
Beware the HP-branded gear that started out life as 3Com instead of HP; it's awful. Horrible. Terrible. My thesaurus is inadequate for this task. The lower-end Procurve switches are all most Procurve-lineage devices, and while they certainly have quirks (VLAN handling would have been my #1 pick) they're solid. Better hardware than the Cisco, in my experience (fewer port failures).
-Adam
Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
On 2017-06-02 Adrian Stoness wrote:
that? http://www.balticnetworks.com/mikrotik-crs112-8g-4s-in-cloud-router-8-port-4...
It's not clear from the docs if the mikrotiks (which appear to be more router than switch, but with switch-like features) will allow multi-set mirroring. The specs don't say and the docs seem conflicting, with 2 I found looking like it's n-1 only and 1 being ambiguous whether >1 set is possible.
Someone with a mikrotik would have to try it out. That would be great if they could do it since that unit is only $116 (US$?).
On 2017-06-02 Theodore Baschak wrote:
Based on the prices of new items that meet your needs, I'd almost recommend buying a Cisco Catalyst 3560-48TS -- 48+ gigabit ports (48+SFPs). I picked up one for around $200 shipped for my
No downside... except power consumption, looks like it draws "65W (Cisco Catalyst 3560-48TS)" excluding PoE. The Engenius I mentioned draws 13W. :-) Of course, if it's for work and it's not your dime, go crazy (unless you're green, in which case go crazy and feel guilty). :-)
From what Adam said, looks like switches suffer from prebuilt tier 1
computer system syndrome: if you want one thing high-end they force everything high-end on you. Oh well. Maybe SDN is on to something after all??
-
Adam Thompson -
Adrian Stoness -
Dan Keizer -
Sean Cody -
Theodore Baschak -
Trevor Cordes