Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Gigabit LAN switches (again) - ZyXel GS1920-24 and Cisco Sg300  (Read 2398 times)

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 9306
  • Retd sw dev; A&A; 4 7km ADSL2; IPv6; Firebrick
Gigabit LAN switches (again) - ZyXel GS1920-24 and Cisco Sg300
« on: December 27, 2016, 07:16:35 AM »

I'm thinking about buying a 24-port ZyXel GS1920-24 switch. See
    http://www.zyxel.com/products_services/gs1920_series.shtml?t=p&tabOrder=2

I'm also thinking about the Cisco SG300 switch range but these devices are going to be something like two or three times the price. Also I'm not sure if I would even be able to purchase config tech support for it from Cisco, nor do I have any idea how to go about obtaining it, also costs might be ludicrous for all I know, and without full tech support it might be a waste of money. I'm it certain what software is in this box, whether it's a variety of Cisco IOS or not.

Questions:
1. Does anyone have any experience of these devices? Are they any good?
2. Would any kitizens care to read the spec or even flick through the manual and comment on what they think, if you can spare me the time. What are your thoughts?
3. Which model of ZyXel switch should I buy? Is there a better one in the ZyXel range?
4. Would a competitor's box be able to provide stronger security features at a similar price?
5. Could anyone enlighten me about Cisco switch quality, and about purchasing rituals and costs?

Non-requirements:
1. Ultra-high performance is not a critical factor as I don't expect it to have a great number of devices using it flat-out, although obviously it
2. Don't care about stacking or crazy uplink ports
3. VLANs not import at the moment, although that could change

My requirements:
1. IPv6 support in all features
2. Security, security and security. At least. Need defence against evil devices inside the LAN, also alerting.
3. Excellent QoS including IPv6 - a future requirement, not going to happen at the present since my current WAPs don't do QoS anywhere near as well as I would like and currently they are the limiting factor. I'd really like to be able to (i) get performance improvements from QoS-tweaking if I can, (ii) to make thinks more useable when hogs are present, and (iii) further limit users on the Guest WLAN BSS. Regarding the latter, my firewall/router has already had some success in this respect, but I have ultimately failed because while rate-limiting of guests is being done sometimes, it only applies to internet IPv4 traffic in or outbound; it doesn't apply to IPv6, nor to non-IP nor to LAN-internal traffic, and in some circumstances I would prefer to use strict priorities rather than rate limiting.
4. Regarding (2) and (3), it has to provide excellent usability both in initial setup and during maintenance / config changes, as without this it is useless. The box simply _has to_ be configurable in a sensible way that humans can actually understand, and without making horrible mistakes. (In addition, unless I can find another source of info, it also has to have docs that actually tell you what to do rather than merely paraphrasing or describing the UI in complete sentences which are slightly longer than the phrase you see in the UI itself.)
5. Manageability, must be able to backup the config and restore it easily. Ideally would be able to edit the config with a text editor. In fact, the ultimate dream would be to have the config file in XML.
6. Low power, reasonably so, anyway, as I want to run it off a UPS and run time is already woefully inadequate now.
7. In relation to security features, where appropriate it would be very nice to be able to be alerted to evil going on as well as defending against it. But only as long as the alertingreporting mechanism is not itself a potential way of causing DoS by overloading network, or the switch's CPU or RAM or by DoS'ing some external server or service, so it would have to be both filterable and rate-limited to be safe.

I'm thinking about getting one of the models without PoE, as I think as the PoE models are probably way too expensive and I only have a couple of PoE devices. This is probably a short-sighted decision, but I can always change my mind later if circumstances change, and also kit might have become cheaper if that day comes anyway.
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3834
Re: Gigabit LAN switches (again) - ZyXel GS1920-24 and Cisco Sg300
« Reply #1 on: December 27, 2016, 08:12:44 AM »

I can't  answer any of your questions,  but I've just purchased a netgear JGS524Ev2 managed switch,  one important feature for me was low power consumption,  which is 13.8w. It does have QOS, DOS and rate limiting along with various other features, it also seems fairly straightforward to setup and has both a Web interface and an app you install on a PC. You can backup and restore, no idea what format they are in, although I could find out if need be.  Price was not bad at 110 IIRC.

https://www.netgear.com/business/products/switches/web-managed/JGS524Ev2.aspx?cid=wmt_netgear_organic#tab-features

Documentation

https://www.netgear.com/support/product/JGS524Ev2.aspx?cid=wmt_netgear_organic

Manual

http://www.downloads.netgear.com/files/GDC/GS105EV2/WebManagedSwitches_UM_EN.pdf
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chunkers

  • Reg Member
  • ***
  • Posts: 456
  • Brick Wall head-banger
Re: Gigabit LAN switches (again) - ZyXel GS1920-24 and Cisco Sg300
« Reply #2 on: December 28, 2016, 12:42:50 AM »

I recently bought my first managed switch, a Netgear GS108Ev3 and they do a much bigger Daddy 24 port version (same one Ronski linked).  Worth noting I think they are v3 now, mine is certainly a v3 so worth looking out for the latest version before you click.

Its not my area of expertise and I am guessing its possibly not high end enough for your needs but all I can say is that it seems to do the job, is all-metal construction and the webUI is functional and easy to use.  The Netgear range is obviously cheapy-stuff but even their crappy plastic 15 Gb switches seem to last forever in my house.

C

« Last Edit: December 28, 2016, 12:45:06 AM by Chunkers »
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3834
Re: Gigabit LAN switches (again) - ZyXel GS1920-24 and Cisco Sg300
« Reply #3 on: December 28, 2016, 08:17:57 AM »

The Prosafe range I believe has a lifetime warranty,  my current one and previous one had.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

aesmith

  • Kitizen
  • ****
  • Posts: 1011
Re: Gigabit LAN switches (again) - ZyXel GS1920-24 and Cisco Sg300
« Reply #4 on: December 28, 2016, 02:47:59 PM »

The Cisco Small Business switches don't run IOS, effectively they're derived from Linksys products but with some enterprise and Cisco specific stuff (like CDP) added into them.   Admin guide is quite a substantial document here .. http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/Cisco_300Sx_v1_4_AG.pdf   Main support page here .. http://www.cisco.com/c/en/us/support/switches/sg300-28-28-port-gigabit-managed-switch/model.html (I think that's a public page, not partner only).   The Community material is useful for Cisco products, although as you'd expect you often find exactly your question asked but not answered.

We've supplied them for smaller customers, but not (so far) used any sophisticated capabilities.
Logged

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 9306
  • Retd sw dev; A&A; 4 7km ADSL2; IPv6; Firebrick
Re: Gigabit LAN switches (again) - ZyXel GS1920-24 and Cisco Sg300
« Reply #5 on: December 29, 2016, 06:45:27 AM »

I am a longtime fan of Netgear kit. That switch linked to doesn't seem to have remotely the functionality of the ZyXel according to the manuals. I'm seeing prices of around 130 for the ZyXel 24-port without POE. What's attracting me to the ZyXel and Cisco is the LAN-internal security defence and monitoring features. These boxes can act as a security appliance inside your LAN, so if evil people need to be allowed to come and live inside the LAN then these switches can provide functions that are essential to keep the basic infrastructure healthy in the face of attacks on ARP, NDP, DHCP, RA, DHCPv6 and various kinds of traffic-overload DOS, if LAN segmentation can't be achieved 100% because of nodes needing access to certain services or if segmentation fails somehow.

At the moment I've segmented my LAN using L2 firewalling provide within the WAPs, so things are looking better, but evil WLAN users who live in the 'guests' BSS can still torment my router (a Firebrick) in various ways even though they can't directly access any other stations or any nodes on the wired LAN.

Since there is some fabulous security functionality available now for not much money in the ZyXel, I thought it might be worth investigation. The ZyXel documentation is fairly useless though in that it's just the Web UI rewritten in slightly longer full sentences and there's nothing to tell you how to effectively and safely use the many functions in practice. I'm just starting reading the manual of the Cisco. The Cisco's docs don't seem to be a great deal more helpful, but if there is some effective hand-holding type tech support available from Cisco, then that would be a reason to pay the huge price premium for the Cisco device.

A big problem for me is that it might well take a lot of time to gain enough experience to find out that there are holes in the functionality / feature-set offered by one of these devices which mean that the protection they offer is incomplete.

I'm using an HP switch currently which doesn't offer anything like the security appliance capabilities that I would like.
Logged