I’m looking for recommendations for a managed network switch that either comes with open source firmware or can have open source firmware flashed onto it.
I read that some old TP-Links let you do this but the modern ones don’t. I also read some ZyXELs allow it, and I’m looking at the GS1900-8, but it doesn’t say anywhere in the description about the firmware.
Does anyone have any ideas or knowledge to share? Do I need to buy an old one second-hand?
I’d prefer something with 8 ports, but 4 or 5 is probably enough, honestly. 8 would just be more future-proof if I decide to expand my setup.
PoE isn’t a dealbreaker for me but I consider it a nice-to-have. And I don’t need SFP (unless someone can explain why I might?). I do want something managed though, for setting up VLANs, QOS prioritization, NGFW, etc.
Thanks in advance!
You can use Openwrt
Isn’t that just the firmware? I’m looking for hardware that’s compatible with it
The GS1900-8 is supported by OpenWRT. Just don’t plan on doing anything more than hardware switching as the CPU not built for it.
https://toh.openwrt.org/
What do you mean? It’s a network switch, that’s all it’s supposed to do.
Unless you mean it can’t do VLAN, QOS, and NGFW like a managed network switch should. Is that the case?
I don’t think you know what those words mean
It can do vlans and possibly QoS but I wouldn’t expect more than that. Theoretically the hardware itself supports many other features like packet/frame filtering and cable diagnostics but the current mainline kernel doesn’t support any of those features.
Why would I not know what they mean?
A Virtual LAN lets you group different ports by priority and security level. Trusted devices behind the most security, quarantined from public-facing devices with different security features, quarantined from a guest network that you can let people connect to without exposing your whole system.
QoS prioritizes some tasks over others. If you have a matrix server on one port and you’re playing a game on another, it can prioritize traffic for the port that the game is on.
A Network Gate Firewall has additional security features that ufw doesn’t have, including active sniffing and packet filtering.
A managed switch is a network switch that has a CPU to enable these kinds of features. Unlike an unmanaged switch, which only does packet switching, but is still better than a plain ethernet hub.
Not sure why you felt the need to be condescending. You could have just said that the OpenWRT kernel doesn’t support every feature that the hardware does and maybe list some of the ones that it doesn’t. It wouldn’t have been that hard.
For your reference, here is some basic networking info.
If you are not already familiar with the OSI model, start here: https://www.geeksforgeeks.org/computer-networks/open-systems-interconnection-model-osi/
A vlans work in layer 2 of the OSI model. You are talking about higher level things that can be achieved in part by vlans but it is very important to understand how things work at lower level. A vlan is simply a extra tag on a ethernet frame that tells upstream devices what lan a frame belongs to. You can configure a switch port to tag untagged traffic but pure switches themselves don’t do any routing and thus there are no ACLs or any other layer 3+ things to configure. https://en.wikipedia.org/wiki/Ethernet_frame
By NGFW think you are referring to Next generation Firewalls which are different than network switches. Firewalls operate in layers 3-7 and thus don’t see or control anything in layer 2. Next gen firewalls are really only something you see in a enterprise environment and even then they tend to be more marketing than anything else. If you want a firewall you need something with a decent CPU that can track states and handle routing.
A managed switch is a switch that can be configured to do vlans and other layer 2 technologies like spanning tree. Most switches support hardware accelerated switching but in some cases switching is done by the CPU. On a small layer 2 switch you don’t want to be careful that you aren’t doing any routing (or anything else CPU heavy) as the CPUs present in layer2 switch chipsets tend to be very weak since they are only designed to configure the hardware via control registers. The reason I bring this up is that OpenWRT will happily let you configure a device anyway you see fit which can lead to really bad performance if you don’t know what you are doing. Additionally OpenWRT doesn’t support some hardware features like cable diagnostics and layer 2/3 filtering like I said previously.
Apologies if you already know all this. From your writing I got the impression that you were new to networking.
I’m definitely new to networking, but I’ve already done some research and I guess I thought I understood it but now I’m not so sure. That’s all interesting information though, thanks. I’ll be sure to read more about it.
By NGFW I was referring to things like Endian, OPNSense, pfSense, Sophos, and Untangle. Are they really not worth it for hobbyist use? Right now all I have is ufw (and some scanners like clamav, maldet, aide, and rkhunter), but all that seems to do is block and/or whitelist IPs and ports. I would have thought a NGFW would be worth it, at least for anything that’s going to be public-facing.
Is OpenWRT even a good idea for a network switch? The router I’m looking at comes with it by default, so chances are I won’t have to configure it much myself. But for the network switch my main concern is that I don’t want to use some proprietary firmware that’s just gonna phone home to the company’s servers and basically render any privacy/security measures I take useless.
I know to avoid netgear, but is there a particular brand of network switch that FOSS/homelab people prefer and trust? If so I’ll just use the default firmware…