Which wired router in front of Brume?

So far I have been quite happy with Brume as it runs Wireguard at ISP native speeds. It also runs Adguard Home just fine. It is quite warm (in other words hot) and since I would like to have a main router with more features, it makes sense to shop for a wired router and leave Brume as a gateway.

I am looking for a wired router that will have a 16+ and 8 port POE switches hooked up to it.

I have considered a Unifi environment, which would require some sort of controller device (USG, USG pro or UDM pro) and then couple lite switches, which would easily add up to $500+

MikroTik Hex S and Edgerouter 4 are 2 other possible options that I looked at, but I am not convinced yet.

Then there is swtich selection involved and I want to go with 16+ port POE+ managed switch that will allow for port scheduling. There are TP-Link, Trendnet and Zyxel models that do that. Unifi can supposedly do it using API and custom code. Unfortunately, although nice, MikroTik switches cannot time schedule ports.

So here it is - what is your network composed of, when you have a Brume as a gateway and do you have any suggestions here?

I have a similar setup, using an S1300 as the edge router + wifi, and then multiple layers of Netgear managed switches for the LAN. Works great. Take a look at Netgear, they have amazing products.

I looked at Netgear and it seems that their managed switches require cloud account and can’t be managed locally.

Even Unifi, while requires a cloud account, lets you manage their stuff locally.

Please correct me if I am wrong.

The Netgear “Insight” thing is cloud based yes, but all the switches have a classical web ui to manage them as well. Just as an example, you can see this following switch:

You can see its marketed with the cloud features heavily.

If you scroll all the way down to the user manual, you can find it:

Page 17 for example, you can see the UI, pretty advanced with all the options you might need.

Thanks, I will look at Netgear too.

Any experience with other brands, GUI differences in particular?

I have verified that TP-Link, TRENDnet and Zyxel all offer POE switches that will suit my needs (port scheduling)

Checked Netgear and their stuff is way over my budget

Trying to keep it down to 16 ports (24 at max) and sub ~$200 for the main switch.

You didn’t look hard enough, i found this one for example, around 150 dollars:

It’s 8 ports of POE with 2 Gigabit Fiber SFP ports (its 2020, you need fiber lines in your home, don’t skimp out)

It has POE scheduling, so it can cut power to the POE port at certain times (i think that is what you want?)

I can’t comment on any other brands really. I like Netgear cos its enterprise grade stuff, my Netgear switches have been running for 15 years now without issues.

Sorry I wasn’t specific enough - I was looking at the main (16-24 port) switch first as they are much more expensive and would dictate how the total budget is spent. Yes, I looked at that model too and I have to admit that it still has a place on my list, although I really would like to spend less than that.

While it would be fine as my 2nd switch (desktop), I still need the main 16+ port switch and it’s 24 port version is $270 (and it was over $300 when I looked it last time, so it definitely was a factor for me). There is no 16 port version for these series. So 2 switches for ~$420 plus tax and I haven’t touched the router yet. Yes, they are something I should probably consider

Can you confirm that the reviews like this are not factual? I value my privacy. And I want to be able to mange the switch without the cloud.

But I absolutely cannot support using a network device that requires me to create a Netgear cloud account to log into the device locally and manage it. Every single time you try to log into your switch, you will have to put in your cloud Netgear credentials, if you don’t you will only be shown the IP of the switch and its MAC address.

and

Upon upgrading the firmware I was presented with two choices: either register the device and get all the features one would expect of a managed switch or not register it and use is as a unmanaged switch that one can get for half the price.

Here is price comparison between Netgear, Zyxel, TP-Link and TRENDnet:

Netgear:
GS724TP (24 ports, 2 SFP ports, POE+), ~$270
GS110TP (8 ports, 2 SFP ports, POE+), ~$150
About $420 plus tax for Netgear switches.

Zyxel:
GS1900-24HP (24 ports, 2 SFP ports, POE+), ~$250
GS1900-10HP (8 ports, 2 SFP ports, POE+), ~$140
About $390 plus tax for Zyxel switches.

TP-Link:
TL-SG1218MPE (16 ports, 2 SFP ports, POE+), ~$200
or
T2600G-28MPS (24 ports, 4 SFP ports, POE+), ~$270
and
TL-SG2210MP (8 ports, 2 SFP ports, POE+), ~$150
About $350-$420 for TP-Link switches.

TRENDnet:
TPE-1620WS (16 ports, 2 SFP ports, POE+), ~$300
TPE-082WS (8 ports, 2 SFP ports, POE+), $120
About $420 for TRENDnet switches.

And finally, since there is probably no chance whatsoever that I will have a fiber here in rural area in the next 10+ years, should I look at some cheaper non-SFP choices? Some might be POE instead of POE+, but I can live with that.

420, nice

Well about the reviews, they are probably bogus, cos just taking a look at the installation guide:

You can see that the software is run local, and there is no mention of any account, it will just find the devices on the network. It might be more newer Netgear switches with their Insight software that require an account (cos well, its cloud so). You can confirm at the store you get it on, just to be sure.

Zyxel and TP-Link are considered budget brands btw, so the extra 30 dollars or so, for a device you want running for 15+ years or more, is worth the extra no?

Can i ask why you need SO MANY POE devices?

Usually it’s cheaper to have POE only where you really need, as other places will have power near by usually.

I really don’t need all these POE+ ports. Right now I just need 2 POE ports for my 2 older security cameras (they fit well within even POE standard) on the main switch and just 1 POE port on the 2nd switch (for IP phone)

But that’s how the new switches are made, I guess. All ports POE+.

Main switch already has 8+ accounted for ports, which pushes me to 16-24 port switch area.
2nd switch has 6 accounted for ports (desktops, laptop, 2 printers and IP phone), which pushes me into 8 port solution.

The reason to have both switches managed is port scheduling on #1 and IP phone priority on #2.

I started looking at some older hardware, without SFP ports and I found just 1 model that supports POE+ (TP-Link TL-SG1016PE, which is an Easy Smart, and assuming it supports port scheduling) at just $140. I could pair it with TP-Link TL-SG2008P, which is just $90, so about $230 for both!

Are almost $200 savings worth to give up on SFP?

There are probably more choices with POE (instead of POE+) non-SFP switches too, like these 2 Netgears:
JGS516PE (16 port POE, non SFP), $140
GS108PEv3 (8 port POE, non SFP), $74
So about $215 for both, even less than TP-Link pair, but POE instead of POE+
Edit: Smart Managed Plus might have some features that I need missing.

Yeah that is another thing. If you go with POE+, all your cables need to be Cat5 or better, while POE can do basically any cable, Cat3. So you just have to look at your devices and see what you really need.
Netgear has even cheaper switches that have for example just 1 or 2 POE ports, with the rest being regular ports. Since you are also buying new gear, you might want to check out 2.5gbit or 10gbit, since 1gbit is quite old now and is being slowly upgraded.

With other brands I still can’t give you much help, since I haven’t tested those, but again, the ones you are comparing to are pretty low end gear. TP-Link, Zyxel are low end, Netgear is like middle of the stack and Cisco, HP etc are on the top end.

My ISP gives away Zyxel switches (the consumer stuff but still) and they are considered trash to use, unreliable (coming from the dudes that install the fiber networks here in Sweden, even they hate them and say that a lot of issues with TV Boxes are cos of the crap Zyxel switches).

The potential problem with POE is that pretty much all new devices take the advantage of higher powered POE+ and won’t work with POE. My 2 security cams are really old and when it’s time to replace them, I would have to get wifi models and power them separately.

And POE+ switches (from what I have seen) are mostly all-port POE+ and almost always have SFP ports, dictating the higher price.

The only 2 main brand switches I have found that are POE+ but don’t have SFP are the 2 TP-Links: TL-SG1016PE and TL-SG2008P. And half of their ports are POE+, which is just fine with me.

If I understand it right, there is very little advantage to short distance 1GB SFP wiring compared to even Cat5e. And it’s very expensive too.

Another approach I might check out would be getting cheaper managed 16 or 24 port non-POE switch and then small, 5 port managed POE+ switches and using them together.

Yeah, I have a string of switches, and I just add more when I need more ports

I have 3 of these linked together:

And one of these taking care of the IPTV:

And manage them all from the Netgear windows program. There are in different rooms, close to the devices that require them, linked together with CAT6e cables in the wall.

photo_2020-12-20_16-50-13960×1280 77.2 KB

photo_2020-12-20_16-53-531280×960 87.6 KB

Wow, it really is a string!

I can’t manage anything from Windows since I have been not using it for the past 10+ years. It has to be web gui.

OK, so assuming I will go with Netgear (or possibly a higher end Zyxel) pair (or more, haha) of switches, what router would you insert in the mix.

If Brume stays as a gateway handling only VPN and Adguard Home, what should I use in front of it (and behind the main switch). Since VPN is technically tunneling through the firewall anyways, that new main router would have to handle firewall duties (and hopefully things like IPS), not just routing and DHCP, right?

In my configuration I have the white switch (Inteno XG6846 Gateway) handling the edge routing (QoS, VLAN splitting). It has 3 connections, IPTV, VOIP and Internet coming out, with the GS105Ev2 splitting the IPTVs to the rooms with dedicated CAT6e cables.

The internet cable from the gateway goes to the S1300 for Firewall, DHCP, Adguard, VPN, WIFI and any other services.

The from the S1300 I then extend all the LAN ports via the first GS108Ev3, and the string continues to the other rooms via the red plug to the next GS108Ev3 in the other room, again via it’s own CAT6e cable.

Why the different lines? Well cos of the different VLAN levels, I want to keep them separated in case just the internet goes down, TV’s still work, as they are on the ISP internal network only anyway, so they don’t need any protections. It then also lets me tinker with the S1300 and not have other things affected.

I like my setup, and I will replace the S1300 soon with a Velica as soon as I can get one, to do some Meshing to the other rooms as well. Maybe you want a similar setup. The Switches connected to the Brume for example, with Brume basically handling everything going out to the net.

So you think I could remove another router from the equation?

Per your idea, instead of this:
Internet → Bridged Modem → Brume → Wired Router → Main Managed Switch → 2nd Managed Switch
(and also Main Managed Switch → Wireless AP)

it would be:
Internet → Bridged Modem → Brume → Main Managed Switch → 2nd Managed Switch
(and also Main Managed Switch → Wireless AP)

One point that makes me think is where is the firewall at all this? Brume is running the Wireguard client, so I am assuming it’s a tunnel connection completely bypassing the firewall. And even for a non-VPN connection, Brume’s firewall options are not very complex. IDS or even IPS would be great to have there.

Brume would have to still have to handle the PPPoe connection. Would it also do the DHCP and then main switch would do the DHCP too?

I am still new at this, obviously.

Ahh i see you want to run Brume as a VPN client, i thought you wanted to run a VPN server on Brume.

But either way, that does not affect the firewall at all. You can have Brume handling PPPoe, VPN, DHCP and then have Snort for IPS/IDS (never tested it, but it’s an option):

So the Main Managed switch would get it’s IP address from Brume. This is how my setup is now, all the switches in my string are getting IPs from the S1300.

So yeah, you would not have any other routers apart from Brume, unless you just want a wireless AP or something like that, can also be another GL router in just AP mode. You can also think about the GL Velica, then you can do wireless mesh as well (this is what I will upgrade to soon), but it’s performance is not as good as the Brume still.

Isn’t VPN traffic tunneled through the firewall?
And with Snort, wouldn’t it put even more strain on Brume? It’s already running pretty hot.

Some parental controls, better QOS and probably bunch of other things I got used to even with Asus-Wrt Merlin, would be great.