The switch
I want to find a switch that meets the following criteria:
- A managed switch with VLAN support,
- At least gigabit ports,
- Has PoE ports,
- Fits in a 10" rack (since I don’t want to make space for 19" gear just yet),
- Ideally passively cooled for low noise.
Interfaces
While >=2.5GbE interfaces are becoming more common these days, I don’t really have a need for interfaces above 1GbE since the number of concurrent users is low. Additionally, while SFP+ ports are nice, I can’t really justify the cost of investing in SFP+ transceivers for the rare occurrences where I exceed 1GbE.
Ports
Fitting in a 10" form factor is probably the limiting criteria in this case. You can never have enough ports, so essentially I’m looking for the maximum number of ports possible at under 10" in width. However, when looking at 12 port switches these are generally in a 1RU form factor (i.e two rows) - I’d like to stick to the 0.5RU units, so I have some vertical space for other devices.
For the number of PoE ports, I would like to have at least three, which would be enough to support two SoC boards such as the Raspberry Pi with PoE hats, and a wireless AP. I don’t have any specific requirements on the number of PoE ports, as these will just be used for experimentation.
Candidates
Having a quick look, these were the candidates I found (prices Jan 2025):
Model | Ports | Price | WIdth |
---|---|---|---|
D-Link DGS-F1010P-E | 10 port (8 PoE) | $209 ($20.90/port) | 7.24" |
TP-Link TL-SG108PE | 8 port (4 PoE) | $78 ($7.80/port) | 6.2" |
I decided to go with the TL-SG108PE as this had a cheaper per port price. In hindsight, maybe having an extra two ports would have been a more convenient option, however there is the option of adding second unit in the future.
The router
Consumer routers are hard to navigate in this space. Most consumer routers do not support VLAN, and those that do tend to be priced in the premium segment ($300+), and that is before adding the criteria of being able to configure multiple subnets. Additionally, I found that while consumer routers claim VLAN support, they do not always support true 802.1Q, but rather some form that works with the ISP (e.g WAN port tagging only).
Rather than finding a suitable device in this segment, I decided to investigate building my own Linux based router instead, which I have been meaning to do for some time. This option would also tick off many of the routing requirement boxes [[Part 1 - The plan#Requirements]], while also being super flexible with opportunities to tinker with and break my network connection later on (hopefully not). So I decided to run with a deployment of OPNsense. Another benefit of this approach is that OPNsense supports Wireguard (and other alternatives) out of the box, has a dynamic DNS plugin available, DNS server (unbound) and I can use the host to side load some other services.
OPNSense
My original idea was to run OPNsense on a Raspberry Pi 5, since these units now have sufficient CPU (4 cores @ 2.4GHz) and memory (up to 16GB). However, with further investigation of the OPNsense requirements, I realised that there is no (official) ARM support, and building ARM images myself would be a bit fiddly and time-consuming.
It is worth noting that OPNSense is distributed as a OpenBSD image, so the installation either needs to be performed on a dedicated host, whether physical or virtual.
Comparatively, Mini PCs/NUCs have come down in price, and a decent unit with a Intel N100 processor can be obtained for ~$200. For the routing use case however, I would want a unit with at least two interfaces (for WAN/LAN). Although it is possible to run OPNsense on one interface (splitting it using VLAN), it is not recommended to do so, and you would be sacrificing some bandwidth due to sharing of the single interface. I do not expect heavy routing between subnets, so no need to for a >1GbE interface here.
Looking at some options led me to the Beelink EQ14, which has two 1GbE interfaces, 16GB of RAM.