TP-Link T1700G-28TQ

I recently bought a new set of switches for a slightly over-elabourate home network.

The main one is T1700G-28TQ which is a managed, 24 port gigabit switch with 4 SFP+ ports. It met a bunch of my requirements well:

• Quiet (in this case, fanless)
• Rack mountable
• Large number of gigabit ports (24 is a good number - 48 too many, 8 too few)
• At least 3 SFP+ ports for 10gigabit networking (one for file-server, one for VM server, one for workstation - plus maybe a spare one for possible future uplinking to another switch)
• VLAN support
• PoE for some security cameras.

The only part missing on the T1700G-28TQ was PoE, however this switch combined with a separate unmanaged PoE proved the cheapest way of meeting these requirements. The closest next option was the Mikrotik 24port PoE with 2SFP+, combined with a separate 4x SFP+ switch - this option was a little more expensive than the single TP-Link switch, and the 4x SFP+ switch wasn't rack-mountable which was a very minor downside.

There was a very similar TP-Link switch, possibly the TL-SG2424P, which has PoE ports built-in, but the reviews for it mostly focused on it being loud (the fans would supposedly run all the time). It also worked out about as cheap to buy the separate POE switch

The unmanaged PoE switch I bought was the TP-Link TL-SG1008MP. It's not silent (it is fan cooled), but it's not excessively loud. The fans run at full speed on power-up, then quickly drop down to a much lower speed. With the 4 cameras I'm planning to run of it for now, the fans never picked up. I might investigate changing the fan to something quieter in future.

Management UI

After updating the firmware, and configuring basic stuff like auth, there were a few less obvious things I needed to do:

• Add a static route to the firewall IP otherwise NTP would fail.
• Configuring a VLAN port for a specific VLAN is a multi-step process. Adding a port to the VLAN as a tagged or untagged port isn't enough on it's own - for untagged ports you also have to set the PVID. This is documented here
• Note the changes made in the interface are temporary (lost on a reboot), until you click the "Save" button. Designed like this so if you change something and accidentally lock yourself out, you can just reboot the device and it'll revert to the last saved config. It's not too well implemented as there's no indication of when the config was last saved, or what has been changed since.

The static route thing is fair enough, but a bit unobvious to debug (especially if you are configuring a new firewall at the same time as setting the switch up)

The VLAN configuration UI is a bit awkward as it involves clicking between a different popup dialog for each VLAN, and the "tagged" and "untagged" sections require scrolling to view. To check a port is correctly tagged on all ports (the untagged input port, tagged on the port to the firewall, with correct PVID) takes several clicks. To do this for many ports is very tedious. Doing this via command line is probably worthwhile (maybe a simple script to generate the appropriate commands)

Longer term usage

This post was written ages ago but forgot to publish it at the time. I've since been using the switch for about 6 months and it's been working perfectly. Boring, in a good way.