hEX refresh/ as Switch ->Pros & Cons?

Hi,

I have purchased the hEX refresh Routerboard product to be configured as a switch!

I was searching for a similar “switch” product that runs Router OS but seems that this is the most economic quality Cost effficient product.

do you agree? does anyone have any suggestions?

ciao,
Antonio

Any hex device makes a great little managed switch that works great in a home setting or even an office setting.
If one is in a corporate setting where, for example, the same vlan spans two or more ports on the switch, to users that will be sending huge amounts of data back and forth across the switch, a proper managed switch is better. Typically though users on home or office switches are sending stuff over the internet or the volume across switch port to switch port on the same vlan, is not significant. In most cases 98% you should be fine.

hi Guru thanks!!

i will be connecting the out to internet of my NVR router to this switch to manage my hgome camera system with the app!

One flat network or vlans? diagram will help understand

I was looking for the same thing some time ago and arrived at a conclusion that hEX is indeed the least expensive switch with RouterOS. There are some limitations to keep in mind though.

Look at the table here for what EN7562CT is missing (e.g. no IGMP Snooping):
https://help.mikrotik.com/docs/spaces/ROS/pages/328068/Bridging+and+Switching#BridgingandSwitching-BridgeHardwareOffloading

And another table here (no ACL rules in hEX):
https://help.mikrotik.com/docs/spaces/ROS/pages/15302988/Switch+Chip+Features

It appears that a $40 CSS106/RB260 supports most of the missing switch features:
https://help.mikrotik.com/docs/spaces/SWOS/pages/76414986/CSS106+RB260+series+Manual

However, it runs SwOS, therefore, very limited in other areas. The CSS106 also has an SFP port that could be very useful if you have fiber.

As a pure switch, I think the original RB750Gr3 is better than the hEX refresh.

On the other hand, if it is being used as a router with one port connected to the internet source and the other 4 ports as a switch for the LAN side, then the hEX refresh may be better.

If you are going to use the hEX refresh as a 5 port switch, then it would be best to put the least used device on ether1, since traffic to/from ether1 will have to be relayed by the CPU with the software bridge to be able to connect to the other 4 ports on the switch.

Exactly my findings as well !
Especially that port1 oddity already surprised quite a few.

While it supports ACLs, I was never able to understand how to make them work other than for extremely simple things. There is essentially no documentation for the ACLs in SwOS. See Is there any SwOS ACL documentation with example?

SwOS can’t initiate outbound tcp connections. There is no default gateway. It just hijacks the request packet tcp/ip headers and swaps src and dst ip addresses, mac addresses, and ports. It makes it easy to configure, but it is one of the reasons that updating the firmware requires assistance from a PC browser that is the initiator.

right now i have a range extender in the basement bringing my main network from my ISP to my NVR , therefore i want to get rid finally of the range extender, i will now run a cat 8 ethernet cable to the basement from my ISP router in the kitchen and connect directly to the NVR. but my ISP router has only only one spare port so will connect the hEX as switch to this last port to get more port availability from my isp network.

what is this story about issues with port 1 on the heX?? i was thinking of connecting my isp router out to hex port 1 in and connecting my 30 mt cable to the basement on port 2. so here is a diagram:

ISP router → (port1)hex(port 2)-> NVR

so basically will just follow these basic steps to create a simple switch:

• 1) Factory reset device with no default config
• 2) Create a new bridge and all add all ports to bridge
• 3) Set dhcp client to bridge

I have a question concerning point 1) above should I reset the config at the beginning when i power on the hex? or should i let it get the original config and then go in and reset through the system menu?? what is best??can you suggest?

Look at the block diagram and then you should see what the potential issue is with port1.

It’s not connected to switch chip, only to CPU.
Depending on your config and how you use that port, it may or may not become a bottleneck.

ah ok!! thanks!! therefore I should actually not use it , for my architecture i actaully have only the isp & the NVR to connect so i can easily exclude port 1!

can you suggest what is the best practice to reset a config on a routerboard?

ciao

As a router, ISP should be on ether1 since normally that port is not to be HW offloaded.
Unless you have an ISP connection going way above 500Mbs or so…

As a switch, you need to see what you want to connect to that port then. Preferably something with low traffic needs.

Reset:
When accessing the device, go to system / Reset configuration.
I typically tick

  • Keep users
  • no default config (this will make it completely clean)
  • no backup
    But that’s your choice.

Thanks Guru,

you answered my questions!

the full traffic of all my cameras will be on this device goping out towards internet therefore will absolutely avoid using port 1!

thanks for this heads up..

Mikrotik makes these really awesome devices but then seems to get lost in a glass of water :slight_smile:

While what you are doing will work perfectly well, how many cameras do you have? Their traffic rates are normally very low, a few Mb/s each, with no chance of overloading a Hex. For a while I was running viewing from my NVR through a Map lite, a theoretical 300 Mb/s WiFi but only 100 Mb/s on a single ethernet link to the NVR, trivial capacity compared with the Hex with its Gb links and 500 Mb/s routing. Now I too use a Hex R but routed rather than switched (security lockdown reasons). I changed over only because the Hex was spare while the Map is handy to have around for odd jobs, not because performance was ever an issue.

  1. if you want to use it as a simple switch, then it is not the best idea, because a) it is expensive b) it is of low quality
  2. if you want to use it as a simple vlan switch, then it is also a bad idea, because there is tplink tl-sg105\108\1016e\de which a) is cheaper, for example, tl-sg108e costs only 34 dollars, that’s 25 less than the hex b) also tplink has works well QoS functions which don’t exist on hex
  3. if you want to use as router or with the inclusion of additional functions, for example, dhcp server or vrrp, then hex better solution

I will have 4 PoE cameras connected to the NVR

I can Agree with you, but I really like to test equipment, this is more of an experiment..

I have my home network connecting PC/TV/UPS in the kitchen actually through a cisco switch managed low end.

this hEX will be for my cameras traffic only towards my NVR. Currently i have a range extender in the basement with an ethernet out towards the NVR, which i want to replace

therefore:

ISP router → Cisco switch

ISP Router->hEX ->NVR

Yes, it seems to me also that unless we are talking of tens of cameras, the actual used/needed bandwidth will be much less than what a hex refresh can handle.

@antonio
which NVR is that?

Only to give you an idea of the amount of traffic, a “professional” NVR, this one:
https://www.elmospa.com/it/linee-di-prodotto/attivi/tvcc/ip/videoregistratori-ip/pronvr32xrpki
is declared to have 160 Mbps of Network access bandwidth, and it supports 16-32 cameras.

So you should have no issue even if you use ether1 and/or need anyway routing instead of bridging.

Hi Guru,

I’ll tell you the truth I’m here in the mountains and my ISP is via FWA, max BW is around 80 Mbps

this is the NVR :

https://reolink.com/product/rln8-410/?srsltid=AfmBOop_qPteN4sWXKoWV0FJ7Flia5aV_hGZDrY7l_ryI-VIEj94X8gj

I prefer to have the hEX just as switch.

Yep, which confirms that the hex refresh is largely over-dimensioned for the task at hand.

Likely a 100 Mbit device like (say) a hap lite or a hex lite would have been enough and not become a bottleneck (not that it makes much sense to buy a 16 Mb device, and one with 10/100 interface new nowadays, but probably an old, replaced because too slow for its current use device would have been enough in the intended role).