Lightweight switch recommendation please

I need a switch to add more ports to my network. Five would be sufficient.

I have a HAP ax3 as my router. An Asus monstrosity is connected to it for fast wifi, but its location prevents more devices being connected.

Planned use: Ethernet security camera (5 MP), Raspberry Pi used for a small HomeBridge setup, and two small PCs for which receive extremely light use (old Mac mini running Debian linux and a 1L Windows machine). POE out is not required. My current networking setup has no performance issues. The camera will be a the only new addition and will use the most bandwidth. No device is capable of more than 1 Gb/s and likely will not change.

I am considering the Mikrotik RB260GS five port switch, hEX refresh five port router, and Ubiquity Flex Mini 2.5G five port switch as a wildcard.

Will the arm processor in the hEX refresh provide a longer life? Is its 12-28 V power in for POE a better match for the output of the HAP ax3?

Thoughts?

1. Hex refresh eth1 port is off the switch chip. So consider it more a 4 port switch + “low throughput” port (should be enough for the IP cam.
2. RB260GS runs SwOS Lite. Therefor its just an L2 Switch and is less difficult to configure and doesnt require a controller
3. The Flex mini is barely an L2 switch. And even then fully depends on the controller from Ubi for configuration.

So in this order its about difficulty and feature set. 1. has most Features but is also the most difficult to configure while 3. has the least (barely any) features and is easiest to configure

Since the hEX refresh wound be used as a switch, could it run SwitchOS?

Again, the reason for the hEX refresh would be the arm processor. Is that enough of a reason to choose it over the RB2600GS?

Based on what you write, the Ubi is a no go.

No

Yes. Also the RB260GS ONLY runs SwOS Lite so only L2 Features. Nothing else.

Well you can shutdown the controller if you done configuring but it doesnt really support VLANs so no real configuration to be done

If you need to add 5 ports, then you will need a switch with at least 7 ports, because two will be used for the connection; one from the existing equipment and one on the added switch.

If you used a 5 port switch near an existing switch or router you only “gain” three ports.

You have specified nothing about vlans. If you don’t need them and just want to expand ports (like you would expand outlets with a power strip), then all you really need is a 1 Gbps “dumb” plug and play switch. On the other hand if you want to keep your cameras speparate from your other equipment, then a vlan aware switch would make more sense.

The other reason for a “managed” switch is that there are often other feature in addition to the vlans, like the ability to turn unused ports off. Or to use the switch as a network “tap” for wireshark with one of the switch-ports configured as a mirror/span port. Of to be able to see what devices are connected (note than many “smart” switches don’t have this capability, for example the TP-Link SG108E does not allow you to view the mac address table, but the RB260 does.

Some reasons to select the hEX or hEX refresh over the RB260GS (aka CSS106-5G-1S). If you want to use it as more than a switch, the hEX can be used as a router. It also supports secure management via ssh or https. Other than secure management, if you are really only going to use it as a switch, there isn’t an advantage to having an ARM processor or even a more powerful processor than what is in the CSS106-5G-1S. The switching is done by dedicated switching circuitry and the CPU is only for management.

The CSS106-5G-1S has a SPF cage, which hEX does not. The RB760iGS does have an SFP it is similar to the hEX with the SFP connected to a second 1Gbps channel in the SoC. It is arguably easier to set up vlans in SwOS than it is with ROS. But since you will still have to setup vlans on your hAP ax3, you will still need to learn that anyway, so it may be easier to just use ROS on both ends.

If you are going to get a dumb switch, there few circumstances where I would get a 5 port switch compared to an 8 port if it was being used as an port expansion for an existing router. 8 port switches cost only a few dollars more, and double your usable ports compared to a 5 port switch (6 additional ports vs 3 additional ports).

5 ports is ok for when you have a single existing cable going to a room and need to attach more than one device in that room, but no more than 4. And where you may want to have two separate LANs in that room, then a vlan-aware switch would be the way to go.

P.S. the 2.5G flex mini has fewer restrictions than the 1G flex mini. But it does require a controller, and for a single switch, that doesn’t make a lot of sense, although you only need the controller to manage the switch or change its configuration, and for a fixed use application, that you could probably run the controller on a pc for setup or whenever you need to change something. But unless you are already in the Unifi camp with access points, I wouldn’t have a dedicated controller for a single 5 port switch that had a stable configuration. As you said that it was unlikely you would ever need 2.5 G, there isn’t much current advantage to having 2.5 G capability.

@buckeye
I am not sure to understand the math that leads to 7.

Op wants to have 4 devices on that switch +1 uplink to existing network=5.
Of course there must be a free port on the other side of the uplink on the existing network.

Of the 4 added devices:

1. Ethernet security camera (5 MP)
2. Raspberry Pi used for a small HomeBridge setup
3. old Mac mini running Debian linux
4. 1L Windows machine)
   surely one is less used/is slower and can then be connected to the (in theory slower) ether1 of the hex refresh (but that in this configuration should be able anyway to go over 1 Gbps).

@Bob224
Setting a Mikrotik device as “dumb switch” is fairly easy in Ros, it is just a handful of settings, if you want/need a more advanced setup (VLANs) it becomes more complex in RoS than it is in SwOS, but it is still doable.

The Hex refresh is a recent release, so it will work/be updatable for many years and being a very flexible device you can always re-use it in the future for other roles, if the 60 bucks (as compared to the 40 of the RB260GS) are not a problem, they are not wasted money.

Technically, however, the RB260GS is a 6 port switch (5 ethernet+1 SFP) so it may allow to add another device.

Both can be PoE powered with passive 24V (the Hex Refresh accepts 12-28 V whilst the Rb260GS accepts 11-30 V ) not difference in practice, and also the power requirements (in W) are similar.

The only issue I can see is that the PoE in port of the hex refresh is actually the same ether1 port that is different from the others (not directly connected to the switch chip) so if you need to use that as uplink to the rest of the network the traffic will go through the CPU (I don’t believe that it will create a bottleneck, as even in routing, without firewall, the device has similar test results as in bridging, still …).
But you can always get a passive gigabit splitter like the RBGPOE, extract the power from the ethernet and power the device through the jack.

To sum it up, IMHO:

1. if you intend to just expand the network in a simple way, go for the RB260GS, save 20 bucks and leave it switching for years to come
2. if you intend to later make changes to the network, invest a little more in the hex refresh that is a much more flexible device and can be reused in several roles.

I’m a noob when it comes to networking. Regarding VLANs, does SwitchOS rule out all VLAN capability? Couldn’t the VLAN be configured in my HAP ax3? Or would it treat the hex as a ‘single’ port?

The port configuration on the hex refresh, even with the crippled port 1, would meet my port needs. The POE in being on port 1 would mean no POE for me.

I prefer to not spend more than $75.

Well, if you also have an Ax3, the Hex refresh will use the same OS, if you can manage VLANs on the AX3, you can also on the Hex.
SwOs has less control (but is easier to configure) but can do VLANs just fine.

I can totally understand the “7 ports minimum” math if you need 5 net new ports. You lose 2 ports on the new switch—one for uplink on the new switch, one for downlink on the existing device.

If used just a switch and especially powered by PoE, I would argue the original hEX is better since it has all 5 ports connected to the switch chip. It is a MIPS device, not sure if it means less longevity. People report they can still install the latest RouterOS on 15-20 year old devices. To be fair, if using hEX as a switch, it probably doesn’t matter even if at some point you can no longer update ROS. It will still work.

But this is on paper; in practical terms hEX Refresh is likely capable of doing 1 Gbps over eth1 in CPU without an issue, especially since you will not be using its routing and firewall functions.

Yes, you would have to configure VLANs on both ax3 and hEX (unless some of your hEX VLANs won’t need Internet access). You can also use VLANs with ax3 and a dumb switch, depending on how you need your devices connected.

The OP was very clear: they specified four downstream ports. Add one uplink = 5 total. Done.

Cameras use fairly trivial bandwidth and would easily run on the unswitched port on the Hex Refresh. Multi-port switches sold for camera use typically have 100 Mb/s ports, and that is ample.

Configuring ROS for switching is straightforward and retains ROS options for any other use.

From the options discussed I would go with the Hex Refresh for the various positive reasons put forward by others.

While it is true that the OP is planning to use 4 devices at moment, they also said

I need a switch to add more ports to my network. Five would be sufficient.

Which could be understood as “adding 5 more ports would be sufficient”. Now that both options have been discussed, the OP has full information to make a decision regarding port count.

I agree about the camera bandwidth, but the OP also wanted to see if powering the new switch with PoE from ax3 is possible. The Refresh has its PoE input on the non-switched port, making it the only option for trunk port. Meaning it will have to carry all traffic, not just camera’s. So, possible with potential caveats.

I’m not trying to dissuade from hEX Refresh (or any other option for that matter) but simply bringing up some nuances that often are not obvious with MikroTik hardware.

Personal comments:
when adding/replacing equipment to an installation, never plan all available ports to be used or you’re stuck again in future.
Foresee some spare ports. You never know why you may need them but you will be very happy when you have them ready.
It might even be for some temporary reasons like troubleshooting so you can quickly plug in a laptop or whatever …

Or be prepared to repeat this thread when you find out all available ports are occupied

As for Hex Refresh, ether1 is indeed a special thing and I don’t really understand why they made it this way.
Low bandwidth applications should not have any problem using it when the device is used in switch config.
I used to have a printer connected to it when I had that HexRefresh in my homelab setup. My old Hex (my first Tik !) still hums nicely running ROS 7.18.2.

If you already have AX3 with full ROS, my personal preference would also be to use a ROS-based device further on. It just makes things a bit easier from management point of view since it will be similar. SWOS is completely different however it is pretty easy to configure. Maybe even a bit too simple to my liking (I do have a CSS318 in the center of my home network though with VLANs and all …)

But that’s just my 0.02€ …

Of course I may be wrong, but it seems to me like this “but ether1 is different” - while something to take into consideration - won’t have that much an effect in practice when used as a switch port.
The test results are seemingly not very different between bridging and routing (fast path):
https://mikrotik.com/product/hex_2024#fndtn-testresults
for the 512 byte packet

Bridging none (fast path) 1593.5
Bridging 25 bridge filter rules 806.8
Routing none (fast path) 1394.7
Routing 25 simple queues 713.8
Routing 25 ip filter rules 498.1

the connection between ether1 and the rest seems to be only 1-1395/1594=12.5% slower.

Unless someone with a hex refresh does the experiment comparing the actual throughput two times, with the device configured as dumb switch once between two devices connected to ether1 and ether2 and once between the same two devices connected to ether2 and ether3, and the results are dramatically different.

If you prefer, it seems to me like the possible issue is not so much about ether1 being slightly slower than other ports, it is more the overall slowness of the other ports when used as switch, if we compare that with the test results of the RB260GS ( Non blocking Layer 2 throughput) still for the 512 bytes packet
https://mikrotik.com/product/RB260GS#fndtn-testresults

Switching Non blocking Layer 2 throughput 5,774.4

But then in practice all these speeds exceed what reasonably will be needed, so it becomes irrelevant.

I already did some tests in the past using it as a managed switch

http://forum.mikrotik.com/t/hex-refresh-e50ug-router-for-gigabit-internet/180511/12

So the effect of having VLANs makes it 1-363/498=almost 30% slower than routing with 25 ip filter rules?

Routing can use fasttrack path.
VLAN with 100% passing CPU does have quite a performance hit.

My understanding is that fasttrack simply bypasses (mostly) the firewall. I don’t see how bridging could possibly be slower than routing under the same conditions.

@jaclaz, you compared the real-world testing from @holvoetn to the published results. Could the latter be not what it promises to be?

Another possibility is that bridging tests don’t involve ether1. It says “all port test”. How would one test 5 ports simultaneously? If they tested ether2->3, 4->5, that leaves ether1 not involved. And since ether1 by default is a WAN port, it might be not in scope for bridging test to begin with.

I believe that the 500 or so speed in routing (25 firewall rules 512 bytes packet) had been confirmed to be reflective of real world usage also for this device.
But maybe the hex refresh Is an exception also in this.

I ended up with the RB260GS switch.

Before making my decision, the hex S refresh was announced. I considered that, but it is only ARM32.

The switch was super easy to set up. Decision was based on having four usable full-speed ports (after the LAN is connected) and realizing my needs are simple.

The downside is the power brick covers the adjacent outer on my surge protector.

Beating the dead horse (replying in a post where @OP made his decission), but never the less: when using a device with switch chip controlling all ports as a switch the management OS doesn’t affect device’s operations much … so a CRS1xx will do just fine running ROS 6.x for a very long time. However, if a port is not run by switch chip, then its function (and performance) very much depends on OS … and can thus change (for better or worse) with each OS version change. Hence hEX refresh, if used as 5-port switch, is dependent on future ROS versions and their proper functioning.