Managed versus Unmanaged Switch

Jbiff

Getting the hang of it
Joined
Nov 28, 2018
Messages
39
Reaction score
32
Location
Austin Texas
Opening admission...Noob here. I am a white belt in networking stuff. My neighborhood seems to be changing with higher theft rates. I want a comprehensive surveillance system to be able to prosecute those thieves that I don't shoot. I want a system that I can set up and mostly ignore (if that is feasible). I have been reading as much as I can absorb to determine the system that will work for me. I have an I7-68xxK (hand-me-down from my son) as my BI machine. I plan to have aprox 10 cameras but will allow for growth to 16 cameras since most posters seem to grow their systems instead of over estimating. I plan on a dual NIC setup to isolate my cameras. I may end up with two switches which I assume would require a 3rd NIC. My question is given my objective, do I want managed or unmanaged switches, and for what reasons. Thank you very much for any responses, and your time to do so.
 
Last edited:

samplenhold

Known around here
Joined
Aug 8, 2018
Messages
5,385
Reaction score
17,460
Location
Spring, Texas
I may end up with two switches which I assume would require a 3rd NIC. My question is given my objective, do I want managed or unmanaged switches, and for what reasons. Thank you very much any responses, and your time to do so.
Like I stated in your other thread, the number of POE switches do not dictate the number of NICs.

Managed vs unmanaged...depends on what you are trying to achieve. Having a managed switch is useful if you are going to have VLANs, otherwise unmanaged switches are fine. It is important to understand the power draw per port and the total power draw. Just because a switch says it supports, say 15.4 watts per port, does not mean it will support all 8 ports at 15.4 watts. That would be a total of 123.2 watts.

Take the Netgear JGS516PEv1. It supports 15.4 watts on each of 8 POE ports. But the total POE rating is 85 watts.
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
14,740
Reaction score
27,358
Location
USA
If you are going to dual NIC your BI computer, not much need for managed switches.

And you do not need a NIC for each switch. I have 5 POE switches all going to the 2nd NIC in the BI machine.

Dual NIC is by far the simplest way to isolate the cameras from the Internet. Simple add the 2nd NIC and assign it and the cameras a different IP subnet from your NIC with internet and you are done.

With a managed switch, you will need to configure each VLAN and the rules and what not. If you are looking for simple, dual NIC is it.
 
Joined
May 1, 2019
Messages
2,088
Reaction score
3,200
Location
Reno, NV
if noob/white belt...yes, 2nd NIC on Blue Iris machine is your 99.7% best path forward. Do not bother with anything else right now until months/years later when you understand networking & programming firewall rules and VLAN setups and all that jazz, if ever as folks do the dual NIC setup for their lifetimes and are happy with it.
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
2,460
Reaction score
3,380
I'd agree with above but I'll argue the other side somewhat just for the sake of completeness. Other than the added cost, a managed switch is't going to hurt you any and you'll get the added benefits for potential future use. You'll need to assign an IP address to it, but other than that it will default to function in the same way as an unmanaged switch with no additional setup/complications. Even if not using VLANs you'll typically also get additional controls and diagnostics for individual ports re power use, data flow, etc., that can be helpful at times.

TL/DR: There's no reason not to get a managed switch if you find a good deal on one. You won't have to go through some complicated setup just to use it.
 

Jbiff

Getting the hang of it
Joined
Nov 28, 2018
Messages
39
Reaction score
32
Location
Austin Texas
Like I stated in your other thread, the number of POE switches do not dictate the number of NICs.

Managed vs unmanaged...depends on what you are trying to achieve. Having a managed switch is useful if you are going to have VLANs, otherwise unmanaged switches are fine. It is important to understand the power draw per port and the total power draw. Just because a switch says it supports, say 15.4 watts per port, does not mean it will support all 8 ports at 15.4 watts. That would be a total of 123.2 watts.

Take the Netgear JGS516PEv1. It supports 15.4 watts on each of 8 POE ports. But the total POE rating is 85 watts.
So is it fair to say I should have picked out all my cameras first, before I choose my switch so that I know the total power requirement and port requirements?
 

Jbiff

Getting the hang of it
Joined
Nov 28, 2018
Messages
39
Reaction score
32
Location
Austin Texas
Thanks to all the responders. Given my level of non knowledge is it safe to say I should stay clear of any command line interface switches like Cisco?
 
Joined
Dec 28, 2019
Messages
11,475
Reaction score
27,383
Location
New Jersey
The "typical" PoE camera doesn't use more than 7 watts or so with the IR on. If you use 7 watts as the load per port, assuming no PTZ or PoE+ requirements, you're pretty safe. I have 20 non-PTZ/PoE+ cameras and know that my total load for cameras is nowhere near 140watts. It's probably somewhere between 80 and 100 watts.
 

Jbiff

Getting the hang of it
Joined
Nov 28, 2018
Messages
39
Reaction score
32
Location
Austin Texas
If you are going to dual NIC your BI computer, not much need for managed switches.

And you do not need a NIC for each switch. I have 5 POE switches all going to the 2nd NIC in the BI machine.

Dual NIC is by far the simplest way to isolate the cameras from the Internet. Simple add the 2nd NIC and assign it and the cameras a different IP subnet from your NIC with internet and you are done.

With a managed switch, you will need to configure each VLAN and the rules and what not. If you are looking for simple, dual NIC is it.
White belt here....so how does one physically connect 5 switches to one NIC. Are there splitters for that?
 
Last edited:

SpacemanSpiff

Getting comfortable
Joined
Apr 15, 2021
Messages
851
Reaction score
1,168
Location
USA
White belt here....so how does on physically connect 5 switches to one NIC. Are there splitters for that?
You uplink one switch back to another switch via an Ethernet cable. Some switches have a port for uplink purposes, others do not. Keep this in mind because an 8-port switch might only allow 7 cameras because one port is used to uplink to another switch
 

Teken

Known around here
Joined
Aug 11, 2020
Messages
1,483
Reaction score
2,642
Location
Canada
I’ll pile on because why not! Plan for tomorrow to allow growth. Stick with a name brand switch I don’t care what brand but don’t go buy a 3rd tier weekend special for $45.XX.

Taking into consideration of planning for tomorrow no less than POE+. 16 ports should be the smallest 24 even better. You feel spendy and know this will get serious fast?!?

Buy a 48 POE+ switch instead and confirm it has at least two SFP+ fibre ports. 150 watts is the bare minimum so going with 250, 500, 750 watts is crazy planning for tomorrow with no regrets.

More expensive switches provide layer 3 routing. As others noted VLAN’s which allow a person to create virtual and isolated pathways for data.

Things to consider are once you break 16 ports the next switch that has 24 / 48 ports will have a fan(s). Some use PWM to ramp up / down the fans based on the thermals. Whereas others are running flat out screaming like a jet plane all day long!

Which leads to really looking hard at noise levels and energy consumption. The latest and greatest may conform to energy star or some Green tech to reduce energy consumption.

Some turn off unused ports, some go into low idle when data is low, while others manage the port voltage to the bare minimum to achieve lower energy consumption.

The switch is a core element in the network as is everything else in the chain.

Buy once - Cry Once!
 
Joined
Dec 28, 2019
Messages
11,475
Reaction score
27,383
Location
New Jersey
Switches can be "daisey chained", simply plug one switch into the next switch and so on. This works best if the switch has gigabit uplink ports. Those ports get used for linking to other switches and the PC NIC.

I like the idea of using multiple switches rather than one large switch. That way if one switch fails for some reason you don't lose all the cameras at once and may have enough spare ports, and power budget, on the remaining switch(es) to accommodate all cameras by temporarily re-arranging them onto running switched from the failed one.
 

Teken

Known around here
Joined
Aug 11, 2020
Messages
1,483
Reaction score
2,642
Location
Canada
Switches can be "daisey chained", simply plug one switch into the next switch and so on. This works best if the switch has gigabit uplink ports. Those ports get used for linking to other switches and the PC NIC.

I like the idea of using multiple switches rather than one large switch. That way if one switch fails for some reason you don't lose all the cameras at once and may have enough spare ports, and power budget, on the remaining switch(es) to accommodate all cameras by temporarily re-arranging them onto running switched from the failed one.
It should be clarified in your example if they are chained together serially if any of the switches fails especially at the dead end nothing will be seen.

This is why in the ideal world each switch is home run to the router / firewall. A single or multiple switches can fail and the others will continue to operate and save video data as their connected in parallel and home run to the router / firewall.

This is why any serious network employs the (N) topology. Everything is run in parallel and mirrored to allow a complete failure of an entire rack or system. Lots of people already do this in a round about way and don’t even know it.

That is when they have their core security video hardwired. Later they add on some cheap unrelated wifi battery only camera. Taken on its face the entire hardline just died it doesn’t matter why.

Because they had a few battery only cameras with micro SD cards humming along.

Obviously this example isn’t ideal in terms of serious security but does show case why layering and running separate and independent systems are critical! When I started my journey many moons ago I said how do I envision the next generation of video security for my home?

It wasn’t hard to understand that old ass coaxial cable could continue to run all by itself until technology kept up. So 16 analog cameras continued to run. As I had already run 16 CAT-6 cable back in the day I could keep rocking toward IP technology.

Fast forward years later HD Analog / eCoax was a thing! Not only could I have near 2K performance video I could use a single coax cable to power the same and run even further than any CAT cable!

This completely avoided video lag and offered near live review. Years later WiFi became more capable and reliable so connected some high quality cameras to PtP bridges.

Which are all powered separately and independently of one another. This offers three layers of video security which obviously offers a huge margin fault tolerance.

At the end of the day people need to sit down and draw out their network topology. Really understand where the bottle necks and single point of failures are. Given how cheap network hardware is it’s very easy to have multiple networks that allow more redundancy while offering true security.

Cheers!
 

Teken

Known around here
Joined
Aug 11, 2020
Messages
1,483
Reaction score
2,642
Location
Canada
I agree there, Teken, but we're talking about a home network and not an enterprise network with "mission critical" redundancy required.
Understood but wanted to highlight chaining switches in a serial fashion vs home run in parallel is a bottle neck and single point of failure.

If it’s possible to run a single uplink cable to a switch and than home run. Out of the hole that network is more resilient in its wiring & operations.

Everyday people install a switch in the garage to offset the costs and time to run multiple pairs of Ethernet cable. They still needed a single connection to the main network. Taking the time to direct that feed to the core switch / router just makes sense.
 

The Automation Guy

Getting comfortable
Joined
Feb 7, 2019
Messages
859
Reaction score
1,520
Location
USA
Personally I have ended up with a 48 port Aruba managed POE switch (the S2500-P) that I bought off EBay. You can still get them for about $125 USD. It has POE and is managed, so when I was ready to get into VLANs the switch allowed me to do that. Buying a consumer model switch would have resulted in spending just about the same amount of money for less ports and no management options.

Using a "managed" switch isn't hard. By default the managed options are usually turned off so you can simply plug things into it and it will work like a non-managed switch. However should you ever need the functionality of a managed switch (for LVANs for example), you simply log into the web GUI for the switch and make your changes. I suspect that 99.999% of residential settings will only use the VLAN functionality of a managed switch - although there are plenty of other options as well.
 

Jbiff

Getting the hang of it
Joined
Nov 28, 2018
Messages
39
Reaction score
32
Location
Austin Texas
Thank you all very much for the great info. The helpful and friendly members of this forum have made a complicated subject so much easier to understand for noobs like myself.
 

samplenhold

Known around here
Joined
Aug 8, 2018
Messages
5,385
Reaction score
17,460
Location
Spring, Texas
White belt here....so how does one physically connect 5 switches to one NIC. Are there splitters for that?
So others have stated in words that no, you do not use a splitter. But here is a network diagram to show how things can be set up using multiple switches. Realize that this setup evolved over time as I built my system over the past three years. It evolved as I added cams and my understanding of IP changed. It is a little different now, but this should help you understand how to do this.

Note I have two networks on my home LAN. They are 192.168.3 (camera LAN) and 192.168.1 (everything else). I have two PCs that are connected to both LANs. One is the BI PC and the other is my office PC, which is on a different floor than the BI PC. The camera LAN has no connection to the internet nor to the 192.168.1 LAN.

So I have some options in case a specific switch goes down. I can sub one of the others in it's place temporarily until I can get one from Amazon (usually next day). This of course would mean some cams would be down, but I have them split up so that I can get some coverage at each area. If the main switch (JGS516PE) goes down, it is a little harder. But I can fail over to the GS308PP, which is in the IT Rack with the JG516PE, by just moving some jumper cables. I have a couple of POE injectors on hand and some non-POE switches that could also be used in a pinch if a specific switch fails.

Also note that the JGS516PE is a MANAGED switch. It was the first POE switch I bought and thought it would be good to use managed switches. That was before I had some experience. I have never used any of the managed options in that switch and probably never will.

Net Topology- multi POE switches.JPG
 

Jbiff

Getting the hang of it
Joined
Nov 28, 2018
Messages
39
Reaction score
32
Location
Austin Texas
So others have stated in words that no, you do not use a splitter. But here is a network diagram to show how things can be set up using multiple switches. Realize that this setup evolved over time as I built my system over the past three years. It evolved as I added cams and my understanding of IP changed. It is a little different now, but this should help you understand how to do this.

Note I have two networks on my home LAN. They are 192.168.3 (camera LAN) and 192.168.1 (everything else). I have two PCs that are connected to both LANs. One is the BI PC and the other is my office PC, which is on a different floor than the BI PC. The camera LAN has no connection to the internet nor to the 192.168.1 LAN.

So I have some options in case a specific switch goes down. I can sub one of the others in it's place temporarily until I can get one from Amazon (usually next day). This of course would mean some cams would be down, but I have them split up so that I can get some coverage at each area. If the main switch (JGS516PE) goes down, it is a little harder. But I can fail over to the GS308PP, which is in the IT Rack with the JG516PE, by just moving some jumper cables. I have a couple of POE injectors on hand and some non-POE switches that could also be used in a pinch if a specific switch fails.

Also note that the JGS516PE is a MANAGED switch. It was the first POE switch I bought and thought it would be good to use managed switches. That was before I had some experience. I have never used any of the managed options in that switch and probably never will.

View attachment 97536
So others have stated in words that no, you do not use a splitter. But here is a network diagram to show how things can be set up using multiple switches. Realize that this setup evolved over time as I built my system over the past three years. It evolved as I added cams and my understanding of IP changed. It is a little different now, but this should help you understand how to do this.

Note I have two networks on my home LAN. They are 192.168.3 (camera LAN) and 192.168.1 (everything else). I have two PCs that are connected to both LANs. One is the BI PC and the other is my office PC, which is on a different floor than the BI PC. The camera LAN has no connection to the internet nor to the 192.168.1 LAN.

So I have some options in case a specific switch goes down. I can sub one of the others in it's place temporarily until I can get one from Amazon (usually next day). This of course would mean some cams would be down, but I have them split up so that I can get some coverage at each area. If the main switch (JGS516PE) goes down, it is a little harder. But I can fail over to the GS308PP, which is in the IT Rack with the JG516PE, by just moving some jumper cables. I have a couple of POE injectors on hand and some non-POE switches that could also be used in a pinch if a specific switch fails.

Also note that the JGS516PE is a MANAGED switch. It was the first POE switch I bought and thought it would be good to use managed switches. That was before I had some experience. I have never used any of the managed options in that switch and probably never will.

View attachment 97536
Samplenhold, thank you very much for taking the time to capture and post your network topology.
 
Top