Category Archives: Computer Networking

Computer Network Switch Selection for the Outbuildings

Posted on by
Reply

I’m using Ubiquiti UniFi network equipment in the House – notably for the PoE Network Switches and the Wireless Access Points. I find the UniFi gear provides a reasonable balance between Enterprise-grade functionality and Consumer-grade pricing.

The CCTV cameras are also from the UniFi product range – although those operate as part of the UniFi Protect sub-system and are largely independent of the underlying network equipment. I don’t currently use a UniFi network ‘Security Gateway’ since I prefer the flexibility of a more extensible router and firewall solution that I can add my own code to (I’ve recently moved to OPNsense) – though when the time comes to sell the house I might swap to one of the more user friendly UniFi gateways (and also replace the self-hosted UniFi Network Controller application, which currently runs in a Docker container on an Gen8 HP MicroServer).

It therefore makes sense to continue to use UniFi network equipment in the Outbuildings, managed via the existing UniFi Network Controller dashboard. The question is: which model from the extensive UniFi switch portfolio to choose?

The basic requirement is for at least 22 wired Ethernet ports, at least 13 of which need Power over Ethernet (for CCTV cameras, Wireless Access Points etc). That requirement maps nicely to a 24-port switch – although two 16-port switches would provide some redundancy and more expansion capacity.

  1. Second-hand US 24 250W PoE?
    • That’s just a scaled-down version of the US 48 500W PoE switches in the house – which are OK but they’re relatively deep, and heavy – and the cooling fans are quite noisy (and would be far from ideal in the more dusty / gritty environment of the Outbuildings)
    • These seem to go for around £175 on eBay – and might have been running 24×7 for many years so are likely to need new fans, if nothing else
  2. Two Gen2 USW-16-POE switches?
    • These are fanless units (good) and have a 42W PoE budget (more than adequate) – but they only have 8 PoE-capable ports, so only16 from a pair – which is barely enough
    • These also seem expensive compared to the 24-port variants – about £275 (inc VAT) each, brand new, so £550 for a pair
  3. One Gen2 USW-24-POE switch?
    • These are fanless and have 16 PoE-capable ports (a much better proportion)
    • They’re about £350 (inc VAT) each
    • The main limitation is they only have regular SFP uplink ports – i.e. 1Gb/s max
  4. One Gen2 USW-24-Pro-POE switch?
    • These have SFP+ uplink ports – i.e. 10Gb/s max – and all 24 ports are PoE+ (or PoE++) capable
    • They have a 400W PoE power budget (much more than required) and they provide Layer 3 capabilities (e.g. a DHCP Server and inter-VLAN Routing) which can also be provided by the Firewall (which is required anyway, for other reasons)
    • They’re over £600 (inc VAT) – which is a big premium to pay for features that aren’t currently necessary for this ‘domestic’ installation

On balance, the USW-24-POE seems the least-bad choice. While the 1Gb/s uplink is a limitation, the network link back to the house will be via two firewalls which also impose a 1Gb/s limit – until those are moved to more modern hardware. Second-hand (but relatively young) examples of the USW-24-POE occasionally appear on eBay – though typically for more than half the ‘new’ price.

If additional ports are required, a second (smaller?) switch can be added later – potentially in a ‘satellite’ location (avoiding the need to run all the structured cables back to the Plant Room).

One mitigation for the 1Gb/s uplink limitation would be to ‘aggregate’ both SFP ports for (a slightly better) 2Gb/s back to the adjacent firewall. Unfortunately, it seems that one of the three 1Gb/s ports on the PC Engines APU2 device that runs this firewall is currently refusing to run at more than 100Mb/s – due to some sort of hardware issue – so it’s stuck with one Gigabit connection to the House and one Gigabit connection to the Switch.

Ubiquiti UniFi Network Switch Management VLAN Issues

Posted on by
Reply

After swapping out the 9U network equipment rack in the House for a deeper, 12U alternative (to house some extra equipment in the House and free up the 9U unit for the Outbuildings) – which meant powering-off the network switches for a few hours – one of the two switches wasn’t connecting back to the UniFi Controller afterwards. Since the other switch and all of the Wireless Access Points connected OK, that ruled out issues with the DHCP server and the Controller itself, and pointed to a configuration issue with that one switch – especially since the other switch was actually connecting via the problematic switch’s network cabling.

In operational terms, the switch was working fine, passing traffic as expected, but was ‘unmanageable’ in that there was no way to change any of its settings, which I knew was going to be a problem.

While the switches were removed from the rack, I’d noticed they have an RJ45 port on the back, labelled ‘Console’. Using that with a ‘rollover’ RJ45-to-DB9 adaptor, connected via a USB to RS-232 lead, I was able to connect to the CLI via a terminal emulator and login with the same credentials used to login to the Controller.

After a lot of head-scratching, I concluded the switch’s management interface (eth0) probably wasn’t on the correct VLAN – I could see it sending DHCP request packets but they weren’t showing up in the right place on the DHCP server. The management interface is intended to be moved to a non-standard management VLAN via a ‘Network Override’ setting in the configuration for the switch (and I could see switch.managementvlan set correctly in file /tmp/system.cfg). What I failed to un-pick was the mechanism by which that management interface gets placed on the correct VLAN – I had hoped to be able to see what was happening and try to correct it.

The solution came by finding references to the ‘enable’ configuration utility which looks like it’s meant to make UniFi switches behave similarly to other brands. There’s a good summary here: https://dan.langille.org/2018/01/12/getting-into-the-cli-for-a-unifi-switch/ – which includes the specific commands for changing the VLAN of the management interface (which had indeed reverted to the default, VLAN 1). After changing the setting (and running write memory) everything started working (the switch retries the DHCP request automatically).

So, in summary: it’s not clear why it lost that one setting (while retaining all the others) but it’s good that there was a way to get things working again without having to factory-reset the switch and re-specify all the configuration.

Update 2025-11-10

The same thing happened to the ‘other’ switch – it reverted the Management VLAN to 1. The same fix worked, but just in case the referenced web page goes away here’s a summary of the steps required:

  1. Connect to the switch’s Console port using a serial cable and ‘rollover’ adaptor
  2. Login using the same credentials used for the UniFi Controller
  3. Telnet to the switch to get the management interface:
    • telnet 127.0.0.1 2222
    • (Hit ‘enter’ a second time to display the command prompt)
  4. Run the enable command to get into configuration mode
  5. Run the show network command to check the current settings
  6. Run the network mgt_vlan 254 command to set the correct management vlan
  7. Run the write memory command to save the changes
  8. Run the exit command (twice) to back out of the management interface
  9. Wait for the DHCP request to work on the right VLAN