TP-Link TL-SG1218MPE Small Business switch (Product review)

General Info No Comments
TL-SG1218MPE

A while ago, I planned to update my home network for a couple of reasons. As I’ve been working from home for a while, most of the interactions I had with customers ran over secured VPN links but still over the same local Wi-Fi network as everything I had hooked up including a 2 dozen IoT devices of various sorts, media server, speakers etc. As the communication with external parties changed a bit with having a private, employee as well as business links, I needed to change the way I worked. I decided on a few things.

Why a business switch for a home network?

First off, I wanted to separate everything that had to do with customer related traffic, irrespective if that was related to my current work or my business, from my private systems as much as possible. That meant that all these different traffic types had to go into separate VLAN’s with the various options associated to each of them, like QoS (Quality of Service). As I live fairly rural, I don’t observe Wi-Fi interference from neighbours as you would in the city however I noticed that with my setup there was a fair drop-off in coverage with my “old” home router so I decided to add two TP-Link EAP 245 access points on either side of my house to obtain a good coverage.

I also wanted to remove, as much as possible, traffic from the Wi-Fi network and get as much as possible over a cable. That meant I had to dig up my old toolbox and start pulling cables through the house. Due to the limitation in the way my house is build there are not much power points so all equipment needed to have the ability to be powered via the same ethernet cable with PoE.

The switch that I bought for this is a TP-Link TL-SG1218 MPE Small Business switch. It has most options you would like from switch in this category.

Specifications

  1. 16 RJ45 +2 SFP 1Gbe ports
  2. First 16 provide PoE+ power option.
  3. IGMP Snooping
  4. Link Aggregation
  5. Port mirroring
  6. MTU, Port based and 802.1Q VLANs (Mutually exclusive)
  7. QoS, either port based, 802.1P or 802.1P/DSCP

Positives

From a configuration perspective, most things are very straightforward and the switch is easy to configure. You would need to know a few things like for example how VLAN’s work and how this interacts with hosts and other equipment. The documentation provides some simplified examples in case you just want to hook up a few computers, printers or other equipment. If you need to set up a more complicated environment with computers capable of multi-homed, VLAN-tagged network interfaces, I would advise obtaining more knowledge around this topic.

The Power over Ethernet option work as designed. I haven’t stretched the switch to its limits though. According to the specs, it can deliver up to 192 watts of power to the attached devices. The power requirements can be configured per port in 4 classes or with a value in watts that can be manually set. The priority can be set on each of the ports in three bands. Basically meaning that when the switch is reaching its threshold, you can selectively decide which devices it can turn off.

The port mirroring feature is a very welcome option if you want to add some sort of IDS (Intrusion Detection System) or do diagnostics on client/server traffic.

Negatives

What is very limited in the switch is the capability of diagnostics. It has almost no options whatsoever, and the ones that it does have are mostly related to some statistics on the network interfaces and a very rudimentary cable test.

It doesn’t seem to support PVST (per VLAN spanning tree) which means that when you hook this switch up to a remote system which has bridging support enabled where that bridge will also traverse traffic on VLANs,  the uplink will immediately block without showing you what’s happening.

You cannot see an arp table or even which mac address(es) is/are attached to which switch port. From a monitoring and diagnostics perspective, this is a severe lack of functionality. It would not be that hard to create a page in the GUI to have this shown.

There is no logging facility, nothing. If I had known this, I would’ve most likely bought another switch, as not being able to re-trace problems is a big NoNo for me. I guess the switch itself does not have any internal storage except for a small boot-prom and some very limited non-volatile memory to store the settings. If even it had had the possibility to send out events via SNMP or a SysLog facility, it would significantly add value. I really hope the good people at TP-Link will add this at some time in the future.

It has no ability to add multiple users or link it to an external access control facility. This makes it very susceptible to continuous brute force access attempts. As there is no logging or notification facility, you wouldn’t even know this was happening before it is too late. Only a firewall on the edge of the network could prevent this from happening or create a “management” VLAN which is separated from the rest of the network. As it has no dedicated management interface, it is not possible to “air-gap” the switch to a physical management network. From a security perspective, I would not recommend this switch to sit near a network which has Internet connectivity.

Conclusion

Be aware this is a plain Layer 2 switch. It has no routing capabilities. If you want a straight-forward switch with no-nonsense which allows you to hook up computers, printers and peripherals like (PoE-)phones, this switch is a good option. I also can act in the same fashion at the edge of your network for basic device connectivity. If your network requires more options like for example PVST or layer 3 IP routing options, I would look for a more suitable switch.

The firmware should really allow more options regarding users and fine-grained access control. Linking this up to any sort of external authentication and authorisation system like LDAP/Active Directory or Radius should really be implemented. In this day and age, it really is a hard requirement. From a security perspective, this is really a brick wall when it comes to purchasing this switch. TP-Link should add this ASAP.

The one thing that disappointed me the most was the lack of any sort of logging and notification facility. This is another thing that should really be added. Even the smallest systems like for example the Unifi Flex mini have this. It should be a no-brainer.

Value for money.

If TP-Link added the two things I highlighted above, and not change the price point, this switch would be a very good value for money. From a functional perspective it does what it needs to do but given the fact the firmware is limited in these two areas, I would, at this stage, recommend against buying it.

I hope this gives you some idea of the TP-Link TL-SG1218 MPE switch. If/when TP-Link corrects the issues I mentioned, I’ll update the page here.

Kind regards

Erwin

 

Print Friendly, PDF & Email

Subscribe to our newsletter to receive updates on products, services and general information around Linux, Storage and Cybersecurity.

The Cybersecurity option is an OPT-OUT selection due to the importance of the category. Modify your choice if needed.

Select list(s):