At a Glance | |
---|---|
Product | TP-LINK Gigabit Smart Switch [TL-SG2216] |
Summary | Value priced, but fully-featured Layer 2 managed switch |
Pros | • Easy to configure • Silent • Relatively inexpensive |
Cons | • No IPv6 support • 5 year vs. limited lifetime warranty |
Introduction
TP-LINK is an international company headquartered in Shenzhen aiming to establish itself, according to its website, as “one of the top three networking brands in the world”. The TP-LINK brand was established in 1996. The name TP-LINK derives from “Twisted Pair Link,” implying a focus on Ethernet connectivity.
In its listing of milestones, one of the first products TP-LINK cites is an Ethernet switch in 1998. Today, TP-LINK sells a wide array of network products including routers, modems, wireless devices, IP cameras, print servers, and other network devices in addition to switches.
In this review, I’m going to look at the TL-SG2216 switch. The TL-SG2216 shares software with TP-LINK’s TL-SG2424 switch, so this review essentially covers both devices. The key differences between the two switches are a greater number of ports and switching capacity on the TL-SG2424.
The TL-SG2216 is a 16-port Gigabit switch, new to TP-LINK’s Web Smart Switch product line. The Web Smart Switch product line falls between TP-LINK’s two other switch product lines, their L2 Managed Switches and Unmanaged Switches. Let’s take a look.
The TL-SG2216 has a grey metal case measuring 17.3”W x 7.1”D x 1.7”H. It comes with hardware for rack mounting as well as adhesive rubber feet for desktop/shelf placement. Indicator lights, a reset switch, and the 16 RJ45 and 2 SFP ports are on the front, shown below. Note, the last 2 RJ45 ports are shared with the 2 SFP ports, thus it has a maximum usable port capacity of 16. Similarly, the TL-SG2424 shares its last 4 RJ45 ports with 4 SFP ports, giving it a maximum usable port capacity of 24.
TP-LINK TL-SG2216 front
The TL-SG2216 is fanless and therefore silent, making it useful in a work area as well as a closet. The power connector is on the back, shown below. A standard AC cable, not wall wart, connects to an AC outlet for power.
TP-LINK TL-SG2216 rear
Inside
Below, you can see the internal mainboard and power supply. The switch devices reside under the large heatsinks, which I did not remove. But TP-LINK said both devices are from Broadcom. Below them are 256 MB of DDR SDRAM and a 16 MB of flash.
TP-LINK TL-SG2216 board
Features
The feature list below is based on the TP-LINK’s TL-SG2216 specification listing. Note, I’ve listed the TL-SG2424’s specs in brackets to the right where the TL-SG2216 and TL-SG2424 differ.
- 16 10/100/1000Mbps RJ45 Ports [TL-SG2424 = 24]
- 2 Combo 100/1000Mbps SFP Slots [TL-SG2424 = 4]
- 32Gbps backplane [TL-SG2424 = 48Gbps]
- 8k MAC Table
- 23.8Mbps packet forwarding [TL-SG2424 = 35.7Mbps]
- 10240 jumbo frame support
- IEEE802.1Q with 512 VLAN groups and 4K VIDs
- 802.1p CoS/DSCP priority
- 4 priority queues
- Queue scheduling: SP, WRR, SP+WRR
- Port/Flow-based Rate Limiting
- IGMP Snooping V1/V2/V3
- LAG (Up to 6 aggregation groups, containing 4 ports per group)
- Spanning Tree STP/RSTP/MSTP
- BPDU Filtering/Guard
- TC/Root Protect
- Loop back detection
- 802.3x Flow Control
- Port Security
- Broadcast/Multicast/Unknown-unicast Storm Control
- Web-based GUI and CLI management
- SNMP v1/v2c/v3,compatible with public MIBs and
- TP-LINK private MIBs
- RMON (1, 2, 3, 9 groups)
- CPU Monitoring
- Port Mirroring
- Firmware Upgrade: Web
- System Diagnose: VCT
- SYSLOG & Public MIBS
Configuration
The TL-SG2216 is configurable via a web GUI and command line via Telnet. Although rather basic and plain, I found the GUI easy to navigate. Below is a screenshot of the System Info page.
TP-LINK TL-SG2216 System Info
The web GUI has eight menus listed vertically along the left side of the screen, each with multiple sub-menus organized with various tabs of configuration screens. To give you an idea of the configuration options, Table 1 summarizes the menus and sub-menus.
Table 1: TP-LINK TL-SG2216 menu summary
Once you apply a configuration, it becomes active on the switch, but isn’t saved permanently. You have to also click Save Config to ensure all configuration changes won’t be lost if the device is power cycled or shutdown. Some devices I’ve worked with that require a save, such as the Cisco SG200-26, remind you to save the configuration. It would be nice if the TL-SG2216 did as well.
English is my only language, so far be it from me to knock someone who can speak or write multiple languages. However, I think if TP-LINK wants to maximize market share in the US, they may want to engage someone to improve the English translations in the web GUI. For example, the menus written as User Manage, Device Diagnose, and Saving Config would more typically be written as User Management, Device Diagnostics and Save Config. Translation issues are relatively minor compared to performance and functionality, but they can affect the overall impression one gets on a product.
TP-LINK provides a datasheet, User Guide, CLI Guide and Installation Guide for the SG-2216 and SG-2424. I found the 130 page User Guide provided useful explanations of configuration options and was impressed that it included several configuration examples.
VLAN
The TL-SG2216 supports up to 512 802.1Q VLANs, numbered from 1-4000, with three port types. An access port is assigned to a single VLAN and doesn’t tag egress frames with a VLAN ID. A trunk port can be assigned to multiple VLANs and tags egress frames with a VLAN ID. A general port can be assigned to multiple VLANs and can be configured to tag or not tag egress frames per VLAN ID. The TL-SG2216 uses PVIDs (port VLAN ID) to assign the native VLAN on a general or trunk port.
I successfully tested 802.1Q trunking and VLAN traffic segmentation between the TL-SG2216 and a NETGEAR GS108T. My configurations were as follows:
- VLAN1 and VLAN2 were added to both switches
- A trunk port connecting the two switches was configured as a member of VLAN1 and VLAN2, with a PVID of VLAN1
The screenshot below from the TL-SG2216 shows three things. First, all ports except port 10 are members of VLAN1. Second, my trunk port, port 2, is a member of VLAN1 and VLAN2. Third, port 10 is only a member of VLAN2.
TP-LINK TL-SG2216 VLAN configuration
The screenshot below shows port 2 is a trunk port with a PVID of 1 and port 10 is an access port with a PVID of 2.
TP-LINK TL-SG2216 VLAN port assignments
As expected, devices connected to access ports on VLAN1 on the TL-SG2216 were only able to communicate with devices on VLAN1 on both the TL-SG2216 and the GS108T. Also as expected, a device connected to port 10 on the TL-SG2216 was only able to communicate with devices on VLAN2 on the GS108T.
This is a basic test of 802.1Q trunking and there are far more complex configurations for VLAN tagging and traffic separation. This test simply verified the TL-SG2216 properly applies and recognizes 802.1Q VLAN tags.
A simpler form of VLANs can be implemented on the TL-SG2216 with the Port Isolation feature. With this option, individual ports can be restricted to being able to send traffic to other ports by creating a simple point and click map. In the map shown below, port isolation hasn’t been configured, thus all ports are permitted to send traffic to all other ports.
TP-LINK TL-SG2216 VLAN port isolation
STP
The TL-SG2216 supports standard spanning tree protocol (STP), rapid STP (RSTP), and multiple STP (MSTP) to prevent switching loops when redundant links exist between switches. Up to eight MSTP instances are supported.
Spanning tree is disabled by default. Enabling standard STP is a matter of clicking enable in the global menu, then enabling it on all or selected ports.
Testing common spanning tree is easy. Simply connect two ports of the switch to each other to create a switching loop. With spanning tree disabled, the switch will possibly hang and traffic will drop or fail to pass through it. With spanning tree enabled, one of the two ports connected to each other will go into a blocking state and the switch will continue to function normally.
With spanning tree disabled, I was able to hang the TL-SG2216 using the above test. With spanning tree enabled, the above test caused no harm as STP took one end of the loop down, doing its job by detecting and preventing the loop.
I used ports 14 and 16 for my STP test. With STP enabled, as you can see in the circled section below, port 16 has gone into the STP port status of blocking, which is expected when STP detects a loop.
TP-LINK TL-SG2216 STP blocking
STP has some vulnerabilities, thus there are multiple techniques for optimizing STP and protecting against these vulnerabilities. The TL-SG2216 supports five STP security measures, including Loop Protection, Root Protection, TC Protect, BPDU Protect, and BPDU Filtering. Each of these measures can be enabled or disabled per port.
LAG
The TL-SG2216 supports up to six Link Aggregation Groups (LAGs) with up to four links per group. Although LACP (Link Aggregation Control Protocol) is referenced in the TL-SG2216 manual, the device provides only static LAG configuration options.
I was able to configure a static LAG using two ports between the TL-SG2216 and a NETGEAR GS108T. I configured port 14 and 16 on the TL-SG2216 to be members of LAG1, as shown below. I configured two ports on the GS108T similarly and the LAG came up between both switches without a hitch.
TP-LINK TL-SG2216 Link Aggregation
QoS
The TL-SG2216 offers multiple options for configuring Quality of Service (QoS). Traffic can be prioritized by port, by 802.1p values, and by DSCP values.
I think it is simpler to think of the TL-SG2216’s QoS configurations in three steps.
- The TL-SG2216 allows you to map port priority and DSCP values to 802.1p CoS values.
- CoS values are mapped to four different queues on the TL-SG2216 labeled as TC0-TC3, with TC0 the lowest priority queue and TC3 the highest priority queue.
- Traffic queues are serviced based on one of four scheduling modes; Strict Priority, Weighted Round Robin, Strict Priority/Weighted Round Robin, and Equal (default).
The defaults on the TL-SG2216 make it easy. All ports have a default CoS set to 0, there is a standard mapping of DSCP to CoS values, and the CoS values are already mapped to the four different queues. All you have to do to enable QoS prioritization on the TL-SG2216 is click to enable DSCP and select a scheduling mode other than Equal. You can then customize the QoS settings if needed.
The TL-SG2216 also has the option to control traffic by applying ingress and egress bandwidth limits per port. In the screenshot below, I’ve applied ingress and egress bandwidth limits of 1024 Kbps to port 16.
TP-LINK TL-SG2216 Rate limiting
I validated the TL-SG2216’s bandwidth limit functionality by running iperf throughput tests through port 16 before and after I applied bandwidth limits. My throughput before I applied the limits ranged from 271-324 Mbps and after I applied the limits was exactly 1.17 Mbps as you can see in the below. Recall that I set my limit at 1024 Kbps, which is approximately 1 Mbps.
TP-LINK TL-SG2216 Rate limit verification
Finally, the TL-SG2216 provides three storm control options that allow you to protect your network against devices flooding the network with excess traffic. This is useful, as I’ve seen network performance degrade due to a faulty network card on a PC flooding the network with meaningless data.
Per-port storm control options on the TL-SG2216 are to set a broadcast rate limit, a multicast rate limit, and a UL frame rate limit. (A UL frame is a frame with a destination MAC address that isn’t in the MAC table. Default switch behavior on such a frame is to broadcast it, thus the UL frame rate limit is similar to a broadcast rate limit.)
Security
In addition to the previously mentioned STP protection measures and storm control options, access security, port security, and MAC filtering rules can be applied on the TL-SG2216. Access to the configuration of the switch is controlled by user name and password. Users can have either admin or guest access, and you can set rules that define the source IP addresses, MAC addresses, and ports that can have access to the configuration of the switch.
Port security is configured by applying MAC address limits. Although the TL-SG2216 has a limit of 8000 MAC addresses in its MAC table, you can restrict the number of MAC addresses that can be learned on a port. This feature can prevent someone from plugging in another switch and connecting excessive or unapproved devices to the network.
Port security is disabled on all ports by default on the TL-SG2216. A maximum number of learned MAC addresses can be specified per port, along with choosing a learning mode by port. Learning modes are dynamic, static and permanent. Dynamic MAC address learning is standard switch behavior, static MAC address learning means that MAC addresses stays in memory even if the device disconnects, until the switch is rebooted or the MAC address is deleted. Permanent MAC address learning is the same as static, but permanently learned MAC addresses can only be manually deleted.
Finally, security rules in the form of MAC filtering can be applied. Traffic to and from specific MAC addresses can be blocked by creating a MAC filtering rule. In the below screenshot, I created a basic filtering rule to block traffic to and from MAC address 00-1c-23-01-02-03. I set up a continuous ping to the device with this MAC, and watched the ping succeed without the rule and fail with the rule implemented, validating the TL-SG2216’s MAC filtering capability.
TP-LINK TL-SG2216 MAC address filtering
Other
Jumbo frames are enabled by default on the TL-SG2216 and cannot be disabled. The switch passes frames up to 10k bytes in size. My PC can only generate up to 4k byte frames and I had no problem passing 4k byte frames through the TL-SG2216.
In addition to the features discussed, the TL-SG2216 has options for port mirroring, SNMP, Multicast, sys logging, basic diagnostic tools (ping, traceroute, cable test), administrative tools (config backup, resetting and rebooting the device) and a display of traffic statistics by port.
I find port mirroring is a useful tool to examine traffic to and from a specific device or port. Below I created a simple rule to copy all ingress and egress traffic from port 8 and send it to port 16. With this rule in place and Wireshark running on my PC connected to port 16, I was able to examine all traffic going to and from port 8.
TP-LINK TL-SG2216 port mirroring
Finally, the TL-SG2216’s traffic summary page has a nice display of inbound and outbound traffic volumes measured in bytes and octets as shown in the screenshot below.
TP-LINK TL-SG2216 traffic statistics
Closing Thoughts
I put together Table 2 of Layer 2 Gigabit smart switches along with a couple of key specs on each switch. The specs in the below table are from the product specifications page on each manufacturer’s website. The prices are from Pricegrabber.com, snapshotted near the end of November, 2012.
Make and Model | RJ45 ports | SFP ports | MAC addresses | Backplane (Gbps) | VLANs | Warranty | Price |
---|---|---|---|---|---|---|---|
TP-LINK TL-SG2216 | 16 | 2 | 8k | 32 | 512 | 5 years | $137.95 |
TP-LINK TL-SG2424 | 24 | 4 | 8k | 48 | 512 | 5 years | $152.95 |
Cisco SG200-18 | 18 | 2 | 8k | 32 | 256 | Limited Lifetime | $254.99 |
Cisco SG200-26 | 26 | 2 | 8k | 52 | 256 | Limited Lifetime | $266.40 |
NETGEAR GS716T-200 | 16 | 2 | 8k | 32 | 128 | Lifetime | $218.95 |
NETGEAR GS724T-300 | 24 | 2 | 8k | 48 | 128 | Lifetime | $278.95 |
Table 2: Product comparison
All of these switches are fanles /silent and configured via a web GUI. In my experience, all three manufacturers do a good job with VLANs and basic layer 2 switching functionality. There are few feature differences between the switches, such as the Cisco switches support IPv6, the NETGEAR and Cisco switches offer “Green Ethernet” for power saving and the TP-LINK supports more VLANs.
I think two key things stand out when you look at Table 2—warranties and price. TP-LINK has a 5 year warranty, Cisco offers a limited lifetime warranty (the power supply is only covered for one year) and NETGEAR offers the highest protection of a lifetime warranty. Price, however, is where the TP-LINK shines. TP-LINK’s 16 port switch is $137 while its 24 port TL-SG2424 sibling is $152. In contrast, both Cisco and NETGEAR’s switches are over $200. That’s a big difference.
From a feature standpoint, I was impressed with the TL-SG2216. I had no problems configuring and using its features. It appears to me that TP-LINK is trying to become one of the top three networking brands in the world by undercutting the competition via price, while providing comparable features. In my opinion, the TL-SG2216 will help them toward that goal!