Safari mobile reader mode works fine. It even recognizes the “next page” links and renders all four at once.

I’m still not certain what the advantage of a managed switch is.

I’m sure there is one because they’re more expensive.

The only thing I was able to discover is that they detect a network loop.

Vlan tagging at the port level is great. They probably do other things as well.

There was a period when I was paid to look after a bunch of managed switches, and they had a variety of interesting and useful features but that's a large corporate-like environment (a University) and it was part of a research programme.

[This is back when IPv6 is relatively novel and so the refit of a large building with brand new high end Cisco managed switches was justified as research, also leading to a hilarious "bidding" process in which Cisco's lone authorised supplier tells us what the price is, which of course is completely unaffordable, then we tell a Cisco exec what we want to pay, then they calculate a research "discount" which we are to be offered so that magically we pay exactly this much to the lone supplier].

Feature I really liked 1.: Time Domain Reflectometry. Port #123 failed? Ask the switch, it says the fault is 19 metres from the switch, measure by eye or with tape, oh yeah, there's the problem.

Feature I really liked 2.: Port history. You can see at a glance that ports #120 through #140 are not in use now but with history you can see that port #130 and #136 were used last Tuesday night. Aha! The only thing these ports actually do is support a madcap arrangement where Astronomy run laptops on the roof for stargazing. They can just use WiFi! No need to run all this extra stuff.

For the research we had MLDv2 group multicast support - e.g. 80 people have 100baseT networking, 10 watch video channel A at 40Mbps, 10 watch channel B at 40Mbps, yet the network is only moving 80MBps (40 + 40) and their links only have 40 Mbps each, the 60 non participants have all 100Mbps free - in principle that could be done in a relatively dumb switch, but also at home scale it's irrelevant anyway, and even at corporate it's cool but hardly worth diverting serious effort when you probably don't need such a feature.

The killer application for me is that my wired Ethernet security cameras are on a VLAN that I firewall from the internet.

VLANs are often useful.

There are a ton of features that fall under 'managed' umbrella, but for most home usecases you don't really need to manage the switches often. Once you setup WiFi SSIDs with VLAN tags, you almost never have to touch the switch. I like to separate networks with VLANs.

If your WiFi doesn't have client isolation, IoT devices can still scan your network. WiFi client isolation will prevent that, having them on separate VLAN also makes sense.

Another usecase is a Guest network, when friends come over. You might not want to isolate clients there and allow devices to talk to each other, but also don't interfere with your home network.

If you work from home, depending on what you do, you might want to have 'office' VLAN. Or a 'Kids' VLAN, where internet turns off every night at 8pm.

At this point, it may be easier to QoS and give only 10% of your internet bandwidth to Guest network, and 5% to IoT device network, etc.

> What am I missing? Why bother with managed switches at home?

I have managed switches now. Can be useful for link aggregation. I also use vlans, so I can have redundant nat gateways in different locations, without having to wire up a separate 'public net' lan... I could just put them in the same location, but I get a tiny amount of disaster resiliance this way. Vlans are also handy so I can do private and public on the same port and not need more nics; but maybe my setup doesn't need to be so esoteric that I want a separate port for host networking and for the nat gateway running in a jail (or maybe I could get srv-io to work somehow)

It's also handy to be able to check link status without having to go to where the switch is.

I use VLANs to isolate the IoT devices. Their separate WiFi is VLAN tagged by the access points.

And my internet/IPTV provider uses broadcast for TV streams which requires IGMP support if you want to run it over your existing network. Otherwise you have to use their modem and run a cable direct from the TV box to the modem.

Sometimes managed switch is the only way to find out faulty cable. I'm speaking about a bit bad cable, which corrupts some data, not all of it. Just by looking on interface error counters you can easily tell if something is off. Without it you either need somehow come up with very expensive cable tester or just pretend that slow network speed is due to some other popular blame destination (e.g. it's just bad macos update) ;)

> I even managed to find an unmanaged 16-port 2.5GbE PoE ... It's a no-name Chinese brand, but who cares?

Does it have a NRTL certification (UL or the like)? This is something I'd look for in a PoE switch, which often have internal power supplies specced for several hundred watts. Potential fire hazard. If it were a non-PoE switch plugged into a standard 12V/2A external power supply or the like, then I'd be with you, who cares if it's a no-name Chinese brand.

(btw, MokerLink, a previously-unknown-to-me Chinese brand, gave me excellent support last night. I complained a switch wasn't working. They asked for a video, then told me they're sending me a replacement. It's being delivered tomorrow. So at least some of these no-name Chinese brands are earning some trust.)

I use MAC based VLANs to automatically segregate types of devices no matter where they plug in. Works pretty well. I don't know if it's a feature available on all smart switches, particularly the low end ones, but it's common on higher end devices.

FYI Zyxel consumer switches seem to be more secure in this regard (I had a GS1200).

But yeah, even the enterprisey switches have braindead defaults like loading configuration from tftp at startup.

I segregate using VLANs based on usage.

- IoT

- Personal

- Work

- Kids/guests

- Lab

The first four have their own WiFi SSID.

I don't want various cameras/sensors/lightbulbs that rarely get updates to have access to my personal network.

I don't want to mix personal use with work use (I work from home).

In a similar vein, I trust my kids about as much as I trust random IoT devices.

The lab network is just random stuff, like an archive team warrior vm that I have running.

I could do everything on one single network, but if a single host or device is compromised everything is, and I'm too paranoid to run like that.

oh my.

My quality of life changed SO MUCH when I put in vlans.

machines go onto the appropriate vlan.

the winner was the "jail" vlan. Any machine on it can't get out. Maybe for updates through a filtering proxy like privoxy.

Every house should have vlans like this.

the status quo of "every machine can talk to the internet" or "buy our cloud-based router" is just uncomfortably common.

I use separate LAN segments because the "S" in "IOT" is for "security". I have a bunch of cheap, closed-source IP cameras with poor software quality. [1] Irrigation controller, landscape lighting, printer, scanner, TV, AV receiver, Roku, Sonos, dishwasher [2], key light for video chats, etc. I don't trust any of these things to be secure. Most of them aren't allowed to access the Internet. Even the ones that need to (Roku/Sonos) aren't allowed to initiate connections to my "trusted" segment that has my laptop and such.

I implement the separate LAN segments with VLANs for practical reasons. I have a few different places (closets/desks) that might terminate devices on different segments because that's how my home is. [3] Having separate switches for each segment in each place with sufficient capacity for potential future needs, and separate uplinks between them, and multiple ports on my router, and separate wifi access points isn't gonna happen. Instead I have end devices on untagged ports with correct VLAN set and trunked ports with 802.1Q tagging for uplinks, APs, and router.

[1] coincidentally talked about this recently: https://news.ycombinator.com/item?id=44792209

[2] I avoided the recent Bosch ones that can only do a rinse cycle through wifi. I think the Miel I bought instead also can be put on wifi, though I haven't felt the need so far.

[3] Old. Without a dedicated space for networking—most of the drops are in the top of my coat closet. Difficult to wire, particularly the largest room that was converted from a garage, is on a slab, and has the old foundation perimeter between it and the rest of the house's crawl space.

I cannot imagine adding this complexity to my home life. Work is frustrating enough. At home I use the box from the cable company and don't change anything. That way if it doesn't work it's their fault.

That is a very good point. Mine is from an actual brand and obviously OEMed by someone who makes a lot of these (there are many, many brands selling something with "S25-1602P" in the part number and slightly different stickers, and even more closely related designs), so I feel fairly confident, but yes.

Vlans. I don't think I'll ever buy a switch that doesn't support them. That rule goes back to me having a 3com super stack in my garage.

How many layers of complexity live in in your current arrangement? They're still there. I've owned my own networking hardware for a long time, and it's stable to the point that I essentially never touch it after minimal setup. Some of us choose to go further down this path for our own reasons: features we want to use, to grow our knowledge, or just because we can. I find this take dismissive, reductive, and ultimately not a productive.

Network switches, even managed ones, are usually "set and forget".

But sure, if you don't want to take control of your home network, then the corporate overlords will be more than happy to control it for you --- possibly against your wishes.

I work on networks in my day job. Just like the parent at home I'm cool with a single L2 network behind a firewall. The box that plugs into the fiber is my NAT/Firewall. The rest is just off the shelf stuff I never have to touch or configure, mostly WiFi. No idea why you need link aggregation or vlans at home for most home use. what's next? VRFs and VXLAN? IPsec? Racks in your home data center with spine/leaf? ECMP?

EDIT: I have kids and never felt the need to isolate their network. I've never had a guest/friend that needed to access my network, everyone is on a network via their phone. But if they did they can jump on my WiFi.

I run IPsec at home, on two HA OPNSense firewalls/routers precisely because I don’t get to do it all day. It’s a learning experience.

Sure, "I wish to learn about this stuff" or "I think playing with this stuff is fun" are both fair reasons.

But apart from those, I just don't understand how adding the complexity makes my life better. People are saying "VLANS!!!" but why would I want to do that? How does my life improve if I do?

Everyone has already stated what they find VLANs useful for. If you don't think they're useful then I suspect you don't think VMs are useful either.