Sometimes, you just want cheap and relatively fast. This is the XikeStor SKS8300-8X which might be one of the cheapest 10G switches you can buy. The 8-port SFP+ switch is interesting because it is currently under $90. If it gets a sale, it is likely to go sub $80 or $10/ port. Unlike many cheap 10GbE switches, this one is far from an unmanaged switch, but that is worth discussing. First though, let us get the hardware.
If you just want to get one, we got ours on Amazon (Affiliate link.)
As a quick note, we have several folks on the forums using these successfully. There are others that have had strange behavior such as in this thread. It is certainly worth looking online to see if this is something you are interested in.
XikeStor SKS8300-8X Hardware Overview
On the front of the switch, we get a console port as well as eight SFP+ ports for our 10G. You can also see these have 1/2.5G indicators as well as the 10G option.
This is a managed switch, and it comes with a USB to console cable. These always make us nervous since we do not love the idea of plugging in USB to serial cables that we did not buy since these tend to be a security threat vector.
The switch itself is very short depth.
On the sides, we have vents.
On the back we have a grounding point and our DC input.
Underneath, we have our label that has our default management interface. There are also rubber feet in the box you can use if you are using this as a desktop switch. If you are mounting it, there are two mount points.
Opening up the switch we have a big heatsink. This heatsink uses a lot of glue to keep it on so we did not get to pry it off since that might damage our unit.
Still, something slightly nice about the build is that there are thermal pads underneath the PCB which is usually the sign of a slightly higher quality switch.
Next, let us get to the management.
Curious article. No expression of concern over the fact that 1 SFP inserted raised the power consumption level to 8.3W for a device the article says has a 24W power supply.
Kinda under-powered if you plan to utilize the entire switch, eh?
A managed switch with poor security seems much worse than an unmanaged switch with 8 ports. What do people even do with the management interface on an 8-port switch? There are only 8 ports.
I’d love to replace a mostly useless and annoying Qnap switch with device today (and might).
The Qnap switch I use with 8x 1g and 4x 10g ports, 2x 10g to my upstream switch with aoc, one to my desktop with tx, one to an old desktop I use as a server at my desk via sfp+ twinax, and hand off some 1g tx ports to gadgets I keep on my desk. It however is such a useless switch that even though managed, I can’t change the native IP management vlan on it that is NOT vlan 1. Support said they might fix it, and that was a year and a half ago.
Don’t ever, ever buy Qnap for networking.
I just want a switch with 4x 10g and 4-8 1g ports. Sadly no one really makes one other than stupid Qnap.
Actually, I’d be curious to know @Patrick how the CLI is on this, and if useful for any actual configuration. Qnap’s is again useless for any actual configuration, I don’t even know why they put a serial port externally on it.
I just need to run a management IP on another vlan, say 10 instead of vlan 1, and the Qnap can’t even do that.
6.3W base + 2W per port is 16W so that’s 22.3W at the wall or maybe 20W if the adapter’s good at the device so 24W PSU is fine. Those adapters use more than copper SFP+ and optics so I don’t see an issue at all.
From the picture in the article, XikeStor switch’s web interface looks very similar to Ruijie switch’s one. I wonder if they come from the same OEM.
@Eric Olson: The management interface can be useful even on a small switch if you want to aggregate things on different VLANs over a single link, like say a security camera, IP phone, WiFi access point and a point-of-sale device. These can all be on different VLANs but you only have to run the one cable out for them.
It can also make troubleshooting easier, because you can connect to the switch remotely and spot that say a device is disconnected, and give someone instructions to check the cable before you go to the trouble of a site visit.
The insecure management interface isn’t a huge deal because it’s usually isolated on a separate VLAN as well, with only limited access available. I mean sure it could be better, but there are so many insecure devices out there already that need to be handled on the network that it’s nothing out of the ordinary.
@Quy Nguyễn the OEM for most of these is likely to be Shenzhen HongRui Optical Technology Co., Ltd (hruitech.com). The base models on most of them are exactly the same as the Web- and L2-managed switches. L3 versions come with an additional processor to handle some functions.
Generally the CLI is terrible or non-existent, many functions dont work as expected (SNMP, EEE, SSH, user security, VLAN config, saving and restoring config). The OEM expects their ‘partners’ to build these functions but none do and you end up using the bare-bones device where you cant swap a different firmware in, and the default one is too basic for any STH user.
I had multiple of them, and ultimately traded for a Zyxel 10G L2+ model with a Noctua fan-mod. The CLI works, SSH works, users and security work as I expect, EEE and flow-control work, ARP table is accurate and the 10G ports actually give line rate.
is there also support for 100mbit?
or is this depending of the sfp+ module?
Concerned about the secutiry of a USB lead but not a Made in China switch. Interesting.
Elijah did you see the management section?
I have that same switch but labeled as binardat. You must tell it if you’re using Fibre or dac cables or it won’t play, and apart from that I’ve had it crash using the web guitar a few times….but once setup it just runs and runs and runs, no issues whatsoever. Bought mine used from ebay for I think 35 bucks without a psu and spent a few bucks on that.
@Alfonso, I believe Elijah was implying that it’s silly to be concerned about a potentially compromised serial cable when the entire firmware from a company no one has ever heard from may be compromised. It’d be far easier and useful to embed some backdoor into the management code and have it go unnoticed than a very small microcontroller embedded in a serial connector.
With a cable, and there’s tons of counterfeit cables out there, you’re plugging in a USB device to your system that has access to whatever you’ve got on there and whatever you’re doing. A switch you’re just worried about it being used as a DDoS endpoint since at 10G you’d see if it was mirroring traffic to WAN really quickly. Almost everything else you’d have encrypted by the time it hits the switch anyway. I’d be much more worried about anything USB I plug into my Dell.
It’s actually baffling that it would cost WAY more from TP Link to have the same as this (realtek chipset on all these) but if you want management, it’s embedded onto the realtek chip!
Either way, management seems to be a major miss from xikestor
If you look on Alibaba you can find cheaper RTL9303-based devices. I bought a couple of Horaco SWTGW2C8F for $65 a piece and they’ve been going strong for a few months now.
I would suggest even a home labber stay away from these chinese voodoo boxes and just get a used enterprise switch off ebay. You will have better security and likely learn more. It’s this cheap for a reason and I simply do not trust something like this to handle network traffic.
I have two of these that I have setup now, 1 for myself as a kind of home core switch and one for a friend. They are great little switches and with the new firmware can easily be configured for secure management with encrypted passwords. They run cool and sip power compared to my previous Brocade ICX, no problem to have all ports populated even with two 10Gb-T adaptors in there. Not tried the command line yet but guess it’s nice as an alternative. I was initially weary of security being a cheap chinese box but i monitored it for a week in a sandboxed environment then in a DMZ and saw nothing untoward. Alex
Hey @AdamTheItGuy, what exactly is “using the web guitar”?
Please try to find and test a 10GbE switch with ethernet ports. Anywhere from 5 to 16 ports is good and no mgmt is ok. This one is not cheap (when fully populated), the PSU seems a bit weak for a full load and I’m not to keen on cheap end mgmt (security). Thank you!
Really surprised that none of its L3 capabilities was looked into. Half of the review seems to be around the fact that they shipped a serial to USB adapter and that the password was admin.
Having a 10G switch that can do BGP and OSPF for 80 USD.. what
Couldn’t there be a procedure to evaluate unknown USB devices if you’re paranoid? Like, plug them into an old Linux laptop that isn’t connected to your network, and observe what pops up through lsusb and dmesg. In this case, you’d expect a serial device to pop up. Linux tends to have drivers for those (FTDI, etc). If it presents itself as a storage device, or anything else unexpected, you might think twice about using it.
I’d be curious to know what other warning signs there might be.
Just got one of these in today, it’s go the same ‘nos’ cli that Planet stuff has, and is somewhat cisco-like, but lacks interface-range bulk commands, which is a little annoying.
Like old cisco stuff, password encryption is disabled by default, but once enabled, it converts all plaintext passwords in config, and the UI starts showing asterisks.
You can also disable the web UI entirely with no ip http server, the same for the out of box telnet.
SSH is enabled with ssh-server enable, and keys are gen’d with ssh-server host-key create rsa modulus 2048.