I started out with Tomato, and I liked its UI at the time... this must have been 2001-2004 or something.
I can say for sure that the Zyxel GS1900-24E is both a great deal per port, and extremely capable.
on using the right hardware and right OS for each task, as time and funds permit.
Whatever switch you go with, make sure that it supports link aggregation (logically combining two or more Ethernet ports) and, going along with that, has more ports than you expect to use. That way your bandwidth-hungry devices/pathways won't be limited by GigE speeds.
Another switch option are the Cisco SG300 series. The 10-port version can be picked up on the used market for ~$100 US and they are exceptionally capable and reliable devices. The 10-port units are compact and fan-less. The 28-port units run quietly as well.
1 Like
That zyxel 24 port is $100 new, fanless, and has link aggregation, qos, vlans, igmp snooping, bandwidth limiting, spanning tree, storm control, 802.1x authentication, etc etc truly a great deal.
@jeff
Would you prefer the Cisco over Zyxel ?
For me it doesn't matter if it cost ~50$ more, it should be just a lil bit user friendly as im not a network expert as you guys have probably figured out allready... 
I haven't looked at the Zyxel in a lot of detail, nor at its GUI at all. The price is certainly interesting for the feature set.
In general, I find that once a switch is set up, about all I ever do with the GUI is to occasionally add a new VLAN, use port mirroring to diagnose a problem, or backup config and update firmware. I always have to "remember how" with the GUI, just because it is so seldom that I look at it.
The Cisco has a couple features around DHCP anti-spoof and built-in DHCP relays that may or may not be interesting to you. I like that the Cisco config files are readable and clear and can be uploaded/downloaded either through the GUI or the serial/ssh console. The GUI is functional, though not terribly fast on the 24-port devices.
I'd say for a non-enterprise user it comes down to personal preference and willingness to deal with looking for, buying, and waiting for used equipment.
Dammit i just missed a good deal on ebay, my bet was too late and a almost brand new cisco SG300 10-port was sold for 87eur, the next one would a brand new and sealed unit for 171eur, which isn't that cheap imho.
The 10-port units, but with and without PoE, come up pretty often at least on US eBay at around US$75-80. In eBay (US at least), you can look at sold listings to get an idea for pricing.
Looking at sold listings on eBay US, within the last week or so, one 24-port unit sold for ~$40 with shipping, another at $50, and a 52-port unit for $42 delivered. Bah, killin' me with those prices, but I've got more than I need already...
Im from europe, eBay US won't help me much and it seems that you US people always have better prices than we do... At least with that type of equipment.
1 Like
That Zyxel is very usable. but remember to update the firmware first thing, they fixed a bug where you'd get white on white text in some browsers back in mid 2017, works like a charm now. BTW the firmware updates have been fairly regular. It's a good deal, not sure what pricing would be in your region though.
Zyxel GS1900-10HP would cost about 115eur (shipping included).
Zyxel GS1900-8 would cost 66eur with shipping....
1 Like
Unless you have a very contained situation to solve, you usually want a sizeable amount of ports - even more so with managed switches (because those offer segregating traffic, which in turn needs more ports - before even looking at bonding). Imho 24 ports are the minimum for a managed switch, better 32, but there prices are quickly becoming less and less attractive for home uses.
1 Like
I dont mind paying more for a 24port version but i want a fanless one...
ZyXEL GS1900-24E would cost about 95eur. PoE 24port models are way too expensive imho.
I like the 10-port units as they are passively cooled and use them on my desk, workbench, and my wife's desk. I use two 24-port units to connect entering else. Swapping the fans makes them much quieter. I used some little Scythe fans, at I recall.
Here in the US the zyxel 16 port is $110 whereas the 24 port is $100, unless you had limited space, you'd always go 24 port.
Those zyxel are all passive cooled.
For smaller port count / desk switches I go for the TP-Link SG108E which offers 8 ports and less features but only $38 here. It's acceptable but not as good as the zyxel by far.
No limited space here... Just found the Zyxel GS1920-24 @ ~160eur.
I will read some reviews later and maybe pick this device.
That one has the SFP ports and things, it's fine if you think you might expand to trunking a fiber across your office to a cluster of machines or something, but the GS1900-24E is cheaper and easier and smaller for normal home or small business use.
BTW to isolate the TP-Link or similar AP on both bands you could set up each radio to connect to a different VLAN and then bridge the VLANs in the router, using the same bridge isolation ebtables rules we're discussing here. So even if you can't make an enterprise AP directly isolate the two bands on the same VLAN, you can work-around that way.
1 Like
I actually miss Tomato's UI. It was simple and clean. I wouldn't complain if someone ported that UI to OpenWrt. I think you'd get a lot of converts to OpenWrt 
1 Like
Are you still discussing what's shown in the topic headline, or has this topic drifted into a "What device to buy" thread?
+1
Tomato's GUI is really nice and clean.
But i got used to Luci pretty fast... I couldn't got back to Tomato as OpenWRT has a lot more to offer and imho a more expierenced community.
@tmomas, sorry i guess we drifted away a bit...
So to pull it back a little on topic:
In your tomato were you able to figure out what devices were actually in your bridge? Were there any interfaces other than vlan3 and wl0.1 ?
Did you figure out any answers to questions in the comment from here: How to prevent Guest Network clients to communicate with each other?
I think we're close to making it all work for you, just need to figure out why wired<->wifi isn't isolated. It would also help to specifically test exactly what conditions cause leakage.