Transparency notice: This post was researched and drafted with AI assistance (Claude, by Anthropic) and reviewed by Rocket Routers before publishing. We sell WiFi 7 routers with SFP ports, so we have a commercial interest here β we've tried hard to be fair anyway. If anything is wrong or out of date, contact us and we'll fix it.
- What is a network switch and why do you need one?
- Port speeds β 1G, 2.5G and 10G explained
- SFP vs SFP+ β what's the difference?
- Fibre vs copper vs DAC β which cable should you use?
- Managed vs unmanaged switches
- VLANs β what they are and why they matter
- VLANs in practice β home office, large office, enterprise
- Which Rocket Routers router works with which switch?
- What should you actually buy?
1. What is a network switch and why do you need one?
A router connects your network to the internet. A switch connects devices to each other β and to the router β over wired ethernet. Think of the router as the front door of your network and the switch as the hallways and rooms inside.
Most routers come with 4 or 5 ethernet ports built in. For a small home setup, that's often enough. But once you start adding more wired devices β desktop computers, network attached storage (NAS), smart TVs, games consoles, IP cameras, access points, printers β you run out of ports quickly. A switch gives you more ports, and done right, it gives you faster, more organised connections between devices.
Router = connects you to the internet. Switch = connects everything inside your network to each other and to the router. You add a switch when you run out of router ports, or when you need faster wired connections between devices.
Fig 1. Without a switch you quickly run out of router ports. Add a switch and one router port expands to 8 or more wired connections. Click to enlarge.
There's another reason to add a switch beyond just running out of ports β speed. The built-in ports on most routers are 1 Gigabit. If you're moving large files between computers, editing video over the network, or running a NAS, a switch with 2.5G or 10G ports lets devices talk to each other much faster than the router's built-in ports allow.
2. Port speeds β 1G, 2.5G and 10G explained
Ethernet ports come in several speed tiers. Understanding which you need β and why the difference matters β is important before you spend money on a switch.
| Speed | Actual throughput | Best for | Typical cost |
|---|---|---|---|
| 1 Gigabit (1G) | ~125 MB/s real world | Most home and small office use, standard broadband, general browsing, streaming | Very affordable β Β£20βΒ£60 for an 8-port switch |
| 2.5 Gigabit (2.5G) | ~280 MB/s real world | Home NAS, faster file transfers, multi-gig broadband connections, WiFi 6/7 backhaul | Mid-range β Β£60βΒ£150 for an 8-port switch |
| 10 Gigabit (10G) | ~1,000 MB/s real world | Enterprise, data centres, server connections, high-speed NAS, video editing, 10G broadband uplinks | Premium β Β£150βΒ£500+ depending on port count and features |
For most home setups and small offices, 1G is still perfectly adequate. Your broadband connection is almost certainly under 1G, so a 1G switch won't bottleneck anything coming from the internet. Where 2.5G and 10G start to matter is for traffic inside your network β copying files between computers, backing up to a NAS, or connecting a WiFi 7 access point that can genuinely push multi-gigabit wireless speeds.
Most people buying a 10G switch for a home setup are future-proofing rather than solving a current problem. That's a legitimate reason to buy one. But don't let anyone sell you 10G by telling you your 1G switch is the bottleneck β unless you're actually moving large files internally, it almost certainly isn't.
The storage truth β the bottleneck you might not have considered
Here's something most networking guides don't tell you, and it matters a lot before you spend money on a fast switch: your network is only as fast as the slowest link in the chain β and that link is often your storage, not your switch or router.
A traditional spinning hard drive (HDD) delivers roughly 100β180 MB/s of sequential read speed. That's the kind of drive in many NAS units, desktop computers, and external backup drives. A 1 Gigabit network connection moves data at around 125 MB/s β which means a 1G network is already faster than most traditional hard drives can actually supply data. You are not being bottlenecked by your 1G switch. You are being bottlenecked by the drive itself.
Move to 2.5G and that ceiling rises to around 280 MB/s. A fast HDD or a basic SATA SSD can now start to feel the network speed. Upgrade to 10G and you're looking at a theoretical ceiling of around 1,000 MB/s β but to actually see those speeds, you need NVMe SSDs or a high-performance RAID array on both ends of the connection. A single spinning hard drive will saturate at around 150 MB/s regardless of whether you're running 1G, 2.5G or 10G between the machines.
| Storage type | Typical read speed | Network speed needed to match | Bottleneck at 10G? |
|---|---|---|---|
| Traditional HDD | 100β180 MB/s | Under 1.5G | Yes β massively. Drive is the limit. |
| SATA SSD | 400β550 MB/s | Around 4β5G | Yes β 2.5G is often enough |
| NVMe SSD (mid-range) | 2,000β3,500 MB/s | 10G+ (and beyond) | No β NVMe can outrun 10G easily |
| NVMe RAID array | 5,000β10,000+ MB/s | Beyond 10G β 25G or 40G territory | No β network becomes the limit |
Before upgrading to a 2.5G or 10G switch, honestly assess what storage you're running. If your NAS or file server is spinning HDDs, a faster switch will give you almost no real-world benefit β you'll just hit the drive ceiling faster. Upgrade your storage first, then your network. The order matters.
Mixed-speed switches
Many modern switches mix port speeds β for example, a switch might have 8 ports at 2.5G and 2 ports at 10G. This is actually a very practical design. The 2.5G ports handle most devices β computers, NAS units, access points β while the 10G ports connect to the router's SFP+ uplink or to a server that genuinely needs the extra bandwidth. You get the speed where you need it without paying for 10G everywhere.
3. SFP vs SFP+ β what's the difference?
SFP stands for Small Form-factor Pluggable. It's a type of port that accepts a removable transceiver module β a small plug-in device that handles the actual connection, whether that's copper ethernet or fibre optic. The idea is flexibility: one port type that can accept different modules for different connection types and distances.
SFP (standard)
Standard SFP ports run at up to 1 Gigabit. You'll find them on mid-range switches and some routers. You can fit a copper SFP module (connects to regular ethernet cable), a short-range fibre module, or a long-range fibre module depending on what you need. Standard SFP is common in small business and home-office managed switches where you want a flexible uplink port without going to 10G.
SFP+ (enhanced)
SFP+ runs at up to 10 Gigabit. The physical form factor is identical to SFP β the same size port, the same type of modules β but the electronics behind it are significantly more powerful. SFP+ is the standard for enterprise and data centre connections. When our Rocket Plus and Rocket Pro routers list a "10G SFP port," they mean SFP+.
SFP and SFP+ ports look identical but are not always interchangeable. An SFP+ port will usually accept a standard 1G SFP module running at reduced speed, but an SFP port cannot run SFP+ modules at 10G. Always check the spec sheet of your switch or router before buying modules.
What SFP+ is actually used for
In a home or small office, SFP+ is most useful as a high-speed uplink between your router and a switch. Rather than connecting them with a copper ethernet cable limited to 2.5G or 10GBase-T, you can run a Direct Attach Copper (DAC) cable between the SFP+ ports of both devices for a clean, fast, low-latency 10G connection. DAC cables are inexpensive and perform very well over short distances.
In enterprise and data centre environments, SFP+ is used for everything β server connections, switch-to-switch uplinks, and long-distance fibre runs between buildings. The fibre module options for SFP+ range from short-range (300 metres over multimode fibre) to many kilometres over single-mode fibre.
| Type | Max speed | Typical use | Common environment |
|---|---|---|---|
| SFP | 1 Gbps | Flexible uplink on managed switches, short fibre runs | Small business, home office |
| SFP+ | 10 Gbps | Router-to-switch uplinks, server connections, inter-switch links, data centre fibre | Enterprise, data centre, high-performance home |
| QSFP+ | 40 Gbps | Data centre core infrastructure, high-density server connections | Large enterprise, data centre only |
3b. Fibre vs copper vs DAC β which cable should you use?
SFP and SFP+ ports accept different types of modules β and the type of module determines what cable you use to connect everything together. This is where a lot of people get confused, so here's a straight breakdown of your three options.
Standard twisted pair copper (Cat5e, Cat6, Cat6a)
This is the cable most people know β the ethernet cable with an RJ45 plug on each end. It sends electrical signals down pairs of copper wires twisted together. The twisting reduces interference between adjacent pairs. It's inexpensive, widely available, and works perfectly well for most connections inside a building.
Limitations worth knowing:
- Maximum reliable distance is 100 metres per run at Gigabit speeds. Beyond that, signal degrades and errors increase
- At 10G speeds over copper (called 10GBase-T), the cable and transceivers generate significantly more heat and use more power than fibre equivalents
- Susceptible to electromagnetic interference β motors, fluorescent lighting, industrial equipment, and other electrical sources can all introduce noise
- Heavier and stiffer than fibre β harder to run through walls, ceiling voids and conduit at volume
Fibre optic
Fibre carries data as pulses of light rather than electrical signals. That single difference changes almost everything about its performance characteristics.
Why fibre is better for longer runs and demanding environments:
- Distance β multimode fibre (OM3/OM4) runs 300β400 metres at 10G. Single-mode fibre runs kilometres without signal loss. For connecting buildings, separate floors, or a distant server room, fibre is the only sensible choice
- Zero electromagnetic interference β light is completely unaffected by electrical interference. Factories, hospitals, plant rooms, anywhere near heavy machinery β fibre is immune to all of it
- Lower power consumption β fibre SFP+ transceivers use less power than 10GBase-T copper at equivalent speeds, which matters at scale in a data centre
- Thinner and lighter β fibre cables are significantly thinner and lighter than copper equivalents, making them far easier to route through conduit and tight spaces at volume
- Future-proof speed upgrades β the same fibre cable can support faster speeds simply by replacing the SFP+ modules at each end. The cable itself is not the bottleneck
Multimode fibre (orange or aqua cable) β cheaper, used for runs up to around 300β550 metres depending on the standard. The standard choice within a building or campus. Single-mode fibre (yellow cable) β more expensive, used for very long runs β hundreds of metres to kilometres. Standard for building-to-building or campus-wide connections.
DAC cables β the pragmatic short-range choice
Direct Attach Copper (DAC) cables are a clever middle ground that most people outside data centres haven't heard of. A DAC cable is essentially a fixed SFP+ to SFP+ cable β copper wire on the inside, but with the transceiver modules built in at each end and no RJ45 connector involved.
DAC cables are the standard choice for connecting two pieces of equipment that are physically close together β a router and a switch in the same cabinet, for example, or a server and the top-of-rack switch. They work at 10G up to about 5β7 metres reliably, cost very little (often Β£10βΒ£30), have lower latency than active optical connections over short distances, and consume very little power.
If you're connecting the Rocket Plus or Rocket Pro's 10G SFP+ port to a nearby managed switch, a DAC cable is almost certainly the right choice β cheap, simple, fast, and no transceivers to worry about.
| Cable type | Max distance | Max speed | Interference immunity | Best for |
|---|---|---|---|---|
| Cat6 copper (RJ45) | 100m | 10G (hot, power-hungry) | Low | Standard in-building runs, desktop connections, patch cables |
| DAC cable | 5β7m | 10Gβ100G | Medium | Short rack-to-rack or router-to-switch connections |
| Multimode fibre (SFP+) | 300β550m | 10Gβ100G | Complete | Floor-to-floor, building runs, server room uplinks |
| Single-mode fibre (SFP+) | Kilometres | 10Gβ400G+ | Complete | Building-to-building, campus, long-distance enterprise runs |
Fig 2. Three cable types compared β copper Cat6 for short in-room runs, DAC for same-cabinet connections, fibre for everything longer. Click to enlarge.
This is the most important decision when buying a switch. Get it wrong and you either overspend on complexity you don't need, or underspend and find yourself unable to do what you want later.
Unmanaged switches
An unmanaged switch is plug and play. You connect it to power, plug ethernet cables into it, and it works. There are no settings, no interface, no configuration. Every port gets the same treatment β all traffic is visible to all ports, all ports run at whatever speed they negotiate with the connected device.
For most homes and small offices, an unmanaged switch is completely adequate. If you just need more ethernet ports, or a way to connect a few computers and a NAS together, an unmanaged switch is the right choice. They're cheaper, simpler, and more reliable precisely because there's nothing to configure and therefore nothing to misconfigure.
Home use, small office with under 10 devices, anyone who doesn't have a specific reason to segment traffic or manage bandwidth. Unmanaged switches from reputable brands like TP-Link, Netgear and QNAP are solid and inexpensive. Don't spend more than you need to.
Managed switches
A managed switch has a configuration interface β usually a web browser interface, sometimes a command line. You can log in and control how the switch behaves: set port speeds, monitor traffic, configure VLANs, set up link aggregation, control Quality of Service (QoS), and more.
Managed switches cost significantly more than unmanaged equivalents. They're worth the investment when you have a specific reason to need the control they offer β which usually means VLANs, traffic prioritisation, or a network large enough that visibility into what's happening is genuinely useful.
Smart switches β the middle ground
Many manufacturers now sell "smart" or "web managed" switches that sit between fully unmanaged and fully managed. They have a basic web interface that lets you configure VLANs and some basic settings, but without the full feature set of an enterprise managed switch. For small offices that want VLAN capability without enterprise complexity or cost, smart switches are often the sweet spot.
Some smart switches even have a physical VLAN button on the unit itself β a simplified way to segment the network without logging into an interface at all. These are worth considering for small setups where you want basic separation β say, keeping guest WiFi traffic separate from business traffic β without full managed switch complexity.
| Type | Configuration | VLANs | Best for | Cost |
|---|---|---|---|---|
| Unmanaged | None β plug and play | β | Home, small office, anyone who just needs more ports | Lowest |
| Smart / Web managed | Basic web interface | β Basic | Small to medium office wanting VLAN capability without enterprise cost | Mid |
| Fully managed | Full web UI + CLI | β Full | Enterprise, larger networks, IT professionals, anywhere needing full control | Highest |
5. VLANs β what they are and why they matter
VLAN stands for Virtual Local Area Network. It's a way of dividing one physical network into multiple separate logical networks β without needing separate physical switches and cables for each one.
Imagine you have one switch with 24 ports. Without VLANs, all 24 devices plugged into it can see each other's traffic and communicate freely. With VLANs, you can tell the switch: ports 1β8 are on VLAN 10 (the office network), ports 9β16 are on VLAN 20 (the guest network), ports 17β24 are on VLAN 30 (the CCTV network). Devices on different VLANs cannot communicate with each other directly β even though they're all plugged into the same physical switch.
Think of VLANs like floors in a building. Everyone is in the same building (same physical switch), but the lifts don't stop at certain floors unless you have the right access (routing rules). You can see people on your own floor but not what's happening on other floors.
Fig 3. One physical switch, three completely separate networks. Staff, guests and CCTV cameras share the same hardware but cannot see each other's traffic. Click to enlarge.
Why VLANs matter for security
The primary reason most people implement VLANs is security. If every device on your network is on the same flat network, a security problem on one device potentially affects every other device. A compromised smart TV, for example, could in theory be used to attack your work laptop if they're on the same network with no separation.
VLANs contain the blast radius of a problem. If your CCTV cameras are on their own VLAN and one gets compromised, the attacker is stuck in the CCTV VLAN with no route to your main network β unless someone has specifically configured that routing, which you wouldn't have.
Tagged and untagged VLANs
This is where it gets slightly technical but is worth understanding. VLANs work by tagging ethernet frames with a VLAN ID as they travel through the network. A managed switch can be configured to tag and untag traffic on different ports.
An untagged port (also called an access port) carries traffic for one VLAN only. The device connected to it doesn't know it's on a VLAN β it just sees a normal network. A computer plugged into an untagged port on VLAN 10 just thinks it's on a normal network.
A tagged port (also called a trunk port) carries traffic for multiple VLANs simultaneously, with each packet tagged to identify which VLAN it belongs to. Trunk ports are used between switches, and between a switch and a router that handles inter-VLAN routing.
6. VLANs in practice β three real scenarios
Scenario A: Small home office with 3 unmanaged switches and a VLAN button
You have a home office. You've got a router, three cheap unmanaged switches around the house, and you want to separate your work traffic from your family's devices. Some smart switches have a physical VLAN button β typically this enables a basic port-based separation where one set of ports is isolated from another.
With the VLAN button enabled on a basic smart switch, you might be able to separate ports into two groups β one for your work devices, one for everything else. It's crude but effective for basic isolation. The limitation is that these simplified VLAN implementations don't support trunk ports or inter-VLAN routing β you get separation, but both groups still share the same internet connection through the router, and neither group can talk to the other.
For a simple home setup where you just want your work laptop not to be on the same broadcast domain as the kids' devices, this is often good enough.
Scenario B: Small to medium office with a managed switch
You have a 20-person office. You want three VLANs: staff computers, a guest WiFi network for visitors, and a server network for your file server and backup system. You have a managed switch and a router capable of inter-VLAN routing β like the Rocket Pro running OpenWrt.
Your setup might look like this:
- VLAN 10 β Staff network. All employee computers and printers on untagged ports 1β16
- VLAN 20 β Guest network. WiFi access point connected on a tagged port, broadcasting a guest SSID that puts guests on VLAN 20 only
- VLAN 30 β Server network. File server and NAS on untagged ports 17β20
- Trunk port β connects the switch back to the router carrying all three VLANs tagged
The router then handles inter-VLAN routing β deciding what traffic is allowed between VLANs. Staff can access the server VLAN. Guests can reach the internet but nothing on the staff or server VLANs. The server VLAN has no internet access at all. Clean, secure, auditable.
Scenario C: Enterprise with multiple managed switches and full VLAN infrastructure
A larger enterprise might have dozens of managed switches across multiple floors or buildings, all connected via fibre uplinks through SFP+ ports. Every switch in the stack supports the same VLAN configuration, propagated through trunk ports that carry all VLANs simultaneously.
At this scale, VLANs become essential for both security and performance. Broadcast traffic β the constant background chatter of a network β is contained within each VLAN rather than flooding every device on the network. With hundreds of devices on a flat network, broadcast traffic alone can cause significant performance problems. VLANs solve this by containing broadcasts within each segment.
Enterprise managed switches also support features like VLAN ACLs (Access Control Lists) that define exactly what traffic is permitted between VLANs at the port level, 802.1X authentication that requires devices to authenticate before joining a VLAN, and DHCP snooping that prevents rogue devices from handing out fake IP addresses.
Full VLAN configuration on managed switches is genuinely complex to get right. If it's misconfigured, traffic can bleed between VLANs, or devices can lose connectivity entirely. For enterprise deployments, it's worth having someone who knows what they're doing configure it. For smaller setups, smart switches with simplified VLAN interfaces are much more forgiving.
7. Which Rocket Routers router works with which switch?
No SFP port
The Starter has 4Γ Gigabit LAN ports and a 2.5G WAN port. It will work with any unmanaged or managed gigabit switch connected to one of its LAN ports. No SFP β so no direct high-speed fibre or DAC cable connection to a switch. For most home and small office use with the Starter, a standard unmanaged 1G or 2.5G switch is the right companion.
10G SFP+ port + 2.5G WAN + 3Γ Gigabit LAN
The Plus has a 10G SFP+ port designed to connect directly to a managed or smart switch via a DAC cable or fibre module for a fast, clean uplink. Its 2.5G WAN handles the broadband connection, and 3 Gigabit LAN ports handle wired devices directly. Pair it with a 2.5G or 10G managed switch and you have a serious home or small office network. The SFP+ port makes the Plus genuinely future-proof for multi-gig internal networking.
10G SFP+ port + 2.5G WAN + 3Γ Gigabit LAN + OpenWrt
The Pro is built for exactly the kind of setup described in Scenario B and C above. Its 10G SFP+ port connects to an enterprise managed switch, its 2.5G WAN handles the incoming connection, and with OpenWrt firmware it can handle inter-VLAN routing, firewall rules between VLANs, and full network segmentation. This is the router for anyone building a properly segmented network for an office or enterprise environment.
8. What should you actually buy?
Straight answer based on your situation:
Home user, just need more ports
Any unmanaged 1G switch from TP-Link, Netgear or QNAP. 8-port will cost around Β£20βΒ£30. You don't need anything more complex. Plug it in, it works.
Home office wanting faster internal file transfers
A 2.5G unmanaged or smart switch. Pairs well with the Rocket Plus or Rocket Pro's 2.5G LAN ports for noticeably faster transfers to a NAS or between computers.
Small office wanting basic network separation
A smart switch with VLAN support β something like the TP-Link TL-SG108E (8-port, web managed, around Β£40) or similar. Pairs with the Rocket Plus or Rocket Pro. Gives you VLAN capability without enterprise cost or complexity.
Larger office or enterprise wanting full control
A fully managed switch with SFP+ uplinks β brands like Ubiquiti UniFi, Cisco Catalyst, or Netgear M4250 series. Connect the SFP+ uplink to the Rocket Pro's 10G SFP+ port via DAC cable. Run OpenWrt on the Pro for inter-VLAN routing. Properly configured, this gives you a genuinely enterprise-grade network at a fraction of traditional enterprise pricing.
Tell us about your setup and we'll give you a straight recommendation β including if the answer is "you don't need a switch at all." Contact us here.