Your router has 4 x 2.5GbE RJ45 ports. So I would think you would want to stay with 2.5GbE as a minimum with your switch. With that said you might want to take a look at this review:https://www.servethehome.com/the-ultimate-cheap-2-5gbe-switch-mega-round-up-buyers-guide-qnap-netgear-hasivo-mokerlink-trendnet-zyxel-tp-link/. You mention Home Assistant monitoring capabilities. The switch is not going to monitor Home Assistant itself. If you get a managed switch it will monitor the port that your Home Assistant instance is connected to if that instance is a bare metal install and connected to this switch. An unmanaged switch will not monitor anything. All you will get with an unmanaged switch is the blinking LED's that are on either side of the RJ45 port. If you are looking for a switch that you can monitor with Home Assistant then you should look for one with a good integration. Ubiquiti has an "Official" integration. TP-Link, NetGear, D-Link, and Mikrotik have community integrations in the HACS store. I have no idea how well any of these will work. You may end up having to use SNMP, which Home Assistant as an integration for, you just need to make sure that your switch also supports SNMP, some do and some don't. You also might want to look at the used market (eBay) etc. You might find something that will meet your needs there. When buying used make sure you can determine what "Version" your switch is. TP-Link will have a switch with a part number then a version 1, 2, or 3, etc. As their software is updated a certain version may end up becoming "end of life (EOL)" meaning you won't get any more updates for that version. Other brands do the same thing, that is not just a TP-Link thing. You also might want to think about POE with your switch. If you think that IP cameras or IP phones might be in your future then POE would be real handy. Also think about the number of ports. You said you need at least (4). There are some with 8 ports that are generally desktop switches (not rack mountable).

@Tj Hoag Not a problem. Let us all know what you end up with. Also @Brandon Lee just did a blog post about upgrading your Homelab equipment which has several switches you might want to look at. I am working on pre-configuring my MikroTik switch with their routerOS. It is not for the "faint of heart". Big learning curve. But that is what this is all about learning :>)

I quickly spun up a TriliumNext Notes Docker image and it seemed to work flawlessly. I didn't setup persistent storage so I destroyed the container after logging in and taking a look around. I intend on trying again when I get a chance. However if this works it would be a game changer for me. I guess my question would be the pass through of devices. I had trouble trying to pass through USB devices to an LXC container when trying to setup a NUT server with persistent device names and keeping the correct permissions on them. When I couldn't get it to work I decided to just do it natively on the Proxmox OS.

Already done also! No issues, smooth as can be. The reboot gave me an excuse to shutdown the server and install my new (to me) 10GbE PCIe SFP+ NIC. When I restarted the new interfaces were recognized by Proxmox. Now I have to get my DAC cables (due today) and start configuring my new (to me) Mikrotik switch that has (4) SFP+ ports. :>)

I don't disagree but I guess my question really is if the US bans the sale of TP-Link routers in the US, do you think they would ban their AP's, Switches, and other TP-Link products. If they are banned what do consumers (Me) do? Because of my network design I don't believe my access switches are really exposed. The weakest point of my system are my ap's through my guest network. The IOT stuff is already pretty much shut out of the internet, but there are other things I can do to isolate them further without making them useless. With that said I had contemplated making some changes and have started to move forward with them. Instead of (3) Proxmox servers in a (3) node cluster, I have gone to (1) Proxmox server as an application server. (1) Truenas Scale server as a storage server, and (1) small server as a Frigate NVR. Along with this I wanted to add multi-gigabyte Ethernet to the picture. I decided on replacing (2) TP-Link Omada access switches with (1) Mikrotik (24) 1GbE ports POE+ switch that has (4) 10GbE SFP+ ports on it. I have purchased (2) 10 GbE network cards and will get (2) DAC cables day after tomorrow. I will install them in the above mentioned application server and storage server to form a 10GbE "backbone". As I move forward I will start to think about replacing my AP's with Ubiquiti AP's. An excuse to upgrade to 10GbE in my network. Now all I need to do is to get all this stuff I have replaced/upgraded sold to recoup some of my costs :>)

@John Lohman In my interaction with Gemini it did not necessarily quote "the company's" own words. In fact see the following conclusion that it gave me: ⚖️ Conclusion It is difficult to definitively say one manufacturer has "more exploits," but the data suggests: - Total Reported Vulnerabilities (CVEs): Cisco and Fortinet generally have a higher total number of CVEs recorded due to their complexity, product volume, and transparent disclosure practices. - Mass-Exploitation: TP-Link and similar consumer brands are frequently involved in large-scale botnet attacks due to widespread deployment and often-unpatched consumer firmware, making them a significant concern for general internet security. The most important factor for any user or organization is not the overall vendor count, but how quickly and effectively you apply patches and updates to your specific devices. And that last line is probably the most important "advice" given, "apply patches and updates to your specific devices". The question then becomes will you continue to get updates. If the "ban" stops the updates then all your equipment immediately becomes obsolete and thus vulnerable to any future exploits. As a used equipment purchaser I am becoming more aware of EOS and EOL issues, especially with vendors such as TP-Link, Netgear, Linksys, etc. It will be interesting to see how this all plays out, but like you I have already made the move to change out my TP-Link switches and will make a plan to change out my TP-Link AP's.

If I am not mistaken you could setup Wireguard between the machines and use the virtual private tunnel to have the API's request received and handled without opening any ports on your router. Tailscale installed on both machines with a free Tailscale account would make it even easier and Tailscale is based on Wireguard and for what its worth I believe the founders are ex-Googlers. I used Wireguard but it can be a pain to setup, Tailscale is as easy as pie :>)