Might not have mattered if it was in the loft. 
And presumably draw a lot of power.
I have other heat worries about the whole idea since my loft gets very warm in sunny weather.
Had look on ebay earlier - I can also see there really isn't much of a price differential, so given your advice I can see it's better to go with consumer switches.
Thanks to you both.
Having worked on porting OpenWRT on managed switches using RTL8380 SoCs (Support for RTL838x based managed switches), my experience is that all vendors including premium vendors like Cisco use the same switch designs made by always the same Taiwanese companies for these SoCs. Whether the electronic components are of higher quality in some cases I don't know. For a list of vendors for this SoC type see e.g this interesting list:
https://packetstormsecurity.com/files/154201/Realtek-Managed-Switch-Controller-RTL83xx-Stack-Overflow.html
With regards to heat: There are web-managed switches with up to 52 GE ports that do not need fans, for example the DLink DGS‑1210‑52. Fans come into play when either PoE of more than about 100Watts is made available by the switch or there are Multi-Gigabit ports in the switch, as the power consumption seems to increase roughly linearly with the speed of a port. There is experimental support for OpenWRT for switches with up to 28 ports, including 4 SFP ports for fibres with the RTL8382M SoC, all fan-less and some with 100Watts PoE.
Kobi
Still educating myself on managed switches, but I did notice that some (all) cheap ones only support VLAN's from 1 to the number of ports. So they are not suitable for some use cases (i.e. WAN tagging with ISP's specific VLAN id). I will read up on Zyxel and HP switches now.
That isn't necessarily a problem, if they at least allow defining VIDs (VLAN IDs).
That is the thing: they do not. Some I checked only support VLAN ids from 1 to 5 (or 8). I think they call it Basic VLAN Support.
I too was looking for a managed switch. I ended up ordering a Netgear GS108Ev3. I already have a GS105Ev2 and yes the interface is horrible but it doesn't really matter, configure it once and done.
I went with Netgear because it supposedly uses a better Broadcom chip, though who knows what they really ship these days or if it really matters vs Realtek that TP-Link, Zyxel and others use.
One weird thing about these Netgear switches:
That's from the firmware release notes, well known issue. But I have no plans to enable flow control, so it should be OK. And it's just for port 80 which is less common these days. But still, surprised by such a crappy decision, you would think they could have picked a less common port for their web interface or let you set it.
They all have 802.1q advanced settings where you can customize about 4000 VLAN IDs (might be easy to miss it though in the crappy web interface). If you do basic port based VLANs then you get VLANs from 1 to the number of ports.
Updating the above ... I gave up on the Netgear GS108Ev3 because you can't set the management VLAN, it's stuck on PVID 1 untagged only. You also cannot set ports to allow tagged traffic only. And other things like a port can be untagged in multiple VLANs which makes no sense to me.
I instead picked up a GS108Tv2 (Broadcom BCM53312) on the cheap. It's better in terms of the above limitations, but the web interface is also terrible and it's not getting firmware updates anymore. It does the job, set it and forget it, I hope to not look at the UI often.
Consumer grade managed switches are disappointing. They can get the job done in a home environment, but if you want to do things the proper way and learn from it, look for something else 
I think the TP-Link small-business grade switches look reasonable: T1600G-28TS for example (about $125 on Amazon)
Also the Zyxel GS1900-24E used to be about $99 it's an excellent deal at that price.
For low-end home use the TP-Link sg108e is workable, it supports full VLANs and very basic QoS, as well as static LAGs
I wish they came in smaller form factors for 8 ports. They are pretty big to hang on the wall, next to a tiny EdgeRouter X
I don't think it lets you set the management VLAN or to set ports to allow only tagged traffic. But it does work for a home network, keep the main VLAN untagged, PVID 1 and add other VLANs for guest, IoT, work, etc.
A secure connection https or ssh access would be nice too.
I like the Cisco SG250-08. It has ssh cli management, and can be powered by PoE. Has all the mentioned features, is small and stable. And runs some OpenWrt based SDK...
Perhaps older versions had these limitations but current versions with up to date firmware do not have these issues. (I suppose the way you allow "only tagged traffic" is to set the port VID to a nonexistent VLAN. I use 4094)
Interesting device, I did look at it but couldn't find one on the used market. New it's $90+ vs. the GS108Tv2 that I got for $30 on CL.
Yeah that's the (ugly) workaround for tagged traffic only. Better switches let you control ingress, they can filter out non-tagged traffic and also traffic with tags that have no business being on that port -- though neither is big deal in a home environment, just saying.
Does it allow you to change the management VLAN though or is it always PVID 1 untagged traffic? I looked through some UI screenshots and didn't see any option to do so.
My understanding is it's always VLAN1 but you can PVID whatever you want. So if you want to put PVID=4094 on all ports, then you'll only be able to admin the switch by tagged packets.
I have not tested this, but I did read about how earlier firmwares would prevent you from modifying vlan1. The firmware released 2018-01-05 for the version 3 hardware fixed this bug, and I believe it's fixed in later versions etc as well. So you can make it so that there are ports that can't be used for management in any way.
You can make certain ports not a member of VLAN1, so then it will exclude packets on vlan1 arriving at that port, I think this also means if the PVID = 1 it will exclude those packets too (should be tested).
Interesting. This budget TP-Link might be a good alternative to the more expensive Netgear that now forces you to register to enable most features (at least on some models).
I'm curious whether anyone has any first hand experience with the Zyxel GS1200-8 vs TP-Link TL-SG108E
You might look at the different Cisco/Linksys SLM2008 versions if you want a used device.
I bought the SG250-08 because I've been very satisfied with the SLM2008 I've had since 2009, and the SG250-08 is just "the new version" as far as I understand. Obviously, that means a completely different device in the same wrapping. But they are both good. The SLM2008 lacks CLI management and doesn't offically support SNMP. But those are minor issues to me. SNMP actually works fine if you just turn it on by editing the (binary) config file. CLI management is nice to have, but not a must in this price range IMHO.
Both versons came with a small plug-in power supply, and can be powered by 802.3af PoE. I have only used the latter.
the only complaint if you can call it that... i have with my SG... is that it's a bit chatty by default(stp spam,mcast)... also now that I think of it... changing the built-in management ip/vlan was super easy... but that I can understand why...
no so much complaints... but something to be aware of with that series for basic users...
Well, thinking of it, I do have one complaint: The SG250-08 came with a super-scary "Smartport Macro" feature enabled by default.
This feature tries to auto-configure the ports based on the connected equipment. Yes, sounds like a nice and user friendly thing. But what does that mean in practice? Well, connect something advertising itself as a switch using LLDP and bam! - the port is configured as a trunk with every VLAN available on the SG250...
That's a serious security flaw unless you have absolute trust in every connected device.
But this is the kind of stuff you have to accept in this class of equipment. I don't think it's unique for Cisco or the SG250 models. It's just something to be aware of.
macro auto disabled
will fix it. You'll probably want to disable the "pnp" feature too.
#@global config
no pnp enable
no lldp run
no bonjour enable
#optional
no cdp run
#@for lazy admins damn thing logs you out every 2 minutes
ip http timeout-policy 0
#@interface vlan
no snmp trap link-status
#@switchport
spanning-tree disable
that's pretty much all the 'shut-up' config i've got