Okay, I’ve been watching lots of YouTube videos about switches and I’ve just made myself more confused. Managed versus unmanaged seems to be having a GUI versus not having a GUI, but why would anyone want a GUI on a switch? Shouldn’t your router do that? Also, a switch is like a tube station for local traffic, essentially an extension lead, so why do some have fans?

  • chiisana
    link
    fedilink
    English
    87 months ago

    There is only one router on your network. It routes traffic from one machine to another. This is typically also the gateway, and it only has so many ports.

    If you want more physical devices connected to your network, you’d need switches to fan out your network.

    Un-managed switches essentially takes packets from one port and pass them through another port, easy peasy, nothing fancy.

    Managed switches, however, can do more than just take packet from one port, then push it out to the other side. You can set up link aggregation for example, allowing more throughput by using two or more ports to go to the same destination (maybe for example a central file server). You can have L2 vs L3 switches so they route differently. You can have multiple paths to reach another machine, for redundancy but must implement STP to prevent broadcast loops etc.

    Once your network grows larger than just Internet for a couple of desktops, it gets a lot more interesting.

    • @[email protected]OP
      link
      fedilink
      English
      17 months ago

      Thank you. So based on this, shouldn’t things like OpenWRT and OPNSense be made for switches rather than routers? Since the switch seems to be doing all the heavy lifting.

      • chiisana
        link
        fedilink
        English
        37 months ago

        If you use everything from the same vendor, you could manage them in one place (see Ubiquiti’s UniFi stack as example), but at the end of the day, they serve different purposes and target different parts of your network.

  • @[email protected]
    link
    fedilink
    English
    6
    edit-2
    7 months ago

    A managed switch allows you to have vlans, routing, QoS, spanning tree protection etc. You don’t necessarily need a gui, a lot of them are cli only, which is preferable but less user friendly if you’re not used to it. Depending on your needs a managed switch can be overkill.

    • @[email protected]OP
      link
      fedilink
      English
      17 months ago

      But doesn’t the router do the VLAN stuff? Sorry, I don’t know how to phrase it properly

      • @rtxn
        link
        English
        6
        edit-2
        7 months ago

        VLANs are an extension of the Ethernet technology, and operate on the link layer (OSI layer 2). They are handled by switches. VLANs can belong to different subnets, and communication between them requires routing, which happens on the network layer (OSI layer 3) on either routers or layer-3 switches, but VLANs themselves are handled by switches.

        I recommend Network Chuck on youtube, his videos are very noob-friendly.

      • @Forne
        link
        English
        1
        edit-2
        7 months ago

        The router does the routing from one vlan into another. The switch has a funktion to apply the traffic with a specific vlan-tag. E.g. On the switch: to your PC vlan 3 could be applied and for your fridge vlan 25. On the router: You can allow vlan 3 access to the Internet but vlan 25 not. For management purposes you could allow vlan 3 access to vlan 25 but not the other way around.

          • borari
            link
            fedilink
            English
            27 months ago

            You’ve run up against the first thing that seems to really confuse people when they begin learning about networking.

            What you thought of as a LAN is a LAN. A VLAN is a Virtual LAN. It’s the same concept but virtualized, allowing more than one LAN on hardware that is just physically a single LAN.

            When most people are talking about setting up VLANs they are usually describing the creation of a separate layer 3 subnet and the creation of a VLAN ID that gets tagged to all packets that get sent on that separate subnet. This allows for both layer 2 and 3 separation of the virtual lans on a single physical network.

            Conceptually it’s very similar to VM’s running on a single server.

            • @[email protected]OP
              link
              fedilink
              English
              17 months ago

              So what differentiates a virtual LAN from a real LAN? Like how can I tell which one my ISP had set-up?

  • @rtxn
    link
    English
    67 months ago

    so why do some have fans

    As in cooling?

    Switches generate a ton of heat in the ports’ copper wires, especially gigabit+ and PoE. Higher-grade consumer and industrial (think Cisco) switches also have powerful hardware because they do a lot more than packet switching – they handle QoS, VLANs, and ACL-based filtering, as well as gigabit or faster connections on all ports.

      • @rtxn
        link
        English
        8
        edit-2
        7 months ago

        Switches (particularly layer-3 switches) have basic routing capabilities to connect different VLANs, but that is not their focus. Their purpose is to facilitate communication between devices connected to the same subnet, and across subnets on the same LAN.

        Routers specialize in communication between networks, e.g. between a LAN and the internet. They can use static routes or dynamic routnig algorithms protocols (e.g. RIP, EIGRP, OSPF, BGP) to find the shortest route, often across many routers, from the source to the destination.

        Think of routers as intercity railway lines, and switches as local transportation.

        The device that is usually referred to as a “home router” is usually a combination of a router, a switch, a wireless access point, optionally a cable modem, and sometimes a telephone modem; plus it offers services like a firewall, NAT, and sometimes VPNs. It does everything, but with a much lower performance compared to dedicated hardware.

        • @[email protected]OP
          link
          fedilink
          English
          17 months ago

          Can I come and live with you so you can break everything down to me so simply 😂

          Okay, so for my network, I would set my existing router to modem mode and then have that plugged into the router and then the router plugged to a switch, a switch connected to an access point and my devices connected to the access point. Does that make the modem the Eurostar? In that case, what is the router even doing? Does that mean I would need an access point for each VLAN? And if it does, is it really virtual if it’s tied to physical hardware.

          • @rtxn
            link
            English
            4
            edit-2
            7 months ago

            Generally, yes. WAN -> modem -> router -> switch -> (devices, wireless AP, other switches).

            If you set the internet provider’s device to modem/bridge mode, it will do one thing, and one thing only: forward traffic between the ISP’s infrastructure (like DOCSIS, telephone line, PPPoE, FrameRelay, etc) and an Ethernet port. The traffic on that port will be unfiltered and dangerous internet traffic.

            The first device after the modem should be something with a firewall and NAT. In most cases, this is a consumer-grade router, but it could also be a computer running pfSense/OPNsense/OpenWRT (which basically turns it into a router). The firewall’s role should be obvious – it filters everything that passes through it, and only allows permitted traffic.

            NAT (Network Address Translation) is a bit more complex. I’ll skim over the details – it allows you to have a private network of any size communicate with a public network using only a single public IP address (which is usually supplied by the ISP). It also enhances security because NAT is what facilitates port-forwarding, and your private network won’t be exposed through the public address unless you do that. NAT is almost always handled by the router. Firewalls can be integrated into the router, integrated into the modem, or implemented as a discrete device – make sure that the internet traffic passes through at least one firewall!

            The router in this case handles NAT, finding the first hop on the internet for outgoing traffic, and routing incoming traffic to the subnet that contains the destination device.

            From the perspective of packet switching on the network, a wireless access point is really no different than a switch, except it facilitates communication with wireless devices. Depending on the model, APs can support VLANs, and each wireless network can be assigned to a different VLAN on the same device.

            For example:

            • “family” wifi network on VLAN 100 with a password for trusted devices
            • “guest” wifi network on VLAN 101 with open authentication for untrusted devices
            • Connect the AP to a port on the switch, set those ports to trunk mode, and allow VLANs 100 and 101
            • Set the rest of the ports, where the wired devices will be connected, to access mode on VLAN 100
            • Give each VLAN a different subnet (e.g. 192.168.0.0 for one, 192.168.1.0 for the other)

            This way you can set up the router to allow both subnets to communicate with the internet, the family subnet to talk to devices on the guest subnet, but prevent guest devices from talking to the family subnet.

            How you achieve this depends on your ISP and what devices you own. For example, the ISP might only give you an IPv6 address, which is an altogether different headache.

            • @[email protected]OP
              link
              fedilink
              English
              27 months ago

              Thank you so much! I kinda had the bits in my head, but you’ve connected the dots for me. I am truly grateful!

  • @[email protected]
    link
    fedilink
    English
    4
    edit-2
    7 months ago

    So switches are able to do a lot of interesting things.

    Think about in a business, you want to have credit card machines, users computers, and maybe a security system and cameras. There have been so many news reports of how awful the cyber security of security cameras are that maybe you don’t want them to be on the same local network as the thing taking your customers payments. So, you could buy another router and switches and pay for a second internet service. But you know you don’t use all the bandwidth you currently have and you have extra ports on the switch. What if you could create a second local network? Have it on the same physical hardware but logically separate in the router and switch. Like a virtual local area network.

    This is exactly what a VLAN can accomplish. Now though, you have to tell the switch what port is using what VLAN, so you build a GUI into it.

    Some switches are also able to supply power to those cameras and the access points around your business, but that takes more electricity going into the switch, so you need to keep heat down, so slap a fan in there. Also, what happens if you want to power cycle a camera? Well, you could go find the cable and physically unplug it, or you could just reboot the whole switch, but hey, you already have a GUI for VLAN config, why not slap the ability to turn a port on and off in there too!

    The same goes for a home network, maybe you have a few cheap smart lights that have a questionable level of security… they’re fun though! So instead of risking your whole network, slap them in a dedicated VLAN and now some sweaty neckbeard doesn’t get to know what Christmas present you bought for your one favorite coworker.

    These are just a few examples of the top of my head. There’s plenty of other reasons for a GUI and fans.

  • @[email protected]
    link
    fedilink
    English
    23 months ago

    Certainly not an expert here but the GUI “being there” means you can configure something about the traffic flowing through, maybe VLANs or QoS. That also might be why some switches have fans. Deciding what packet has priority or is allowed is a bit more computationally complex (read: heat generating) than just pushing a packet to the right address.

    You might want a VLAN if you have a server connected to the same switch as your PC, but they shouldn’t “see” each other. If you didn’t have a VLAN there, your router or firewall can’t manage anything about the connection. Say you have a website and database on your server and only the website should be accessible by your computer, you’d be able to configure that with the firewall.

  • Churchill
    link
    fedilink
    English
    24 months ago

    a switch is like a tube station for local traffic, essentially an extension lead

    You’re right, a basic unmanaged switch is basically that!

    Managed switch is a smarter switch. For example, creating VLANs or doing port trunking.

    These are generally configured on the switch GUI as you mentioned.

    Think of them as a computer with dedicated software to control how the network interfaces behaves.