What is lan switch. What is a hub, switch and router? Switch functions for monitoring and troubleshooting

If earlier the network cable through which the data was transferred was simply connected directly to the computer, now the situation has changed. In one residential apartment, office or large company, it is often necessary to create a computer network.

For this, devices are used that are included in the category of "computer equipment". These devices include a switch that allows. So what is a switch, and how to use it to build a computer network?

What are switch devices for?

Literally translated from English, the computer term "switch" refers to a device that is used to create a local area network by connecting several computers. A synonym for the word switch is a switch or switch.

A switch is a kind of bridge with many ports through which packet data is transmitted to specific recipients. The switch helps to optimize the operation of the network, reduces the load in it, increases the level of security, fixes individual MAC addresses, which allows you to quickly and efficiently transfer data.

Such switches were able to supplant the hubs that were previously used to build computer networks. A switch is a smart device capable of processing the received information about connected devices, and then redirecting the data to a specific address. As a result, network performance is increased several times and the Internet is faster.

Equipment types

Switch devices are divided into different types according to the following criteria:

• Port type.
• Number of ports.
• The port operation speed is 10 Mbit / s, 100 Mbit / s and 1000 Sbit / s.
• Managed and unmanaged devices.
• Manufacturers.
• Functions.
• Specifications.

By the number of ports, switch switches are divided into:

• 8-port.
• 16-port.
• 24-port.
• 48-port.

For home and small offices, a switch with 8 or 16 ports that operate at a speed of 100 Mbps is suitable.

Large enterprises, companies and firms need ports with a speed of 1000 Mbps. Such devices are needed to connect servers and large communication equipment.

Unmanaged switches are the simplest hardware. Complex switches are managed on the network or layer 3 of the OSI model - Layer 3 Switch.

Also, management is carried out through methods such as:

• Web interface.
• Command line interface.
• SNMP and RMON protocols.

Complex or managed switches enable VLAN, QoS, mirroring and aggregation. Also, such switches are combined into one device called a stack. It is intended to increase the number of ports. Other ports are used for stacking.

What do providers use?




When creating a computer network, provider companies create one of its levels:

• Access level.
• Aggregation level.
• Kernel level.

The layers are needed to make it easier to handle the network: scale, configure, introduce redundancy, design the network.

At the access level of the switch device, end users must be connected to the port at 100 Mbit / s. Other requirements that apply to the device include:

• Connection via SFP to an aggregation-level switch, where information is transferred at a speed of 1 gigabyte per second.
• VLAN support, acl, port security.
• Support for security features.

According to this scheme, three levels of the network are created from the Internet provider. First, a network is formed at the level of a residential building (multi-storey, private).

Then the network is “scattered” to the microdistrict when several residential buildings, offices, companies are connected to the network. In the last stage, a core-level network is created, when entire neighborhoods are connected to the network.

Internet providers form a network using Ethernet technology, which allows subscribers to be connected to the network.

How does a switch work?


In the memory of the switch there is a MAC table, which collects all MAC addresses. The switch receives them in the switch port node. When the switch is connected, the table is not yet filled in, so the equipment works in training mode. The data is sent to other ports of the switch, the switch analyzes the information, determines the MAC address of the computer from which the data was transferred. At the last stage, the address is entered into the MAC table.

Thus, when a data packet arrives at one or another port of the equipment, which is intended only for one PC, then the information is transmitted addressed to the specified port. When the MAC address is not yet determined, the information is sent to the other interfaces. Traffic localization occurs during the operation of the switch device, when the MAC table is filled with the required addresses.

Features of configuring device parameters

Making the appropriate changes to the parameters of the switch device is the same for each model. Setting up the equipment requires performing step-by-step actions:

1. Create two VLAN ports - for clients and for switch management. VLANs should be designated in the settings as switch ports.
2. Configure the security port to not receive more than one MAC address per port. This will avoid transferring information to another port. Sometimes there may be a merger between the home network's broaddact domain and the provider's domain.
3. Disable STP on the client port to prevent other users from polluting the provider's network with various BPDU packets.
4. Configure the loopback detection parameter. This will allow you to reject incorrect, defective network cards, and not interfere with the work of users who are connected to the port.
5. Create and configure the acl parameter to prevent non-PPPoE packets from going to the user's network. To do this, in the settings you need to block unnecessary protocols such as DCHP, ARP, IP. Such protocols are designed to allow users to communicate directly, bypassing PPPoE protocols.
6. Create an acl that prohibits PPPoE RADO packets coming from client ports.
7. Enable Storm Control to combat multicast and broadcast floods. This parameter should block non-PPPoE traffic.

If something goes wrong, then it's worth checking PPPoE, which can be attacked by viruses or fake data packets. Due to inexperience and ignorance, users may incorrectly configure the last parameter, and then you need to contact your Internet service provider for help.

How to connect a switch?

Creating a local network from computers or laptops requires the use of a network switch - a switch. Before setting up the equipment and creating the desired network configuration, the process of physical deployment of the network takes place. This means that a link is created between the switch and the computer. For this it is worth using a network cable.

Connections between network nodes are made using a patch cord - a special type of network communication cable made on the basis of a twisted pair. We recommend purchasing a network cable from a specialist retailer so that the connection process goes smoothly.

There are two ways to configure the switch:

1. Through the console port, which is designed to make the initial switch settings.
2. Through the universal Ethernet port.

The choice of connection method depends on the interface of the equipment. The console port connection does not consume any switch bandwidth. This is one of the advantages of this connection method.

It is necessary to start the VT 100 terminal emulator, then select the connection parameters in accordance with the designations in the documentation. When the connection is made, the user or employee of the Internet company enters a username and password.

To connect via the Ethernet port, you will need an IP address, which is indicated in the documents for the device or is requested from the provider.

When the settings are made and a computer network is created using the switch, users from their PCs or laptops should easily access the Internet.

When choosing a device for creating a network, you need to consider how many computers will be connected to it, what port speed, how they work. Modern providers use Ethernet technology for connection, which allows you to get a high-speed network using a single cable.

The logical topology of an Ethernet network is a multi-access bus in which all devices share the same communication media. This logical topology defines how nodes on a network view and process frames that are sent and received on that network. However, virtually all Ethernet networks today use a physical star or extended star topology. This means that in most Ethernet networks, endpoints are typically connected to a Layer 2 LAN switch in a point-to-point manner.

A Layer 2 LAN switch performs switching and filtering only based on the MAC address of the OSI data link layer. The switch is completely transparent to network protocols and user applications. The Layer 2 switch creates a MAC address table, which it later uses to make packet forwarding decisions. Layer 2 switches rely on routers to transfer data between independent IP subnets.

Switches use MAC addresses to transmit data over the network through their fabric to the corresponding port towards the destination host. A switch fabric is an integrated channel and complementary machine programming tool that controls the path of data through the switch. In order for the switch to understand which port to use to transmit a unicast frame, it first needs to know what hosts are on each of its ports.

The switch determines how to handle incoming frames using its own MAC address table. It creates its own MAC address table, adding to it the MAC addresses of the nodes that are connected to each of its ports. After entering the MAC address for a particular node connected to a specific port, the switch will be able to send traffic intended for this node through the port that is associated with the node for subsequent transmissions.

If the switch receives a data frame for which there is no destination MAC address in the table, it forwards that frame on all ports except the one on which the frame was received. If a response is received from the destination host, the switch populates the host's MAC address in the address table using the data in the source address field of the frame. In networks with multiple connected switches, the MAC address tables are populated with multiple MAC addresses for the ports connecting the switches, which reflect off-site elements. Typically, switch ports used to connect two switches have several MAC addresses listed in the corresponding table.

In the past, switches have used one of the following forwarding methods to switch data between network ports:

Buffered switching

Unbuffered switching

In buffered switching, when the switch receives a frame, it stores data in a buffer until the entire frame has been received. During storage, the switch analyzes the frame to obtain information about its destination. In doing so, the switch also performs error checking using the tail of the Ethernet cyclic redundancy check (CRC) frame.

With unbuffered switching, the switch processes data as it arrives, even if the transfer is still pending. The switch buffers just as many frames as it takes to read the destination MAC address so it can determine which port to forward data to. The destination MAC address is specified in 6 bytes of the frame after the preamble. The switch looks for the destination MAC address in its switch table, determines the outgoing interface port, and forwards the frame to its destination host through the dedicated switch port. The switch does not check the frame for any errors. Because the switch does not need to wait for the entire frame to be buffered, nor does it perform error checking, unbuffered switching is faster than buffered switching. However, since the switch does not check for errors, it forwards the damaged frames across the entire network. Damaged frames reduce bandwidth when in transit. Ultimately, the destination NIC rejects the corrupted frames.

Modular switches offer great configuration flexibility. They are typically shipped with a variety of chassis sizes to accommodate multiple modular line cards. The ports are actually located on line cards. The line card plugs into the switch chassis similar to expansion cards installed in a PC. The larger the chassis, the more modules it supports. There are many different chassis sizes to choose from, as shown in the illustration. If you purchased a modular switch with a 24-port line card, you can easily add another one of the same line card, bringing the total number of ports to 48.

To create a local or home network, you need special devices. This article will tell you a little about them. I will try to explain it as simply as possible so that everyone understands.

Purpose .

Hub, switch and router are designed to create a network between computers. Of course, after creation, this network will also function.

The difference .

What is a hub

A hub is a repeater. Everything that is connected to it will be repeated. One is given to the hub and therefore everything is connected.
For example, you connected 5 computers through the Hub. To transfer data from the fifth computer to the first, this data will pass through all computers on the network. It is similar to a parallel telephone - any computer can access your data and you can also. This also increases the load and distribution. Accordingly, the more computers are connected, the slower the connection and the greater the load on the network. That is why in our time fewer and fewer hubs are released and less and less use them. They will soon disappear completely.

What is a switch?

The switch replaced the hub and corrects the shortcomings of its predecessor. Each connected to the switch has its own separate IP address. This reduces the load on the network and each computer will receive only what it needs and others will not know about it. But the switch has a dignity drawback. The fact is that if you want to split the network into more than 2 computers, then you will need more IP addresses. This usually depends on the ISP, and they usually only give one IP address.

What is a router?

Router - often referred to as a router. Why? Because it is a link between two different networks and transfers data based on a specific route specified in its routing table. To put it very simply, a router is an intermediary between your network and the Internet. The router corrects all the mistakes of its predecessors and that is why it is the most popular nowadays. Especially when you consider the fact that often routers are equipped with Wi Fi antennas for transmitting the Internet to wireless devices, and also have the ability to connect USB modems.

The router can be used both separately: PC -\u003e router -\u003e Internet, and together with other devices: PC -\u003e switch / hub -\u003e router -\u003e Internet.

Another advantage of the router is its easy installation. Often, only minimal knowledge is required from you to connect, configure a network and access the Internet.

So. Let me summarize briefly.

All these devices are needed to create a network. The hub and the switch are not very different from each other. A router is the most necessary and convenient solution for creating a network.

In the vast majority of home LANs, only a wireless router is used from active equipment. However, if you need more than four wired connections, you will need to add a network switch (although today there are routers for seven to eight ports for clients). The second common reason for purchasing this equipment is for better network wiring. For example, you can install the switch near a TV, connect one cable from the router to it, and the TV itself, a media player, a game console and other equipment to the other ports.

The simplest models of network switches have just a couple of key characteristics - the number of ports and their speed. And given the modern requirements and the development of the element base, we can say that if the goal of saving at any cost or any specific requirements is not worth buying, it is worth buying models with gigabit ports. FastEthernet networks with a speed of 100 Mbit / s are of course used today, but it is unlikely that their users will face the problem of a lack of ports on the router. Although, of course, this is possible, if we recall the products of some well-known manufacturers for one or two ports for a local network. Moreover, it would be appropriate to use a gigabit switch here to increase the performance of the entire wired LAN.

In addition, when choosing, you can also take into account the brand, material and design of the case, the option of implementing the power supply (external or internal), the presence and location of indicators and other parameters. Surprisingly, the characteristic of the speed of work, which is familiar to many other devices, in this case practically does not make sense, which was recently published. In data transfer tests, models of completely different categories and costs show the same results.

In this article, we decided to briefly talk about what can be interesting and useful in "real" switches of the second level (Level 2). Of course, this material does not pretend to be the most detailed and in-depth presentation of the topic, but, hopefully, it will be useful to those who have met more serious tasks or requirements when building their local network in an apartment, house or office than to put a router and set up Wi- Fi. In addition, many topics will be presented in a simplified format that reflects only the highlights in an interesting and varied network packet switching topic.

Past articles in the series "Building a Home Network" are available here:

In addition, useful information on networking is available in this subsection.

Theory

First, let's remember how a "regular" network switch works.

This "box" is small in size, several RJ45 ports for connecting network cables, a set of indicators and a power input. It works according to the algorithms programmed by the manufacturer and does not have any settings available to the user. The principle "plugged in cables - turned on the power - works" is used. Each device (more precisely, its network adapter) in the local network has a unique address - the MAC address. It consists of six bytes and is written in the format "AA: BB: CC: DD: EE: FF" with hexadecimal digits. You can find out it programmatically or spy on the information plate. It is formally considered that this address was issued by the manufacturer at the production stage and is unique. But in some cases this is not the case (uniqueness is required only within the local network segment, and you can easily change the address in many operating systems). By the way, the first three bytes sometimes give the name of the creator of the chip or even the entire device.

If for the global network (in particular the Internet), device addressing and packet processing are performed at the level of IP addresses, then MAC addresses are used for this in each individual local network segment. All devices on the same local network must have different MAC addresses. If this is not the case, there will be problems with the delivery of network packets and network operation. Moreover, this low level of information exchange is implemented within the network stacks of operating systems and the user does not need to interact with it. Perhaps, in reality, there are literally a couple of situations where a MAC address can be used. For example, when replacing a router on a new device, specify the same MAC address of the WAN port as on the old one. The second option is to enable MAC address filters on the router to block access to the Internet or Wi-Fi.

A conventional network switch allows you to combine several clients to exchange network traffic between them. Moreover, each port can be connected not only to one computer or other client device, but also to another switch with its clients. A rough diagram of the switch's operation is as follows: when a packet arrives at a port, it remembers the sender's MAC and writes it to the "clients on this physical port" table, the recipient's address is checked against other similar tables, and when it is in one of them, the packet is sent to the corresponding physical port. Additionally, algorithms are provided for eliminating loops, searching for new devices, checking if a device has changed a port, and others. To implement this scheme, no complex logic is required, everything works on fairly simple and inexpensive processors, so, as we said above, even the lowest models are capable of showing maximum speeds.

Managed or sometimes called “smart” switches are much more complex. They are able to use more information from network packets to implement more complex algorithms for their processing. Some of these technologies can be useful for home users of "high level" or with increased requirements, as well as for solving some special problems.

Switches of the second level (Level 2, the level of the data channel) are able to take into account, when switching packets, information inside some fields of network packets, in particular VLAN, QoS, multicast and some others. We will talk about this option in this article. More sophisticated models of the third level (Level 3) can be considered as routers, since they operate with IP addresses and work with the third level protocols (in particular RIP and OSPF).

Please note that there is no single universal and standard set of features for managed switches. Each manufacturer creates its own product lines based on its own understanding of consumer requirements. So in each case it is worth paying attention to the specifications of a specific product and their compliance with the tasks set. Of course, there is no question of any "alternative" firmware with wider possibilities.

As an example, we are using a Zyxel GS2200-8HP device. This model has been on the market for a long time, but it is quite suitable for this article. Zyxel's current products in this segment generally provide similar capabilities. In particular, a current device of the same configuration is offered under the article number GS2210-8HP.

The Zyxel GS2200-8HP is an eight-port (24-port version in the series) managed Gigabit Level 2 switch that also has PoE support and combo RJ45 / SFP ports, as well as some higher switching levels.

By its format, it can be called a desktop model, but the delivery set includes additional fasteners for installation in a standard 19 ″ rack. The body is made of metal. On the right side we see a ventilation grill, and on the opposite side there are two small fans. At the back there is only a network cable input for the built-in power supply.

All connections are traditionally made for such equipment from the front side for ease of use in racks with patch panels. On the left is an insert with the manufacturer's logo and a highlighted device name. Next are the indicators - power, system, alarm, status / activity and power LEDs for each port.

Next, the main eight network connectors are installed, and after them two RJ45 and two SFP duplicating them with their own indicators. Such solutions are another characteristic feature of such devices. Usually SFP is used to connect optical communication lines. Their main difference from the usual twisted pair is the ability to work at significantly greater distances - up to tens of kilometers.

Due to the fact that different types of physical lines can be used here, SFP ports are installed directly in the switch, into which special transceiver modules must be installed, and optical cables are already connected to them. At the same time, the received ports do not differ in their capabilities from the rest, of course, except for the lack of PoE support. They can also be used in port trunking mode, VLAN scenarios, and other technologies.

The console serial port completes the description. It is used for service and other operations. In particular, we note that there is no reset button, which is usual for home equipment. In difficult cases of loss of control, you will have to connect through the serial port and reload the entire configuration file in debug mode.

The solution supports Web and command line administration, firmware upgrade, 802.1x protocol to protect against unauthorized connections, SNMP for integration into monitoring systems, packets up to 9216 bytes (Jumbo Frames) to increase network performance, L2 switching services, stacking capability for ease of administration.

Of the eight primary ports, half support PoE + with up to 30W per port, and the other four support PoE with 15.4W. The maximum power consumption is 230 W, of which up to 180 W can be supplied via PoE.

The electronic version of the user manual has more than three hundred pages. So the features described in this article represent only a small part of the capabilities of this device.

Management and control

Unlike simple network switches, smart switches have remote configuration tools. Their role is often played by the familiar Web interface, and for "real admins" access to the command line with their own interface via telnet or ssh is provided. A similar command line can be obtained through a serial port connection on the switch. In addition to habit, working with the command line has the advantage of convenient scripting automation. There is also support for the FTP protocol, which allows you to quickly upload new firmware files and manage configurations.

For example, you can check the status of connections, manage ports and modes, allow or deny access, and so on. In addition, this option is less demanding on bandwidth (requires less traffic) and equipment used for access. But in the screenshots, of course, the Web interface looks more beautiful, so in this article we will use it for illustrations. Security is provided by the traditional administrator username / password, HTTPS support, and additional restrictions on switch management access can be configured.

Note that unlike many home devices, the interface has an explicit button to save the current switch configuration to its nonvolatile memory. Also on many pages you can use the Help button to bring up contextual help.

Another option for monitoring the operation of the switch is using the SNMP protocol. With the use of specialized programs, you can get information about the hardware state of the device, such as temperature or loss of a link on a port. For large projects, it will be useful to implement a special mode for managing multiple switches (a cluster of switches) from a single interface - Cluster Management.

The minimum initial steps to start the device usually include updating the firmware, changing the administrator password, and setting the switch's own IP address.

In addition, it is usually worth paying attention to options such as network name, synchronization of the built-in clock, sending an event log to an external server (for example, Syslog).

When planning the network diagram and switch settings, it is recommended to calculate and think over all the points in advance, since the device does not have built-in controls for blocking and inconsistencies. For example, if you “forget” that you previously configured port aggregation, then VLANs with their participation may not behave at all as required. Not to mention the possibility of losing communication with the switch, which is especially unpleasant when connecting remotely.

One of the basic "smart" functions of switches is to support network port aggregation (trunking) technologies. Also for this technology, such terms are used as trunking, bonding, teaming. In this case, clients or other switches are connected to this switch not with one cable, but with several cables at once. Of course, this also requires several network cards on the computer. Network cards can be either separate or made as a single expansion card with multiple ports. Usually in this scenario we are talking about two or four links. The main tasks solved in this way are to increase the speed of a network connection and increase its reliability (duplication). A switch can support several of these connections at once, depending on its hardware configuration, in particular, the number of physical ports and processor power. One option is to connect a pair of switches in this manner, which will increase overall network performance and eliminate bottlenecks.

To implement the scheme, it is desirable to use network cards that explicitly support this technology. But in general, the implementation of port aggregation can be done at the software level. This technology is most often implemented through the open protocol LACP / 802.3ad, which is used to monitor and manage links. But there are also private versions of individual vendors.

At the level of the client operating system, after the appropriate configuration, a new standard network interface usually appears, which has its own MAC and IP addresses, so that all applications can work with it without any special actions.

Fault tolerance is provided by the presence of multiple physical connections between devices. If the connection fails, the traffic is automatically redirected along the remaining links. After the line is restored, it will start working again.

As for increasing speed, the situation is a little more complicated here. Formally, we can assume that productivity is multiplied according to the number of lines used. However, the real growth in the data transfer rate depends on the specific tasks and applications. In particular, if we are talking about such a simple and widespread task as reading files from a network drive on a computer, then it will not benefit from port bundling, even if both devices are connected to the switch with several links. However, if port trunking is configured on the NAS and multiple "regular" clients access it simultaneously, then this option will already receive a significant gain in overall performance.

Some examples of use and test results are given in the article. Thus, we can say that the use of port trunking technologies at home will be useful only if there are several fast clients and servers, as well as a sufficiently high load on the network.

Configuring port aggregation on a switch is usually straightforward. In particular, on the Zyxel GS2200-8HP, the required parameters are found in the Advanced Application - Link Aggregation menu. In total, this model supports up to eight groups. At the same time, there are no restrictions on the composition of groups - you can use any physical port in any group. The switch supports both static port trunking and LACP.

On the status page you can check the current assignments by group.

On the settings page, active groups and their type are indicated (used to select a scheme for distributing packets over physical links), as well as assigning ports to the required groups.

If necessary, enable LACP for the required groups on the third page.

Next, you need to configure similar parameters on the device on the other side of the link. In particular, on the QNAP NAS, this is done as follows - go to the network settings, select the ports and the type of their association.

After that, you can check the status of the ports on the switch and evaluate the effectiveness of the solution in your tasks.

VLAN

In the usual configuration of a local network, network packets "walking" along it use a common physical environment, like the streams of people at metro transfer stations. Of course, switches in a certain sense exclude "foreign" packets from getting to the interface of your network card, but some packets, for example broadcast, can penetrate any corner of the network. Despite the simplicity and high speed of this scheme, there are situations when, for some reason, you need to separate certain types of traffic. This could be due to security requirements or the need to meet performance or prioritization requirements.

Of course, these issues can be solved by creating a separate segment of the physical network - with its own switches and cables. But this is not always possible to implement. This is where VLAN (Virtual Local Area Network) technology can come in handy - a logical or virtual local area computer network. It can also be referred to as 802.1q.

In a rough approximation, the operation of this technology can be described as the use of additional "labels" for each network packet when processing it in the switch and on the end device. In this case, data exchange works only within a group of devices with the same VLAN. Since not all equipment uses VLAN, the scheme also uses such operations as adding and removing tags of a network packet as they pass through the switch. Accordingly, it is added when a packet is received from the "normal" physical port for sending through the VLAN, and is removed when it is necessary to transfer the packet from the VLAN to the "normal" port.

As an example of using this technology, we can recall the multiservice connections of operators - when you get access to the Internet, IPTV and telephony via one cable. This was previously encountered in ADSL connections, and today it is used in GPON.

The considered switch supports the simplified "Port-based VLAN" mode, when the division into virtual networks is carried out at the level of physical ports. This scheme is less flexible than 802.1q, but may be useful in some configurations. Note that this mode is mutually exclusive with 802.1q, and a corresponding item in the Web interface is provided for selection.

To create a VLAN according to the 802.1q standard, on the Advanced Applications - VLAN - Static VLAN page, specify the name of the virtual network, its identifier, and then select the ports involved in the operation and their parameters. For example, when connecting regular clients, it is worth removing VLAN tags from packets sent to them.

Depending on whether it is a client connection or a switch connection, you need to configure the required options on the Advanced Applications - VLAN - VLAN Port Settings page. In particular, this concerns adding labels to incoming packets at the port input, allowing broadcast through the port of packets without tags or with other identifiers and isolation of the virtual network.

Access control and authentication

Ethernet technology originally did not support physical media access control. It was enough to plug the device into the switch port - and it began to work as part of the local network. In many cases, this is sufficient because protection is provided by the complexity of the direct physical connection to the network. But today the requirements for the network infrastructure have changed significantly and the implementation of the 802.1x protocol is increasingly found in network equipment.

In this scenario, when connecting to a switch port, the client provides its authentication data and without confirmation from the access control server, no information is exchanged with the network. Most often, the scheme assumes the presence of an external server such as RADIUS or TACACS +. The use of 802.1x also provides additional control over networking. If in the standard scheme it is possible to "bind" only to the client's hardware parameter (MAC-address), for example, for issuing IP, setting speed limits and access rights, then working with user accounts will be more convenient in large networks, since it allows for the mobility of clients and other top-level capabilities.

The test used a RADIUS server on a QNAP NAS. It is designed as a separately installable package and has its own user base. It is quite suitable for this task, although in general it has few possibilities.

The client was a Windows 8.1 computer. To use 802.1x, you need to enable one service on it and after that a new tab appears in the properties of the network card.

Note that in this case we are talking exclusively about controlling access to the physical port of the switch. Also, do not forget to ensure that the switch always has reliable access to the RADIUS server.

The switch has two functions to implement this feature. The first, the simplest one, allows you to restrict incoming and outgoing traffic on a specified physical port.

This switch also enables prioritization of physical ports. In this case, there are no hard boundaries for speed, but you can select devices whose traffic will be processed first.

The second is included in a more general scheme with the classification of switched traffic according to various criteria and is only one of the options for its use.

First, on the Classifier page, you need to define the traffic classification rules. They apply Level 2 criteria - in particular, MAC addresses, and in this model, Level 3 rules - including protocol type, IP addresses and port numbers - can be applied.

Next, on the Policy Rule page, you specify the necessary actions with the traffic “selected” according to the selected rules. The following operations are provided here: setting a VLAN tag, limiting the rate, outputting a packet to a specified port, setting a priority field, dropping a packet. These functions allow, for example, to limit the data exchange rates for customer data or services.

More complex schemes can use 802.1p priority fields in network packets. For example, you can tell the switch to handle telephony traffic first and set browsers to the lowest priority.

PoE

Another feature that is not directly related to the packet switching process is to provide power to client devices through a network cable. This is often used to connect IP cameras, telephones, and wireless access points to reduce the number of wires and simplify wiring. When choosing such a model, it is important to take into account several parameters, the main of which is the standard used by the client equipment. The fact is that some manufacturers use their own implementations, which are incompatible with other solutions and may even lead to breakdown of "someone else's" equipment. It is also worth highlighting "passive PoE" when power is transmitted with a relatively low voltage without feedback and control of the recipient.

A more correct, convenient and versatile option would be to use "active PoE", working according to 802.3af or 802.3at standards and capable of transmitting up to 30 W (higher values \u200b\u200bare also found in new versions of the standards). In this scheme, the transmitter and the receiver exchange information with each other and agree on the necessary power parameters, in particular the power consumption.

For verification, we connected a PoE 802.3af compatible Axis camera to the switch. The corresponding LED on the front panel of the switch illuminates that power is being supplied to that port. Further, through the Web interface, we will be able to monitor the status of consumption by ports.

Also interesting is the ability to control the power supply to the ports. Since if the camera is connected with one cable and is in a hard-to-reach place, to reboot it, if necessary, you will need to disconnect this cable either on the camera side or in the wiring closet. And here you can remotely log into the switch in any available way and simply uncheck the "supply power" checkbox, and then put it back. In addition, the PoE settings can be configured to prioritize power supply.

As we wrote earlier, the key field of network packets in this equipment is the MAC address. Managed switches often have a set of services focused on using this information.

For example, the model under consideration supports static assignment of MAC addresses to a port (usually this operation occurs automatically), filtering (blocking) of packets by the MAC addresses of the sender or recipient.

In addition, you can limit the number of client MAC address registrations on the switch port, which can also be considered an additional security enhancement option.

Most Layer 3 network packets are usually unidirectional - they go from one destination to one recipient. But some services use multicast technology, when one package has several recipients at once. The most famous example is IPTV. Using multicast here can significantly reduce bandwidth requirements when it is necessary to deliver information to a large number of clients. For example, multicast 100 TV channels with a stream of 1 Mbit / s will require 100 Mbit / s for any number of clients. Using standard technology, 1000 clients would require 1000 Mbps.

We will not go into the details of IGMP, we will only note the ability to fine-tune the switch for efficient operation under a heavy load of this type.

In complex networks, special protocols can be used to control the path of network packets. In particular, they eliminate topological loops (packet looping). The considered switch supports STP, RSTP and MSTP and has flexible settings for their operation.

Another function that is in demand in large networks is protection against situations such as "broadcast storm". This concept characterizes a significant increase in broadcast packets in the network, blocking the passage of "normal" payload traffic. The easiest way to combat this is to set limits on the processing of a certain number of packets per second for the switch ports.

Additionally, the device has an Error Disable function. It allows the switch to disable ports if excessive service traffic is detected on them. This allows you to maintain performance and automatically recovers when the problem is corrected.

Another more security-related task is monitoring all traffic. In normal mode, the switch implements the scheme of sending packets only directly to their recipients. It is impossible to "catch" a "foreign" packet on another port. To accomplish this task, the port mirroring technology is used - control equipment is connected to the selected switch port and all traffic from the specified other ports is configured to be sent to this port.

IP Source Guard, DHCP Snooping ARP Inspection are also focused on improving security. The first allows you to configure filters with MAC, IP, VLAN and port numbers through which all packets will pass. The second protects the DHCP protocol, the third automatically blocks unauthorized clients.

Conclusion

Of course, the capabilities described above are only a fraction of the network switching technologies available on the market today. And even from this small list, not all of them can find real use among home users. Perhaps the most common are PoE (for example, for powering network cameras), port trunking (in the case of a large network and the need for fast traffic exchange), traffic control (to ensure the operation of streaming applications with a high load on the channel).

Of course, it is not at all necessary to use business-grade devices to solve these problems. For example, in stores you can find a regular switch with PoE, port trunking is also found in some top routers, prioritization is also beginning to be found in some models with fast processors and high-quality software. But, in our opinion, the option of purchasing more professional equipment, including in the secondary market, can be considered for home networks with increased requirements for performance, security and manageability.

By the way, there is actually another option. As we said above, in all "smart" switches of the "mind" itself, there can be a different amount. And many manufacturers have a series of products that fit well into a home budget while still providing many of the features described above. The Zyxel GS1900-8HP can be mentioned as an example.

This model has a compact metal case, external power supply, eight Gigabit PoE ports, and a Web interface for configuration and management.

The device firmware supports port aggregation with LACP, VLAN, port rate limiting, 802.1x, port mirroring and other functions. But unlike the "real managed switch" described above, all this is configured exclusively through the Web interface and, if necessary, even using the assistant.

Of course, we are not talking about the proximity of this model to the device described above in terms of its capabilities in general (in particular, there are no traffic classification tools and Level 3 functions). Rather, it is simply a more suitable option for a home user. Similar models can be found in catalogs from other manufacturers.

How to choose a switch given the existing variety? The functionality of modern models is very different. You can purchase both the simplest unmanaged switch and a multifunctional managed switch, which is not much different from a full-fledged router. An example of the latter is the Mikrotik CRS125-24G-1S-2HND-IN from the new Cloud Router Switch line. Accordingly, the price of such models will be much higher.

Therefore, when choosing a switch, first of all, you need to decide which of the functions and parameters of modern switches you need, and for which you should not overpay. But first, a little theory.

Types of switches

However, if earlier managed switches differed from unmanaged ones, including a wider set of functions, now the difference can only be in the possibility or impossibility of remote control of the device. Otherwise, manufacturers add additional functionality even to the simplest models, often increasing their cost.

Therefore, at the moment, the classification of switches by levels is more informative.

Switch levels

In order to choose the switch that best suits our needs, you need to know its level. This parameter is determined based on which OSI (data transfer) network model the device uses.

• Devices first levelusing physical data transmission have practically disappeared from the market. If someone else remembers hubs, then this is just an example of the physical layer, when information is transmitted in a continuous stream.
• Level 2... This includes almost all unmanaged switches. The so-called channel network model. Devices divide the incoming information into separate packets (frames, frames), check them and send them to a specific recipient device. The basis for distributing information in Layer 2 switches is MAC addresses. Of these, the switch makes an addressing table, remembering which port corresponds to which MAC address. They don't understand IP addresses.

• Level 3... By choosing such a switch, you get a device that already works with IP addresses. It also supports many other possibilities for working with data: converting logical addresses to physical ones, network protocols IPv4, IPv6, IPX, etc., pptp, pppoe, vpn connections and others. On the third, network data transmission level, almost all routers and the most "advanced" part of switches work.

• Level 4... The OSI network model used here is called transport... Even not all routers come with this model support. Traffic distribution occurs at an intelligent level - the device can work with applications and, based on the headers of data packets, send them to the desired address. In addition, transport layer protocols, such as TCP, guarantee reliable delivery of packets, preserve a certain sequence of their transmission and are able to optimize traffic.

Choosing a switch - reading the characteristics

How to choose a switch by parameters and functions? Let's consider what is meant by some of the commonly used designations in the characteristics. The basic parameters include:

Number of ports... Their number varies from 5 to 48. When choosing a switch, it is better to provide a margin for further network expansion.

Base baud rate... Most often we see the designation 10/100/1000 Mbit / s - the speeds that each port of the device supports. That is, the selected switch can operate at 10 Mbps, 100 Mbps, or 1000 Mbps. There are quite a few models that are equipped with both gigabit and 10/100 Mb / s ports. Most modern switches work according to the IEEE 802.3 Nway standard, automatically detecting the port speed.

Bandwidth and internal bandwidth.The first quantity, also called a switching matrix, is the maximum amount of traffic that can be passed through the switch per unit of time. It is calculated very simply: number of ports x port speed x 2 (duplex). For example, an 8-port Gigabit switch has a bandwidth of 16 Gbps.
Internal bandwidth is usually indicated by the manufacturer and is only needed for comparison with the previous value. If the declared internal bandwidth is less than the maximum, the device will not cope well with heavy loads, slow down and freeze.

Auto MDI / MDI-X detection... It autodetects and supports both twisted-pair cable standards without the need for manual control of the connections.

Expansion slots... Possibility of connecting additional interfaces, for example, optical.

MAC Address Table Size... To select a switch, it is important to calculate in advance the size of the table you need, preferably taking into account the future expansion of the network. If there are not enough entries in the table, the switch will overwrite the new ones, and this will slow down the data transfer.

Form factor... The switches are available in two types of chassis: desktop / wall mount and rack mount. In the latter case, the standard device size is 19-inches. The special rack mount ears can be removable.

Choosing a switch with the functions we need to work with traffic

Flow control ( Flow control, IEEE 802.3x protocol).Provides the negotiation of send and receive data between the sending device and the switch at high loads, in order to avoid packet loss. The function is supported by almost every switch.

Jumbo frame- increased packages.It is used for speeds from 1 Gbit / s and above, allows you to speed up data transfer by reducing the number of packets and the time for their processing. Almost every switch has this function.

Full-duplex and Half-duplex modes... Almost all modern switches support auto-negotiation between half-duplex and full-duplex (data transmission in one direction only, data transmission in both directions simultaneously) in order to avoid network problems.

Traffic prioritization (IEEE 802.1p standard) - the device is able to detect more important packets (for example, VoIP) and send them first. When choosing a switch for a network where a significant part of the traffic will be audio or video, you should pay attention to this function

Support VLAN (standard IEEE 802.1q). VLAN is a convenient tool for delimiting individual areas: the internal network of the enterprise and the public network for customers, various departments, etc.

Mirroring (traffic duplication) can be used to ensure security within the network, to monitor or verify the performance of network equipment. For example, all incoming information is sent to one port for verification or recording by certain software.

Port forwarding... You may need this function to deploy a server with Internet access, or for online games.

Loop protection - STP and LBD functions... Especially important when choosing unmanaged switches. It is almost impossible to detect the formed loop in them - a looped section of the network, the cause of many glitches and freezes. LoopBack Detection automatically blocks the port on which the loop has occurred. STP protocol (IEEE 802.1d) and its more advanced descendants - IEEE 802.1w, IEEE 802.1s - act a little differently, optimizing the network for a tree structure. Initially, the structure provides for spare, looped branches. By default, they are disabled, and the switch starts them only when there is a disconnect on some main line.

Link Aggregation (IEEE 802.3ad)... Increases bandwidth by combining multiple physical ports into one logical port. The maximum bandwidth of the standard is 8 Gbps.

Stacking... Each vendor uses their own stacking designs, but in general terms, this feature refers to the virtual aggregation of multiple switches into one logical device. The goal of stacking is to get more ports than is possible using a physical switch.

Switch functions for monitoring and troubleshooting

Many switches detect a cable connection fault, usually when the device is turned on, as well as the type of fault - wire break, short circuit, etc. For example, D-Link has special indicators on the case:

Virus Traffic Protection (Safeguard Engine)... The technique allows increasing the stability of work and protecting the central processor from overloading by the "garbage" traffic of virus programs.

Power supply functions

Energy saving. How to choose a switch that will save you energy? Pay attentione for the availability of energy saving functions. Some manufacturers, such as D-Link, make switches with adjustable power consumption. For example, a smart switch monitors the devices connected to it, and if at the moment any of them is not working, the corresponding port is put into "sleep mode".

Power over Ethernet (PoE, IEEE 802.af standard)... A switch using this technology can power the devices connected to it over the twisted pair.

Built-in lightning protection... This is a very useful function, but remember that such switches must be grounded, otherwise the protection will not work.

website