Okay, I’ve been watching lots of YouTube videos about switches and I’ve just made myself more confused. Managed versus unmanaged seems to be having a GUI versus not having a GUI, but why would anyone want a GUI on a switch? Shouldn’t your router do that? Also, a switch is like a tube station for local traffic, essentially an extension lead, so why do some have fans?
So switches are able to do a lot of interesting things.
Think about in a business, you want to have credit card machines, users computers, and maybe a security system and cameras. There have been so many news reports of how awful the cyber security of security cameras are that maybe you don’t want them to be on the same local network as the thing taking your customers payments. So, you could buy another router and switches and pay for a second internet service. But you know you don’t use all the bandwidth you currently have and you have extra ports on the switch. What if you could create a second local network? Have it on the same physical hardware but logically separate in the router and switch. Like a virtual local area network.
This is exactly what a VLAN can accomplish. Now though, you have to tell the switch what port is using what VLAN, so you build a GUI into it.
Some switches are also able to supply power to those cameras and the access points around your business, but that takes more electricity going into the switch, so you need to keep heat down, so slap a fan in there. Also, what happens if you want to power cycle a camera? Well, you could go find the cable and physically unplug it, or you could just reboot the whole switch, but hey, you already have a GUI for VLAN config, why not slap the ability to turn a port on and off in there too!
The same goes for a home network, maybe you have a few cheap smart lights that have a questionable level of security… they’re fun though! So instead of risking your whole network, slap them in a dedicated VLAN and now some sweaty neckbeard doesn’t get to know what Christmas present you bought for your one favorite coworker.
These are just a few examples of the top of my head. There’s plenty of other reasons for a GUI and fans.
Thank you for taking the time to write that out. I appreciate it.
A managed switch allows you to have vlans, routing, QoS, spanning tree protection etc. You don’t necessarily need a gui, a lot of them are cli only, which is preferable but less user friendly if you’re not used to it. Depending on your needs a managed switch can be overkill.
But doesn’t the router do the VLAN stuff? Sorry, I don’t know how to phrase it properly
It does, also the router most likely also has switch functionality if it has several Ethernet ports.
There is only one router on your network. It routes traffic from one machine to another. This is typically also the gateway, and it only has so many ports.
If you want more physical devices connected to your network, you’d need switches to fan out your network.
Un-managed switches essentially takes packets from one port and pass them through another port, easy peasy, nothing fancy.
Managed switches, however, can do more than just take packet from one port, then push it out to the other side. You can set up link aggregation for example, allowing more throughput by using two or more ports to go to the same destination (maybe for example a central file server). You can have L2 vs L3 switches so they route differently. You can have multiple paths to reach another machine, for redundancy but must implement STP to prevent broadcast loops etc.
Once your network grows larger than just Internet for a couple of desktops, it gets a lot more interesting.
Thank you. So based on this, shouldn’t things like OpenWRT and OPNSense be made for switches rather than routers? Since the switch seems to be doing all the heavy lifting.
If you use everything from the same vendor, you could manage them in one place (see Ubiquiti’s UniFi stack as example), but at the end of the day, they serve different purposes and target different parts of your network.
Switches are Layer-2 devices (data link layer). They operate on FRAMES and use MAC addresses to send data around between devices on the SAME NETWORK.
Routers are Layer-3 devices (network layer). They operate on PACKETS (which is basically a wrapper around FRAMES) and IP addresses to send traffic between DIFFERENT NETWORKS.
Switches may have some smart capabilities, such as creating separate logical networks (VLANs), or providing power to PoE devices, or prioritizing layer-2 traffic within a lan (CoS - class of service) and they do all the “heavy lifting” of slinging frames around to the right device on your LAN.
Routers tend to do all the “heavy lifting” of routing packets BETWEEN NETWORKS. They sit at the perimeter of networks (between your LAN and the internet, for example, or between your LAN and another DMZ LAN in your house, or maybe a GUEST LAN). They are often paired with firewall features to inspect the traffic and only allow certain types of traffic through one direction or the other, or they may simply route packets. They can also prioritize layer-3 traffic (QoS - quality of service).
A lot of things can get really confusing between the two because many routers have built-in switches, so they do some layer-2 stuff. And more expensive switches can even have some routing features to allow traffic to hop from one VLAN to another without going all the way out to a router (called layer-3 switches, though you typically don’t see these in homes outside the computer enthusiast community – they’re more of an enterprise thing).
I think the reason you don’t see OpenWRT or OPNSense for switches is because simple networks don’t need the advanced switching capabilities that such a product would provide, and highly complex networks often need the speed of hardware-based switching and don’t want to slow it down with a software layer.
I don’t know if anyone has told you this today, but you’re awesome! Thank you for writing that out.
A switch will allow a star shaped network. The switch is in the middle and connects all devices that are plugged in.
I always thought the router was the heart of the network, but it seems a router doesn’t actually do very much.
More like the bouncer. It communicates with the outside world, ensures the correct device inside your network talks to its intended outside network (NAT), and several other things that I have forgotten.
Sorry to make you dig in your brain, there’s far more fun things to do with your Thursday afternoon. But I appreciate it. I feel like my ISPs over simplify things and that’s lead to my misconceptions.
I used to do tech support for non tech savvy people and couldn’t use the jargon, so I got good at giving enuf info to know how things work without bogging them down in terminology, terminology is scary for some people. Answering like another did further down would require me to actually dig in my brain, and would illicit a confused dog look from my old clients, but what they said about the OSI layers is the real answer.
I’m grateful for your experience and expertise.