Home Networking

198 readers

1 users here now

A community to help people learn, install, set up or troubleshoot their home network equipment and solutions.

Rules

Please stay on topic.
Please use the search function to look for keywords related to what you want to ask before posting since most common issues have been answered.
No Ads. This community is for support and discussion. Ads and self promotion are not welcome here.
No product reviews or announcements. If you have a question about a product, be specific about what you want to know.
Be civil. Don't be a jerk. Not being a jerk is surprisingly easy.
No URL shorteners. URL shorteners tend to hide the real use of a link. For this reason, please use normal links, even if they're long.
No affiliate links.
No gatekeeping. With profession shall come professionalism. Extend help without judging others for their ignorance. The same goes for downvoting of comments or posts for "stupid questions" or not being as knowledgeable as others.

founded 1 year ago

MODERATORS

[email protected]

WTF is up with switches? (lazysoci.al)

submitted 7 months ago by [email protected] to c/[email protected]

32 comments fedilink hide all child comments

Okay, I've been watching lots of YouTube videos about switches and I've just made myself more confused. Managed versus unmanaged seems to be having a GUI versus not having a GUI, but why would anyone want a GUI on a switch? Shouldn't your router do that? Also, a switch is like a tube station for local traffic, essentially an extension lead, so why do some have fans?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 4 points 7 months ago* (last edited 7 months ago) (1 children)

Generally, yes. WAN -> modem -> router -> switch -> (devices, wireless AP, other switches).

If you set the internet provider's device to modem/bridge mode, it will do one thing, and one thing only: forward traffic between the ISP's infrastructure (like DOCSIS, telephone line, PPPoE, FrameRelay, etc) and an Ethernet port. The traffic on that port will be unfiltered and dangerous internet traffic.

The first device after the modem should be something with a firewall and NAT. In most cases, this is a consumer-grade router, but it could also be a computer running pfSense/OPNsense/OpenWRT (which basically turns it into a router). The firewall's role should be obvious -- it filters everything that passes through it, and only allows permitted traffic.

NAT (Network Address Translation) is a bit more complex. I'll skim over the details -- it allows you to have a private network of any size communicate with a public network using only a single public IP address (which is usually supplied by the ISP). It also enhances security because NAT is what facilitates port-forwarding, and your private network won't be exposed through the public address unless you do that. NAT is almost always handled by the router. Firewalls can be integrated into the router, integrated into the modem, or implemented as a discrete device -- make sure that the internet traffic passes through at least one firewall!

The router in this case handles NAT, finding the first hop on the internet for outgoing traffic, and routing incoming traffic to the subnet that contains the destination device.

From the perspective of packet switching on the network, a wireless access point is really no different than a switch, except it facilitates communication with wireless devices. Depending on the model, APs can support VLANs, and each wireless network can be assigned to a different VLAN on the same device.

For example:

"family" wifi network on VLAN 100 with a password for trusted devices
"guest" wifi network on VLAN 101 with open authentication for untrusted devices
Connect the AP to a port on the switch, set those ports to trunk mode, and allow VLANs 100 and 101
Set the rest of the ports, where the wired devices will be connected, to access mode on VLAN 100
Give each VLAN a different subnet (e.g. 192.168.0.0 for one, 192.168.1.0 for the other)

This way you can set up the router to allow both subnets to communicate with the internet, the family subnet to talk to devices on the guest subnet, but prevent guest devices from talking to the family subnet.

How you achieve this depends on your ISP and what devices you own. For example, the ISP might only give you an IPv6 address, which is an altogether different headache.

[–] [email protected] 2 points 7 months ago

Thank you so much! I kinda had the bits in my head, but you've connected the dots for me. I am truly grateful!