Can your switches keep up with changing requirements? Understanding the types of network switches will help you find the right solution that’s built for the future. There are categories of switches as well as specific switch benefits to consider as you explore your options.
Ethernet network switches are broadly categorized into two main categories – modular and fixed configuration. There are variations to these types of network switches as switching is evolving, but the primary definitions remain the same.
Modular switches let you add expansion modules into the switches as needed, giving you flexibility if your network needs change. Examples of expansion modules are application-specific (such as firewall, wireless, or network analysis) and modules for additional interfaces, power supplies, or cooling fans.
Fixed configuration switches are switches with a fixed number of ports and are typically not expandable.
The fixed configuration switch category is further broken down into unmanaged switches, smart switches, and managed L2 and L3 switches.
An unmanaged switch is designed so that you can simply plug them in and they work, no configuration required. Unmanaged switches are typically for basic connectivity. You'll often see them used in home networks or wherever a few more ports are needed, such as at your desk, in a lab, or in a conference room.
This category of switch is the most cost effective where only basic layer 2 switching and connectivity is required. For example, they fit well when you need a few extra ports on your desk, in a lab, in a conference room, or even at home.
With some unmanaged switches in the market, you can even get capabilities such as cable diagnostics, loop detection, prioritization of traffic using default QoS settings, Energy savings capabilities using EEE (Energy Efficient Ethernet) and even PoE (Power over Ethernet). However, as the name implies, these switches generally cannot be modified/managed. You simply plug them in and they require no configuration at all.
This category of switches is evolving. The general rule here is that these switches offer some management, QoS, and security, but they are “lighter” in capabilities and less scalable than managed switches. They can be a cost-effective alternative to managed switches. They can be deployed at the edge of a large network (with managed switches being used in the core), as the infrastructure for smaller networks, or for low complexity needs.
The capabilities available for this smart switch category vary widely. All of these devices have an interface for management that is typically more simplified than what managed switches offer.
Smart switches allow you to segment the network into workgroups by creating VLANs, though with a lower number of VLANs and nodes (MAC addresses) than you’d get with a managed switch.
They also offer some levels of security, such as 802.1x endpoint authentication, and in some cases with limited numbers of ACLs (access control lists), though the levels of control and granularity would not be the same as a managed switch.
In addition, smart switches support basic quality-of-service (QoS) that facilitates prioritization of users and applications based on 802.1q/TOS/DSCP, adding to the versatility of the solution.
Managed switches are designed to deliver the most comprehensive set of features to provide the best application experience, the highest levels of security, the most precise control and management of the network, and offer the greatest scalability in the fixed configuration category of switches. As a result, managed switches are usually deployed as aggregation/access switches in very large networks or as core switches in relatively smaller networks. Managed switches should support both L2 switching and L3 IP routing though you’ll find some with only L2 switching support.
From a security perspective, managed switches provide protection of the data plane (User traffic being forwarded), control plane (traffic being communicated between networking devices to ensure user traffic goes to the right destination), and management plane (traffic used to manage the network or device itself). Managed switches also offer network storm control, denial-of-service protection, and much more.
The Access Control List capabilities allows for flexibly dropping, rate limiting, mirroring, or logging of traffic by L2 address, L3 address, TCP/UDP port numbers, Ethernet type, ICMP or TCP flags, etc.
Managed switches are rich in features that enable them to protect themselves and the network from deliberate or unintended Denial of Service attacks. It includes Dynamic ARP Inspection, IPv4 DHCP snooping, IPv6 First Hop Security with RA Guard, ND Inspection, Neighbor Binding Integrity, and much more.
Additional security capabilities may include Private VLANs for securing communities of users or device isolation, Secure Management (downloads through SCP, Web-based Authentication, Radius/TACACS AAA, etc.), Control Plane Policing (CoPP) for protecting the CPU of the switch, richer support for 802.1x (time-based, Dynamic VLAN Assignment, port/host-based, etc)
From a scalability perspective, these devices have large table sizes so that you can create large numbers of VLANs (for workgroups), devices (MAC table size), IP routes, and ACL policies for flow-based security/QoS purposes, etc.
For highest network availability and uptime, managed switches support L3 redundancy using VRRP (Virtual Router Redundancy Protocol), large numbers of Link Aggregation groups (which is used both for scalability and resiliency), and capabilities for protecting L2 such as Spanning Tree Root Guard and BPDU Guard.
For QoS and Multicast features, the richness of capabilities goes far beyond what is available in a smart switch. Managed switches support IGMP and MLD Snooping with functions for optimizing IPv4/v6 multicast traffic in the LAN, TCP Congestion Avoidance, 4 or 8 queues to treat traffic differently by importance, setting/tagging traffic by L2 (802.1p) or L3 (DSCP/TOS), and rate limiting traffic.
In addition to the differences between switch categories, there are other options to consider, including: network switch speeds, number of ports, Power over Ethernet, and stacking capabilities.
Network switch speeds vary. You can find fixed configuration switches in Fast Ethernet (10/100 Mbps), Gigabit Ethernet (10/100/1000 Mbps), Ten Gigabit (10/100/1000/10000 Mbps) and even 40/100 Gbps speeds. Multigigabit technology is also available on some switches to delivers speeds beyond 1 Gigabit on existing Category 5e/6 cables. Switches have a number of uplink ports and a number of downlink ports. Downlinks connect to end users; uplinks connect to other switches or to the network infrastructure.
Network switch sizes vary. Fixed configuration switches typically come in 5, 8, 10, 16, 24, 28, 48, and 52-port configurations. These ports may be a combination of SFP/SFP+ slots for fiber connectivity, but more commonly they are copper ports with RJ-45 connectors on the front, allowing for distances up to 100 meters. With Fiber SFP modules, you can go distances up to 40 kilometers.
Power over Ethernet is a capability that facilitates powering a device (such as an IP phone, IP Surveillance Camera, or Wireless Access Point) over the same cable as the data traffic. One of the advantages of PoE is the flexibility it provides in allowing you to easily place endpoints anywhere in the business, even places where it might be difficult to run a power outlet. One example is that you can place a Wireless Access Point inside a wall or ceiling.
Switches deliver power according to a few standards – IEEE 802.3af delivers power up to 15.4 Watts on a switch port whereas IEEE 802.3at (also known as PoE+) delivers power up to 30 Watts on a switch port. For most endpoints, 802.3af is sufficient but there are devices, such as Video phones or Access Points with multiple radios, which have higher power needs. Select Cisco switches also support Universal Power over Ethernet (UPoE) or 60W PoE that delivers up to 60 Watts on a switch port. A new PoE standard, 802.3bt, delivers even high levels of power for future applications.
To find the switch that is right for you, choose a switch according to your power needs. When connecting to desktops or other types of devices which do not require PoE, the non-PoE switches are a more cost-effective option.
As the network grows, you will need more switches to provide network connectivity to the growing number of devices in the network. When using standalone switches, each switch is managed and configured as an individual entity.
In contrast, stackable switches provide a way to simplify and increase the availability of the network. Instead of configuring, managing, and troubleshooting eight 48-port switches individually, you can manage all eight like a single unit using a Stackable Switches. With a true stackable switch, those eight switches (total 384 ports) function as a single switch – there is a single SNMP/RMON agent, single Spanning Tree domain, single CLI or Web interface – i.e. single management plane. You can also create link aggregation groups spanning across multiple units in the stack, port mirror traffic from one unit in the stack to another, or setup ACLs/QoS spanning all the units. There are valuable operational advantages to be gained by this approach.
Be careful about products in the market which are sold as “stackable” when they merely offer a single user interface, or central management interface, for getting to each individual switch unit. This approach is not stackable, but really “clustering”. You still have to configure every feature such as ACLs, QoS, Port mirroring, and more individually on each switch.
There are other advantages of true stacking as well. You can connect the stack members in a ring such that, if a port or cable fails, the stack will automatically route around that failure, many times at microsecond speeds. You can also add or subtract stack members and have it automatically recognized and added into the stack.
Our resources are here to help you understand the security landscape and choose technologies to help safeguard your business.