Email Subscription Notifications Suspended Temporarily
We are in the process of making navigation in the Servers and Operating Systems forums simpler and more direct. While doing this, we have to temporarily suspend email notifications for subscriptions. If you are subscribed to one or more discussion boards or blogs in the community, please check them daily to see new content. Notifications will be turned back on in a few days. We apologize for any inconvenience this may cause. Thanks, Warren_Admin
Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Switches

SOLVED
Go to solution
Jay Chen
Occasional Visitor

Switches

I have some dumb questions. What is the function of a switch? Does switch require an IP address? Does fire wall require an IP address? I hope there is someone willing to waste his/her time to answer my dumb questions or instruct me to read certain books/articles/papers.
A beginner
10 REPLIES
Ron Kinner
Honored Contributor

Re: Switches

A switch is an improved hub. Normally they operate at full duplex mode which eliminates collisions on the link to the host. They can also drop any defective packets instead of forwarding them like a hub would. (Collisions generate lots of defective packets so even if the host can't support full duplex the connection is still better since it is not cluttered with defective packets.) Switches have learned lots of tricks over the years. Most of them can detect and stop loops using Spanning Tree Protocol (STP) and they can reduce the broadcast domain with Virtual LANs (VLANs).

In order to do most of their tricks switches need to be managed. While you can always manage them with a serial connection to something like Hyperterm the preferred way is to telnet or use an browser to access and manage them. In order to do that you need to assign an IP address. Most switches will happily operate without an IP address but to make it easier to manage you almost always want to add an IP address. A level 3 switch can switch between VLANs and usually does this by assigning an IP address to each VLAN.

http://www.lantronix.com/learning/tutorials/switching.html

Firewalls usually need at least 2 IP addresses. One for the outside world to see and one for the inside protected world to use. The purpose of a firewall is to control what passes from the outside to the inside (and vice versa).

http://www.taoshosting.com/firewall/fwslide05.html

Ron
Jay Chen
Occasional Visitor

Re: Switches

Ron,

Thanks for taking time to answer my dumb questions. To be truthful, my knowledge is not sufficient to understand all your answers. I am working on it. I bought some books and read them.


I am going to set up network in my office. Before, I start it I like to understand how it works. I may have more questions.

Thanks again.
A beginner
Ron Kinner
Honored Contributor
Solution

Re: Switches

http://www.hardwarecentral.com/hardwarecentral/tutorials/158/1/

might be a good place to start.

If you are building an office network you will need either a hub or a switch. Either serves as a tie point for all of your Ethernet connections. There will be one connection from each computer back to the hub/switch so you need a hub or switch which has enough ports (connections) to have at least one for each computer (and network printer). Nowadays we use RJ45 style connectors (like the connector for your US telephone but bigger) with a 4 pair cable. The cable should be rated Cat5 or better. You can get them already cut to standard lengths with the ends on them or you can buy bulk Cat5 cable and a terminator kit and put the ends on yourself or hire someone to come in and do it for you. The premade cables come in two version: straight and crossover. You will use the straight version between a PC and a hub/switch. Each PC will need a Network Interface Connector (NIC) which is nothing more than an Ethernet card (some may have one built in and not use a separate card.)

I assume since you are talking about firewalls that you plan to connect to the internet. From the hub/switch you would have a connection to the inside port of your firewall. The firewall will then have its outside port connected to whatever device you have for connecting to the internet. Perhaps a DSL, cable, or dialup modem or perhaps even a router. Depending on the device you may need a crossover cable instead of a straight cable for this connection.

Switches are getting down in price so that the price difference between a low-end switch and a hub is fairly small so you might as well get a switch especially if you are going to putting a lot of traffic on the network or if you have a lot of computers. If you do have to get a hub try and get one which does both 10M and 100M. Usually called dual speed or 10/100.

Commercial firewalls are pretty expensive tho you can build a fairly decent one cheaply with an old computer running LINUX. Depending on how much risk you can stand you can even dispense with a separate box and use something like ZoneAlarm on each PC tho then you have to trust your users not to open the gates too wide. If you have one computer which is always on and you are running something like Windows 2K then you could let it do Internet Connection sharing and IP Filtering and let it control the access for the whole office. I think I would still want ZoneAlarm on that computer. Some companies use their firewall not just for protection from the outside but to prevent their users from accessing non-business sites like porno or clogging the internet connection by downloading music or videos.

One more thing. A registered IP address will be provided by your ISP (Internet Service Provider) so you won't have to worry about it. Normally the computers in an office network would use DHCP which is a method of getting an IP address from a central point. In the above case the firewall would provide the IP addresses from a pool of what are known as private IP addresses. These address can not be used on the Internet but the firewall will change them to valid addresses as the packets pass through it so you don't have to worry about them either.

Ron
vijay_16
Occasional Visitor

Re: Switches

Functionally, a swtich and hub do the same thing - move data from one port to another.

Here's the primary difference:
Imagine a network with 3 hosts A,B,C all connected to one HUB. A sends a frame to B. B and C receive the frame.

Replace the HUB with a switch. A sends a packet to B. Only B receives the frame.

Why? A frame that enters a HUB port is broadcast to all other ports. A switch on the other hand, 'learns' over time what hosts are on each port by reading the MAC addresses in the frames. It builds a Table that maps MAC->Port so that when an incoming frame is received, it checks the table and sends the frame ONLY to destination host.

This gives some benefits:
1. Speed - Because on a hub only one host can transmit at a time, bandwidth is limited. On a switch it is possible for every port carry on a separate conversation, so bandwidth is limited by the speed of the backplane.

2. Reliability - Hubs can experience collisions because a host must wait for other hosts to stop transmitting before sending anything. A switch eliminates this problem because every port can send at anytime without interfering with another port.

3. Security - On a hub, all frames are sent to all ports. Obviously the data can be seen by any host on the network. A switch sends data only to the destination host, so only the sender and receiver see the data. Of course a switch by itself does not add any great security, but it does help.

There are some more details that I didn't go into, but feel free to ask and I'll try to answer.

Hope this helps,
Vijay
The early bird gets the worm, but the second mouse gets the cheese.
Jay Chen
Occasional Visitor

Re: Switches

Ron,

Again, thanks!

Based on what you said, it sounds that firewall also serves as DHCP server. I have a modem/router with WAN IP from ISP. It is also a DHCP server (therefore, several of my computers are in the LAN with IP addresses assigned by this DHCP). If I connect a firewall down stream from this router, should I disable the router's DHCP? Is the router still part of LAN? Also, it sounds that switch has some functionality similar to router. Obviously, router is not a switch (is this because IP protocol in router but not in switch?), what is the difference between the switch and router?

Jay,
A beginner
Jay Chen
Occasional Visitor

Re: Switches

Vijay,

Thank you for spending the time to answer my questions.

Jay
A beginner
Ron Kinner
Honored Contributor

Re: Switches

If you want to do:

internet=>router=>firewall=>LAN

then the router is no longer part of the LAN. You would probably need a crossover cable between the router and the firewall so that they could talk tho some may have uplink ports which can use a straight cable.

I would prefer to use Static addresses on the link between the router and the firewall but I guess it would work with DHCP as long as you make sure they are not both assigning addresses in the same range. ie if the router assigns addresses in the 192.168.0.x range then you would need to use 192.168.1.x for the Firewall's DHCP pool.

Same goes with static IPs. You would need to make sure there was no chance of them being used on both sides of the firewall.

Ron
Jay Chen
Occasional Visitor

Re: Switches

Ron,

Thanks! I will try it.
A beginner
Charlie_12
Occasional Advisor

Re: Switches

Jay - if you have purchased one of the $70-120 retail ADSL routers, it probably already incorporates routing and firewall. If you really need to have space behind the router that's NOT firewalled, then read your router's documentation for information about the DMZ designation for un-firewalled LAN machine. Your router might even have a port labeled 'DMZ'...
-Charlie
OLARU Dan
Trusted Contributor

Re: Switches

1. If you're planning to use TCP/IP as the networking protocol suite for your internal LAN, then you should use private IP addresses for the internal computers (you have the freedom to use/subnet_at_will 1 class A network, 32 class B networks and 256 class C networks). See RFC 1918 "Address allocation for private internets" for more info about the private addresses (a good RFC site is: http://community.roxen.com/developers/idocs/rfc/ )

If your LAN will use Novell's IPX/SPX or Apple's AppleTalk - this is a whole other thing.

2. If you have time and opportunity, you should go to a Cisco Networking Academy near you. See http://cisco.netacad.net/public/academy/

3. Inside an Ethernet frame you'll generally find an IP packet (you could, as well, find an IPX packet if you use Novell). A pure Ethernet switch only looks at the frame's header and trailer (to decide upon the frame's integrity and to know on which of its ports to forward it), but never in the IP packet. A router drops the frame's header and trailer and looks at the IP packet, to decide what to do with the packet's payload. In brief, that's the difference between a switch and a router.