Managed Network Switches

Managed Network Switches

This post is a continuation from my last post that covered network management. I’ll be showing how to use a managed network switch to identify and control the devices that connect on a network. These devices need a way to connect to each other and it is the switch that provides that physical connection. Wireless devices may seem like they are outside this realm, but they too connect to a switch through their access point.

Network managed switches offer a list of features that set them apart from standard network switches. The visibility of how they operate is key to why they are an important tool in overall network management. Lets go through these features.

Switch control via web, telnet, ssh, or serial are the most common ways that network administrators can manage how the switch operates. This feature is a requirement for managed network switches. Non managed switches lack this basic feature and all control functions are performed internally by the hardware inside the switch. The communication protocols supported by managed switches vary and there are good and bad points to each type of method.

Most manged switches provide ARP table entries. This should be available, but sometimes isn’t depending on the make and model of the managed switch. This is useful in identifying which MAC address is connecting on what port of the switch. The devices on the network can not hide a MAC address from being registered on the switch, but they can be crafted or spoofed. You will need to take that into account when working with networks and the devices on them.

Port control is another feature of managed switches. It provides a way to enable or disable a port on a switch, much like physically unplugging the network cable to that port. Beside the on off function, you can set the connection speed and also impose throughput restrictions. The connection speeds typically auto negotiate. I have had instances were network cabling ran through high electrical noise fields and setting the connection speed lower allowed the equipment to be more reliable. Throughput restrictions are self evident.

Metrics from managed switches is also useful to determine baselines and deviation from baselines. Managed switches that support SNMP can provide metric tools like Solarwinds or Cacti with details about the switches environment. The switches uptime, cpu and memory usage, as well as port utilization can all be tracked with SNMP. The metric tools mentioned above can give a quick at a glance view of the operational health of the switch.

Another item I’ll cover is port forwarding and mirroring. Forwarding between ports means that those ports can communicate with each other, as well as the devices that are connected behind those ports. By turning off port forwarding, that communication no longer occurs. This is useful for port isolation. It also means that the switch can isolate networks from each other. The other feature mentioned was mirroring. This replicates packets that traverse one port to another port. As an example, imagine that port 1 connects to the internet and port 2 connects to a PC. If we mirror port 1 to a third port, say port 3, any traffic activity on port 1 will be seen on port 3. This is a useful feature for packet capturing. I’ll cover that in a future post. Suffice it to say, managed switches provide a great deal of flexibility when dealing with network activity.

There are many other features that managed network switches offer, but I won’t cover them all here. It is important to know the activity on a network when managing systems. without that visibility there is little or no knowledge of the health of those systems. As with any system that provides protocol based services, managed network switches are no different. The managed switch has a protocol front end, be it http, ssh, or telnet. These services can become prone to vulnerabilities and it’s prudent to apply updates and patches to your managed switch should they become available.

I hope you have enjoyed this post and found it useful. Thank you again for joining me and I look forward to covering more topics in the future.

Comments are closed.