Okay, I've been watching lots of YouTube videos about switches and I've just made myself more confused. Managed versus unmanaged seems to be having a GUI versus not having a GUI, but why would anyone want a GUI on a switch? Shouldn't your router do that? Also, a switch is like a tube station for local traffic, essentially an extension lead, so why do some have fans?
There is only one router on your network. It routes traffic from one machine to another. This is typically also the gateway, and it only has so many ports.
If you want more physical devices connected to your network, you’d need switches to fan out your network.
Un-managed switches essentially takes packets from one port and pass them through another port, easy peasy, nothing fancy.
Managed switches, however, can do more than just take packet from one port, then push it out to the other side. You can set up link aggregation for example, allowing more throughput by using two or more ports to go to the same destination (maybe for example a central file server). You can have L2 vs L3 switches so they route differently. You can have multiple paths to reach another machine, for redundancy but must implement STP to prevent broadcast loops etc.
Once your network grows larger than just Internet for a couple of desktops, it gets a lot more interesting.
Thank you. So based on this, shouldn't things like OpenWRT and OPNSense be made for switches rather than routers? Since the switch seems to be doing all the heavy lifting.
If you use everything from the same vendor, you could manage them in one place (see Ubiquiti’s UniFi stack as example), but at the end of the day, they serve different purposes and target different parts of your network.
Switches are Layer-2 devices (data link layer). They operate on FRAMES and use MAC addresses to send data around between devices on the SAME NETWORK.
Routers are Layer-3 devices (network layer). They operate on PACKETS (which is basically a wrapper around FRAMES) and IP addresses to send traffic between DIFFERENT NETWORKS.
Switches may have some smart capabilities, such as creating separate logical networks (VLANs), or providing power to PoE devices, or prioritizing layer-2 traffic within a lan (CoS - class of service) and they do all the "heavy lifting" of slinging frames around to the right device on your LAN.
Routers tend to do all the "heavy lifting" of routing packets BETWEEN NETWORKS. They sit at the perimeter of networks (between your LAN and the internet, for example, or between your LAN and another DMZ LAN in your house, or maybe a GUEST LAN). They are often paired with firewall features to inspect the traffic and only allow certain types of traffic through one direction or the other, or they may simply route packets. They can also prioritize layer-3 traffic (QoS - quality of service).
A lot of things can get really confusing between the two because many routers have built-in switches, so they do some layer-2 stuff. And more expensive switches can even have some routing features to allow traffic to hop from one VLAN to another without going all the way out to a router (called layer-3 switches, though you typically don't see these in homes outside the computer enthusiast community -- they're more of an enterprise thing).
I think the reason you don't see OpenWRT or OPNSense for switches is because simple networks don't need the advanced switching capabilities that such a product would provide, and highly complex networks often need the speed of hardware-based switching and don't want to slow it down with a software layer.
A managed switch allows you to have vlans, routing, QoS, spanning tree protection etc. You don't necessarily need a gui, a lot of them are cli only, which is preferable but less user friendly if you're not used to it. Depending on your needs a managed switch can be overkill.
VLANs are an extension of the Ethernet technology, and operate on the link layer (OSI layer 2). They are handled by switches. VLANs can belong to different subnets, and communication between them requires routing, which happens on the network layer (OSI layer 3) on either routers or layer-3 switches, but VLANs themselves are handled by switches.
I recommend Network Chuck on youtube, his videos are very noob-friendly.
The router does the routing from one vlan into another. The switch has a funktion to apply the traffic with a specific vlan-tag.
E.g.
On the switch: to your PC vlan 3 could be applied and for your fridge vlan 25.
On the router: You can allow vlan 3 access to the Internet but vlan 25 not. For management purposes you could allow vlan 3 access to vlan 25 but not the other way around.
Switches generate a ton of heat in the ports' copper wires, especially gigabit+ and PoE. Higher-grade consumer and industrial (think Cisco) switches also have powerful hardware because they do a lot more than packet switching -- they handle QoS, VLANs, and ACL-based filtering, as well as gigabit or faster connections on all ports.
Switches (particularly layer-3 switches) have basic routing capabilities to connect different VLANs, but that is not their focus. Their purpose is to facilitate communication between devices connected to the same subnet, and across subnets on the same LAN.
Routers specialize in communication between networks, e.g. between a LAN and the internet. They can use static routes or dynamic routnig algorithms protocols (e.g. RIP, EIGRP, OSPF, BGP) to find the shortest route, often across many routers, from the source to the destination.
Think of routers as intercity railway lines, and switches as local transportation.
The device that is usually referred to as a "home router" is usually a combination of a router, a switch, a wireless access point, optionally a cable modem, and sometimes a telephone modem; plus it offers services like a firewall, NAT, and sometimes VPNs. It does everything, but with a much lower performance compared to dedicated hardware.
So switches are able to do a lot of interesting things.
Think about in a business, you want to have credit card machines, users computers, and maybe a security system and cameras. There have been so many news reports of how awful the cyber security of security cameras are that maybe you don’t want them to be on the same local network as the thing taking your customers payments. So, you could buy another router and switches and pay for a second internet service. But you know you don’t use all the bandwidth you currently have and you have extra ports on the switch. What if you could create a second local network? Have it on the same physical hardware but logically separate in the router and switch. Like a virtual local area network.
This is exactly what a VLAN can accomplish. Now though, you have to tell the switch what port is using what VLAN, so you build a GUI into it.
Some switches are also able to supply power to those cameras and the access points around your business, but that takes more electricity going into the switch, so you need to keep heat down, so slap a fan in there. Also, what happens if you want to power cycle a camera? Well, you could go find the cable and physically unplug it, or you could just reboot the whole switch, but hey, you already have a GUI for VLAN config, why not slap the ability to turn a port on and off in there too!
The same goes for a home network, maybe you have a few cheap smart lights that have a questionable level of security… they’re fun though! So instead of risking your whole network, slap them in a dedicated VLAN and now some sweaty neckbeard doesn’t get to know what Christmas present you bought for your one favorite coworker.
These are just a few examples of the top of my head. There’s plenty of other reasons for a GUI and fans.
More like the bouncer. It communicates with the outside world, ensures the correct device inside your network talks to its intended outside network (NAT), and several other things that I have forgotten.
Certainly not an expert here but the GUI "being there" means you can configure something about the traffic flowing through, maybe VLANs or QoS. That also might be why some switches have fans. Deciding what packet has priority or is allowed is a bit more computationally complex (read: heat generating) than just pushing a packet to the right address.
You might want a VLAN if you have a server connected to the same switch as your PC, but they shouldn't "see" each other. If you didn't have a VLAN there, your router or firewall can't manage anything about the connection. Say you have a website and database on your server and only the website should be accessible by your computer, you'd be able to configure that with the firewall.
Switches can have many different purposes, and can act as a router or not. This series of videos covers the OSI model, and provides some information on how many layers of the OSI model an individual switch can capture.