Ethernet Switch -- Managed versus Unmanaged

Hi,

I'm designing an Ethernet Switch and one of the requirements is that the IP address of the device be fixed to a port, i.e port 1 would always have IP XYZ, can this be done with an unmanaged ethernet switch?

Thanks for the help.

GC

Reply to
gigiwk
Loading thread data ...

If you are designing the switch, you can put in whatever restriction you want. That point would seem obvious enough that I feel I must be misunderstanding the question.

Layer 2 ethernet switches don't -need- IP addresses at all. There have, historically, been quite a few layer 2 switches that had no controls, or were controlled via a serial port.

For network management purposes, it is -convenient- to be able to ping a layer 2 switch as part of probing network health, but it isn't a necessity. There are a lot of other -convenient- controls that one can also provide; people have tried a large number of such controls and the core set of what is "really nice to have" on a layer 2 switch is a set of facilities commonly known as a "managed switch".

It is by no means unknown for a layer 2 switch to offer some level of configuration control only through a dedicated access method, such as restricted to a certain ethernet port. On the whole, though, most of the time these days there just isn't any point on putting in such a restriction. The modern version of the restriction is perhaps to allow a VLAN to be designated as the "management VLAN", and then to allow whatever convenient ports to be part of that particular VLAN.

A layer 2 switch does not need to send its IP address out for any layer 2 function such as Spanning Tree.

Reply to
Walter Roberson

if the switch is unmanaged, there is no reason to be able to contact the switch itself. that suggests it is not possible to assign an IP to any port on the switch.

similarly, if you meant to ask that only a system with IP XYZ could be connected to a specific port, an unmanaged switch would not have any means onboard to verify/configure such a thing.

rick jones

Reply to
Rick Jones

Hi,

basically a switch works only with the hardware addresses of the attached devices. A switch is a high speed device. It is meant to connect a number of ports delivering full speed to each single one of them, It's internal operation speed is at least equal to the sum of the maximum throughput of all ports.

Since it is working just with hardware addresses it does not need an IP address for its operation. If you want to control its operation counting packets, bytes, errors an so on you will need a function collecting these information on the switch.

Since this idea was developed quite a while ago many requirements have been expressed by the industry getting to the point of realization that without this knowledge a network is uncontrollable.

Every company launching switches to the market does secret manipulations to frames and data passing through the switch to make it as fast as possible. They build their very own switch. But all vendors will have to be able to function together in the same network. No problem, at the input and at the output ports the have to stick to the standard 802.3d.

But how would I control this mixture of switches for statistical reasons. Counting bits and bytes and frames and packets is not that easy in a world without a standard solution for this problem?

The first idea was to develop a standard databank being held on either switch. The firmware would have its device describtion tables located at a neat place like port enabled or disabled, full duplex or half duplex an so on. Besides these data the firmware could count packets, errors, frames ... and increase the counters in the databank.

This databank is called MIB. It stands for Management Information Base. It is a standard and is written with a special compiler called ASN.1 (Abstract Syntax Notation.One). The compiler is very small and has a very view commands. The structure is fixed in an RFC. Every vendor supporting this feature would have to apply to the requirements and put system information for example at the same location like the competing companies.

To gain this information you had to go to the switch and attach a pc with appropriate software to the RS232 port on the switch to be able to read the MIB. This is rather inconvenient. Much more convenient would be to stay at the office and have a network connection to the switch.

We would need an IP address on the switch to be able to connect to any switch in any network To communicate with this switch we would need some functions of the layer 3 IP stack on the switch. This would make it possible to send a frame to the switch. Who should do the work getting the information from the MIB? Who would check the authentication of this frame? It would not be a good idea to let anyone take a look at your MIB. For this purpose a special peace of software was developed called SNMP (Simple Network Management Protocol) It is simple because it uses UDP, means you will get no acknowledge for any frame.

We could continue now into the historical development of versions of SNMP v1, v2c and v3.

The true and only reason to give an IP address to a switch is to gain control over the device. SNMP can read and write information for you from and to the MIB. A so called trap frame can be sent by the device unsolicited if important events happen causing an alarm.

I have tried to keep it as short as possible and still keep it understandable.

If you have further questions feel free to contact me under snipped-for-privacy@freenet.de

HG.Schlagregen

Germany

Von: Betreff: Ethernet Switch -- Managed versus Unmanaged Datum: Donnerstag, 25. Januar 2007 21:33

Hi,

I'm designing an Ethernet Switch and one of the requirements is that the IP address of the device be fixed to a port, i.e port 1 would always have IP XYZ, can this be done with an unmanaged ethernet switch?

Thanks for the help.

GC

Reply to
Heinz-Gerd Schlagregen

As well as I remember, the OP was asking for IP address filtering. There are some security situations where that might be useful.

One could add the simplest IP address filtering onto unmanaged switch logic. There would have to be some way to get the addresses in, but that could be done with much less than a traditional manages switch.

There might be some restrictions on IP packets, especially no fragmentation before the appropriate IP address (which there shouldn't be anyway, but as I understand it, that is a favorite way to get around some security systems.)

I don't know that it is likely that anyone will build one, but it is possible. One could even put in permanent MAC addresses in for filtering purposes.

-- glen

Reply to
glen herrmannsfeldt

No

By defination an unmanged switch wont do that

Reply to
developers

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.