This week’s topic is about adding a network switch to your network. As we mentioned before, the number of ports on your router is limited, and adding a network switch can provide additional wired ports for your network. We’ll also cover best practices and security concerns for wired networks and network switches.
Let’s discuss the advantages of connecting devices on your network through wiring. While some devices offer the option of a wireless connection, opting for wired connections can be a wise investment in the long run. This may involve running network wires through your office space, which can prove beneficial. Wired connections are superior to wireless connections for several reasons. They offer faster speeds, providing 1Gb of bandwidth to each device. In contrast, most Wireless Access Points share the same bandwidth among ALL wireless users. Devices that require high bandwidth, such as gaming consoles, streaming devices, and desktop computers, can greatly benefit from a wired connection. Additionally, wired connections can provide power through PoE for desk phones and cameras, eliminating the need for electrical outlets and AC power bricks. By maximizing wired connections, you can ease traffic on the wireless network, thereby boosting its coverage and bandwidth.
Depending on the size of your building, you may need to spread out where you place your network switches. You will need to place a network switch typically within 80 meters of any wired devices. In a larger building, this may mean allocating several closets on different floors for network switches, and running fiber optic cables between them.
When looking for a network switch, there are 3 main factors that you should look at. First, you should determine how many ports you need to add to your network. Switches are available with between 5 and 48 ports and can be uplinked together to offer an unlimited number of ports.
Another factor before you decide on a network switch is PoE support. Wireless access points, video cameras, and desk phones are often powered from the network switch via PoE, instead of having AC power adapters at each device. There are several types of POE, and each network switch has a total wattage rating. You will want to plan out all of your devices ahead of time and ensure you have the correct type of PoE switch, with sufficient wattage to power all of your devices at the same time.
The total throughput of your network switch is the final factor to consider, and this is measured in Total Non-Blocking Throughput. This measurement should exceed the total combined bandwidth of all of your ports, to not be a bottleneck on your network. For example, if you have an 8-Port, 1Gb Switch, you would want at least 8Gb of Non-Blocking Throughput.
Let’s take a look at several network switches and compare those features:
| Model | EdgeSwitch 8 PoE | TP-Link TL-SG108PE | EdgeSwitch ES-24 | Enterprise 24 POE |
| Price($) | 199 | 69 | 799 | 799 |
| Ports | 8 GbE PoE RJ45 | 8 GbE RJ45 (4 PoE+ Ports) | 24 GbE PoE+ | 12 2.5 GbE PoE+ & 12 GbE; PoE+ |
| 2 1Gb SFP ports | 2 1Gb SFP ports | 2 10Gb SFP+ | ||
| PoE Power Availability | 150W | 64W | 250W | 400W |
| Total Throughput (Non-Blocking): | 10 Gbps | 16 Gbps | 26 Gbps | 62 Gbps |
To ensure the security of your wireless network, the NSA suggests creating multiple WiFi networks for IoT devices and guests(NSA BP#2 Implement wireless network segmentation). For wired networks, it’s recommended to separate them into different VLAN‘s, though this can be complex. For optimal safety, it’s best to limit access to your wired network and only connect critical devices. Guests and IoT devices should not be granted access to the wired network.
Your wired network is safeguarded against intruders in multiple ways. Firstly, it is shielded from the internet by your router’s firewall. Secondly, the security of your wireless network will also protect your wired network. However, it is crucial to secure physical access to your network switch. Network switch closets should be locked and secured, and ports that are activated through your building should not be in public areas to prevent a physical attack. Additionally, it is recommended to apply NSA BP#2 “Secure routing devices and keep them up-to-date” to your network switches and regularly update them to patch any security vulnerabilities.
We will talk more next week about Wireless network segmentation when we talk about wireless networks next week.