Smart Switch How To Series

[ymboc]

Re: Mirroring to Sniff

The last time I used port mirroring to mirror traffic to a network monitoring / intrusion detecting machine, it had such a negative impact on the switch's performance that it had to had to be turned off and we had to invest in a network tap instead.

Could you quantify the performance penalty incurred when turning on port mirroring in Part 2 of your article?

Thanks

 

[thiggins]

Could you quantify the performance penalty incurred when turning on port mirroring in Part 2 of your article?

I'll give it a shot.

 

[Unregistered]

I've considered making the jump to Smart switches, and your article with two suggested 8 port switches at a great price point finally convinced me. I've always regarded Cisco / Linksys as a more reliable product manufacturer than Netgear, though the reviews I'm finding for the two models you are testing suggest the opposite. Does the Cisco SLM2008 really have such a high failure rate over time?

 

[Mr. Chenevert]

Could you spend some time explaining port trunking?

I have a need to bridge two switches together, and would like to use more than one port to connect the two... as the bridge is the current bottleneck of the network.

 

[thiggins]

I may touch on it in part 3. Not much to it, however. Just need two switches that support LAG (link aggregation groups), set a LAG up on both switches and connect the ports. 802.3ad is usually the way to go.

 

[wpns]

DHCP Server?

In your article you mentioned that you won't get separate subnets, as your DHCP server will only hand out addresses from a single subnet.

If devices are not on the same VLAN as the DHCP server, will they even get an IP address?

I've got some Linksys SRW and SLM switches in a network, and I'd like to implement VLANs properly, but I'm stuck on how to allow only the appropriate communications between VLANs. [I can have my phones only talk to my PBX, but then my PBX can't get to the Internet, for instance.] I'm currently using external routers to connect the VLANs together, but that takes up extra ports, and there has to be a better way (doesn't there?).

I'm also less than impressed by MAC address filtering, all someone has to do is determine the MAC address of the authorized device and clone it into their laptop, and they are in.

There's a rare failure mode of the SRW switches that resets them to factory defaults, which means suddenly everything's on the same VLAN, and everyone can see everything.

 

[Unregistered]

I have a netgear "dumb" switch gs105. I need more ports, so I've been thinking to go to an 8 port. I'm now considering going to the gs108t because of this article, but I'm curious if it'll fix my biggest problem with my gs105 - connecting at 100/full instead of gigabit.

I've got two computers plugged directly to the switch using 10 and 7 foot cat6 cables - these tend to auto-negotiate to 100/full instead of gigabit which is REALLY annoying. Would you think that the "Smart" switches would fix this - can it be set to force gigabit? The article sais "The Port Speed control can be set to 100M, 10M, Auto and Disable." which tends to make me think that it cannot be forced to gigabit, but do you think this switch would do better than my gs105, or should I be looking somewhere else to fix this issue?

Thanks,
Joel

 

[thiggins]

You're right there is no setting to force a gigabit connection in the GS108T.
Have you tried upgrading the NIC drivers? What kind of NIC(s) do you have the problem with?

 

[CypherBit]

Slm2008

I have a SLM2008. Could you please provide a short reply how I can have one port on my switch configured/reserved for port mirorring and another which would probably belong to a different VLAN so it only gets internet but is unable to touch any other machine on my network (I'd use that one when I get computers that need to be cleaned of malware).

Excellent series!

 

[Mr. Chenevert]

Just wanted to pass along some Kudo's. Articles such as this are the primary reason I visit this site as often as I do.

Keep up the good work.

 

[thiggins]

Just wanted to pass along some Kudo's. Articles such as this are the primary reason I visit this site as often as I do.

Keep up the good work.

Thanks for the thanks!

 

[habskilla]

Quick question about bandwidth limiting.

I have a 70/30 Mb/s internet connection. I set port 2 speed to 10M for incoming and outgoing. I attach user A to that port. User A goes to upload a video to youtube which should only upload a max rate of 10M because the port speed will limit the connection to 10M. I get that. What I don't get is User A then goes to Microsoft(Microsoft can max my 70 Mb/s download) and starts downloading a 100M file. This is the part I don't understand. The file starts streaming to User A. Since I have a 70 Mb/s download does that mean Microsoft sends it my router at 70 Mb/s then when it hits the switch the packets get dropped? So my internet is maxed but User A only sees a 10M download?

 

[thiggins]

The bandwidth limit you set is for all traffic. Think of it as converting the port from its full speed rating to whatever you set. No matter what the speed of the site or Internet connection, the port will deliver only the programmed bandwidth.

 

[habskilla]

Great, so if I looked at the router I would only see 10M up and down from User A.

Sweet, thanks

 

[DiscoveryCanada]

I picked up a GS108T with the assumption that I could use one of the managed services inside to prioritize traffic between two routers connected to 1 modem. This is a small office scenario where two separate business share 1 modem but use 2 different off the shelf routers to communicate with the internet (via a regular 5 port switch in between the modem and routers). Is there a simple way of implementing a traffic priority scheme with the GS108T working in between the modem and 2 routers where traffic from Router A is given ultimate priority over Router B? I can implement QoS schemes on the network I can control but I can't stop the other office from being crazy into BitTorrent or streaming video.