Ethernet Switching

Ethernet switches receive data from multiple input ports and send it to the specific output port that takes data to its intended destination on the network. This is how they provide connectivity by communicating between devices in a local area network (LAN) or wireless LAN.  There are two types of Ethernet switches in a network: managed and unmanaged.

An Ethernet switch is either managed or unmanaged based on the size and complexity of the network it supports.

Unmanaged switches are used primarily in home networks and small businesses because they are simple to use with no configuration required. Unmanaged switches connect devices on a LAN to each other such as connecting computers to a printer. While unmanaged switches are inexpensive, easy to install and operate, they have limited network management, security, and performance capabilities.

For networks supporting large organizations, managed switches are used to provide high levels of security, precise control, and network management. They can be customized in large networks to enhance functionality and can scale with dynamic networks via simple network management protocol (SNMP).

Managed switches can be used to control network traffic, enhance performance and security, and allow remote management and monitoring. However, they require technical expertise to configure and manage, and are more expensive than unmanaged switches.

Managed switches include both Ethernet switches and Power over Ethernet (PoE) switches as follows:

Ethernet switches, also known as network or data switches connect points on a LAN.  They help reduce network congestion or bottlenecks by distributing a data packet only to its intended device.

PoE switches integrate data and power on the same Ethernet cable allowing PoE-enabled devices to receive data in parallel to power. This flexibility simplifies the electrical cabling process for IT.  

Historically, deploying and managing Ethernet networks has presented challenges to IT administrators. While wireless LANs adopted a controller model to simplify building, deploying, and running wireless networks, Ethernet networks often required some basic configuration for management.

Modern management interfaces allow Ethernet switches to be managed standalone or centrally as part of an integrated network connectivity and security platform. Zero-touch discovery and provisioning simplifies management of switches whether on-premises or cloud infrastructure, or operating as hardware devices or as virtual machines. Zero-touch configuration enables rapid deployment of thousands of switches without complex staging.

Next-generation firewalls can also manage Ethernet switches as part of an integrated network security fabric.  

Managed switches can be categorized as OSI Layer 2 (data) Ethernet switches or OSI Layer 3 (network) Ethernet switches. Layer 2 Ethernet switches forward network traffic (data packets) quickly and efficiently to reduce network congestion but have limited control over traffic and no support for OSI Layer 3 protocols.

Layer 3 Ethernet switches support Layer 3 protocols and deliver advanced routing capabilities, network segmentation, and increased performance and scalability. However, Layer 3 switches require technical expertise to configure and manage and are more expensive than Layer 2 switches. 

Wi-Fi 7 is a new standard networking protocol that provides a leap forward in wireless connectivity, offering several times more throughput for bandwidth-hungry applications and devices.

Under the hood, Wi-Fi 7 can quadruple the performance capabilities of Wi-Fi 6, providing 4K quadrature amplitude modulation (QAM) vs the 1K of the previous network protocol. QAM is a technique that combines two amplitude modulation (AM) signals into a single channel, effectively doubling available bandwidth. Wi-Fi 7 also supports 320 MHz channels, allowing significantly more throughput than Wi-Fi 6.

While Wi-Fi 6 also supports all three Wi-Fi bands (2.4 GHz, 5 GHz, and 6 GHz), a client can be associated with a single band only. The new, multi-link operation supported in Wi-Fi 7 allows a client to be associated with, and pass traffic on multiple channels allowing a client to use, for example, one band for uplink and another for downlink. It also enables things like videoconferencing systems to keep low power association on 2.4 GHz but leverage other bands for high-data throughput.

Large organizations need high-performance Ethernet switches designed to intelligently organize AP traffic and scale throughput to prevent bottlenecks that degrade network performance and frustrate users. Their legacy switching infrastructure is struggling to keep up with these new demands.

For example, the standard access port speed of 1 gigabit per second is giving way to faster capabilities, such as multigigabit or even 10 gigabit Ethernet to support devices at the access layer edge. For this reason, enterprises are escalating the deployment of next-generation Ethernet switches and wireless APs capable of delivering 5G speeds at scale.

Anticipating this need, Fortinet announced a new Wi-Fi 7–enabled access point, the FortiAP 441K, and the new FortiSwitch T1024 model that provides 10 Gigabit Ethernet access and 90W PoE to support Wi-Fi 7 bandwidth requirements at the edge. These new devices deliver the multi-gigabit wireless switching performance enterprises require along with integrated secure networking and centralized management capabilities.

Digital acceleration requires Ethernet networks to do more and faster than ever before. However, it’s important to remember that what makes a good Ethernet LAN solution is more than speeds and feeds. A next-generation Ethernet LAN should be secure, capable of providing power to devices, offer automated onboarding options, have QoS capabilities, be easy to manage and monitor, and have no surprise costs.

The following considerations will help you select an Ethernet LAN that meets your current and future secure networking needs.

Ethernet switches have a long refresh cycle—upwards of seven years—and speed demands are constantly increasing. As the number of wireless devices deployed inside your organization continues to grow—from laptops and smartphones to printers and other connected IoT devices—the pressure is on to address the escalating demand for secure, high-speed access to your network.

The only way to ensure network availability to all these resources while optimizing the user experience is to upgrade the supporting Ethernet LAN infrastructure to support a growing network. Look ahead to make sure you choose the switches that will support the features you need now and scale with the future.

Ethernet can be too easy to access with the Ethernet RJ45 ports that are ubiquitous in office cubicles and conference rooms. Due to the challenges of implementing authentication technologies, such as 802.1x in Ethernet LANs, these ports may provide immediate access to the network without user or device verification. They allow anyone in the office to plug in to your network.

A key consideration for any Ethernet LAN should be how easy it is to implement security. This includes virtual LANs (VLANs) for segmenting traffic, access control lists (ACLs) for restricting access to specific network resources, port security for preventing unauthorized devices from connecting, and monitoring capabilities to detect and respond to suspicious activity.

Today’s Ethernet switches are not only capable of transmitting data, but they are also able to power the devices that they connect. PoE switches can power devices such as IP phones and IoT devices directly from the switch, eliminating the need for additional power sources. Any next-generation Ethernet LAN should employ the latest 802.3bt PoE++ technology, which can deliver enough power to charge your workstations as well as next-generation wireless APs.

As the number of connected devices continues to increase, it becomes more difficult to identify and securely onboard these devices to your network. Key considerations for your Ethernet LAN investment are whether this process can be automated and whether zero-trust principles can be implemented.

Even with increased bandwidth, as Ethernet LANs are asked to do more, how traffic traverses the network of switches needs prioritization, regardless of the architecture. Quality of service (QoS) allows you to ensure that important traffic is given priority over less important traffic. This should be part of any Ethernet LAN solution.

Ethernet switches should be easy to configure and manage, so it’s important to check the switch’s management features before purchasing. Historically, Ethernet switches have required some staging during implementation to enable them to join a network. Zero-touch provisioning capabilities are a must for any next-generation Ethernet LAN.

A management platform that integrates Wi-Fi, switching, firewall, and network access control (NAC) into secure connectivity can offer insight and access into the Ethernet LAN, wireless LAN (WLAN), and security, providing a holistic view of your network.

Artificial intelligence (AI) and machine learning (ML) are changing the way network administrators view and do their jobs. AI for IT operations (AIOPs) enables IT teams to be more proactive by predicting issues and automating their resolutions before they become a problem for clients and users. However, with all the potential of AIOPs, it can be only as good as the information it receives.

An Ethernet LAN should be part of an AIOPs solution that includes key LAN, WLAN, WAN, and secure networking functions.

While the technology driving Ethernet switches is standard, the total cost of ownership (TCO) can vary widely. Often, the hardware in new pricing models is but a small part of the long-term cost of your Ethernet LAN. Extra licensing for many standard features has become common. Close attention should be paid to the additional licenses and fees required to enable the basic features you require.

The Fortinet Secure Networking approach includes PoE switches and wireless APs as a native part of the overall security architecture. Our differentiated wired and wireless LAN solutions converge networking and security under FortiOS, a single operating system and cloud management platform. This enables the Ethernet LAN to become an extension of the security infrastructure through FortiSwitch and FortiLink.

Simple to deploy and manage, FortiSwitch offers many features, including NAC, without additional licensing. Our broad portfolio of secure and scalable Ethernet switches provides secure connectivity to the campus, SD-Branch, or data center.

The FortiAP 441K is a Wi-Fi 7–enabled access point for secure wireless LANs and the new FortiSwitch T1024 model provides 10 Gigabit Ethernet access and 90W PoE to support Wi-Fi 7 bandwidth requirements at the edge. The FortiAP 441K delivers the following benefits over Wi-Fi 6:

• Up to 2x faster connection speeds for the same configuration
• Faster data transfer critical for bandwidth-heavy enterprise applications
• Lower latency by using 320MHz channels, the broader spectrum improves data speeds
• Better load balancing and reduced interference with flexible channel utilization for reliable connections

As a part of the Fortinet Secure Networking approach, FortiSwitch and FortiAP seamlessly integrate with AIOps and FortiGuard AI-Powered Security Services for unmatched security, visibility, and control.