This is one of the most misunderstood concepts when people start to get into the murky world of networking and computer networks. It’s no real surprise why there is so much confusion as the manufacturers confuse things further as it’s not always 100% clear when looking on certain websites whether a switch is managed or unmanaged. Then there is even more confusion since folks in IT like to just talk about ‘Switches’ as a general topic without being specific about which specific type of switch they are talking about. So hopefully by the end of this blog post you’ll have a good understanding of what the difference is between a Managed Switch and an Unmanaged Switch.
Baseline Physical Architecture
To help with discussions throughout this blog post, let’s look at common variations of a very basic network architecture.
In the above image we have given five basic examples of how the vast majority of Small Office or Home Office networks are set up. We’ve only included everything up to your core router/firewall in this example above to highlight some of the common setups that we see. This helps to pave the way for discussing Managed Switches and Unmanaged Switches as this is where things start to get a little more complex.
What is an Unmanaged Switch – Basic Concept
The basic concept of an unmanaged switch is that it is designed for ease of use to easily extend your network without worrying about networking. I say that in the sense that you can purchase an unmanaged switch and simply plug in the cables and everything magically works.
You can see an example of an unmanaged switch above, this is the Netgear ProSafe GS108 Unmanaged Switch. In this example, this is an 8-Port unmanaged switch. So let’s take a look at what that means for the baseline diagram.
In the above image you can see that all we’ve done here is place an unmanaged switch in between your laptop and your primary router. Simple. No configuration required, all you’ve had to do is to plug the cables in and you’re good to go. This is the beauty of unmanaged switches, they are extremely handy to use when you want to get additional devices connected into a single network. And this is an important point that we’ll come onto next. Granted in the above example, we don’t actually need an unmanaged switch for this to work as you could just plug your laptop directly into the router/firewall, or connect over WiFi. But the reality is that you likely have more than one device here so it can be beneficial to use unmanaged switches depending on the physical layout of your home office or small office to make your networking life as easy as possible.
The example we’ve looked at above is what is commonly referred to a as a Flat Network, meaning that every device that is plugged in is on the same network, meaning that every device can see and talk to every other device. Ok, it’s a little more complex than that as every end device generally has a level of protection built into that too, but you get the point. Ultimately though, what this means is that every device on the network can see the network traffic that is flowing through the network which is a large security risk for complex networks, and should be a serious consideration for any networks both small and large in the modern world we live in.
Take Internet of Things (IoT) devices as an example. The second you plug one of these into your network (or connect it wirelessly), then if that device becomes a target for attack, that single device can flood through your network and at best, ‘only’ snoop on all your internet traffic, and at worst, spread throughout your network and infect all your machines.
There are endless stories coming out daily about these types of attacks happening to businesses of all sizes. If you’re still in the mind set of ‘why would anyone target us?’ then you need to have a strong word with yourself and start taking security seriously. Anyhow, that rant over.
Hopefully you now understand why an unmanaged switch is called an unmanaged switch… because you don’t have to manage anything, it just works.
What is a Managed Switch – Basic Concept
Ok, so let’s compare all of the above with a Managed Switch. As you can probably guess, with managed switches…. You need to manage them, aka. Configure them to work in the way that you want them to. And this is where things get from zero complexity to 100x complexity as there are endless ways you can configure your managed switch depending on your use cases and network design.
Generally speaking managed switches are physically larger in size as can be seen in the image below which is a Ubiquiti UniFi 1 Port PoE Managed Switch.
You can get managed switches that are much smaller and of similar sizes and with varying levels of functionality which can make managed and unmanaged switches physically difficult to see the difference between them.
Most importantly about managed switches is that you now have to administer them. They don’t just work by plugging them in. You need to configure which physical ports on the managed switch are used for what purposes, and this all comes down to how you want your network to be configured.
The core difference between unmanaged switches and managed switches is that unmanaged switches do not receive an IP address that is visible within your firewall/router, whereas managed switches appear in your firewall/router with an IP address as can be seen below;
While the managed switch has an IP address, it doesn’t necessarily mean that you can pop the IP address into your web browser and login to it like you can do with your Router/Firewall. The reason for this is because this is totally dependent on how your managed switch works. Some managed switches, and particularly either older models or higher end enterprise clunky makes/models, you will find that you are presented with a user interface when you access the IP address into the web browser. And it likely looks like something that was built in the 1990s, maybe early 2000s, it certainly won’t look like a modern user interface and the features and functionality you see in there will remain fairly static throughout the lifecycle of the managed switch from purchase to dispose and recycle. You tend to find more modern managed switches have external controller based software that gives you a fully modern and nice user interface to managed your switches and multiple devices on your network, whether you have a single managed switch or hundreds.
Some of the core features and functionality you get with managed switches that you don’t get with unmanaged switches to get you a flavour of the differences;
- VLAN 802.1q Tagging
- Redundancy Features
- Managing Physical Ports for VLANs
- Managed Quality of Service (QoS) – i.e. phone network getting higher priority than backup network
- Monitor and Control Network Traffic
- Traffic Filtering
- Security Policies
- Access Control Lists
To visualise how a managed switch fits into your physical architecture, well, it’s exactly the same as where an unmanaged switch fits into the picture. The core difference being is that you now get into the virtualised layer where you start to configure how to securely segment traffic on your network and how this then maps through to physical ports on your managed switch. Let’s take a look at that in a little more detail below.
The above is a relatively straight forward example for visualising how managed switches fit into a network and how they are configured. You can configure all of the different types of things you want to be specific against physical ports and VLANs which gives you the full control over what you need to do to manage your network effectively.
What you will notice when you start to plug in a managed switch into your network. To do this properly you need to be working with business grade modems and firewall/routers to ensure things just work without issues. You’ll find that even with high end consumer grade hardware, that they just don’t work very well as they are all combo devices that don’t do anything particularly well.
What you will also notice in the image above is how both managed and unmanaged switches can work together. They both serve a different purpose.
Things to Look Out For on Managed Switches and Unmanaged Switches
This is where things get a little more nuanced. Well, more like there are a lot of nuances which aren’t always obvious when looking at different makes/models of both managed and unmanaged switches. Researching IT hardware is an absolute nightmare, I’m not going to sugar coat this. Do significantly more hardware research than you think you need to so that you can minimise the risk of purchasing IT hardware that is not fit for your specific use case. You also need to consider that there is often a difference between what manufacturers list as features from a branding perspective VS the reality of how much they truly support the specific feature. This often isn’t always possible to tell up front either which makes life difficult.
The best advice would be to create a list of features that you want your managed switch to support then you can research and properly assess the various hardware available that fits your specific use case. We’ve already covered off some of the features above that may be a consideration for you. There are other considerations you may want to make including specific network level protocols and/or configurability and propagation across many devices and complex network infrastructures etc. You will also find that some unmanaged switches will pass through network traffic containing tagged VLANs, whereas others will strip off that part of the message as it travels through the unmanaged switch which is the equivalent of posting a letter into your local post box, only for the post box to then remove the address, so by the time the letter goes to the sorting office, they have no idea what to do with the letter so just throw it in the bin. You get the idea.
It’s difficult to provide a full list of things to look out for, but I wanted to call this out as a section to make sure you really think through your requirements and understand what you are looking for. You may also find that some managed switches may or may not support routing capabilities or may or may not support VLAN capabilities, certain managed switches come with Power over Ethernet (PoE) which can support either smaller or larger number of devices/ports, some managed switches will come with licencing implications whereas others are licence free etc. It’s a complex area.
Choosing Between Managed and Unmanaged Switches
Suffice to say that any Small Office or Home Office and above should absolutely be using at least one managed switch, and will naturally be using one or more unmanaged switches deeper in the network to solve the available physical ports problem. In this day and age you cannot afford to be using flat networks to simply connect all your devices together, you need to be doing this in a safe and secure way to protect yourself and your business, regardless of how big or small your business is. After all, even big global brands have ended up with security breaches because someone in the office thought it’d be great to plug in an internet connected coffee machine to the network which allowed unauthorised access to the network causing a security breach. Don’t let this be you!
As can be seen in the diagram in the managed switches section earlier, both managed and unmanaged switches work together but independently serve very important purposes so you need to understand what to user where and why.
Hopefully that gives you a good understanding of the core differences between managed and unmanaged switches and where they fit into a network architecture. There is no right or wrong answer about which one or how many of both you need, this all comes down to the design and implementation of your network depending on your needs.
If in doubt, you need to be speaking to a professional who understands how to design networks to fit your specific business requirements. If in doubt, get in touch.