[SOLVED] Is there ANY way for me to apply forms of port security to unmanaged switches?/ANSWERED

Jan 26, 2022
4
0
10
So I am a college student and for a project, I am very interested in whether or not there is ANY way for me to apply port security settings to the ports of an unmanaged switch. I realized that unmanaged switches do not have any sort of interface in which to naturally do this, unlike managed switches. However, my wish is to try to find a way for those using unmanaged switches (home networks, small labs, small businesses) to avoid having to pay for more expensive gear or redo everything. Having those potentially open doors into someone's network just seems like too big of an issue to not address it.

I am familiar with Linux distros and am currently getting familiar with Python. Basically, my idea was to find a way to develop an application/ interface or script in which I could protect the ports on the cheaper switches, kind of like how you can with managed switches. Things like shutting down specific ports, applying restraints, or setting limitations.

I have a cheap Netgear switch in which I have been messing with. I don't know the inner workings of them or how managed or unmanaged switches physically differ, and if that's why unmanaged switches don't have any real forms of security

I have tried searching online for anything like this that already exists, and I don't think I found anything, which also kind of worries me.

I would appreciate any information or knowledge that anyone has to offer on this idea. If it isn't possible, please feel free to let me know. I will just have to come up with a new idea. If an application or script like this is possible, I would love any info or resources that you might be able to share.

Thank you for your time.
 
Last edited:
Solution
The reason unmanged switches are cheap and extremely fast is everything is done with asic chips rather than a general purpose cpu. This also means it only does the function built into the hardware and nothing else.
It doesn't really matter what linux or other software you use. You can not change or affect the functionality of the switch after it is manufactured.

Now of course you could use the PC as "switch" with couple multiport ethernet cards and than you could use the software in the pc to filter the traffic. It will likely never compare to a hardware based solution for performance.

Part of the reason a manged switch that can filter traffic is so expensive is they have built this filter logic into the hardware. It is...

kanewolf

Titan
Moderator
So I am a college student and for a project, I am very interested in whether or not there is ANY way for me to apply port security settings to the ports of an unmanaged switch. I realized that unmanaged switches do not have any sort of interface in which to naturally do this, unlike managed switches. However, my wish is to try to find a way for those using unmanaged switches (home networks, small labs, small businesses) to avoid having to pay for more expensive gear or redo everything. Having those potentially open doors into someone's network just seems like too big of an issue to not address it.

I am familiar with Linux distros and am currently getting familiar with Python. Basically, my idea was to find a way to develop an application/ interface or script in which I could protect the ports on the cheaper switches, kind of like how you can with managed switches. Things like shutting down specific ports, applying restraints, or setting limitations.

I have a cheap Netgear switch in which I have been messing with. I don't know the inner workings of them or how managed or unmanaged switches physically differ, and if that's why unmanaged switches don't have any real forms of security

I have tried searching online for anything like this that already exists, and I don't think I found anything, which also kind of worries me.

I would appreciate any information or knowledge that anyone has to offer on this idea. If it isn't possible, please feel free to let me know. I will just have to come up with a new idea. If an application or script like this is possible, I would love any info or resources that you might be able to share.

Thank you for your time.
Generally, no. There is no required hardware, CPU, RAM, to implement what you want to do. The network traffic stays within a switch chip.
 
The reason unmanged switches are cheap and extremely fast is everything is done with asic chips rather than a general purpose cpu. This also means it only does the function built into the hardware and nothing else.
It doesn't really matter what linux or other software you use. You can not change or affect the functionality of the switch after it is manufactured.

Now of course you could use the PC as "switch" with couple multiport ethernet cards and than you could use the software in the pc to filter the traffic. It will likely never compare to a hardware based solution for performance.

Part of the reason a manged switch that can filter traffic is so expensive is they have built this filter logic into the hardware. It is still very limited compared to say a firewill but some managed switches can do basic packet filtering in hardware.
 
Solution
Jan 26, 2022
4
0
10
Generally, no. There is no required hardware, CPU, RAM, to implement what you want to do. The network traffic stays within a switch chip.

Thanks for the info.
As far as smart/ managed switches then, can you tell me if they (some) have a sort of GUI or web base portal in which you make those changes?
 
Last edited:
Jan 26, 2022
4
0
10
The reason unmanged switches are cheap and extremely fast is everything is done with asic chips rather than a general purpose cpu. This also means it only does the function built into the hardware and nothing else.
It doesn't really matter what linux or other software you use. You can not change or affect the functionality of the switch after it is manufactured.

Now of course you could use the PC as "switch" with couple multiport ethernet cards and than you could use the software in the pc to filter the traffic. It will likely never compare to a hardware based solution for performance.

Part of the reason a manged switch that can filter traffic is so expensive is they have built this filter logic into the hardware. It is still very limited compared to say a firewill but some managed switches can do basic packet filtering in hardware.

i see. Thanks for the info. Thats what I was afraid of.
As far as smart/ managed switches then, can you tell me if they (some) have a sort of GUI or web base portal in which you make those changes?
 
It is very different for each brand. You need a fairly advanced switch though the low end "smart" switches just do stuff like vlans.
There is not a lot of need for this in a "consumer" network since it is really only to filter LAN-LAN traffic. A lot of times this filtering is done with a firewall or router.

Enterprise level managed switches from say HP or Cisco tend to be configured via command line but many have a GUI but it is not really used by professionals. Most place that have lots of switches configure them via some central server that uses SNMP to configure them.