Sunday, December 4, 2011

Linksys Wireless-G Ethernet Bridge with 5-port switch reviewed

| Wireless Driver & Software

Fun with VLANs

Though the GS5′s bridging features are nice, I was much more intrigued by its VLAN and QoS (Quality of Service) features, some of which are a first for a product at this price point. The nice thing about these features – normally found in “smart” or “managed” switches – are that they can be used with or without the wireless part of the GS5.

It might seem silly to buy a wireless bridge and not use the wireless part, but I can think of plenty of cases where you might want to do just that. Note however, that Linksys doesn’t provide a way to shut off the GS5′s radio, although the GS5 provides plenty of ways to keep wireless and wired traffic separate, most notably via its VLAN features.

VLANs (Virtual LAN) originated in enterprise-grade switches for the purpose of separating the logical organization of network segments (the way packets are handled) from their physical configuration (the physical ports and devices users are plugged into) in large networks.

But VLANs also are handy in small networks because they provide a way to keep users’ data separate. Putting users in different VLANs, even in the same physical switch and even in the same subnet, prevents any data flow between VLANs, even broadcast traffic such as ARP, NetBIOS discovery and DHCP requests.

Tip TIP: A complete description of VLANs is beyond the scope of this review. See these Cisco and Learn IT articles for more info.

The GS5 handles both port and 802.1q-based VLANs or can be set to disable VLAN capability entirely. The default is port-based with all ports enabled, so if you never access the VLAN screen, you’ll never see a problem with data flow. Note that when I say port, I mean physical switch port and not service port (as in HTTP Port 80, for example).

802.1q VLANs operate by tagging packets so that they can be identified and handled by other 802.1q-aware devices in the network. You can choose from 802.1q Check and 802.1q Secure modes, with the key difference being that the Secure mode will drop an incoming packet if its VLAN ID isn’t among those programmed into the GS5. These modes are most useful if the GS5 is used with other 802.1q-compliant devices and I won’t go into more detail here.

Linksys WET54GS port-based VLAN screen

Figure 4: VLAN port-based screen
(click on the image for a larger view)

But the port-based VLAN feature is handy even with one GS5. Figure 4 shows the top half of the GS5′s VLAN page with an example of a physical port-based VLAN setup. Each checkbox represents a physical port where data is allowed to exit. (Since data can always enter a port, each port’s same-numbered checkbox is greyed-out, i.e. not changable.)

So that you can’t accidentally VLAN yourself out of being able to access the GS5′s internal management server that lives on (internal) Port 6, Port 1and Port 6 are checked and greyed-out in the VLAN Port table. But note that since the wireless bridge also sits on Port 6, this means that you can’t disable management of the GS5 over its wireless link.

If you examine Figure 4 closely, you’ll see that I put Ports 1 and 5 into one VLAN that allows connection to each other, the GS5′s wireless bridge and its admin server. Ports 2, 3 and 4 are grouped into a separate VLAN where connected devices can access only each other. Note that if you needed more physical ports in either VLAN, you could just uplink regular switches to the appropriate port. Clients then connected to those uplinked switches would become part of the GS5 port’s assigned VLAN.

No comments:

Post a Comment