Mailing List
Mailing List
Sign Up Here
Like, follow & share: visit DrayTek UK's Facebook page visit DrayTek UK's Twitter page visit DrayTek UK's Linkedin page
VigorSwitch Series


The VigorSwitch series of Ethernet switches provide a plethora of advanced features to improve efficiency and security of your network. The glossary below gives a brief explanation of some of the more commonly used features and how you might be able to use them on your own network if you're not already. Please refer to the product specification for individual capabilites or specifications of each product.


Switch Features Glossary

SFP Ports

Most of your desktop PCs and other wired devices will use the familiar 8-pin RJ-45 connector. An SFP socket is an alternative method of connectivity; it allows you to connect an SFP module which can provide many different types of interface, for example a fibre connection.

Fibre is particularly useful, for example, if you need to connect to another switch or network which is beyond the length limit of wired Ethernet (officially 100 Meters) or where fibre's greater immunity to interference is preferable.


IEEE 802.3af

Whilst a desktop PC will need mains power, smaller devices can receive their power over the actual Ethernet cable using a system called PoE (Power over Ethernet). PoE does away with the need for local power saving on clutter - ideal for IP phones but also useful if mains power is not easily accessible for the device such as with wireless access points and IP cameras (CCTV) which may be mounted on a ceiling or wall. PoE also gives the ability to remotely power down or reboot a device by switching PoE power off/on, saving a trip up a ladder.

A PoE switch sends the power down the existing wires using the 802.3af or 802.3at protocols. These ensure that the PoE does not interfere with the full speed of the Ethernet data and also ensure that the switch will only send power to a PoE-enabled device.

The original IEEE 802.3af PoE standard specifies up to 15.4 Watts per port.


IEEE 802.3at

Powering higher power devices such as IP cameras can require more power than the original PoE standard provides, the IEEE 802.3at PoE+ standard increases the available power to 30 Watts over normal CAT5 network cable.

Link Aggregation

IEEE 802.3ad

Linking one network switch to another can require a faster link between the two to avoid the link becoming a bottleneck of throughput between the two switches however simply connecting multiple network cables between switches would typically cause a network loop and would not increase throughput.

With 1000Mbps Gigabit networks now common instead of 100Mbps Fast Ethernet networks, linking two Gigabit network switches or a busy network server to the network can require moving to costly 10Gbps uplinks between switches.

Link Aggregation (IEEE 802.3ad) can increase throughput between Gigabit networking equipment by sharing multiple LAN ports between two switches / devices that support the feature, with a Link Aggregation Group (LAG). This creates a transparent and virtual faster link between group of ports designated to link the switches, providing the aggregate bandwidth of the ports (e.g. 4Gbps over 4 ports) and link resilience if one of the links should fail.


IEEE 802.1q

A Virtual LAN ('VLAN') is a method of segmenting different categories of network traffic according to their location, function or security clearance.  This can provide increased security and network performance. There are two main types of VLAN - port based and tag based. 

Port based VLANs direct specific traffic types to physical ports. As a simple example, VLAN 1 might direct its data to Ethernet ports 1-4 on your switch, and VLAN 2 is allocated to ports 5-8. These two VLANs are physically isolated so traffic cannot pass between them - useful if, for example, two separate companies are sharing an Internet connection. 

Tag based VLANs, on the other hand use a method of marking each ethernet frame with a tag to categorise the data type.  Those tags can then be used, for example, to separate the traffic at an onward switch to direct it to one network segment or another or to a specific Wireless LAN.  You can learn more about VLANs here.


IEEE 802.1p

Quality of Service Assurance (QoS) can be applied to your network traffic to categorise different priorities. For example, VoIP (voice) traffic would normally be considered high priority data because it would easily be affected by delay or loss, whereas downloading a file or email is less time critical so giving it lower priority would be acceptable.  All data is still transmitted in real time but the ratio of high priority to low priority is adjusted by your controller (whatever is managing the QoS).  If, for example, you had three PCs, each wanting to transmit 3Gb of data but those PCs were considered to be of different priorities,  the data might be transmitted in the ratio of 3:2:1, so the highest priority PC will be able to send its data 3 times as quickly - each onward packet will contain three times as much data from PC No.1 as it does of PC No.2.


An Access Control List (ACL) is used to control how traffic is forwarded through a network switch. When a packet is received from a client PC, the switch's processor can check the packet's header information and block or allow the packet based on a number of different attributes, such as TCP, UDP or ICMP (ping) and both the Source and Destination MAC and IP addresses.

This can complement the Router's Firewall functionality, where the Router's firewall would be unable to block certain types of LAN traffic, such as communication between devices within the same subnet, that would not contact the Router but would need to pass through the switch.

Port Authentication

IEEE 802.1x

802.1x is security feature which limits the connection of devices to your network.  When a device is connected to your LAN (wired or wireless), with 802.1x in force, the network will challenge that device to authenticate itself with a security certificate. If the device does not, it will not be able to connect to the network even though it can physically connect (no data will be passed).  The certificate is installed onto the device (PC, tablet, phone etc.) just once and cannot be transferred to other devices. You can read more about 802.1x here.
Storm Protection

When a network is misconfigured, which results in network equipment forwarding network broadcasts to each other, this is referred to as a "network loop". It will usually result in the network becoming unusable because broadcasts continue until there is no bandwidth remaining for normal traffic.

For example a network loop could occur when an Access Point that connects wirelessly over WDS is linked to the network with a cable, any broadcast packets received from client devices for network discovery (ARP) would be forwarded from the Access Point (which is a network switch in itself) over the wireless link, this goes through the network to the switch that the AP is connected to. The AP would see this as a new broadcast packet, forward it out over the wireless link and this will continue ad nauseum until the network is no longer usable.

Storm Protection resolves this issue in a sense by shutting down the offending port or dropping the broadcast packets from that port when the amount of packets reach a threshold, specified usually in Kbps data rate or Packets Per Second.

IGMP Snooping

Internet Group Management Protocol is an element of Multicasting, which is used for services like IP TV. Multicast sends one packet to many devices without sending it to every device (which is a broadcast). It does this by using Multicast Groups, which devices can then join to receive the Multicast packets.

If the switch is unaware of Multicast traffic on the network, it treats it like Broadcast traffic, which is sent to all ports on the switch or within that VLAN. With IGMP Snooping enabled, the switch is aware of which ports are members of which Multicast Group and sents received Multicast packets only to the ports that are members of that group. It does this by observing the Multicast Group Join and Leave information that client devices send through the switch.

Spanning Tree

IEEE 802.1D

In networks with multiple network switches, the switches would be connected with a single link between each switch. Using multiple links or multiple routes between switches will typically result in a "network loop", which can be protected against using Storm Protection but STP builds upon this to allow intelligent handling of redundant links.

With Spanning Tree, multiple switches can be connected to each other, giving redundant links between them, with the switches each automatically learning the network configuration to determine how best to route to each other. These switches keep any redundant links inactive, in favour of using "lowest cost" links that take the fewest hops and operate at the highest speed.

If the active links between switches should fail, or if a switch is removed from the network, the switches each determine how best to route using the remaining links and switch to using those links instead. When the primary link is restored, the switches will resume using that link instead.

Rapid Spanning Tree

IEEE 802.1s

This builds upon Spanning Tree to improve the switchover time from active link to redundant link from around 30-60 seconds to less than 5 seconds.

Multiple Spanning Tree

IEEE 802.1w

The Spanning Tree Protocol creates a single valid path for traffic to go through. This means that in a scenario where there are three switches; Switch A, Switch B and Switch C, with A linking to B, B linking to C and C linking to A, Spanning Tree Protocol would disable one of these links to avoid a loop. This does however mean that whichever switch connects the two end switches will be passing the most traffic.

Multiple Spanning Tree builds upon this by having multiple paths based on the VLAN tags that are configured on the switch, for instance VLAN 10 would go through A to B to C, while VLAN 20 would go through A to C to B. This would spread traffic load across the available links and make better use of available links.

Jumbo Frames

A typical packet on an Ethernet network would be 1500 bytes in length, the majority of this is the actual data, however some of the packet is consumed by the packet's header. This contains the source and destination of the packet along with other information to define what the packet contains, such as IP addressing, or TCP packet information to define it as HTTP packet data.

This will typically be around 40-60 bytes per packet that has to be added on, in addition to the packet data. This is useful for the Internet, but for LAN traffic, where the risk of packets being dropped is low, the overheads of each packet can reduce the possible throughput on the network.

Jumbo Frames can improve the possible throughput by increasing the maximum packet size, which results in more data being sent in a single packet, with the same header information as a smaller packet.