By Garrett Seeley, MS, CBET
Our previous articles addressed the importance of the OSI model and the use of TCP/IP both in small and large scale subnetting. As a continuation of these thoughts, we will cover the hardware itself. To build a network, technicians use three essential hardware concepts — a switch, an access point and a router.
Each of these are used by Internet subscribers every day. Each provides a valuable concept for networking, and each can be integrated in an all-in-one device, such as a four-port home wireless router. In a hospital, the most used of these components is a switch. It is a layer two device created to replace the layer one hub.
Hubs are a connective device that repeats a signal to all devices on its network ports. A hub is considered a physical layer or layer one device because it works as a message repeater. It copies a message between all devices, forwarding all information to all devices connected to it. This technique makes the HUB a simple communication device because it does not make any decisions. This technique would not be usable in large networks because the hub’s rebroadcasting technique congests network traffic too heavily. We need a device to limit network traffic. To make larger networks work more effectively, only the sending device and the receiving device need to be included in a communication. This is the function of a switch.
A switch repeats information, like a hub. However, it does not repeat all the information to all devices. Instead, a switch uses a number to identify each device. This number is called a Media Access Control (MAC) address. A MAC address is preset in the networking interface card and is unique to that card. It identifies the whole device on a network. Switches ask devices for their MAC address and the switch remembers which MAC address is connected to which network plug (called a port). The incoming messages are encapsulated in a header that lists the source and destination MAC address. In this way, networking communications function like a letter. The actual message remains inside the encapsulation and the switch does not read the message. It only reads the header. Switches copy the entire message and header, sending that information only to the device or devices the message was intended for. A switch can do this simultaneously with multiple communications. In this way, the overall network traffic is minimized and restricted only to the devices that need the information. This is how an unmanaged switch performs its operation. Switches are part of the reason that networking became so important in the hospital environment. They greatly sped up a network and allow for much larger scale designs.
A managed switch is a switch that has additional sorting options. Managed switches, sometimes called smart switches, function like an unmanaged switch but also use access control and flow control options. The most popular form of access control is a VLAN. A Virtual LAN acts as if there is a divider installed in a managed switch. Consider how useful it would be to put only the devices that need to talk to each other on their own, private, unmanaged switch. In this way, they would only be able to talk to machines in their own network and there is no other traffic on the LAN. A VLAN accomplishes this effect by splitting up a managed switch into groups of devices and only sharing the information between those specific MAC addresses. The information is kept between a smaller number of devices and the overall network speed is faster. Switches use concepts called tags and trunks to accomplish this task. That information is more important to network administrators than a biomed tech. Just keep in mind that smart switches can use VLANs on all their network ports, effectively controlling the movement of information. This is used in conjunction to subnetting to limit traffic to one network segment. In this way, VLANs separate traffic and control MAC communications with just a few devices, limiting the overall number of switches needed by a network. VLANs can also be used by security personnel to isolate devices for troubleshooting or threat management. VLANs are often used with Access Control Lists (ACLs) to monitor traffic behaviors at the third network level. That will be discussed in a future article regarding routers.
A MAC filter is an access control setting that looks for or denies a specific MAC address. With an “allow only” list, called a whitelist, only the MAC addresses listed are allowed to communicate over the VLAN. A whitelist provides a high degree of access control. However, a whitelist also means that each network MAC address must be programmed into the switches for a network to allow access. This requires the most amount of setup and management from network security personnel. A blacklist is the exact opposite. If a security personnel knows of a MAC address that needs to be denied, it can be banned from the VLAN. This is usually reserved to known fake MAC addresses (called a spoofed MAC) that are commonly used by hackers. Since a MAC address also can tell something about the hardware, this can be used to make sure no new switches are added to the network. Both techniques control the number and devices that have access to a switch. MAC address filters are a powerful tool for regulating network traffic.
Switches also use flow control techniques with priority and Quality-of-Service settings. Certain traffic can be given priority over another so that some applications such as video or VOIP phones have priority over other devices. In this way, network flow is given to more critical communications and less critical communications are asked to wait until a path for their communication comes available. These settings are found in the options of the Managed Switch. Another flow control option is the Quality-of-Service settings. This option sets a device data access speed limit. This can be set per device or as an overall rule that all devices must comply to. It caps the speed of a network, effectively forcing devices to slow down to accommodate more devices on the network.
Regardless of the type used, all switches are the center of the network in a LAN. Switches are the main backbone of a hospital. They can be configured to use twisted pair or fiber wiring. In fact, most hospitals use both together to provide a high-speed data connection between buildings. If more devices need to be connected to the network, network administrators add and configure more switches. They are configurable and scalable. Combined with subnetting and filtering, switches are fast and secure. In fact, they are the fastest connectivity device used in a hospital. An entire network can operate without wireless or Internet connectivity, on just a few switches. They are truly the backbone of a hospital network.
Garrett Seeley, MS, CBET, is a biomedical equipment support specialist with VISN 17: VA North Texas Health Care System, Dallas Veterans Affairs Medical Center.
