I take my shitposts very seriously.
VLANs are an extension of the Ethernet technology, and operate on the link layer (OSI layer 2). They are handled by switches. VLANs can belong to different subnets, and communication between them requires routing, which happens on the network layer (OSI layer 3) on either routers or layer-3 switches, but VLANs themselves are handled by switches.
I recommend Network Chuck on youtube, his videos are very noob-friendly.
Switches (particularly layer-3 switches) have basic routing capabilities to connect different VLANs, but that is not their focus. Their purpose is to facilitate communication between devices connected to the same subnet, and across subnets on the same LAN.
Routers specialize in communication between networks, e.g. between a LAN and the internet. They can use static routes or dynamic routnig algorithms protocols (e.g. RIP, EIGRP, OSPF, BGP) to find the shortest route, often across many routers, from the source to the destination.
Think of routers as intercity railway lines, and switches as local transportation.
The device that is usually referred to as a “home router” is usually a combination of a router, a switch, a wireless access point, optionally a cable modem, and sometimes a telephone modem; plus it offers services like a firewall, NAT, and sometimes VPNs. It does everything, but with a much lower performance compared to dedicated hardware.
so why do some have fans
As in cooling?
Switches generate a ton of heat in the ports’ copper wires, especially gigabit+ and PoE. Higher-grade consumer and industrial (think Cisco) switches also have powerful hardware because they do a lot more than packet switching – they handle QoS, VLANs, and ACL-based filtering, as well as gigabit or faster connections on all ports.
Generally, yes. WAN -> modem -> router -> switch -> (devices, wireless AP, other switches).
If you set the internet provider’s device to modem/bridge mode, it will do one thing, and one thing only: forward traffic between the ISP’s infrastructure (like DOCSIS, telephone line, PPPoE, FrameRelay, etc) and an Ethernet port. The traffic on that port will be unfiltered and dangerous internet traffic.
The first device after the modem should be something with a firewall and NAT. In most cases, this is a consumer-grade router, but it could also be a computer running pfSense/OPNsense/OpenWRT (which basically turns it into a router). The firewall’s role should be obvious – it filters everything that passes through it, and only allows permitted traffic.
NAT (Network Address Translation) is a bit more complex. I’ll skim over the details – it allows you to have a private network of any size communicate with a public network using only a single public IP address (which is usually supplied by the ISP). It also enhances security because NAT is what facilitates port-forwarding, and your private network won’t be exposed through the public address unless you do that. NAT is almost always handled by the router. Firewalls can be integrated into the router, integrated into the modem, or implemented as a discrete device – make sure that the internet traffic passes through at least one firewall!
The router in this case handles NAT, finding the first hop on the internet for outgoing traffic, and routing incoming traffic to the subnet that contains the destination device.
From the perspective of packet switching on the network, a wireless access point is really no different than a switch, except it facilitates communication with wireless devices. Depending on the model, APs can support VLANs, and each wireless network can be assigned to a different VLAN on the same device.
For example:
This way you can set up the router to allow both subnets to communicate with the internet, the family subnet to talk to devices on the guest subnet, but prevent guest devices from talking to the family subnet.
How you achieve this depends on your ISP and what devices you own. For example, the ISP might only give you an IPv6 address, which is an altogether different headache.