Do Unmanaged Switches Break Trunk Ports? Lab Testing the Myth

 

There's a long-circulated myth in networking circles that plugging an unmanaged switch into a trunk port will "break" the network or disrupt VLAN configurations. To test this claim, I set up a lab environment using 2 #Ubiquiti EdgeSwitches configured with an active trunk port, a #TP-Link unmanaged switch, and my trusted #NetAlly LinkRunner to test connectivity. The goal was to see whether the unmanaged switch caused any real-world issues when connected to a trunk, or if this was just another piece of network folklore.

During testing, I connected the TP-Link unmanaged switch directly to an 802.1Q trunk port on the EdgeSwitch. Using the NetAlly LinkRunner, I monitored what VLANs were being received and whether DHCP responses were appropriately tagged. As expected, the unmanaged switch passed all traffic it received, treating the VLAN tags as opaque data. Devices behind the unmanaged switch only saw the native VLAN unless manually configured otherwise, but at no point did the switch “break” the trunk or interfere with tagged VLANs upstream. The trunk port continued functioning as designed, and VLAN isolation was preserved.

This test clearly demonstrates that unmanaged switches don’t inherently “break” trunk ports — they simply don’t interpret VLAN tags. The risk isn’t in network failure, but in misconfiguration or misunderstanding. If you plug a device expecting VLAN 88 into an unmanaged switch that's connected to a trunk with VLAN 1 as native, it won't behave as expected. But that's a design oversight, not a hardware failure. 

My test confirms: unmanaged switches won’t crash your trunk ports — they just need to be used wisely.

What Happens When IPs Run Out? Why You Should Test Your Network Gear to Find Out

Understanding how your network equipment behaves when it runs out of IP addresses is critical for preventing service disruptions. In a dynamic environment—especially one that uses DHCP—it's not uncommon to exhaust a pool of IPs due to misconfiguration, long lease times, or unexpected device growth. In this blog post, I share a video where I put my own equipment to the test, intentionally running out of available IPs and using both Wireshark and the device logs to observe what happens behind the scenes. The results offer valuable insight into how your tools respond under pressure—and where potential failure points might lie.

Wireshark is a powerful ally during this kind of testing. By capturing the packet exchange between devices trying to obtain an IP and the DHCP server’s responses (or lack thereof), you can see the exact sequence of discovery, request, or any failures. This helps identify whether clients simply stop trying, whether they send repeated requests, or whether the server gives any clues about what’s going wrong. In my test, Wireshark confirmed DHCP requests were being made but no responses were coming back once the pool was depleted—a clear indicator of exhausted resources.

Logs from the equipment itself provided a second layer of confirmation. My router log showed a DHCP message. Together, the packet data and device logs painted a full picture of what went wrong and how long it took to recover once addresses became available again. Testing like this helps network technicians preempt issues in real deployments and refine their monitoring and alerting setups. Don’t wait until a user reports connectivity problems—simulate them, study the response, and be ready.

some of the gear you see

NetAlly Linkrunner 

https://amzn.to/4ls8Rrh

Ubiquiti EdgeRouter 4 (ER-4)

https://amzn.to/4en9sIs

Ubiquiti EdgeSwitch 8, 8-Port Managed PoE+ Gigabit Switch

https://amzn.to/45HOYrK

Friday Freebie - Introduction to Dark Web, Anonymity, and Cryptocurrency

 I'm trying something new, so if you like it, give us a LIKE

The EC-Council's "Introduction to Dark Web, Anonymity, and Cryptocurrency" course offers a foundational exploration into the concealed segments of the internet, emphasizing the dark web's structure and functionality. Participants learn about the dark web's reliance on overlay networks like Tor, which utilize onion routing to maintain user anonymity and access to .onion domains. The course also addresses common misconceptions, distinguishing between the dark web and the broader deep web, and discusses the dual-use nature of these technologies, highlighting both their legitimate applications and potential for misuse.(en.wikipedia.org)

In addition to exploring the dark web, the course delves into tools and practices for achieving online anonymity. It covers the use of anonymizing browsers such as Tor, the importance of VPNs, and the role of secure communication platforms. These tools are essential for users aiming to protect their identities and maintain privacy in digital interactions. The curriculum emphasizes the significance of operational security (OpSec) and educates learners on how to safeguard their digital footprints against potential threats.(en.wikipedia.org)

A significant portion of the course is dedicated to understanding cryptocurrencies, with a focus on their role in anonymous transactions. It examines how cryptocurrencies like Monero and Bitcoin are utilized within the dark web for various purposes, including illicit activities. The course also introduces concepts such as cryptocurrency tumblers, which are used to obscure transaction trails, thereby enhancing user anonymity. By the end of the course, participants gain a comprehensive understanding of how anonymity and cryptocurrency intersect within the context of the dark web, equipping them with the knowledge to navigate and analyze these complex digital landscapes.(en.wikipedia.org)

click on the image to access the course

TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert

 Here’s a concise three‑paragraph summary of the article from The Hacker News about the TP‑Link router vulnerability:

1. Discovery and SeverityOn June 17, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw—CVE‑2023‑33538—to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, which carries a high CVSS score of 8.8, is a command injection bug in multiple models of TP‑Link routers (TL‑WR940N V2/V4, TL‑WR841N V8/V10, TL‑WR740N V1/V2). Attackers can exploit it by sending specially crafted HTTP GET requests using the ssid1 parameter to trigger arbitrary command execution on the device (thehackernews.com).

2. Exploitation & Support StatusCISA’s inclusion in the KEV catalog indicates that the flaw is actively being exploited. However, details remain scarce regarding the scale of attacks or the threat actors involved . Complicating remediation, TP‑Link has officially ended support for the affected models, meaning no firmware patches are forthcoming. Consequently, CISA recommends discontinuing their use or applying mitigations where possible (thehackernews.com).

3. Wider Context & Compliance DeadlineThis development follows earlier research into OT‑centric malware (like FrostyGoop/BUSTLEBERM) that suggested but didn’t confirm exploitation via this vulnerability (thehackernews.com). Additionally, CISA has set a compliance deadline—by July 7, 2025, federal agencies must remediate or phase out vulnerable devices (thehackernews.com). The article also draws parallels to similar ongoing threats, such as exploits targeting Zyxel firewalls (CVE‑2023‑28771), which have been weaponized for DDoS botnets (thehackernews.com).

click the image for the article

What I Learned from the LinkRunner in my lab

In the world of network troubleshooting, your tools are only as powerful as your understanding of them. Recently, I decided to test my NetAlly LinkRunner in a very specific scenario: what happens when all IP addresses in a subnet are exhausted? This wasn’t just a curiosity-driven test—it was a chance to explore the limits of the device and see exactly how it handles edge cases that might occur in the real world. Understanding these reactions ahead of time can make all the difference during critical on-site diagnostics.

During the test, I configured a small DHCP pool with only one address. Once the address was used, I connected the LinkRunner to see how it would behave. The result was clear and educational—the device accurately reported a DHCP failure, but lacked any further details. The only clue was that there wasnt a DHCP response, but that could be caused by anything.  This insight confirmed that the LinkRunner detected the problem, but the technician needs to interpret and investigate what it means.

This small but revealing test reinforced a key principle: knowing your tool is just as important as owning it. Anyone can use a tester to look for cable issues or ping a gateway, but understanding how your equipment behaves under non-ideal circumstances is what separates reactive troubleshooting from proactive problem-solving. By regularly testing our tools and pushing their boundaries, we prepare ourselves for real-world issues—and ensure we're not caught off guard when they strike. 

In some cases, vendors take this kind of feedback and tweak the product moving forward.

Ubiquiti Geo Ip Blocking Follow up

 Verifying changes to your firewall after making modifications is crucial for maintaining the security and functionality of your network. Firewalls serve as the first line of defense against unauthorized access, so it's essential to ensure that any rules or configurations you've implemented are actively working as intended. Simply assuming that changes have taken effect without confirmation can leave your system vulnerable to threats or cause disruptions in legitimate traffic.

When you go back and double-check the firewall, you can identify and resolve any misconfigurations or errors that may have occurred during the initial setup. For example, a typo in an IP address or a misapplied rule could prevent important services from functioning or allow unauthorized traffic through. These mistakes are often subtle and easy to overlook, but their impact can be significant, ranging from minor disruptions to major security breaches.

Verification also helps ensure compliance with organizational policies and regulatory requirements. Many industries require documentation and proof that security measures are actively enforced. Testing and confirming firewall changes can serve as a record of due diligence and proactive network management, which can be crucial during audits or security reviews. Without proper verification, you may be unable to demonstrate that necessary precautions have been effectively implemented.

Finally, revisiting your firewall after changes fosters good operational habits and enhances your overall security posture. It encourages a disciplined approach to network management, reduces downtime caused by unexpected rule behavior, and builds confidence in your security infrastructure. In fast-paced IT environments, it's easy to overlook this step, but consistently validating your firewall changes is a small effort that pays off in long-term stability and protection.

in this video i use my Profitap IOTA packet capture tool to investigate

Why Reviewing Router Logs After Firewall Rule Changes Is Crucial for Network Security

When you modify firewall rules on your router—whether to block malicious IPs, allow specific services, or segment internal traffic—it’s vital to follow up by reviewing the router logs. These logs serve as a real-time record of network activity, capturing accepted, denied, or dropped traffic. Without examining them, you may not realize if the rules are working as expected or if they’ve inadvertently introduced a vulnerability or broken legitimate traffic flow.

Router logs can immediately highlight unintended consequences. For example, a newly added deny rule might block access to a critical service, or a misconfigured allow rule could open a backdoor to attackers. Logs will show spikes in blocked traffic, repeated access attempts from suspect IPs, or strange patterns that hint at configuration errors. These insights let you fine-tune the rules quickly and reduce downtime or exposure.

Finally, log reviews contribute to long-term network health and audit readiness. Over time, logs help establish a baseline of what normal activity looks like, making anomalies stand out more clearly in the future. They also serve as documentation—if you're ever questioned about a security incident or compliance requirement, detailed logs and evidence of regular review can be invaluable. Reviewing logs isn't just a best practice—it's a critical part of maintaining secure, reliable firewall configurations.

Master Your Firewall: 6 Expert-Backed Steps to Boost Security, Performance, and Compliance

 click on the image to read the full article 

The article "Master Your Firewall: 6 Expert-Backed Steps to Boost Security, Performance, and Compliance" on Firewall.cx emphasizes the critical role of regular firewall audits in enhancing network security, operational efficiency, and regulatory compliance.  It outlines a structured six-step approach to auditing firewall rules, including documentation, identifying redundancies, reviewing rule order, verifying compliance, conducting log analysis, and implementing necessary revisions. The piece highlights how ManageEngine's Firewall Analyzer streamlines this process by automating rule management, providing comprehensive visibility into configurations, and generating compliance reports aligned with standards like PCI DSS, HIPAA, SOX, and GDPR. By leveraging such tools, organizations can proactively manage firewall policies, reduce risks associated with misconfigurations, and ensure their security infrastructure remains robust and audit-ready .

Sentimental Sundays - HP 5451A Fourier Analyzer

 

Since these posts have had very little interest, this is the last one.

The HP 5451A Fourier Analyzer, introduced by Hewlett-Packard in 1972, was a groundbreaking instrument designed for acoustic and vibrational measurements, marking a significant advancement in signal processing technology. This minicomputer-based, keyboard-controlled system was capable of sampling one or more input signals and performing complex computations such as power spectra, cross power spectra, transfer functions, coherence functions, and correlation functions. Built around the HP 2100A minicomputer, the 5451A offered a frequency range of 0.1 Hz to 25 kHz and boasted an impressive 80-dB dynamic range, making it a powerful tool for engineers and researchers analyzing low-frequency signals in real time. Its software-driven approach allowed users to initiate these computations with simple button presses, while also providing the flexibility to add custom routines or use the minicomputer for general-purpose computing.

One of the standout features of the HP 5451A was its buffered input mode, which significantly improved processing efficiency compared to earlier Fourier analyzers. In traditional operation, the system would read an input record into memory, process it, and then pause data collection until the computation—such as a 1024-point power spectrum—was complete, a process that could take up to 1.5 seconds without optional hardware. The buffered input mode, however, enabled parallel data collection and processing by storing new data in a buffer while the previous record was analyzed, achieving real-time spectrum analysis up to 100 Hz even with a software-only Fourier transform. Optional hardware like the 5470A Fast Fourier Processor or the 5471A Fast Fourier Transform Arithmetic Unit further accelerated performance, reducing transform times to as little as 15 milliseconds for a 1024-point analysis, making it adaptable to a wide range of applications.

The HP 5451A found use in diverse fields, reflecting its versatility and robustness. It was employed aboard research ships for sea floor exploration to locate oil fields, in civil engineering to study the vibrational characteristics of large structures like tunnels and dikes, and in automotive production for vibration analysis of vehicle drivetrains to ensure gear functionality. In biomedical research, it aided electromyography studies for designing automatic prostheses, while in acoustics, it analyzed sonar bubble shapes and servo systems. Its relocatable software simplified user modifications, and its dual-channel capability allowed for sophisticated analyses like coherence and transfer function studies. Though now obsolete, the 5451A represented a leap forward in digital signal processing, bridging analog measurements with computational power in an era when such integration was still emerging.

For trivia, the HP 5451A is famously tied to a quirky 1972 advertisement featuring a model in a miniskirt and a fringed shirt reading "A Frenchman invented it." This was a playful nod to both Jean-Baptiste Joseph Fourier, the French mathematician behind Fourier analysis, and the supposed French origin of the miniskirt, credited to designer André Courrèges. Created by Berkeley University students, this poster is considered one of the earliest computer-related advertisements and has since become a collector’s item, reflecting the 1970s blend of tech innovation and pop culture flair. The analyzer’s debut also coincided with notable 1972 events, including the launch of the Space Shuttle program and the Watergate scandal, anchoring it in a pivotal year for technology and history.