5 best router and switch features you never use

It's been said that Microsoft Word users only exploit 10% of the software's capabilities.

The same might be true of those managing enterprise LAN switches and routers, a habit that might be costing organizations in unnecessary purchases and manpower at a time when every penny counts.

DIY tips for IT pros: How to cut costs and get more from your gear

An informal canvass of some leading switch and router vendors found that customers use less than half of the systems' capabilities. Among the more overlooked features are specific functions within network management and security, vendors say.

"Eighty to 90% of users use about 10% to 15% of switch features, maybe 20%," says Ananda Rajagopal, director of switch product management at Brocade. "It is true that a lot of the capabilities are often not used by customers."

In many cases, it's a lack of awareness of those capabilities, Rajagopal says. And at times, this lack of awareness and implementation could have dramatic effect on the network, he says, in terms of security levels and visibility into traffic behavior.

Some of the ones most overlooked features are:

* IEEE 802.1x for user identification and authentication

* NetFlow or sFlow traffic sampling

* IPv6

*  LLDP-MED, for dynamically provisioning power levels to devices 

*  Ethernet OA&M, for troubleshooting Layer 2 Ethernet networks, a feature that "99% of customers are not aware of," Rajagopal says.

Overlooking 802.1x

The IEEE standard 802.1x is defined for port-based network access control (NAC). It provides user and device authentication for LAN access, and is commonly used for 802.11 wireless access points.

It is not commonly used for wired network access, vendors say, even though it can be. Some vendors are perplexed as to why it is not and say they have to enlighten users to its applicability when they wish to enhance NAC authentication for wired networks.

"It's second nature in the wireless world but not in the wired world," says William Choe director of the Ethernet switching technology group at Cisco.

A Gartner survey last year found that customers are increasingly willing to use 802.1x-bassed NAC, but that inhibitors include a large installed base of switches that don't support the standard. Those customers will wait out 802.1x until they upgrade their switches, the survey found.  

NetFlow, sFlow not tracking

NetFlow is a Cisco-developed method for collecting IP traffic information. This information can then be used to visualize traffic flows and traffic volume in a network to help with capacity planning, pinpoint usual or malicious behavior, billing and other tasks.

"It tells you by user, by application, what's consuming all of your network resources," says Trent Waterhouse, vice president of marketing at Enterasys.

Yet despite its promised benefits, NetFlow is the "most overlooked capability" on Enterasys switches, Waterhouse says. He adds that 17% of the company's support center calls are related to features and functionality already embedded in Enterasys switches for security or policy management.