LAN-Priority-Switch - Ethernet Switching for two Exclusive Members

Today's DSL-modem-routers for home appliance, offered by providers at favourable pricing, can do a lot of things, yet sometimes feature only one LAN port for wired Internet connectivity. Instead of adding a Network Hub or Switch to multiply ports, we may find, that the two stationary computers in our shack do not really need to go online at the same time. So, the switching could be done by a literal switch. There are manually operated LAN changeover switches available. This article suggests a more comfortable switching method, that will also help enforcing priorities.

Concept

Right here, we will not discuss, why anybody would or would not want all that wireless stuff in their private life. In this scenario:

We have one Cable/DSL-Router featuring exactly one LAN port providing Internet connectivity.
Two computers are supposed to go online via wired LAN, but not necessarily at the same time.
We wish to avoid any uncontrolled data exchange between these two computers.
The main computer must always gain LAN access when switched on.
The secondary computer is granted LAN access as long as the main computer is not in operation.

Looks like we're best off with an old-school Ethernet Switch that is a literal electric switch for the LAN signals, operated by buttons or rotary knob. With such device, allocation of network resources is done in a pretty simple and exclusive way. In fact, only the one party that is electrically connected to the LAN can have any network access. The other party is disconnected from the LAN, same as if its network cable was physically unplugged.

The disconnected party can not communicate with other computers on the LAN and, of course, it won't get WAN access by the LAN gateway. If this is the way we wish to separate our computers from the network and from each other (positively no "home-networking"), then this hardware switching is a clear benefit in terms of security and privacy. For instance, it prevents notorious networking protocols on a "Windows" machine from spying other network participants and infecting them with malware (like "WannaCry"). It also limits potential damage that could arise from any external attack to the one and only computer that has been online at the time of attack.

Manual switching could be annoying and quite inconvenient. Why not make a relay-operated LAN switch that simply depends on the operational state of a privileged (Master) computer! That's whole of the idea in this little project: Let's build an automatic LAN changeover switch!

Top | Index

Circuit

The circuit is supposed to replace a mechanical LAN switch for two parties. For 10/100BASE-T Ethernet, only the two line pairs Tx and Rx are to be considered.

Instead of a quadrupolar mechanical switch, we use two relays with two sets of changeover contacts each. These are ordinary mono-stable miniature relays, designed for switching delicate signals. Contact set of Re1 is switching the Tx lines (1+2), contacts of Re2 switching the Rx lines (3+6) from the LAN Router (connecting to modular socket X1) to one of the two target ports (X2 or X3). Note, that by routing these signals over physically separated relay contact sets, no crosstalk between Rx+Tx will occur.

Operating voltage for the relays is coming from the USB port of the privileged computer. It is led to connection X4, feeding both coils of Re1 and Re2 with 5 volts. As soon as this computer is switched on, it also energises these two relays and their contact sets will forward LAN from the Router (X1) to the LAN socket for Master (X3).

When the Master is shut down, USB voltage will drop and relays fall off again. Now their normally-closed contact sets will forward LAN signals to the secondary computer, the Subordinate (X2).

D1 is the obligatory "flyback" diode that will eliminate inductive voltage spikes which can occur when switching off relay coils. Normally, USB should be robust enough to cope with that, but of course it's better to compensate right at the source.
Ceramic capacitor C1 is also just a precautionary measure. It blocks spurios radio frequency that might have been coupled/induced from or into the "hot" end of relay coils. (Again, more of a theoretic consideration. Never observed any RF-breakthrough at the side of relay coils while 100-Mbit/s-Ethernet was active. This is due to the differential nature of twisted Ethernet, but also gives indication that the chosen relays feature good symmetry and RF properties. According to the data sheet, cross-capacitance between contacts, contact-sets and coil set is less than 2 pF, which is quite negligible in this application.)

Top | Index

Construction

High-quality components, cleanly manufactured PCB, solid workmanship. Refrain from lead-free solder.

Don't miss the wire bridge under Re1, which must be set at the very first. Aside from that, no specific sequence of assembly is required.

These Relays in a DIL formfactor are not too much of a miniaturised itsy-bitsy, thus could be handled without a microscope.

Regarding the 8P Modular Sockets (RJ45 connectors), there are differences in quality, so it is not recommended to pick the cheapest model. When mounting through-hole mountable modular sockets, take care for a good fixing, i.e. that mechanical stresses are not being forwarded by the solder pins to the PCB. Otherwise there will be hairline cracks in the area of solder joints sooner or later, which behave like cold solder joints and cause malfunction that is sometimes hard to reproduce and eliminate. After mounting of the three RJ-sockets, re-heat all solders to release mechanical stresses.

EMC: On a simple circuit board, differential signals can hardly be routed in perfect symmetry, so we would expect minor attenuation losses in such a passive switching appliance. Also radio interference from external transmitters is possible. For good practice, I recommend basic means of electromagnetic shielding. This could be a double-sided PCB with ground layer, a conductive base plate in a plastic case or, the more consequent way, a full-metal case like this .

Grounding: Reference ground of this LAN-Priority-Switch is USB-GND, which more or less directly refers to PC-GND (and on a stationary PC it should also be mains earthing). The supposed PCB-layout provides sufficient ground connection via one fixing screw. Additionally, we may connect USB cable's mesh directly to the side frame of chassis.
Note: As you may have noticed, there is no LAN-cable shields considered. It is my conviction, that a shield grounding of Twisted-Ethernet cables is not needed in a small network and must be chosen very carefully; otherwise it will create more problems that it will solve, giving rise to ground loop effects, degraded symmetry of signal transmission etc.

For the feed of control signal we need a USB-type-A cable with two open wires on the other end connecting USB power (VBUS, pin 1) and USB ground (GND, pin 4) to X4 on the circuit board. Length of such cable should not exceed 2 meters according to USB-specs. If we have separate USB-Type-A-connector, of course we can make a tailored two-wired cable.

Using any standard USB-Cable with Type-A connector is also a good option. Cut off the Mini- or Micro-connector from the other end and expose the wires. We'd only need +5V (red) and GND (black). Data lines D-/+ (white and green) may be cut short and isolated. Though we should keep in mind, that the colours mentioned (and carelessly parrotted in many diy instructibles), only refer to the recommendations of USB consortium. In reality, we may find strange deviations of colours and (even more malicious) completely random assignments! So, it's always a good idea to countercheck EVERY SINGLE WIRE electrically against the expected connection scheme, BEFORE actually connecting any homebrew USB cable to real hardware...

USB cabling for this appliance does not really need a ferrite bead (sheath current filter). With one present, it won't hurt either.

Component cost for this project, without PCB, housing and cabling, is less than 10 Euros.

The download contains PDF worksheet with site plan, component listing and circuit plan, as well as the PCB layout in a high-resolution bitmap.

Top | Index

Commissioning

All network cables should be "Cat.5" or higher, resp. EIA/TIA-568A, type straight-through.

The LAN-Priority-Switch must be placed somewhere around the Master station for obvious reasons, yet it does not necessarily have to be nearby the Router. Cable's allowable length is up to 100 metres according to T-Ethernet LAN specs, so we should have plenty of flexibility to lay out our LAN cables as needed in a usual home environment...

Troubleshooting: Should there be connection problems that do not occur with a direct connection of similar length, then we shall check the PCB for craze interruptions, "cold solders", especially around the RJ-terminals. And, believe it or not, dirty LAN sockets and plugs may actually cause network problems, too.

After the LAN-Priority-Switch has proven reliable to us, it is recommended to conserve the PCB's bottom side by means of some protective coating. Make sure not to spill over the RJ45 contacts.
Have fun!

Top | Index

Comments

This LAN-Prioriy-Switch simply forwards the RX and TX line pairs (1+2 and 3+6) being used by 10/100BASE-T Ethernet. The concept is not suitable for a Gigabit LAN (1000BASE-T), which operated more delicate signals and requires a quite more sophisticated switching method also for 2 additional line pairs (4 + 5, 7 + 8). BTW, if we really had one single Gigabit-LAN socket, a so-called "LAN-Splitter", which is a completely passive device, may be an option. With the proposed circuit, unused wires are left open, i.e. unterminated, therefore PoE or other added-use will not pass.
No Switch. Real network switches are designed to dispatch network traffic simultaneously onto multiple network participants, sometimes featuring additional firewall-related functionality. Setting up and administering these complex devices requires significant knowledge and time. It is rather for the tech-addicted and small enterprise network operators. In a home scenario with only a few computers, the unmaintained switch may rather introduce further security risk, backdoors for attacks and permanent power consumption. On the other hand, the primitive relay switch does not feature any of these drawbacks...
Relays: Data sheet for the TAKAMISAWA relay promise at least 1 million switching cycles under modest load. In fact, with this application, we got nearly ideal conditions for this type of relay: Ethernet signals swing is rated +/-2.5 V, impedance of Ethernet transformers is comparably low, providing enough wetting current, and the high frequency components in the signal are in the MHz range, gently tickling the gold plated contacts to last forever...
Power consumption: The "high-sensitivity" variant of the recommended Takamisawa relay has a DC-impedance of about 165 Ohms per coil, making up for 82.5 Ohms in parallel circuit, so that we can expect a hold-current of about 60 mA at 5 Volts (= 0,3 Watts) in the active state. Any USB port can deliver this current without a problem. Assuming an operational cycle of about 8 hrs per day throughout the year, we can therefore expect an annual energy consumption of less than 1 kWh ...
Instead of the 5-volts-type, the 6-V version would save us some further milliamps. However, if we find that those "5 volts" in the Master machine is actually at the bottom of the tolerance range, we should prefer the 5-V breed to be safe.
These modular connectors... a sunday weather system! In reality, there is good chance to break this little fixation clip, so that sooner or later we have to replace the cable or crimp a new plug. What a waste of material and what a great deal for the manufacturers of cheap twisted telephone wire in colourful PVC hoses!
And these RJ-connectors are incredibly susceptible to dust and dirt! Outside of server rooms, the air may contain lots of dust and dirt, just to mention. Appears, that all grease and dust from a normal room atmosphere will preferably deposit on these RJ-connectors!
In the modular socket, spring-contacts of basically round diameter are meant to contact with their flat-shaped counterparts in the modular-plug. So, the area of electrical contact is comparably small and friction forces that could wipe off debris when pluggin' in and out, aren't very effective, too. These connectors MUST get worse with the time. Even worse, these contact springs in the modular sockets, seem to wear with time, or just the moment they're exposed to solder heat...
Experience: Clean contacts of RJ connectors with a fine brush (e.g. toothbrush) along the guide grooves of loose dust and dirt. (There are, who wonders, Youtube tutorials available on this topic...) In case of sticky debris, use water-free degreasant (isopropanol, acetone) for cleaning purposes. Contacts in a RJ socket may be cleaned carefully with a cotton swab soaked in alcohol. Do not apply excessive force and observe that the spring-contacts remain in parallel order. Please make sure that solvent has evaporated before re-connecting electricity!
USB power-off: Some external USB Hubs have power-down features that can be activated by software drivers or software tools. These will actually switch off the USB supply voltage on the USB terminals, rather than just sending sleep command to the connected device. An attached LAN-Priority-Switch could also be de-energised by this feature, enabling the Master to deliberately switch himself "offline" from the desktop and grant LAN access to the Subordinate.
Unfortunately, this does not usually apply to internal USB controllers that are installed directly on mainboards. More likely the USB power is hardwired to the system's 5-V-rail, only switching off when the whole device was switched off resp. going deep standby.
USB voltage persistent? Some PC mainboards and especially notebook/laptop hardware delivers USB voltage even after system shutdown. Seems that this is - superficially - intended for "charging batteries" of USB-appliances like mobile phones etc. Yet another doubtable feature, jeopardizing with danger of fire and/or data leaks. (NSA papers give indication, that fancy new UEFI can not only do internet transactions behind the back of the unsuspecting users, but also hidden communication with external devices, even if the system pretends to be "shut down".)
Hint: Sometimes, the USB port's standby behaviour may be changed by jumper on the motherboard or by a BIOS/UEFI setup - please consult the manual!
Master voltage from PS/2: PS/2 ports could be used to provide switching voltage to the LAN-Priority-Switch. The respective pins are 3+4 on the PS/2 Mini-DIN socket. Don't feel pleased too quickly. In many cases, the voltage at PS/2 ports does not disappear after computer has shutdown. This may be due to the important feature of "wake-up" by keyboard or mouse, which needs some electrical power for these peripherals to be able to send any signal to the mainboard. You may easily check what's the case: Plug an optical mouse to PS/2 and observe the mouse's LED after system shutdown. When it keeps on lighting, we got permanent PS/2 power and therefore PS/2 is unfortunately no option for the LAN-Priority-Switch. There is a chance that something may be changed via BIOS settings. Look for options like "wake on Keyboard", deactivate them and see what will happen after the next bootup-and-shutdown cycle.

Top | Index

License note

All documents regarding this little project of LAN-Priority-Switch (LAN-Prioritätsschalter) are released to the Public Domain under the most liberal Creative Commons Zero license, which means there is no restriction at all for private, scientific or commercial purposes. Use at your own risk. Support my work in the form of constructive criticism or donations.

Top | Index

Download

Materials to build the LAN-Priority-Switch (as of 20170726)
SHA256: F6966C32AA3F6819135D0A60E74037001909457AA7C15312091F6824EFD70387

Top | Index

Links

Top | Index

07/2017, 08/2017