3

Recently I've got a bit odd idea and did some googling but found nothing (Closest is this super user question but I think my idea is not the same). The idea is, as I think, relatively simple and kinda lies on the surface so I'm surprised there's nothing about it out there.

The question is: is it possible to divide one physical 8-terminal ethernet port into 2 by 4? The idea came to my mind because I've got one Raspberry Pi with one ethernet port and I thought could I use it as a kind of poor hardware firewall? I've got a server at home and the cable that goes from my ISP is 4-pinned, so I thought to make a cable that would have 3 heads, with one in the middle, so that one would go from my ISP and connect to the Raspberry Pi and by the same connector, but with other terminals connect to my router.

Maybe it would require writing/patching an ethernet driver or something, but I'm just curious

Improve this question
1

2 Answers 2

Reset to default
11

is it possible to divide one physical 8-terminal ethernet port into 2 by 4?

No, that's electrically and digitally not possible, as a network card has but one transceiver logic per port, and it's also not what you need.

This is solved "properly" already on Ethernet level!

Ethernet (for the last ~ 25 years) supports VLAN, where the originating network device adds a "tag", a number to the Ethernet header that says "this packet belongs to virtual local network 1, and this packet to virtual local network 2".

A switch can then separate packets into real separate physical networks. You can configure your switch to say "Port 1, 2 and 4 on this switch belong to network 1, ports 1, 3, 5 belong to network 2", and then these networks are completely separate, don't need nor see any VLAN tags, because they are really separate, aside from port 1 (where your raspberry Pi sits, gets packets when aimed at it from both networks, and knows how to deal with VLAN tags).

It's really easy to set up VLAN for your ethernet device on Linux. In essence, it's either using the graphical NetworkManager administration to add two new "VLAN" type interfaces, both with your physical ethernet interface as "parent interface", and set them up as you want (one might get its IP address from a router via DHCP, the other might have a static IP address, for example). Make sure they have differing VLAN numbers!

Same can be done via command line using nmcli; https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/configuring_and_managing_networking/configuring-vlan-tagging is a good guide (you don't need any of the "optional" steps).

What you'll need is to use a switch that can be configured to assign its physical ports to different VLANs. We usually call these switches "managed". The thing you want to look for is support for "IEEE 802.1Q", which is the standard that defines how VLANs work. If you're in Europe this might be a sensible list of devices that do IEEE 802.1Q and have a web interface to configure that easily. Make sure you don't buy one that needs some kind of cloud account to manage.

Improve this answer
4
  • I actually used exactly this at my home. A raspberry Pi as router connected to a VLAN-capable gigabit switch. Uplink and local devices all go on the switch on separate VLANs. I still use that network setup, but I upgrade the Pi to a more powerful device. Commented May 31 at 9:39
  • @marcelm yep, I use something similar to keep lab devices and internet-connected devices separate. And: it scales very well. Commented May 31 at 10:52
  • >"Port 1, 2 and 4 on this switch belong to network 1, ports 1, 3, 5 belong to network 2" @MarcusMüller did you mean to repeat port 1 in your example? Commented Jun 1 at 0:41
  • 1
    yes, I did, @obataku. you can typically select whether VLAN tags are getting stripped on a port or whether a port is exposed to VLAN tags and the attached devices needs to manage them themselves. Commented Jun 1 at 7:33
-1

Very hard, but in theory it may be possible.

A quick and dirty trick from the 10/100mbit era is to split a 1gbit-capable cable into two 100mbit ones because the 100mbit ethernet only uses two of the 4 pairs in the cat5 cable.

At the physical layer (and pretty much simplified), a gigabit interface consists of two 500mbit transmitters and two receivers and at least a pair of them is capable of working at 10 and 100 mbit.

While very hacky and pretty much not worth the effort, it may be possible to write an alternative driver for the ethernet port and programmatically split a single 10/100/1000 interface into two separate 10/100 ones.

(It may also happen that the two parts of the interface are simply not available for a separate control)

Improve this answer
3
  • 2
    the latter is the case. In consumer / computer NICs, the "two 500 mbit transmitters" don't work in isolation but are bound to one framing, one timing control,… control instance (the same is also true for any GigE PHY I can think of – there's a defined, hardwired way in which the bits coming in through the MAC-PHY interface get assigned to the "lanes".). this is not something a driver has any influence on. Not to mention that there'd be zero devices that would speak your "split" variant of gigabit ethernet. Commented Jun 1 at 7:34
  • 2
    With the Single-Pair-Ethernet (SPE) standards, in the future, there may be NICs, that support 1-Pair, 2-Pair, and/or 4-Pair communication, and maybe they could be freely configured to support splits like you imagine. But for now (06/2025), I'm not aware of any hardware (available to buy), that allows this. So, I agree with @MarcusMüller (for now). Commented Jun 1 at 7:59
  • @MarcusMüller There are plenty of devices speaking 100mbit ethernet, but your argument about the framing and timing is - well, ok, there is no Santa Claus, then. Commented Jun 1 at 9:58

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.