Redoing Home Network

jmoore

@scottalanmiller Ok appreciate the video. That was enlightening. Half of what I studied is probably wrong lol. I didn't realize that cert was so bad, or I would have just skipped it entirely. Their blanket statements about things definitely caused me to make some bad decisions. However, I should have dug deeper into the material. I just figured I would encounter deeper info in later certs. So, thanks for the explanation!

jmoore

@jmoore said in Redoing Home Network:

@scottalanmiller Ok appreciate the video. That was enlightening. Half of what I studied is probably wrong lol. I didn't realize that cert was so bad, or I would have just skipped it entirely. Their blanket statements about things definitely caused me to make some bad decisions. However, I should have dug deeper into the material. I just figured I would encounter deeper info in later certs. So, thanks for the explanation!

So in what situation do vlans make the most sense and what is their purpose there? Just security to keep machines from talking to each other?

scottalanmiller

@jmoore said in Redoing Home Network:

@scottalanmiller Ok appreciate the video. That was enlightening. Half of what I studied is probably wrong lol. I didn't realize that cert was so bad, or I would have just skipped it entirely. Their blanket statements about things definitely caused me to make some bad decisions. However, I should have dug deeper into the material. I just figured I would encounter deeper info in later certs. So, thanks for the explanation!

CompTIA doesn't do later certs, as those would require, you know, hiring IT people that actually know material lol

scottalanmiller

@jmoore said in Redoing Home Network:

So in what situation do vlans make the most sense and what is their purpose there? Just security to keep machines from talking to each other?

Correct, that is essentially their only function. In some extreme cases, they can be used to isolate broadcast traffic, or to do "LAN level" performance tweaking, but most of that is just ridiculous in practice. Nearly the only legitimate role of VLANs is to provide isolation containers for networks.

That means.... provide the isolation one gets from isolated, dedicated hardware, but without the physical performance benefits of having isolated hardware (or the cost.)

JaredBusch

@jmoore said in Redoing Home Network:

@jmoore said in Redoing Home Network:

@scottalanmiller Ok appreciate the video. That was enlightening. Half of what I studied is probably wrong lol. I didn't realize that cert was so bad, or I would have just skipped it entirely. Their blanket statements about things definitely caused me to make some bad decisions. However, I should have dug deeper into the material. I just figured I would encounter deeper info in later certs. So, thanks for the explanation!

So in what situation do vlans make the most sense and what is their purpose there? Just security to keep machines from talking to each other?

Correct. Here is an ER-4 at a client.

• eth0 = WAN
• eth1 = Unused
  • was LAN until I moved it to eth3 (SFP)
• eth2 = Credit card machine.
  • Outbound NAT makes it X.X.X.138
  • This could easily have been a VLAN if needed, but I had the extra port, meh.
• eth3 = LAN & WiFi
  • Outbound NAT makes it X.X.X.138
• eth3.10 = Guest WiFi
  • Outbound NAT makes it X.X.X.140
• eth3.20 = IoT shit
  • Outbound NAT makes it X.X.X.140

None of the local subnets are allowed to talk to each other by firewall rules.

JaredBusch

@Grey said in Redoing Home Network:

The Ubiquiti USG can handle 1gig connections without a problem.

The original USG most certainly cannot handle it if you have traffic shaping or QoS or a number of other things that kill offloading.

JaredBusch

@Grey said in Redoing Home Network:

Either get an AP that matches the rest of the system, or get the rest of the Ubiquiti equipment.

FFS, are you on crack?

EdgeMax is Ubiquiti equipment.

The EdgeMax line has no wireless at all. So you have to provide a separate device for an access point.

jmoore

@JaredBusch Ok thanks for the sample config. I see what your talking about with the rules.

EddieJennings

@JaredBusch said in Redoing Home Network:

None of the local subnets are allowed to talk to each other by firewall rules.

This is the scenario I think of when you want (need?) to isolate and segment LAN traffic, yet each segment needs Internet access and you have only one WAN connection.

scottalanmiller

Youtube Video

scottalanmiller

Youtube Video

jmoore

Thanks Scott for all these videos. You cleared up a lot of actual and implied questions, along with correcting my erroneous thought process. Much appreciated. I'll be questioning things I read much more now.

Grey

@JaredBusch said in Redoing Home Network:

@Grey said in Redoing Home Network:

Either get an AP that matches the rest of the system, or get the rest of the Ubiquiti equipment.

FFS, are you on crack?

EdgeMax is Ubiquiti equipment.

The EdgeMax line has no wireless at all. So you have to provide a separate device for an access point.

Ok, I should have been more clear in that. I wouldn't go to a product line that not designed for home use.

scottalanmiller

@Grey said in Redoing Home Network:

@JaredBusch said in Redoing Home Network:

@Grey said in Redoing Home Network:

Either get an AP that matches the rest of the system, or get the rest of the Ubiquiti equipment.

FFS, are you on crack?

EdgeMax is Ubiquiti equipment.

The EdgeMax line has no wireless at all. So you have to provide a separate device for an access point.

Ok, I should have been more clear in that. I wouldn't go to a product line that not designed for home use.

I'm the opposite. I won't use anything meant for "home" use. Home equipment is always low quality and marketed to consumers, nothing good is sold that way. Everything good in IT is targeted at discerning IT pros. That's where you'll find the best quality and best options, because it's the only market where people are actually evaluating both the price and the features/quality rather than just buying based on ads or sales.

jmoore

@scottalanmiller I'm the same way, I get that habit from my Av days. I bought Allen & Heath mixing boards, QSC amps, and small Community speakers. This is all professional equipment and it had more options and lasted a lot longer. In fact all those pieces are still working today.

scottalanmiller

@jmoore said in Redoing Home Network:

@scottalanmiller I'm the same way, I get that habit from my Av days. I bought Allen & Heath mixing boards, QSC amps, and small Community speakers. This is all professional equipment and it had more options and lasted a lot longer. In fact all those pieces are still working today.

Yup, I can from the audiophile world, too. And it was often cheaper to get hifi gear than to get the crappy, sounds horrible consumer junk.