@pete-s said in HP Switch config question:

The person who set this up would clearly know what he was doing or he wouldn't have been able to make it work.

I'm guessing it was a move in the making. The intention was probably to move over to pfsense, drop the fortigate and perhaps remove routing from the switch. It's possible the fortigate is old and can't handle routing at line speed, hence the L3 routing in the switch.

I'm guessing the fortigate and the switch was setup long before pfsense.

If the fortigate is the actual edge device, maybe this was setup as a simple way to bypass the pfsense for fussy devices or troubleshooting?

I could see setting something like this up so that you can tell a remote user "go plug it into xyz switch and let me know if it starts working"

Just wanted to report back say this little switch was the perfect item for my need. It has been installed for over a month now and I have been very pleased with it. Not that it is doing anything special, it just does its job!

We are using it indoor and we mounted its own little bracket to a single gang wall plate, then installed the wall plate, then attached the switch to its bracket. It makes for a clean install where there once was an ethernet wall jack.

Everything about it is Unifi, so if you are familiar with the Unifi System, this runs like any other Unifi switch.

Yes, if you are setting physical ports to a VLAN, then they are acting like a physically different switch on those ports. So attaching another physical switch to one of those ports would make it a switch on that VLAN.

@mary said in Switch Interface Properties - CompTIA Network+ N10-007 Prof Messer:

Are port mirrors common for companies that monitor what employees are doing on the network or is something else used?

No, that would be insanely impractical. A port mirror doesn't give you a copy of what someone is actually doing, it gives you a copy of the network traffic. Which is a butt load of disconnected data. It's not like you would know what the end user was doing, only what was being transferred on the wire.

If you think about what you'd see on the wire... a single file transfer or LAN based action might generate a huge amount of traffic. Or going to a website might create a bunch of unintentional traffic from ads that aren't something that the end user cared about. Or a website or app open in the background might generate gops of traffic for something that isn't being used.

It would be able to tell you if the person is on YouTube or Spotify, but would not tell you what they are doing that for or if they are actively "using" that thing. Basically you'd be flooded with information that would take ages to sort through, and the resulting information would tell you essentially nothing about what the end user was doing.

Worth noting that STP (Spanning Tree) is common in good switches, but it's also common to have switches that don't have it.

@Jimmy9008 said in VLAN on Dell N4064 Stacked:

Im guessing 'U' is fine. As I want vLAN2 to pass traffic where the device has already set vlan2 in its NIC. If the LAG is set to 'T', all traffic will be set to vlan2, right? Even when from vLan1/default...

I think it's better to tag every vlan in both ends. Then you can be certain traffic ends up on the same vlan on the other switch stack.

@scottalanmiller said in PVLAN (private VLAN) in the switch - are you using it?:

PVLAN, or Port Isolation as I think most of us know it, is one of the better uses of VLAN tech. The idea is for extreme environments (not really SMB generally) when normal security measures are not enough, that you make an individual VLAN for every single device on the network so that you control via central firewall a second layer of access for every single port that there is.

There are certainly legit cases for this. And I've worked for one of those places. But it's super rare. It is a lot of work, requires gear that supports it, and adds a lot of complication that you have to consider. It also adds a good deal of security.

In the SMB, most places have over the top security already and zero day threats rarely threaten OS level firewalls. So PVLAN, while legit, rarely has appreciable value to an SMB. But when you need that "second firewall per device", then yes, it's definitely the way to go.

Makes sense, but I'm thinking it doesn't have to be that much more work if you can apply automation to switch management as well.

I think you can do port isolation on the virtual switches in VM hosts in the same way as the physical ones. I understand that at least VMware has had it for a long time so assume other have it now as well.

Cheap meaning low cost, of course.

@pete-s wow no more than 1 year ago aruba switches (hpe) where served with real lifetime. Did they cut warranty so much?! Also they where replaced within 1 week.
I've seen a lot of netgear go crazy, but it was the unmanaged tier stuff.

It turns out that the outlet that I had the switched plugged into via a powerstrip had one always on outlet and the other was switched. So whenever they would leave they would turn off the lamp connected to the switched outlet...and their network switch. Good times. I moved some things around and the switch is now on a UPS and off that switched outlet.

@tdantzler said in Yet another UBNT EdgeMax vs Unifi:

@JaredBusch I'm looking at the AirMAX lineup and have used a few of the products like the NanoStation 5AC loco with fabulous results.. but the rest of the stuff looks a little more than consumer grade. Do you think this is an accurate breakdown -

Unifi - Small to Medium business with low customization needs. Primarily for Access Layer and down. Nice interface but not standard for routing setup

UniFi routers and switches, yes. UniFi Access Points, are solid for any purpose.

Also, I would personally never use UniFi routing/switching in SMB. But I know some people just live that pretty pane of glass that they never look at after 3 weeks.

@FATeknollogee

You've said that the bosses want the networks to be separate.
You've also said that company B provides a service for company A akin to B providing email services to A, so A needs access to B's network for that single service.

All that said - what is the goal in splitting the networks? Why do it? If you don't know why the bosses want this - ask them. Let's not worry about the how of splitting yet allowing things to continue to work, let's work on the why first - because the helps lead to the correct solution for the goal.

ERL with an AC Lite AP at home as well as many clients. Zero issues.

Just for reference... To get StarWind VSAN you need to get here:

StarWind VSAN

https://www.starwindsoftware.com/starwind-virtual-san

:)

@JaredBusch said in Unifi switch - tagged traffic issues:

@Dashrender said in Unifi switch - tagged traffic issues:

Found the problem - the uplink from my Unifi to my core switch, VLAN 2 wasn't allowed on the connection.

Enabled VLAN2, problem solved.

Aww the little things.

on which switch.

Also, reinforcing the issue with VLAN complicating things.

The core switch, in my case an HP 2824.

I don't disagree that VLANs can/do add complication. But in this case it was pre-existing complication that I had to work through, not remove at this point.

@JaredBusch said in Ubiquiti switches: UniFi vs EdgeMax:

@coliver said in Ubiquiti switches: UniFi vs EdgeMax:

@thwr said in Ubiquiti switches: UniFi vs EdgeMax:

Mh, is the EdgeSwitch able to run a VPN tunnel on its own? I need to connect a "remote" office to my server room. The office is in the 3rd floor, my server room in the basement and I need to run through a "public" patch room (primary cabling junction for the building).

Like:
3rd floor "remote" office -> fiber -> public patch room -> fiber -> my Serverroom (basement) -> Office

I doubt it has the ability to configure a VPN that seems like an edge device is needed for that.

It does not. That would be the router's job.

Yeah, could have been. Probably the same software behind the scenes etc.

@hobbit666 said in Unifi Switch adventures:

So what is the difference between the Unifi Switch and EdgeSwitch? Apart from the management from the Unifi Controller ?

There isn't suppose to be much difference. Beyond that, I really can't tell you.

These kinds of speeds would be great for implementing an iSCSI SAN or FCoE.

@scottalanmiller Yeah,the Switch started working