Redoing Home Network
-
@scottalanmiller said in Redoing Home Network:
@jmoore said in Redoing Home Network:
@scottalanmiller said in Redoing Home Network:
In your example, you keep mentioning segmenting and performance. But you don't state why segmentation of network traffic would be beneficial in this case (spoiler: it's not) nor why performance would benefit (spoiler: it doesn't.)
In my cert studies it was always that segregating traffic improves performance and to do it whenever you can.
Remember, never take someone's word for it, if they don't explain it, don't listen to it.
Yeah I won't forget that ever. Thanks.
-
@jmoore said in Redoing Home Network:
@Dashrender said in Redoing Home Network:
I've with JB - You should save the money and get an ER-4. The processor is the same.
POE can be done in the switches, so no need for that in the router.
The ER-4 is nearly half the ER-6.I already ordered the pieces. Thanks for your input though. I needed a router with 4 ports for my 4 rooms plus the incoming port. I plan to use and learn everything about it.
Do you really need four ports? I suppose if you don't have a core switch, and the switches in each room go directly to the firewall, then sure.
-
@jmoore said in Redoing Home Network:
@scottalanmiller said in Redoing Home Network:
@jmoore said in Redoing Home Network:
So your saying the traffic still merges even if we are on different switches, connected to different ports on the router?
Yes, all traffic merges when you use the Internet. It either merges.... far from your house, near your house, or in your house. But it merges and it's pretty trivial to figure out where.
All traffic is merged, it's a 100% meaningless requirement. Like people saying that the need more Ether to breathe. It's a totally made up, non-IT concept.
Well dang, thanks for the advice. I didn't have any details from her job, they just said that to her in passing.
One of those things lay people say because they aren't clear on what computers are or how networks work. So people use buzz words that they've heard and try to make things up to sound impressive. Like how managers say "cloud" but randomly mean "hosted" or maybe "online" or perhaps "web" but never, ever mean "cloud."
The government might require discrete connections, but meaning discrete out to the ISP. But even that is silly. As someone who manages ISP networks, that doesn't do much either.
-
@Dashrender said in Redoing Home Network:
@jmoore said in Redoing Home Network:
@Dashrender said in Redoing Home Network:
I've with JB - You should save the money and get an ER-4. The processor is the same.
POE can be done in the switches, so no need for that in the router.
The ER-4 is nearly half the ER-6.I already ordered the pieces. Thanks for your input though. I needed a router with 4 ports for my 4 rooms plus the incoming port. I plan to use and learn everything about it.
Do you really need four ports? I suppose if you don't have a core switch, and the switches in each room go directly to the firewall, then sure.
That was my plan yes. Router with 4 ports so I could directly connect a switch in each of the rooms. I'm being that's not a good idea.
-
@scottalanmiller said in Redoing Home Network:
@jmoore said in Redoing Home Network:
@scottalanmiller said in Redoing Home Network:
@jmoore said in Redoing Home Network:
So your saying the traffic still merges even if we are on different switches, connected to different ports on the router?
Yes, all traffic merges when you use the Internet. It either merges.... far from your house, near your house, or in your house. But it merges and it's pretty trivial to figure out where.
All traffic is merged, it's a 100% meaningless requirement. Like people saying that the need more Ether to breathe. It's a totally made up, non-IT concept.
Well dang, thanks for the advice. I didn't have any details from her job, they just said that to her in passing.
One of those things lay people say because they aren't clear on what computers are or how networks work. So people use buzz words that they've heard and try to make things up to sound impressive. Like how managers say "cloud" but randomly mean "hosted" or maybe "online" or perhaps "web" but never, ever mean "cloud."
The government might require discrete connections, but meaning discrete out to the ISP. But even that is silly. As someone who manages ISP networks, that doesn't do much either.
Yeah I understand that. I guess I gave them too much credit. It didn't make sense to me but at same time I know I;m not too experienced, so I figured there was a valid reason and I just didn't understand it.
-
@Pete-S said in Redoing Home Network:
@Dashrender said in Redoing Home Network:
I've with JB - You should save the money and get an ER-4. The processor is the same.
POE can be done in the switches, so no need for that in the router.
The ER-4 is nearly half the ER-6.Isn't POE also better in the switches? I thought Ubiquity used some odd DIY standard for POE, at least in the past.
It is not an "odd DIY standard", it is 24V passive PoE
It was used for years on outdoor wireless gear from Motorola. Ubiquiti, which got its start in the WISP market, used the common standard already in place for a reason. It let their get get added to existing towers.
-
-
@jmoore said in Redoing Home Network:
@Dashrender said in Redoing Home Network:
@jmoore said in Redoing Home Network:
@Dashrender said in Redoing Home Network:
I've with JB - You should save the money and get an ER-4. The processor is the same.
POE can be done in the switches, so no need for that in the router.
The ER-4 is nearly half the ER-6.I already ordered the pieces. Thanks for your input though. I needed a router with 4 ports for my 4 rooms plus the incoming port. I plan to use and learn everything about it.
Do you really need four ports? I suppose if you don't have a core switch, and the switches in each room go directly to the firewall, then sure.
That was my plan yes. Router with 4 ports so I could directly connect a switch in each of the rooms. I'm being that's not a good idea.
Your router is not (should not) be your core switch.
Yes, if the router has a switch chip like the ER-X does, it could be your core switch, but you seriously should not think like that.
As I said your router needs 2 ports. WAN and LAN. Period. Can have more but that is all you need.
When you have a need for segregation, sure, use another port as a LAN 2, or just use a VLAN on LAN 1. Does not really matter which you do.
-
Question: does it make sense to segment certain traffic because of security concerns? I'm thinking of the blanket statements (never backed up with fact, by the way) I've seen to segment "IoT" devices in the home because of lack of security (E.G they get hacked and said hacker now has access to your entire network).
-
@JaredBusch said in Redoing Home Network:
@jmoore said in Redoing Home Network:
@Dashrender said in Redoing Home Network:
@jmoore said in Redoing Home Network:
@Dashrender said in Redoing Home Network:
I've with JB - You should save the money and get an ER-4. The processor is the same.
POE can be done in the switches, so no need for that in the router.
The ER-4 is nearly half the ER-6.I already ordered the pieces. Thanks for your input though. I needed a router with 4 ports for my 4 rooms plus the incoming port. I plan to use and learn everything about it.
Do you really need four ports? I suppose if you don't have a core switch, and the switches in each room go directly to the firewall, then sure.
That was my plan yes. Router with 4 ports so I could directly connect a switch in each of the rooms. I'm being that's not a good idea.
Your router is not (should not) be your core switch.
Yes, if the router has a switch chip like the ER-X does, it could be your core switch, but you seriously should not think like that.
As I said your router needs 2 ports. WAN and LAN. Period. Can have more but that is all you need.
When you have a need for segregation, sure, use another port as a LAN 2, or just use a VLAN on LAN 1. Does not really matter which you do.
Got it, thanks for the explanation. I had read that it did not matter whether you used vlans or just separate lans if you needed to segregate portions of traffic. Thats why I planned things out the way I did. I had setup vlans before and wanted to do it the other way now, since I was under the impression it accomplished the same thing.
-
@jt1001001 said in Redoing Home Network:
I've seen to segment "IoT" devices in the home because of lack of security (E.G they get hacked and said hacker now has access to your entire network).
The theory there is protecting device to device attacks because it is assumed that the device will be compromised, and be able to breach another unprotected device. It's based on the assumption that people aren't LANless.
And that's very true. But is totally different than keeping the traffic from mingling.
-
@jmoore said in Redoing Home Network:
Thats why I planned things out the way I did. I had setup vlans before and wanted to do it the other way now, since I was under the impression it accomplished the same thing.
It does. One is just the virtual version of the other. In the old days, we always had physically separated hubs. Once we got big switches, people wanted to recreate the physical separation sometimes, hence VLANs.
-
@jt1001001 said in Redoing Home Network:
Question: does it make sense to segment certain traffic because of security concerns? I'm thinking of the blanket statements (never backed up with fact, by the way) I've seen to segment "IoT" devices in the home because of lack of security (E.G they get hacked and said hacker now has access to your entire network).
Well in my readings, they say either method will increase security, as traffic is not supposed to travel between vlans for example. However, as I've learned today, not everything you read in cert books is accurate. So definitely get a few opinions with details.
-
@jmoore said in Redoing Home Network:
@jt1001001 said in Redoing Home Network:
Question: does it make sense to segment certain traffic because of security concerns? I'm thinking of the blanket statements (never backed up with fact, by the way) I've seen to segment "IoT" devices in the home because of lack of security (E.G they get hacked and said hacker now has access to your entire network).
Well in my readings, they say either method will increase security, as traffic is not supposed to travel between vlans for example. However, as I've learned today, not everything you read in cert books is accurate. So definitely get a few opinions with details.
They don't, unless those VLANs go into a ROUTER! LOL
-
@scottalanmiller said in Redoing Home Network:
@jmoore said in Redoing Home Network:
Thats why I planned things out the way I did. I had setup vlans before and wanted to do it the other way now, since I was under the impression it accomplished the same thing.
It does. One is just the virtual version of the other. In the old days, we always had physically separated hubs. Once we got big switches, people wanted to recreate the physical separation sometimes, hence VLANs.
Ok cool, thanks. If I have to end up separating traffic, I'll just use a vlan and be done with it.
-
@jmoore said in Redoing Home Network:
@scottalanmiller said in Redoing Home Network:
@jmoore said in Redoing Home Network:
Thats why I planned things out the way I did. I had setup vlans before and wanted to do it the other way now, since I was under the impression it accomplished the same thing.
It does. One is just the virtual version of the other. In the old days, we always had physically separated hubs. Once we got big switches, people wanted to recreate the physical separation sometimes, hence VLANs.
Ok cool, thanks. If I have to end up separating traffic, I'll just use a vlan and be done with it.
No, there is really no scenario where that would make sense. You can't separate the traffic on a single network.
-
@JaredBusch said in Redoing Home Network:
Yes, if the router has a switch chip like the ER-X does, it could be your core switch, but you seriously should not think like that.
Got it, I won't forget this lesson either. I was going to do the separate lans for a learning exercise in getting it set up, but from what it sounds like, it is pretty worthless even as an exercise. Thanks for your opinions!
-
@scottalanmiller said in Redoing Home Network:
@jmoore said in Redoing Home Network:
@jt1001001 said in Redoing Home Network:
Question: does it make sense to segment certain traffic because of security concerns? I'm thinking of the blanket statements (never backed up with fact, by the way) I've seen to segment "IoT" devices in the home because of lack of security (E.G they get hacked and said hacker now has access to your entire network).
Well in my readings, they say either method will increase security, as traffic is not supposed to travel between vlans for example. However, as I've learned today, not everything you read in cert books is accurate. So definitely get a few opinions with details.
They don't, unless those VLANs go into a ROUTER! LOL
Yep, and that wasn't explained in my readings. Hence my inaccurate impressions.
-
@scottalanmiller said in Redoing Home Network:
@jmoore said in Redoing Home Network:
@scottalanmiller said in Redoing Home Network:
@jmoore said in Redoing Home Network:
Thats why I planned things out the way I did. I had setup vlans before and wanted to do it the other way now, since I was under the impression it accomplished the same thing.
It does. One is just the virtual version of the other. In the old days, we always had physically separated hubs. Once we got big switches, people wanted to recreate the physical separation sometimes, hence VLANs.
Ok cool, thanks. If I have to end up separating traffic, I'll just use a vlan and be done with it.
No, there is really no scenario where that would make sense. You can't separate the traffic on a single network.
Ok. Hopefully it won't be an issue with her boss.
-
@scottalanmiller said in Redoing Home Network:
@jmoore said in Redoing Home Network:
@jt1001001 said in Redoing Home Network:
Question: does it make sense to segment certain traffic because of security concerns? I'm thinking of the blanket statements (never backed up with fact, by the way) I've seen to segment "IoT" devices in the home because of lack of security (E.G they get hacked and said hacker now has access to your entire network).
Well in my readings, they say either method will increase security, as traffic is not supposed to travel between vlans for example. However, as I've learned today, not everything you read in cert books is accurate. So definitely get a few opinions with details.
They don't, unless those VLANs go into a ROUTER! LOL
What about routing VLAN traffic on an L3 switch? Does that then classify as a "router"?