Kind of dumb question I know.. But in the past, I've had to order from various different places to get the exact lengths I wanted. This results in slightly different colors and boots of patch cable.

I need to order Cat6 by the half foot in a number of lengths and colors and have them with the nice boot at the end (that's easy to push down and pull out). I'd like to order all from one place but it seems like I can only find places that meet part of my criteria. It's just maddening.

In the past, I've bought from newegg, cablesupply, deepsurplus, and a few others I can't recall..

@scottalanmiller said in Getting computers and phones on the correct VLAN regardless of switch port?:

@dave247 said in Getting computers and phones on the correct VLAN regardless of switch port?:

@travisdh1 said in Getting computers and phones on the correct VLAN regardless of switch port?:

@coliver said in Getting computers and phones on the correct VLAN regardless of switch port?:

@dave247 said in Getting computers and phones on the correct VLAN regardless of switch port?:

@coliver said in Getting computers and phones on the correct VLAN regardless of switch port?:

Why are you segregating voice and data traffic?

? The question is about how to get the devices onto their intended VLAN.

Sure, and my question is why? How does this benefit the business? Is there a security reason to separating out voice and data traffic?

VLAN isn't about security. A malicious actor only needs to guess the other VLAN id in order to access the other network quite often.

lol. I continually hear people saying conflicting things like this. VLANs are used for security and management purposes.

VLANs CAN be used for that. The most common reason is "error", at least in these examples.

VLANs when used for things like guest networks, that's security for sure, and very effective. Easy to enforce, clear separation of traffic.

When it comes to VoIP, VLANs aren't for security or management, not really. They don't affect security in any meaningful way, and they make management way harder.

Well, wouldn't one security measure count, such as preventing someone on the data network from sniffing voice traffic? I know it's not the primary solution but it's one additional measure.

@scottalanmiller said in Getting computers and phones on the correct VLAN regardless of switch port?:

@dave247 said in Getting computers and phones on the correct VLAN regardless of switch port?:

@scottalanmiller said in Getting computers and phones on the correct VLAN regardless of switch port?:

@dave247 said in Getting computers and phones on the correct VLAN regardless of switch port?:

@scottalanmiller said in Getting computers and phones on the correct VLAN regardless of switch port?:

@dave247 said in Getting computers and phones on the correct VLAN regardless of switch port?:

@coliver said in Getting computers and phones on the correct VLAN regardless of switch port?:

@dave247 said in Getting computers and phones on the correct VLAN regardless of switch port?:

@coliver said in Getting computers and phones on the correct VLAN regardless of switch port?:

Why are you segregating voice and data traffic?

? The question is about how to get the devices onto their intended VLAN.

Sure, and my question is why? How does this benefit the business? Is there a security reason to separating out voice and data traffic?

But, if we go a bit further. What kind of switches do you have?

Security requirement mainly. Switches are Dell PowerConnect N3000 and 5500

No security if done this way. You'd need to switch to port controlled VLAN in order to introduce any secure. If you do tagged like you have to here, the devices see all the VLANs at once and choose what traffic to send and receive - same as without a VLAN.

I don't quite understand what you mean here by port controlled VLAN, or the rest of your reply.

VLANs aren't a singular thing, just a general concept. They can be created in multiple ways. One of which is tagging, which is required for how you are using it here with the phones on shared "trunk" ports with the PCs.

But you can do port based VLAN as well, which has no protocol. This is a "Layer 1" VLAN where the port (on the switch) that is used determines the VLAN instead of a tag. With port based, you can use physical security to enforce the VLAN traffic and devices on the network can't violate the VLAN security to get around it.

So you mean like, put ports 1 - 10 on VLAN 5 thus forcing any devices plugged into those ports to be on that VLAN?

Right. Ports 1-10 on VLAN 5, 11-24 on VLAN 0. As long as you control what gets plugged into them, the VLANs are essentially air tight.

Well what about a situation where you have computers that plug into phone sets, and then those phone sets connect to the network port on the wall? You'd need those phones to be tagged and the network traffic from the pc to be untagged, at least in my situation.

@scottalanmiller said in Getting computers and phones on the correct VLAN regardless of switch port?:

@dave247 said in Getting computers and phones on the correct VLAN regardless of switch port?:

@scottalanmiller said in Getting computers and phones on the correct VLAN regardless of switch port?:

@dave247 said in Getting computers and phones on the correct VLAN regardless of switch port?:

@coliver said in Getting computers and phones on the correct VLAN regardless of switch port?:

@dave247 said in Getting computers and phones on the correct VLAN regardless of switch port?:

@coliver said in Getting computers and phones on the correct VLAN regardless of switch port?:

Why are you segregating voice and data traffic?

? The question is about how to get the devices onto their intended VLAN.

Sure, and my question is why? How does this benefit the business? Is there a security reason to separating out voice and data traffic?

But, if we go a bit further. What kind of switches do you have?

Security requirement mainly. Switches are Dell PowerConnect N3000 and 5500

No security if done this way. You'd need to switch to port controlled VLAN in order to introduce any secure. If you do tagged like you have to here, the devices see all the VLANs at once and choose what traffic to send and receive - same as without a VLAN.

I don't quite understand what you mean here by port controlled VLAN, or the rest of your reply.

VLANs aren't a singular thing, just a general concept. They can be created in multiple ways. One of which is tagging, which is required for how you are using it here with the phones on shared "trunk" ports with the PCs.

But you can do port based VLAN as well, which has no protocol. This is a "Layer 1" VLAN where the port (on the switch) that is used determines the VLAN instead of a tag. With port based, you can use physical security to enforce the VLAN traffic and devices on the network can't violate the VLAN security to get around it.

So you mean like, put ports 1 - 10 on VLAN 5 thus forcing any devices plugged into those ports to be on that VLAN?

@scottalanmiller said in Getting computers and phones on the correct VLAN regardless of switch port?:

@dave247 said in Getting computers and phones on the correct VLAN regardless of switch port?:

@coliver said in Getting computers and phones on the correct VLAN regardless of switch port?:

@dave247 said in Getting computers and phones on the correct VLAN regardless of switch port?:

@coliver said in Getting computers and phones on the correct VLAN regardless of switch port?:

Why are you segregating voice and data traffic?

? The question is about how to get the devices onto their intended VLAN.

Sure, and my question is why? How does this benefit the business? Is there a security reason to separating out voice and data traffic?

But, if we go a bit further. What kind of switches do you have?

Security requirement mainly. Switches are Dell PowerConnect N3000 and 5500

No security if done this way. You'd need to switch to port controlled VLAN in order to introduce any secure. If you do tagged like you have to here, the devices see all the VLANs at once and choose what traffic to send and receive - same as without a VLAN.

I don't quite understand what you mean here by port controlled VLAN, or the rest of your reply.

@travisdh1 said in Getting computers and phones on the correct VLAN regardless of switch port?:

@coliver said in Getting computers and phones on the correct VLAN regardless of switch port?:

@dave247 said in Getting computers and phones on the correct VLAN regardless of switch port?:

@coliver said in Getting computers and phones on the correct VLAN regardless of switch port?:

Why are you segregating voice and data traffic?

? The question is about how to get the devices onto their intended VLAN.

Sure, and my question is why? How does this benefit the business? Is there a security reason to separating out voice and data traffic?

VLAN isn't about security. A malicious actor only needs to guess the other VLAN id in order to access the other network quite often.

lol. I continually hear people saying conflicting things like this. VLANs are used for security and management purposes.

@coliver said in Getting computers and phones on the correct VLAN regardless of switch port?:

@dave247 said in Getting computers and phones on the correct VLAN regardless of switch port?:

@coliver said in Getting computers and phones on the correct VLAN regardless of switch port?:

Why are you segregating voice and data traffic?

? The question is about how to get the devices onto their intended VLAN.

Sure, and my question is why? How does this benefit the business? Is there a security reason to separating out voice and data traffic?

But, if we go a bit further. What kind of switches do you have?

Security requirement mainly. Switches are Dell PowerConnect N3000 and 5500

@coliver said in Getting computers and phones on the correct VLAN regardless of switch port?:

Why are you segregating voice and data traffic?

? The question is about how to get the devices onto their intended VLAN despite the switch port.

I'm not super experienced with VLANs yet, so I'm trying to wrap my head around this.

I have switches with only the data network running on the default VLAN ID 0, un-tagged. I want to add a new VLAN ID 5 for voice traffic. I want to have it so that no matter what switch port I plug in a computer or phone to, they end up on the correct VLAN.

To clarify even more: If I plug in a computer on switch port Gi0/0/3, it would only talk on the data VLAN.  If I plug in a phone set to switch port Gi0/0/3, it would only talk on the voice VLAN. In this case, I am assuming I would set all switch ports to trunk mode and then I would have to configure each one of the phone sets to have their Ethernet traffic tagged right away for VLAN 5.

This is the only way I can see it working. Otherwise, I would have to plug computers into data VLAN switch ports and phones into voice VLAN switch ports.

Do I have this right?

@jaredbusch said in Installing Google Chrome on Fedora 27:

@scottalanmiller said in Installing Google Chrome on Fedora 27:

Chrome is easy to install but isn't included in Fedora. Here is the quick and effective way to do it.

WTF?

sudo dnf install -y https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm

It's Scott, so of course it has to be unnecessarily over-complicated

@scottalanmiller said in Thoughts on how I could improve my network security?:

@dave247 said in Thoughts on how I could improve my network security?:

@tim_g said in Thoughts on how I could improve my network security?:

@scottalanmiller said in Thoughts on how I could improve my network security?:

There are places where router and firewall merge and can't be pulled apart - and that is NAT. A NAT translation is assumed to be part of the routing functions, but is a firewall. NAT literally makes the router and the firewall be the same component and function. Of course, in theory, you can have a router that doesn't do NAT, but in the real world, no one has made one since the early 1990s, and maybe not even then.

Exactly. When packets reach the NAT and have nowhere to go, they get dropped. That's firewall.

Yeah, NAT is also not the firewall.

But it is. NAT is a form of firewall. You can't NAT without firewall. But you also can't NAT without router. It's where the two are forced to overlap.

oh right... forgot about the base NAT policies. I was wrong there.

@scottalanmiller said in Thoughts on how I could improve my network security?:

@dave247 I totally get your point that in most cases, routers and firewalls are different aspects of the device. And that is good for everyone to understand. But it is also important, I'd say far more important, for everyone to understand that in the real world, and for all utility even in the theoretical world, you can't have a router that isn't a firewall and anything that is a firewall can be a router.

It's less important that people understand that L3 Switches are always routers, but it is the same concept. If someone asks if you have a router in between point A and B and all you have there is an L3 switch, your answer is "yes".

The reason that it is more important that people understand that router always means firewall and firewall always means router (at least optionally) is because there is a new epidemic of people thinking firewall means something totally different and crazy things are being thought now - where people actually think that they have routers that aren't firewalls.

Ok I'm glad you get my point. This whole argument (just like many others on here and on SpiceWorks) has ultimately come down to semantics.

@tim_g said in Thoughts on how I could improve my network security?:

@scottalanmiller said in Thoughts on how I could improve my network security?:

There are places where router and firewall merge and can't be pulled apart - and that is NAT. A NAT translation is assumed to be part of the routing functions, but is a firewall. NAT literally makes the router and the firewall be the same component and function. Of course, in theory, you can have a router that doesn't do NAT, but in the real world, no one has made one since the early 1990s, and maybe not even then.

Exactly. When packets reach the NAT and have nowhere to go, they get dropped. That's firewall.

Yeah, NAT is also not the firewall.

@scottalanmiller said in Thoughts on how I could improve my network security?:

The key reason that we state that firewalls and routers are one and the same is because the one thing that is most important is that no one come away thinking that there is a router that isn't a firewall. The terms are literally used interchangeably to the point that you never know what someone means when they say one or the other.

Then this is part of the problem. Why not refer to them as router/firewalls or something more reasonable? If I said, "I'm going into the firewall to program these static routes", it wouldn't sound right.

So to protect people from confusion and not knowing how to protect themselves, we state it in that way. Specifically to avoid confusion where it is most likely, and most dangerous.

Yet it has caused confusion.

Ok, here is another example of what I am trying to express here:

At work, I have a bunch of Dell PowerConnect switches - 5500 and N3000 series. These are referred to and sold as switches. However, they provide multi-layer functions, beyond just L2 switching. Some of the functions they provide are: switching, routing, DHCP server. Does that mean I can refer to this switch as a router instead of a switch? How about if I start calling the switch a server? I wouldn't, because it's not correct. If I said that a switch and router are the same thing, people would be quick to correct me because they are not the same thing.

@tim_g said in Thoughts on how I could improve my network security?:

@dave247 A router is simply a hardware firewall.

No, that is not correct. It is a gross over-simplification. Routing and firewalling functions are two completely different roles. Yes, routers almost always come with a firewall, but they are absolutely not the same thing.

@scottalanmiller said in Thoughts on how I could improve my network security?:

@dave247 said in Thoughts on how I could improve my network security?:

@scottalanmiller said in Thoughts on how I could improve my network security?:

@dave247 said in Thoughts on how I could improve my network security?:

@scottalanmiller said in Thoughts on how I could improve my network security?:

@dave247 said in Thoughts on how I could improve my network security?:

Second, a router is always a firewall, the two are always the same thing, have been for decades.

I still can't believe you said this... really makes it clear that you aren't playing with a full deck of cards.

If you think that they are different, explain how. Or show an example of some at least. Instead of saying I'm crazy, explain what you mean as you aren't presenting information, just claiming that basic industry common knowledge is wrong. If the whole industry is wrong, what do you know that we don't? Attacking the person, and not the argument, is the greatest sign of agreement - just tends to indicate that you know it is true but dislike that that is the truth.

Well based on what you originally said, you were claiming a firewall and a router were the "same thing". You literally said that. They aren't the same thing because they are two different systems that do two different things. Routers route packets between different networks and firewalls allow or deny traffic based on specified rules. Pretty simple and I'm sure you already actually know that.

My point is that while they might always go together in the same piece of equipment, they really aren't the "same thing". You're going to confuse people by telling them they are the same thing and I think that's secretly your intent.

Here is the original quote you are referring to: "Second, a router is always a firewall, the two are always the same thing, have been for decades. The idea that you even CAN separate the router and firewall is silly, while it's possible no separate devices have been on the market since the late 1990s."

This looks nothing like what you claim that I said. In the original quote I was extremely clear in explaining exactly what you claim I was trying to make confusing. I point out even that you CAN separate them, but no one has done so. And that they've been the same thing [devices] for a long time, but not always.

How am I confusing someone like this? And with this level of explanation, how can you honestly claim that you think I'm trying to mislead someone when I took the time to make it so obvious that they were separate, but always combined?

Look. Really all I'm trying to say is that you should have maybe phrased it as "a router and a firewall always go together", because saying they are the same thing is a very gross over-simplification. It would be like saying the engine in a car is the same thing as the transmission. They always go together, but they are not the same thing. You said they were the same thing, I am saying they are not. I am saying they are not the same thing, because that is the correct thing to say to somebody who says they are the same thing. You can dance around it all you want with your paragraphs of words, but the fact of the matter is you were incorrect, at least in how you described it, and you should just accept that.

@scottalanmiller said in Thoughts on how I could improve my network security?:

@dave247 said in Thoughts on how I could improve my network security?:

@scottalanmiller said in Thoughts on how I could improve my network security?:

@dave247 said in Thoughts on how I could improve my network security?:

Second, a router is always a firewall, the two are always the same thing, have been for decades.

I still can't believe you said this... really makes it clear that you aren't playing with a full deck of cards.

If you think that they are different, explain how. Or show an example of some at least. Instead of saying I'm crazy, explain what you mean as you aren't presenting information, just claiming that basic industry common knowledge is wrong. If the whole industry is wrong, what do you know that we don't? Attacking the person, and not the argument, is the greatest sign of agreement - just tends to indicate that you know it is true but dislike that that is the truth.

Well based on what you originally said, you were claiming a firewall and a router were the "same thing". You literally said that. They aren't the same thing because they are two different systems that do two different things. Routers route packets between different networks and firewalls allow or deny traffic based on specified rules. Pretty simple and I'm sure you already actually know that.

My point is that while they might always go together in the same piece of equipment, they really aren't the "same thing". You're going to confuse people by telling them they are the same thing and I think that's secretly your intent.

@scottalanmiller said in Thoughts on how I could improve my network security?:

@dave247 said in Thoughts on how I could improve my network security?:

Second, a router is always a firewall, the two are always the same thing, have been for decades.

I still can't believe you said this... really makes it clear that you aren't playing with a full deck of cards.

@dashrender said in Trying to set up Hyper-V Server 2016, ripping my hair out:

I’m confused on the Hyper-v admin you made. Was it local on Hyper-v? If yes then how could any other computer log into itself as that user?

I chose option 3 from the sconfig menu ("add local administrator") and then for that I chose a domain user. Then, I was attempting to connect to my Hyper-V server through the Windows 10 Hyper-V Manager as that user.