@jt1001001 said in Redoing Home Network:

Question: does it make sense to segment certain traffic because of security concerns? I'm thinking of the blanket statements (never backed up with fact, by the way) I've seen to segment "IoT" devices in the home because of lack of security (E.G they get hacked and said hacker now has access to your entire network).

Well in my readings, they say either method will increase security, as traffic is not supposed to travel between vlans for example. However, as I've learned today, not everything you read in cert books is accurate. So definitely get a few opinions with details.

@JaredBusch said in Redoing Home Network:

@jmoore said in Redoing Home Network:

@Dashrender said in Redoing Home Network:

@jmoore said in Redoing Home Network:

@Dashrender said in Redoing Home Network:

I've with JB - You should save the money and get an ER-4. The processor is the same.

POE can be done in the switches, so no need for that in the router.
The ER-4 is nearly half the ER-6.

I already ordered the pieces. Thanks for your input though. I needed a router with 4 ports for my 4 rooms plus the incoming port. I plan to use and learn everything about it.

Do you really need four ports? I suppose if you don't have a core switch, and the switches in each room go directly to the firewall, then sure.

That was my plan yes. Router with 4 ports so I could directly connect a switch in each of the rooms. I'm being that's not a good idea.

Your router is not (should not) be your core switch.

Yes, if the router has a switch chip like the ER-X does, it could be your core switch, but you seriously should not think like that.

As I said your router needs 2 ports. WAN and LAN. Period. Can have more but that is all you need.

When you have a need for segregation, sure, use another port as a LAN 2, or just use a VLAN on LAN 1. Does not really matter which you do.

Got it, thanks for the explanation. I had read that it did not matter whether you used vlans or just separate lans if you needed to segregate portions of traffic. Thats why I planned things out the way I did. I had setup vlans before and wanted to do it the other way now, since I was under the impression it accomplished the same thing.

@scottalanmiller said in Redoing Home Network:

@jmoore said in Redoing Home Network:

@scottalanmiller said in Redoing Home Network:

@jmoore said in Redoing Home Network:

So your saying the traffic still merges even if we are on different switches, connected to different ports on the router?

Yes, all traffic merges when you use the Internet. It either merges.... far from your house, near your house, or in your house. But it merges and it's pretty trivial to figure out where.

All traffic is merged, it's a 100% meaningless requirement. Like people saying that the need more Ether to breathe. It's a totally made up, non-IT concept.

Well dang, thanks for the advice. I didn't have any details from her job, they just said that to her in passing.

One of those things lay people say because they aren't clear on what computers are or how networks work. So people use buzz words that they've heard and try to make things up to sound impressive. Like how managers say "cloud" but randomly mean "hosted" or maybe "online" or perhaps "web" but never, ever mean "cloud."

The government might require discrete connections, but meaning discrete out to the ISP. But even that is silly. As someone who manages ISP networks, that doesn't do much either.

Yeah I understand that. I guess I gave them too much credit. It didn't make sense to me but at same time I know I;m not too experienced, so I figured there was a valid reason and I just didn't understand it.

@Dashrender said in Redoing Home Network:

@jmoore said in Redoing Home Network:

@Dashrender said in Redoing Home Network:

I've with JB - You should save the money and get an ER-4. The processor is the same.

POE can be done in the switches, so no need for that in the router.
The ER-4 is nearly half the ER-6.

I already ordered the pieces. Thanks for your input though. I needed a router with 4 ports for my 4 rooms plus the incoming port. I plan to use and learn everything about it.

Do you really need four ports? I suppose if you don't have a core switch, and the switches in each room go directly to the firewall, then sure.

That was my plan yes. Router with 4 ports so I could directly connect a switch in each of the rooms. I'm being that's not a good idea.

@scottalanmiller said in Redoing Home Network:

@jmoore said in Redoing Home Network:

@scottalanmiller said in Redoing Home Network:

In your example, you keep mentioning segmenting and performance. But you don't state why segmentation of network traffic would be beneficial in this case (spoiler: it's not) nor why performance would benefit (spoiler: it doesn't.)

In my cert studies it was always that segregating traffic improves performance and to do it whenever you can.

Remember, never take someone's word for it, if they don't explain it, don't listen to it.

Yeah I won't forget that ever. Thanks.

@scottalanmiller said in Redoing Home Network:

@jmoore said in Redoing Home Network:

So your saying the traffic still merges even if we are on different switches, connected to different ports on the router?

Yes, all traffic merges when you use the Internet. It either merges.... far from your house, near your house, or in your house. But it merges and it's pretty trivial to figure out where.

All traffic is merged, it's a 100% meaningless requirement. Like people saying that the need more Ether to breathe. It's a totally made up, non-IT concept.

Well dang, thanks for the advice. I didn't have any details from her job, they just said that to her in passing.

@scottalanmiller said in Redoing Home Network:

@jmoore said in Redoing Home Network:

So if my office is on port 1 of the router and her office is on port 2, all the traffic still merges?

Of course, you are sharing one network connection. Imagine if you have to spaces in your garage. Even if there is a wall in the garage dividing the spaces, they still merge in the driveway.

Got it thanks. I had the wrong impression here.

@scottalanmiller said in Redoing Home Network:

But not worthless if it turns out to be good practice in evaluating needs!

Yeah that is true. I know I need to improve on that a lot.

@scottalanmiller said in Redoing Home Network:

In your example, you keep mentioning segmenting and performance. But you don't state why segmentation of network traffic would be beneficial in this case (spoiler: it's not) nor why performance would benefit (spoiler: it doesn't.)

In my cert studies it was always that segregating traffic improves performance and to do it whenever you can.

@scottalanmiller said in Redoing Home Network:

Yes, it's segmented.... some of the time. But... why? What value does that provide? They are not segmented in the router. So the data all merges before doing anything useful.

So if my office is on port 1 of the router and her office is on port 2, all the traffic still merges? Her boss has hinted that work at home employees may need to be on distinct networks in the future, for some government regulation. So I wanted to get ahead and just do it from the start. I know I could use a vlan. So your saying the traffic still merges even if we are on different switches, connected to different ports on the router?

@scottalanmiller said in Redoing Home Network:

@jmoore said in Redoing Home Network:

I have not set up a network using subnetting like this before and wanted to try for a learning experience.

Doing a VLAN does all this, and more. There can't be anything new here compared to a VLAN. This is the "simplest possible scenario", all VLANs are built on this as the lowest common denominator of "LANing".

Alright I see what your saying. So basically a worthless exercise. Sounds like I should just use vlans if I want to do this. Btw most of my perceptions about how this works are from my studying. I passed the Network+ because they said subnetting and creating different networks to keep traffic separate will always improve performance and increase security, but make it less flexible. My home isn't going to change so I wasn't worried about the flexible part. It was also said that vlans will accomplish the same thing but just do it much differently. So I wanted to learn this other way of doing it just in case.

@scottalanmiller said in Redoing Home Network:

But why? What do you perceive as value in separating the traffic? "Separating traffic" on its own is a negative. Unless there is a specific need, it's something that by saying it, should make you want to avoid it.

The boys are always doing heavy gaming. I don't want that to impact anything that I am working on. It possible wouldn't anyway but I wanted to eliminate the chance of it happening. Plus, again, learning experience, as businesses would likely do this either by subnetting or using vlans. Is this a worthless exercise?

@scottalanmiller said in Redoing Home Network:

However, your base logic of segregating traffic doesn't make sense, since it all mingles before leaving the house, anyway. What problem does it solve? Nothing. It just makes a simple network very complex.

If I have wife's switch connected to a different port on the router than my switch is connected to, and these are different lans at this point, wouldn't that segregate her traffic from mine?

@scottalanmiller said in Redoing Home Network:

If this was a systems lab, you'd say step 2 is better because it "does more" and makes you learn more things and is more how a business would do it. Same with your network. What you are doing is old fashioned physical LANs circa 1998. VLANs are literally the virtualization of that concept so that it is more flexible.

I have setup a vlan before, just not at home. I have never used subnetting like this to create different networks, so thought it would be worthwhile to do.

@Pete-S said in Redoing Home Network:

@jmoore said in Redoing Home Network:

@pmoncho said in Redoing Home Network:

@brandon220 said in Redoing Home Network:

Multiple subnets in your home?

I have 3 subnets at home. Main, IoT, and guest.
I need to upgrade to the ER4. My ERLite has been great so far though. My ISP connection is 120/5.

I am thinking of doing something similar to your setup. ER-X, UAP-AC-Lite, with cloud key and Netgear 8 port POE switch.

Was thinking about 3 VLANS, as I want to separate work laptops from the girls/Roku's, and camera's (coming soon). Plus I will be adding a 2nd AC Lite to the other side of the house. Not a big house but with an aluminum awning and other obstacles, connection speed drops in half in only 30'.

Yeah I'm thinking the same. The boys are constantly gaming since they are stuck from home so I want to separate that traffic. Wife's traffic is not required to be separate but I want to anyway. If they changed their mind in future it would be a lot more of a headache to redo everything.

You can have different networks if you want to do that, but it's very inflexible to separate it by doing one LAN per room. If you use VLANs you can decide what device (or port) belongs to what network. That's why everyone does it like that.

If you have for instance a NAS or server with VMs it will belong to the LAN in whatever room you have it, and not where it belongs logically. And all traffic that comes into it will have to be routed over the firewall.

And that's why the firewall should be connected to a core switch in your kind of network - if you want to build a flexible network.

I get what your saying and thanks for the comment. I understand vlans and have done them. I have not set up a network using subnetting like this before and wanted to try for a learning experience. I do agree it is less flexible but its my home and very little will ever change. Also, my firewall will be connected to my main switch.

@Grey said in Redoing Home Network:

You're literally building a broken network.

Sorry guess I don't understand how I'm building a broken network. Can you explain?

@pmoncho said in Redoing Home Network:

@brandon220 said in Redoing Home Network:

Multiple subnets in your home?

I have 3 subnets at home. Main, IoT, and guest.
I need to upgrade to the ER4. My ERLite has been great so far though. My ISP connection is 120/5.

I am thinking of doing something similar to your setup. ER-X, UAP-AC-Lite, with cloud key and Netgear 8 port POE switch.

Was thinking about 3 VLANS, as I want to separate work laptops from the girls/Roku's, and camera's (coming soon). Plus I will be adding a 2nd AC Lite to the other side of the house. Not a big house but with an aluminum awning and other obstacles, connection speed drops in half in only 30'.

Yeah I'm thinking the same. The boys are constantly gaming since they are stuck from home so I want to separate that traffic. Wife's traffic is not required to be separate but I want to anyway. If they changed their mind in future it would be a lot more of a headache to redo everything.

@Grey said in Redoing Home Network:

Are you sure that the AP isn't EOL? https://community.ui.com/questions/Announcement-EOL-for-some-UniFi-AP-models/65487283-ce9d-49f4-85b9-b6aa54659ef7

My model isn't on that list.

@brandon220 said in What Are You Doing Right Now:

Since @scottalanmiller mentions Chromebooks a lot - A friend bought 2 Dell laptops with Win 10 and called me because she couldn't install anything on them. The disk was "full" and no free space. They were "refurbished" as I later found out. I think someone imaged with with W 10 instead of ChromeOS. They have been sitting on a shelf for about a year.

Could also be a partition thing, where they didnt get full disk space when they imaged/formatted.

@scottalanmiller said in Redoing Home Network:

@jmoore said in Redoing Home Network:

@Pete-S I think my plan is similar, if not the same. 1 poe switch in each office and 1 in each bedroom. That makes 4 switches. I only need 1 ap for my size house. I plan on adding IP phones in each office and bedroom. I don't want them to have cell phones yet. The main difference in my plan is that I'm not doing vlans off my main switch, I plan on different subnets like Eddie mentioned. I want all the switches to have poe because I'm adding IP phones eventually. I have tried to plan for everything but I'm sure there's something I forgot.

Multiple subnets in your home?

Yeah I'd like to segregate government traffic from wife, gaming traffic from kids, from my own stuff. Since the router has multiple ports I think it will be easier to just use different subnets( 1 on each router port). Vlans might be easier but I also want to do it like this for the challenge. Im sure I can figure it out if it isnt dead simple anyway. After looking at the router I will know more. Now if I'm doing something completely stupid just say so.