SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Network subnet device segregation - please advise
Page 1 2 
Go
New
Find
Notify
Tools
Reply
  
Network subnet device segregation - please advise Login/Join 
Member
Picture of Shaql
posted Hide Post
You can also use ACLs (access control lists) on the routers to permit/deny access to any IP address from other specific or general IP addresses.





Hedley Lamarr: Wait, wait, wait. I'm unarmed.
Bart: Alright, we'll settle this like men, with our fists.
Hedley Lamarr: Sorry, I just remembered . . . I am armed.
 
Posts: 6915 | Location: Atlanta | Registered: April 23, 2006Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by slosig:
By sticking a switch in front of each port on the router you avoid the delay of CDMA and exponential back off, right?
No. Sticking a switch in front of the router ports that need more than one device on them allows them to have more than one device on them Smile

quote:
Originally posted by slosig:
Why the different switches for different devices? Is one cheaper and the other more capable, or is there some other reason?
Because I prefer EnGenius networking kit but they don't make 4- and 5-port switches. He has a need for only two devices on one router port. Why use an 8-port switch? Whereas one router port has eight devices.

quote:
Originally posted by mark123:
I'm an amateur at this stuff but I think something like this Netgate 1100 and a couple cheap dumb switches ...
quote:
Originally posted by Shaql:
You can also use ACLs (access control lists) on the routers to permit/deny access ...
True and true, and I'd probably be inclined to go that way, myself (except for Mark's hardware choices), but, theoretically speaking one could achieve the desired isolation with a single router port and a single managed switch, using VLANs, depending upon the router's capabilities.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26031 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Member
Picture of jcsabolt2
posted Hide Post
Take a look at Firewalla, probably their purple or gold model. It will do everything you are trying to do in one simple device. Built for the end consumer to keep it simple.

IMHO, vendors are gong to have to greatly step up their game to meet cyber security needs and thinking that end consumers are going to become network/cyber security guru's AIN'T gonna happen! From the network folks I know, most residential type products routers are greatly lacking compared to the commercial market.


----------
“Nobody can ever take your integrity away from you. Only you can give up your integrity.” H. Norman Schwarzkopf
 
Posts: 3664 | Registered: July 06, 2006Reply With QuoteReport This Post
quarter MOA visionary
Picture of smschulz
posted Hide Post
quote:
Originally posted by ensigmatic:

quote:
Originally posted by slosig:
Why the different switches for different devices? Is one cheaper and the other more capable, or is there some other reason?
Because I prefer EnGenius networking kit but they don't make 4- and 5-port switches. He has a need for only two devices on one router port. Why use an 8-port switch? Whereas one router port has eight devices.



quote:

....theoretically speaking one could achieve the desired isolation with a single router port and a single managed switch, using VLANs, depending upon the router's capabilities.


^^^ I would say that would even be the optimal method.

What happens is too often we just dongle a switch at the end of a network run for more device.
Sometimes it is the only way but not my preferred method.
Better to run cables back to switch but that isn't always feasible.
Better to plan out infrastructure than react to it, FWIW.

So this I disagree with:
quote:
Originally posted by mark123:
.. I think something like this Netgate 1100 and a couple cheap dumb switches ...


Better to just get a larger smart switch, IMO

pfSense is fine - never used it but I just downloaded to evaluate.

Plenty of other great Routing solutions:
Ubiquiti EdgeRouters or Untangle is what I use.

EdgeRouters are a great value - IT likes them because of the functionality to value is high.
I wish the EdgeSwitches were more available - prices are selling over retail because of their scarcity.
Untangle (now Arista) is pretty much the same as pfSense.
You can install on your own hardware or get in an appliance.
Features from a free fire wall to much more including content filtering, VPN, AV and more.
Some service do require subscription- available ala carte.
The VPN component is done much better than EdgeRouter.
By VPN I mean a secure remote connection not the software service to scour the Internet.
VPN's take more resources and using better hardware makes it work better.
EdgeRouter VPN is not as robust or intuitive, IMO.

Don't forget some of the others like Mikrotik , Ubiquiti's UniFi lineup (more intuitive and expensive than EdgeRouter).
And more....
 
Posts: 23410 | Location: Houston, TX | Registered: June 11, 2006Reply With QuoteReport This Post
W07VH5
Picture of mark123
posted Hide Post
Have we forgiven Ubiquiti for the data breach and the terrible way they handled it?

I think you'll like pfsense. It's pretty intuitive.
 
Posts: 45674 | Location: Pennsyltucky | Registered: December 05, 2001Reply With QuoteReport This Post
quarter MOA visionary
Picture of smschulz
posted Hide Post
Anytime you utilize those cloud-based management services you are at an increased risk.
I don't normally use them too much for that reason.
Kinda like all the NAS breaches by all the manufacturers - all from cloud connectivity.
UNIFI lineup is more so than the Edge lineup but I understand in a large scenario the benefit for this service.
It really didn't affect me but it would be understandable for those depending on it.

Going to compare the pfSense to Untangle - we'll see how it does. Smile
 
Posts: 23410 | Location: Houston, TX | Registered: June 11, 2006Reply With QuoteReport This Post
  Powered by Social Strata Page 1 2  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Network subnet device segregation - please advise

© SIGforum 2024