Router/AP Set Up And Hardware

[adrynalyne]

6 minutes ago, The Evil Overlord said:

Isn't that kinda what he's doing right now??

Not if he is resisting. 

[The Evil Overlord]

1 minute ago, adrynalyne said:

Not if he is resisting. 

I guess, but like most, I started being technophobic, I asked a question, got answers and advice, and once I began to understand, I started asking more. I was working on the assumption mind is doing the same

[Mindovermaster Global Moderator]

1 hour ago, The Evil Overlord said:

Isn't that kinda what he's doing right now??

Totally, I am asking YOU for help. You give me answers. I learn them. So gimme information, @adrynalyne

57 minutes ago, adrynalyne said:

Not if he is resisting. 

Where am I resisting?

[adrynalyne]

11 minutes ago, Mindovermaster said:

Totally, I am asking YOU for help. You give me answers. I learn them. So gimme information, @adrynalyne

Where am I resisting?

By arguing with posters about security. Sounds like resisting to me. 

[Mindovermaster Global Moderator]

4 minutes ago, adrynalyne said:

By arguing with posters about security. Sounds like resisting to me. 

@sc302seems to agree with me... And that wasn't necessarily arguing. That was me saying "As a noob to networking, do I need this?"

[adrynalyne]

1 hour ago, Mindovermaster said:

@sc302seems to agree with me... And that wasn't necessarily arguing. That was me saying "As a noob to networking, do I need this?"

I guess. 

Thats not how this read to me. 

Tell me, since we got our first internet router, gotta be 10-12 years ago, why has no one hit us yet?

 

Anyway, moving on...

 

[Mindovermaster Global Moderator]

1 minute ago, adrynalyne said:

I guess. 

Thats not how this read to me. 

Tell me, since we got our first internet router, gotta be 10-12 years ago, why has no one hit us yet?

Hence the "?", you could have explained why...

[adrynalyne]

5 minutes ago, Mindovermaster said:

Hence the "?", you could have explained why...

Nothing to explain past it’s either been luck or you didn’t know you were hit. That and exploits have increased over the years so you can’t compare 11 years ago to now. 

[+BudMan MVC]

Nothing to do with "hitting" you  

 

Look at the mess with the wdc nases backdoors and how easy that was/is to exploit..  That box gets compromised, and now your whole network is open..

https://www.csoonline.com/article/3246234/security/hardcoded-backdoor-in-12-western-digital-my-cloud-nas-devices.html

 

The  where/are like 1200 some models of IP camera's with backdoors..   That is compromised.. your whole network is exposed.

https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01

 

That was just the tip of the iceberg with that warning

 

The goahead fiasco from Xmas just a couple of weeks ago

https://gbhackers.com/goahead-servers-vulnerability/

 

Do what you want - but opening up anything into your network form the internet to anything, especially IOT device is asking for it... This has ZERO to do with your wireless security and the kid across the street "hacking" you..

 

Do you ever let strange devices onto your wifi/wired network, like friends phone, laptop/tablet... Or do you only let them use your "guest" wifi?  If you let them onto your 1 flat network - you just exposed every single device you have on that network to whatever might be on that "strange" machine..  The old saying about you are sleeping with everyone that your partner has ever slept with when you don't practice safe ex...  Get my drift...  While I might let my buddies machine onto my guest network - I sure and the F do not his machine anywhere near my iot devices network or my stuff, etc.

 

Sorry that $15 smart switch I got from some china company.. While I don't mind letting it turn on my xmas lights from my phone... I not going to give it open access to everything else on my network..

 

 

[Mindovermaster Global Moderator]

@BudManHow do you have your whole house set up? With different VLANs and what does and doesn't go out?

[+BudMan MVC]

I don't stop anything from going out.. But I do monitor how often and where they go.  Not possible to use that $15 china smart switch if it couldn't go out.. But there is no inbound to any of those devices.

 

But they only go out to internet, they can not talk to any of my other stuff...  If you were a bit more paranoid you could limit where they go even.. I just monitor them for oddness.. They check if internet is there, and then open up connections to AWS..

 

Here is one of their connections

192.168.4.213:50052 -> 54.149.26.246:1883ESTABLISHED:ESTABLISHED9.008 K / 4.532 K362 KiB / 187 KiB

 

;; ANSWER SECTION:
246.26.149.54.in-addr.arpa. 3600 IN     PTR     ec2-54-149-26-246.us-west-2.compute.amazonaws.com.

 

NetRange:       54.144.0.0 - 54.159.255.255
CIDR:           54.144.0.0/12
NetName:        AMAZON
Organization:   Amazon Technologies Inc. (AT-88-Z)

 

Here is what its doing.. Currently... I could sniff when I turn it on and off, etc  How this stuff work and how fast is pretty freaking slick

 

Simple mqtt traffic... Those are my too tantan smart switches that used to turn on and off the xmas lights in the den and guestroom windows...  Prob take them off network here in a few days the lights our off, etc.

 

If that was some IP in china, then I would be a bit worried... And pay more attention to what it was talking about, and how and would prob even do mitm on it if need be to sniff any encrypted traffic, etc..

 

I currently have 7 different vlans/networks used for devices, a couple more for a transit to downstream router playing with, etc..  Now that unifi has mac based dynamic vlans working on non enterprise networks, ie psk networks and you can assign a iot device a vlan dynamically based upon its mac address vs the ssid it connects too I will be breaking them up a bit more.  Where different types of iot devices will not be on the same network.  No reason for my tp-link smart lightbulb to be on the same network as the tantan smart switches or my nest thermostat, etc.  But didn't want to fire up so many different ssids, But now that can do dynamic vlans for devices that do not support wpa-enterprise can run just 1 psk for them all and assign them their own different vlans based upon type and function, etc.

 

Network is always in a bit of flux since is not just my home network, its also a lab where I play with stuff and duplicate setups to help other users, etc.

 

Not expecting you to jump into the fire and segment everything like I have, etc.  But it would be a good idea since your setting up the network to get equipment that will "allow" you move forward....  Don't buy the $30 non vlan switch when you can same price for switch that can do vlans..  If you don't set them up then the switch is just dumb out of the box, etc. etc..

 

https://www.amazon.com/dp/B008ABLU2I

Smart version 8 port gig $31.55

 

Dumb version

https://www.amazon.com/dp/B000BCC0LO

8 port gig $29.99

 

Why would you not get the smart version?  Even if you do not vlan it will let you check for errors on a connection, hard code the speed of interface, etc.. Shoot I have seen the smart versions cheaper than the dumb versions sometimes..  But if your going to be running wire to all over your house, your going to more than likely need a slightly bigger switch for your closet where everything runs.. Say maybe 16 port or 24 port... Nice thing is those would give you more features then the entry level 5 and 8 port smart, etc..

 

If you decide to go with say those unifi inwall AP units, then you prob want to go with 1 of their poe switches, etc.  For entry level person a setup with say their USG 3p as your router, one of their switches and then their AP... You would be very happy and more than a bit surprised most likely with the information the dpi info can give you.. Even if mostly eye candy when your use to running stuff like ntop..  But wow will it will move you to the next level if you want to go for very budget friendly setup to be honest.

 

Be happy to get you neowin discount for the usg 3p that is sitting on my shelf.. I might set it up in my lab area but if it could go to a good neowin home vs sitting on my shelf for a few months until I get around to playing with it again.  I would be up for that... Your close so shipping would be cheap - shoot I am even going to be in Milwaukee in March - taking the wife to see Andy Grammer at Pabst..  Your up in the Milwaukee area are you not?  Somewhere in WI I thought..

[Mindovermaster Global Moderator]

3 hours ago, BudMan said:

Be happy to get you neowin discount for the usg 3p that is sitting on my shelf.. I might set it up in my lab area but if it could go to a good neowin home vs sitting on my shelf for a few months until I get around to playing with it again.  I would be up for that... Your close so shipping would be cheap - shoot I am even going to be in Milwaukee in March - taking the wife to see Andy Grammer at Pabst..  Your up in the Milwaukee area are you not?  Somewhere in WI I thought..

How much would you sell that for? I'm in Racine, south of Milwaukee. But surely on your way.

[fusi0n]

3 hours ago, BudMan said:

https://www.amazon.com/dp/B008ABLU2I

Smart version 8 port gig $31.55

 

Dumb version

https://www.amazon.com/dp/B000BCC0LO

8 port gig $29.99

 

 

Thanks for posting this! I have an old 48 Port Quantum 10GBe switch that flooded the market years ago (dubbed white van switches). I've been looking for a small switch I can do a VLAN with.. I'll see if that have something a little bigger as I am downsizing my home lab, thanks, AWS.

[+BudMan MVC]

The usg 3p...

 

I bought it for $113, plus tax.. So 120

 

I could let you have it for $100 going to drop it off on the way up to Milwaukee I will put the latest and greatest firmware on it before I bring it or ship it.. Currently firmware is at 4.4.18, while mine is at 4.4.14dev I think.. That won't be til end of march.. I still have the original box and everything that came in it, etc.  I was actually hoping to return it back to amazon - but the shipment of sg-4860's didn't come in til after the return date

 

We could meet at a place on the way up... Have a quick beer

 

I have 2 smart switches that work, the tp-link doesn't do vlan correctly so wouldn't give that to anyone.. But they are suppose to be fixing it - we will see..  But have the a netgear and dlink.. 8-port gig smart let you have for $20 for the dlink and 30 for the netgear..  Don't have the boxes for those.  The dlink is the model I linked too.. Netgear is a https://www.amazon.com/gp/product/B00M1C0186

[Mindovermaster Global Moderator]

I'll pass on that, Budman.

 

Is this the router that Circaflex recommends?

 

https://www.newegg.com/Product/Product.aspx?Item=0XK-000W-00080

[Circaflex]

1 hour ago, Mindovermaster said:

I'll pass on that, Budman.

 

Is this the router that Circaflex recommends?

 

https://www.newegg.com/Product/Product.aspx?Item=0XK-000W-00080

Yup that is the one, you might also want to look at the SFP model and the EdgeRouter POE models if POE floats your boat. The ER-X is only a passthrough and cannot power the Ubiquiti AP's via POE.

[Mindovermaster Global Moderator]

2 minutes ago, Circaflex said:

Yup that is the one, you might also want to look at the SFP model and the EdgeRouter POE models if POE floats your boat. The ER-X is only a passthrough and cannot power the Ubiquiti AP's via POE.

I don't think I'd need POE, imo. But, we'll see...

[Circaflex]

17 minutes ago, Mindovermaster said:

I don't think I'd need POE, imo. But, we'll see...

My suggestion, quit looking at this from a standpoint of "if" you will need it and more along the lines of you are ready for future upgrades. POE might not seem like something you NEED, but once you use it it will make life so much easier, less cables and clutter near the AP for one. Basically what I am politely trying to say is, don't cheap out on the project from the get go, cutting corners and trying to squeeze every penny will cost you in the long run. Do it correctly from the get go, especially if this is a new property there is absolutely no reason to go cheap/not with the proper solution.

[Mindovermaster Global Moderator]

1 minute ago, Circaflex said:

My suggestion, quit looking at this from a standpoint of "if" you will need it and more along the lines of you are ready for future upgrades. POE might not seem like something you NEED, but once you use it it will make life so much easier, less cables and clutter near the AP for one.

Let me rephrase that... I wouldn't EVER need it? I'm on a low budget here.

[Circaflex]

Are you asking a question or stating that you wont need it? The nice thing about the high-end AP's are the fact they can be powered via POE, which means run one single ethernet cable from the AP to the router and it will provide power and data. Makes cable management easier and neater.

[DevTech]

14 minutes ago, Circaflex said:

Are you asking a question or stating that you wont need it? The nice thing about the high-end AP's are the fact they can be powered via POE, which means run one single ethernet cable from the AP to the router and it will provide power and data. Makes cable management easier and neater.

When building a new house on a tight budget, the money is probably better spent in terms of future expandability by getting a larger breaker panel, and more breakers with wire runs of more electrical outlets in each room.

 

Then, with more outlets in each room, there will always be one close by to power any device, not just Ethernet ones!

 

[Mindovermaster Global Moderator]

17 minutes ago, Circaflex said:

Are you asking a question or stating that you wont need it? The nice thing about the high-end AP's are the fact they can be powered via POE, which means run one single ethernet cable from the AP to the router and it will provide power and data. Makes cable management easier and neater.

Just stating. When I watched a video on YT, he used that same ER-X and a POE AP just fine. Just that he needed an external power source to run the passthrough, or something like that.

[Circaflex]

13 minutes ago, Mindovermaster said:

Just stating. When I watched a video on YT, he used that same ER-X and a POE AP just fine. Just that he needed an external power source to run the passthrough, or something like that.

Well yea, that is how POE works, either your router can supply the power and you only run an ethernet cable, or you use a converter box for power. No where did I say the AP wouldn't work, you would just have more cables.

[Mindovermaster Global Moderator]

2 minutes ago, Circaflex said:

Well yea, that is how POE works, either your router can supply the power and you only run an ethernet cable, or you use a converter box for power. No where did I say the AP wouldn't work, you would just have more cables.

 

1 hour ago, Circaflex said:

The ER-X is only a passthrough and cannot power the Ubiquiti AP's via POE.

 

AM I thinking that wrong, or...

[+Matthew S. Subscriber²]

It's the old measure twice, cut once.  Do it right the first time and you'll never have to worry about it again.

 

With a switch that doesn't provide PoE you need a PoE injector which means more cables at one end of the string with an ugly box to boot.