[ale] networking confusion

Boris Borisov bugyatl at gmail.com
Sun Jan 15 22:27:13 EST 2023


Only way to really separate the subnets is to be on insulated ethernet
ports. Microtik may have it but check specs.

On Sun, Jan 15, 2023, 22:24 DJPfulio--- via Ale <ale at ale.org> wrote:

>
> On 1/15/23 15:31, Narahari 'n' Savitha via Ale wrote:
> > Thank you for that explanation.  Appreciate it.
>
> If you seek mandatory rules for network security, you will be
> disappointed.  Only you know what is enough.  Only you know what's actually
> possible for your situation and knowledge.  Hopefully, those two sets
> overlap, but they don't have to, which would leave your LAN(s) exposed
> beyond your skill to secure them.
>
> >
> > Subnetting is good enough for houses right.  Is VLAN an overkill
> > (unless I can learn and practice with Mikrotik) ?
>
> That's a matter of opinion.  Just remember that vlans are tagging and
> don't necessarily provide **any** security.
>
> > I am assuming VLAN's are supported by Mikrotik.
>
> Probably, but I don't know.
>
> > I converted my old router to an AccessPoint and that router
> > broadcasts 3 SSID's. I want to have one called "GUESTS_ONLY" and
> > anyone visiting can join there.
>
> Hopefully, you firewall all access for that subnet so they can only get to
> the internet.  The only way to be sure is to validate that is how it
> works.  Don't ask us.
>
> > So I make a subnet for that SSID and it is available to guests on the
> > 192.168.4.x network. How do I say any computers on 192.168.4.x should
> > not be able to see 192.168.0.x computers ?
>
> Don't assume anything. Check that it actually works that way.  I suspect
> it doesn't.
>
> > Is that a sep step on the router or it is the default  at router
> > level ?
>
> I don't know any of your network equipment's defaults.  Assume the worst
> and check it yourself.
>
> If your wifi isn't upstream from your main router, closer to the internet,
> I'd be highly suspicious it can access everywhere on your subnets until
> proven otherwise.  Learn to use nmap and scan all the networks.
>
> >
> > -Narahari
> >
> > On Sun, Jan 15, 2023 at 8:21 AM DJPfulio--- via Ale <ale at ale.org
> > <mailto:ale at ale.org>> wrote:
> >
> > I subnet based on security needs, not location.  Both methods are
> > valid.  In a house, there's usually no need to subnet based on
> > location.  The distances are small enough that a CAT5e cable easily
> > connects everywhere and usually, devices on 1 floor are distrusted at
> > the same level as other devices nearby, unless there is a family VPN
> > server or other internet-facing servers running at home.
> >
> > Times like this, I really miss the RateMyNetworkDiagram website.
> > There, people would upload diagrams of their different networks for
> > others to rate. It was a good place to see what professionals were
> > doing and the learn.
> >
> > Everything from tiny 1 computer + 1 modem "networks" to 20-site
> > Enterprise WAN connectivity would be posted.  Sadly, the webmaster
> > decided to hide all the networks behind a php DB lookup so the
> > WaybackMachine couldn't cache any thing.
> >
> > I think Narahari is running a Mikrotik router, so it can probably do
> > most of the big boy subnetting with vlans.
> >
> > On 1/14/23 23:36, Boris Borisov via Ale wrote:
> >> If router allow that ... yes. I have simple routers that doesn't
> >> have needed flexibility. Also have couple with dd-wrt firmware (
> >> just for testing stuff ) which should be able to take the task.
> >>
> >> On Sat, Jan 14, 2023 at 11:01 PM Narahari 'n' Savitha via Ale
> >> <ale at ale.org <mailto:ale at ale.org> <mailto:ale at ale.org
> >> <mailto:ale at ale.org>>> wrote:
> >>
> >> Friends:
> >>
> >> I am learning about subnetting so I can set up one subnet for the
> >> basement, one for the main floor and one for upstairs.
> >>
> >> So should I set the static ip and subnet mask for my laptop ?(and
> >> thereby devices on each floor for their respective subnets ?)
> >>
> >> or
> >>
> >> Is this something I can set up on the router  to say access point
> >> in basement gets a specific subnet mask ?
> >>
> >> If my questions are not making sense, please ignore.
> >>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20230115/a7d48d4e/attachment.htm>


More information about the Ale mailing list