Thread: Cat5e or what?
View Single Post
  #87   Report Post  
Posted to uk.d-i-y
Theo[_3_] Theo[_3_] is offline
external usenet poster
  
Posts: 1,264
Default Cat5e or what?
The Natural Philosopher wrote:
On 29/01/16 13:08, Theo Markettos wrote:
Virtual LANs allow you to run separate networks over the same physical
cabling.


Yes, I know that..(mere professional IT network engineer)

Err, I don't think you do:

Yes, but what has that utterly pointless and complex solution got to do
with domestic installations and 'multiple ethernet ports'

You can set up a pair of devicees to talk to each other on different IP
networks using a bog standard switch. The switch itself will associate
IP and MAC addresses together and prevent traffic spilling onto other
segments.

You don't meed all that VLAN gubbins at home, and unless ypu are
seriously paranoid, you dont need it in an office either

Vlan is more about extended trusted networks over foriegn IP and
untrusted networks - i.e, the Internet

VLAN != VPN.

VLAN is for running networks over shared physical infrastructure. They're
separate, they run separate DHCP servers, one side cannot generate packets
that route to the other no matter how it gets compromised.

VPN is for extending your network over the Internet. In a domestic
situation you probably don't want that (though you may use it to connect to
your employer).

VLAN is a layer 2 (Ethernet) thing, VPN is (mostly) a layer 3 (IP) thing
(though some run at layer 2). VLANs won't run over the Internet unless you
wrap them in a VPN (and it's generally a bad idea).

For instance, you ran a single ethernet cable under the patio to the shed.
You want the shed to have access to the front door camera (that anyone could
walk up to and hook into while you were on holiday) and the NAS containing
your bank statements. You'd like those to be on two separate networks, but
can't run another cable because it's under the concrete.

Or you ran a single cable up the stairs but you want to give the kids a
separate network so you can separate their traffic from your home business
in the spare bedroom. You want to be able to firewall your business traffic
so whatever dodgy apps they're running won't get access to your work
machines. Or perhaps you want first go at the DSL connection and want to
restrict the bandwidth the kids have, or shut off their network after
dinnertime while you can keep working.

This is all on top of standard MAC address switching that means links will
only carry traffic relevant for them. That doesn't help you if a dodgy app
generates traffic it's not intended to. VLANs do.

Theo
Reply With QuoteReply With Quote