[Q] My Complex Network Setup, is this possible? should I try it?

[sc302 Veteran]

I haven't priced them in a while, do they go that low now?

[Daedroth]

Personally, I would never connect my devices directly to the modem, whether it is via switch or not. I would always keep my own Internet connected devices on the private side of the router, not the Internet exposed side. The ideal situation should be:

Internet > Modem > Router > Switch/PC/Combination

 

If distance and/or location is an issue, then invest in some home plugs/powerline or a basic Wireless access point. Or is latency such an important factor? Does an extra few ms actually harm what you use the Internet for?

 

17 hours ago, MariosX said:

Because I want the router to be in my room and the distance between them is 50 meters

Is there any reasoning behind why they cannot be swapped, or simply because you don't want to?

 

[MariosX]

4 hours ago, Daedroth said:

Personally, I would never connect my devices directly to the modem, whether it is via switch or not. I would always keep my own Internet connected devices on the private side of the router, not the Internet exposed side. The ideal situation should be:

Internet > Modem > Router > Switch/PC/Combination

 

If distance and/or location is an issue, then invest in some home plugs/powerline or a basic Wireless access point. Or is latency such an important factor? Does an extra few ms actually harm what you use the Internet for?

 

Is there any reasoning behind why they cannot be swapped, or simply because you don't want to?

 

Yes I want to it to be in the room where I do my work and which also has the best Wi-Fi coverage around all the house

 

Ok the solution is Powerline and QoS thanks a bunch

[offroadaaron]

9 hours ago, Daedroth said:

Personally, I would never connect my devices directly to the modem, whether it is via switch or not. I would always keep my own Internet connected devices on the private side of the router, not the Internet exposed side. The ideal situation should be:

Internet > Modem > Router > Switch/PC/Combination

That's what it's setup like logically, physically it's not. None of the devices would be exposed to the Internet.

[Daedroth]

10 hours ago, offroadaaron said:

That's what it's setup like logically, physically it's not. None of the devices would be exposed to the Internet.

Wouldn't anything connected directly into the switch be exposed directly to the Internet?

[offroadaaron]

5 hours ago, Daedroth said:

Wouldn't anything connected directly into the switch be exposed directly to the Internet?

No, It's an ADSL modem, the router authenticates and traffic goes through the router. The Modem is simply just a media converter.

[Daedroth]

7 minutes ago, offroadaaron said:

No, It's an ADSL modem, the router authenticates and traffic goes through the router. The Modem is simply just a media converter.

But in the original diagram, the switch is directly connected to the modem, not the router, meaning it doesn't have use of the router's firewall or authentication. Either that or I've got completely the wrong end of the stick.

[offroadaaron]

8 hours ago, Daedroth said:

But in the original diagram, the switch is directly connected to the modem, not the router, meaning it doesn't have use of the router's firewall or authentication. Either that or I've got completely the wrong end of the stick.

Physically, but logically the traffic will pass though the default gateway which will be the router and not the modem.

[sc302 Veteran]

If the switch is placed between the modem and router how is the switch supposed to be behind the router? You would physically have to run a cable or power line adapter between the switch and the router on one of the Ethernet ports on the router. 

 

Look at the physical drawing. Adsl to switch to router. How does the switch and that connects to it get addressing from the router when it is in front of the router?  That wouldn't work with soho equipment.

[offroadaaron]

4 hours ago, sc302 said:

If the switch is placed between the modem and router how is the switch supposed to be behind the router? You would physically have to run a cable or power line adapter between the switch and the router on one of the Ethernet ports on the router. 

 

Look at the physical drawing. Adsl to switch to router. How does the switch and that connects to it get addressing from the router when it is in front of the router?  That wouldn't work with soho equipment.

Are you talking to me? I never said it would. All I'm saying is that it wouldn't be publicly facing, you've just taken it one step further...

[sc302 Veteran]

How can items attached to the switch "logically go through the default gateway which would be the router" if the switch is physically between the modem and the router?  Remember we are dealing with soho equipment, not capable of vlan tagging or trunking (this is judging solely based off earlier comments of waps costing more than a router)

[offroadaaron]

6 hours ago, sc302 said:

How can items attached to the switch "logically go through the default gateway which would be the router" if the switch is physically between the modem and the router?  Remember we are dealing with soho equipment, not capable of vlan tagging or trunking (this is judging solely based off earlier comments of waps costing more than a router)

I still don't know if you're talking to me or not? You're still taking it further than I what I was stating... I already know that this stuff... The router would also need a LAN cable connected to the switch, stop banging on about the same thing, we get it.

 

What I'm trying to answer is this!

 

On 12/16/2015, 7:25:10, Daedroth said:

Wouldn't anything connected directly into the switch be exposed directly to the Internet?

Which the answer is no...

[+BudMan MVC]

Yes they would be...

 

Dude it would be on the same layer2 as his isp connection, so any other users on that same isp layer 2 segment would be connected to those boxes, they would see all the multicast traffic they send, they would see all the broadcast, and most likely they would just get apipa address since no his isp would not give him more ips.  As any other apipa on that same layer 2 would be able to talk to him.  If he happen to give them say a 192.168.1.0/24 address - any other boxes on that same layer 2 that happen to be on that same network would be able to talk to them..  Some idiot run dhcp server would give them an address and they would try and that as their gateway, etc..

 

Maybe his isp does not give out more than 1 ipv4 address, but maybe they would give them ipv6?  Now they are more than connected at layer 2 they are on the internet at layer 3 with nothing to stop inbound traffic other than software firewall maybe running on them.

 

They would be exposed is the point..

 

And would be the point to these boxes connected to the switch.  They wouldn't be able to use internet, they wouldn't be able to get to his lan devices..  They could talk among themselves...

 

 

 

[sc302 Veteran]

14 hours ago, offroadaaron said:

Physically, but logically the traffic will pass though the default gateway which will be the router and not the modem.

So if you know all of that, why doesn't this post make sense?

 

The switch in the original diagram is in between the modem and the router.

Here is the original diagram for your reference:

 

[+BudMan MVC]

the whole idea of running another connection from the lan side of his router and connecting to this switch is your now running 2 different layer 3 networks over the same layer 2.. You would have the public ipv4 segment on that layer 2, along with your rfc1918 address space your running behind the nat router..

 

Now all the muliticast, broadcast traffic getting sent out the isp connection from any box connected to that switch, and from all his devices connected to his router via wifi and or wired to any other switches he might have or the other lan ports of his router... You just connected his whole network at layer 2 to his isp segment... Without switch that supports vlans all of those ports are all on the same layer 2...

 

again if he wants to use a switch to join 2 wires together so his router is where he wants it for wifi coverage, ok -- but wouldn't connect anything to that switch.. might as well just get a one of these.. Lot cheaper than a switch or powerline adapters

 

http://www.amazon.com/RJ45-Ethernet-cable-connector-Almond/dp/B000BSLW8U

 

[sc302 Veteran]

It would have to go, modem-router-switch.  There is no way around it with those pieces of equipment. 

[+BudMan MVC]

here just as a sample, I forgot to mention all the arp traffic those boxes will see..  So here is less than 1 second of traffic on my wan just now.. I hid the unicast traffic..

 

 

You want to really kill his wifi, do what you suggested and connect a lan port of his router to this switch and expose his network at layer 2.. All of this traffic would be going out his wifi..  Lots and lots of noise from the isp segment that would be sucking up his shared wifi bandwidth.. 

 

[offroadaaron]

44 minutes ago, sc302 said:

So if you know all of that, why doesn't this post make sense?

 

 

On 12/14/2015, 3:52:27, offroadaaron said:

Actually, you're kinda right you would need to connect a LAN port to the switch from the router as well if that's the case.

 

 

Point is they wouldn't be exposed if it worked or didn't work. Just because the switch is between the modem and the router doesn't make with PC's on the switch exposed to the internet.

Edited December 17, 2015 by offroadaaron

[Daedroth]

4 minutes ago, offroadaaron said:

Which the answer is no...

So if his modem received broadcast traffic originating from the Internet, how would the devices directly connected to the switch be prevented from receiving that traffic?

[offroadaaron]

7 minutes ago, Daedroth said:

So if his modem received broadcast traffic originating from the Internet, how would the devices directly connected to the switch be prevented from receiving that traffic?

The internet traffic goes through the PPPoE tunnel terminating on the router like a VPN does, clients need to route though the router to have any traffic traverse the Internet. The modem part is just the media converter with no way to actually route Internet traffic.

[sc302 Veteran]

Putting a secure network on the same layer two switch as the unsecured network is an absolutely brilliant idea..... said No network engineer ever.

[+BudMan MVC]

just because his router is creating a PPPoE connection to his isp does not mean that layer 2 has no traffic on it..

 

BTW did I miss where the OP stated he was using PPPoE???  I don't recall that ever mentioned at all, other than you..  What he did mention is his "modem" is bridged..

 

While he does mention that his connection to his isp is some form of dsl connection, and the picture he shows is a adsl router..  Who is to say that "modem" is not creating the pppoe connection..

 

No matter how you look at it, putting his switch in front of his router is a bad idea, especially since it seems only reason he wants to do it is he wants his router in some other room and doesn't want to run a wire??  And just wants to connect two wires that are already there.. Then for < $2 he can get a coupler and there you go... move his switch behind his router where it belongs..

[offroadaaron]

We'll I'm making some assumptions as there's a phone line going in and it's a home network that it's more than likely going to be a layer 2 PPPoE connection to an ISP LNS.

 

What do you think it's going to be?

 

6 minutes ago, sc302 said:

Putting a secure network on the same layer two switch as the unsecured network is an absolutely brilliant idea..... said No network security engineer ever.

This is a home network mate, we aren't securing NASA here, just coming up with idea's. Most of us know what the best solution would be. You can quit with the negative sarcasm.

[+BudMan MVC]

And connecting his whole network at layer 2 to the isp is a bad one to be sure.. Doesn't matter if this home, nasa, dod installation, starbucks..

 

Bad idea idea to use what say $20 switch, when a $1 coupler solves his problem..

[sc302 Veteran]

I am all for different ideas, not ones that have potential to leave a network at risk. There are multiple ways to accomplish the same things...but what you are suggesting isn't good or recommended. If you wouldn't do it in your networks, why would you suggest it to someone else?