IT/Experimental/Network: Difference between revisions

From msgwiki
Jump to navigation Jump to search
Access restrictions were established for this page. If you see this message, you have no access to this page.
No edit summary
Line 27: Line 27:
** cover larger area with better quality (e.g. one per floor)
** cover larger area with better quality (e.g. one per floor)
** support roaming between APs, (802.1k/v/r) (same SSIDs for 2.4 and 5GHz channels and AP's)
** support roaming between APs, (802.1k/v/r) (same SSIDs for 2.4 and 5GHz channels and AP's)
** support WPA2/3 Enterprise (e.g. user/password per user, RADIUS required)
** support unlimited amount of SSIDs (would not recommend more than 4)
**support WPA2/3 Enterprise (e.g. user/password per user, RADIUS required)
** would need APs and new cabling (please don't use wireless meshing stuff unless cabling really is not feasible!)
** would need APs and new cabling (please don't use wireless meshing stuff unless cabling really is not feasible!)
** ideally switch supports PoE so no injector is needed (802.3at or higher)
** ideally switch supports PoE so no injector is needed (802.3at or higher)
** e.g Ubiquiti Unifi (get second hand / discounted APs, controller is free for download)
** e.g Ubiquiti Unifi (get second hand / discounted APs, controller is free for download)

Revision as of 08:43, 3 May 2024

The Maybe Later Network

Possibilities for future Network upgrades.

General

  • What can be connected by cable, is connected by cable
    • increased bandwith and stability for all (less utilization of wifi, better transfer medium)
    • increased security (less attack surface over air)
    • enables wake on lan (WOL)
    • would need new cabling, new switches and space
    • would need investment (although this could be done quite reasonably)
  • Network segmentation / VLANs / Subnets
    • increased security (subnets are isolated from eachother, e.g. clients only have access to what they must)
    • increased stability (e.g. excessive broadcasts will be limited to their own subnets)
    • would need VLAN (802.1q) able switches and router
    • would ideally include router/gateway with firewall (to control traffic between vlans/subnets and internet bound traffic >> access control)
    • would need investment (various price classes...)
  • Monitoring
    • increased security (depends how it's done / software)
    • increased visibility (depends how it's done / software)
    • visibility on issues (e.g. get HW data over SNMP)
    • notifications on issues (if setup)
    • e.g. Zabbix/Prometheus (hardware monitoring), Wazuh (security monitoring)
    • would need at least some processing power and maybe a little overkill, especially Wazuh :)
  • Dedicated Access Points (APs)
    • cover larger area with better quality (e.g. one per floor)
    • support roaming between APs, (802.1k/v/r) (same SSIDs for 2.4 and 5GHz channels and AP's)
    • support unlimited amount of SSIDs (would not recommend more than 4)
    • support WPA2/3 Enterprise (e.g. user/password per user, RADIUS required)
    • would need APs and new cabling (please don't use wireless meshing stuff unless cabling really is not feasible!)
    • ideally switch supports PoE so no injector is needed (802.3at or higher)
    • e.g Ubiquiti Unifi (get second hand / discounted APs, controller is free for download)