IT/Experimental/Network: Difference between revisions

From msgwiki
Jump to navigation Jump to search
Access restrictions were established for this page. If you see this message, you have no access to this page.
m (small fix :))
Line 26: Line 26:
* Dedicated Access Points (APs)
* Dedicated Access Points (APs)
** cover larger area with better quality (e.g. one per floor)
** cover larger area with better quality (e.g. one per floor)
** support roaming between APs, (802.1k/v/r) (same SSIDs for 2.4 and 5GHz channels and AP's)
** support roaming between APs, (802.11k/v/r) (same SSIDs for 2.4 and 5GHz channels and AP's)
** support unlimited amount of SSIDs (would not recommend more than 4)
** support unlimited amount of SSIDs (would not recommend more than 4)
**support WPA2/3 Enterprise (e.g. user/password per user, RADIUS required)
**support WPA2/3 Enterprise (e.g. user/password per user, RADIUS required)

Revision as of 18:59, 10 May 2024

The Maybe Later Network

Possibilities for future Network upgrades.

General

  • What can be connected by cable, is connected by cable
    • increased bandwith and stability for all (less utilization of wifi, better transfer medium)
    • increased security (less attack surface over air)
    • enables wake on lan (WOL)
    • would need new cabling, new switches and space
    • would need investment (although this could be done quite reasonably)
  • Network segmentation / VLANs / Subnets
    • increased security (subnets are isolated from eachother, e.g. clients only have access to what they must)
    • increased stability (e.g. excessive broadcasts will be limited to their own subnets)
    • would need VLAN (802.1q) able switches and router
    • would ideally include router/gateway with firewall (to control traffic between vlans/subnets and internet bound traffic >> access control)
    • would need investment (various price classes...)
  • Monitoring
    • increased security (depends how it's done / software)
    • increased visibility (depends how it's done / software)
    • visibility on issues (e.g. get HW data over SNMP)
    • notifications on issues (if setup)
    • e.g. Zabbix/Prometheus (hardware monitoring), Wazuh (security monitoring)
    • would need at least some processing power and maybe a little overkill, especially Wazuh :)
  • Dedicated Access Points (APs)
    • cover larger area with better quality (e.g. one per floor)
    • support roaming between APs, (802.11k/v/r) (same SSIDs for 2.4 and 5GHz channels and AP's)
    • support unlimited amount of SSIDs (would not recommend more than 4)
    • support WPA2/3 Enterprise (e.g. user/password per user, RADIUS required)
    • would need APs and new cabling (please don't use wireless meshing stuff unless cabling really is not feasible!)
    • ideally switch supports PoE so no injector is needed (802.3at or higher)
    • e.g Ubiquiti Unifi (get second hand / discounted APs, controller is free for download)