I love the new zone management of the Unifi firewall. I feel more comfortable now being more granular in my rules. Before, I was using Cloudflare DNS proxy to only allow three countries to connect to my public services.
Now, I’m no longer using the DNS proxy, and my rule is done with Unifi. Other improvement, my public services are in an isolated VLAN and are available on IPv4 and IPv6.
#unifi #homelab #selfhosted #selfhosting #ipv6 #firewall #alttext #devops #vlan #infoSec #networkSecurity
New post 📯
Simple ethernet, vlan, bonding and WiFi configuration with some notes on security.
https://www.mitim.net/2025/05/networking-saga-part-1-interfaces?g=5
#Networking #MikroTik #Series #Vlan #WiFi #Security #CyberSecurity
🧠💬 Et si l'écoute active pouvait transformer nos relations ?
Dans cet épisode du podcast Vlan! on explore l'art du savoir-relier, loin des débats stériles et binaires, pour retisser des liens profonds et cultiver des relations plus saines.
🎧 À découvrir juste ici 👇
https://www.vlanpodcast.fr/episodes/329-une-chercheuse-du-mit-nous-reapprend-a-dialoguer-avec-valerie-gauthier
Does anyone have any experience of the Ubiquiti UniFi USW-LITE-8-POE Switch (USW-LITE-8-POE)? I’m thinking of swapping out the two Netgear switches I use for two of these so that I can power a new Zigbee adaptor and my Wifi AP with POE and use VLANs etc to split off my IoT stuff properly.
Can I connect the two directly together? I have two cupboards with my various network bits in linked with a network cable (that I wouldn’t want to put POE over)
Har godt nok brugt VLANs i længere tid nu, men har lige arbejdet lidt med det i dag. Og så er det bare fedt når man har delt netværket op, adskilt iot devices for sig, separate WiFi alt efter hvad der skal bruge det, osv. Kører et par små smart switches i daisy chain(efter hinanden), det er den nemmeste måde lige nu syntes jeg. VPN 2 home kører også godt. Kan både bruge OpenVPN og Wireguard, hhv. med og uden LAN adgang. Happy Easter 😃 #vlan #vpn #switch
Juniper SP/Enterprise Config https://blog.funil.de/4264/sinuspl/english/juniper-networks/juniper-sp-enterprise-config/ #cli #enterprise #interface #juniper #junos #provider #service #style #vlan
sous quel type de feuilles
le p'tit bout allait-il de ce pas
s'installer ? regarde !
.
::
#haiku #nawak #vlan v'lan #zendefondº
I finally have a separate guest WiFi network with a QR code on a fridge. And a separate IoT network. Even made the printer work across VLANs. And #Plex to stream locally. Because the app is on the #Samsung TV, and I don’t trust it, so it is also on the IoT network. The only thing left to be fixed is #AirPlay on the TV.
#homelab #network #vlan #networking
Curse you, #Linux bridge (or #DSA or #switchdev) - why do you send this uncalled-for #VLAN deletion notification... (and do I dig deeper into this, maybe finding a bug?, or should I just go for the other approach I wanted to implement anyway, which wouldn't need to hook into the VLAN notifications in the first place...)
This week I will be replacing my router (#Ubiquiti #Edgerouter Lite) with an Alta Labs #Route10. The ERL has been great, but there is one specific condition which causes severe performance issues. The ERL can offload #ipv6, #vlan and #pppoe at 1gbs, but not all at once. So, if you try to transfer a lot of ipv6 traffic, it drops to software and it then affects all traffic passing through. The main "culprit" is Steam which prefers ipv6 (as it should!) The new router should not have that limitation.
The #VLAN code in the #Linux bridge gives me some headaches. Took me a while to get why two brmctx #multicast contexts are created, one for the untagged VLAN 0, one for the PVID 1. But only the former would be used, with brmctx->vlan not set, even though VLANs were configured. Turns out you need to not only enable multicast_snooping but also mcast_vlan_snooping. And confusingly, only the former is in sysfs. Seems like "ip link" is the most complete thing now, not "brctl", "bridge" tool or sysfs
New #Blog: Isolating our Guest Wireless Network in OPNSense
Author: Ben Tasker
Question for #networking friends:
I have 3 #VLAN switches. My incoming Internet is adjacent to one of them, but I don't really want anything else much there. Most of my equipment is on the third switch in the chain - ie traffic to there from the internet has to go through all three.
Currently my router (#Debian #Linux box) is next to the Internet connection, but I want to move it to the other end. Is that sane?
Es hat den ganzen verschissenen Tag gedauert, aber VLAN-Config per File und ein Uplink auf Port 22 mit allen #VLAN tagged scheine ich hinbekommen zu haben.
Nächster Schritt: Trunk mit zwei NICs, um das Ding direkt an die #pfSense anzuschliessen. Dann kann ich endlich den uralten und chronisch überfüllten 24x #Switch unterbrechungsfrei ausmustern, der immer noch mein Hauptswitch ist. Dessen Ableben ist ein Damoklesschwert über meiner heimischen IT-Landschaft, dessen Auflösung ich schon seit Jahren vor mir her schiebe. Bin ja kein Netzwerker und #JunOS ist jetzt nicht so intuitiv.
Der #Juniper 3400 ist deutlich jünger und hat einen erheblich geringeren #Stromverbrauch, trotz doppelt so vieler Ports. Danach kann die Serverlandschaft weiter wachsen, die #Weltherrschaft ist nahe...
Edit: Seems like this was caused by hardware offloading being enabled, which worked fine on 22.x. I am investigating why this is no longer working, but for now I have a working internet connection again! Hooray!
Dear #OpenWRT users out there,
I migrated my main router to 24.10.0 (direct update from 22.x was not possible). I got almost everything working again, VLANs, DDNS.
But now I got a funny issue:
Connections via LAN are NOT working.
Connections via Wifi directly on the router ARE working.
Connections via Wifi on the access point are NOT working.
Ping and DNS queries (with both TCP and UDP) are working fine from all clients to all hosts I tried.
But trying to curl a website (or open it in a browser) only works on clients connected via Wifi to the router. As soon as LAN comes into play, the connection hangs until "empty reply from server".
Any ideas anyone?
https://forum.openwrt.org/t/connection-issue-after-migration-to-24-10-0-router-can-curl-a-url-clients-cannot/226424
#openwrt #router #vlan #wifi #adminlife #homelab
Hat hier wer ne Idee? #Proxmox #Homelab #Network
Ich habe 2 VLANs: 1 & 6. Zukünftig soll alles im Homelab in das #VLAN 6 umziehen - dauert noch etwas.
Ich hab ne neue Diskstation. Die alte soll im Homelab als Speicher dienen, daher steht sie im VLAN 6.
Einige LXC hab ich schon ins VLAN 6 umgezogen.
Der Proxmox Host steht noch im VLAN 1.
Aus irgendeinem Grund kann der Host mittels Ping keinen Client aus dem VLAN 6 erreichen - und somit auch die Diskstation nicht.
Warum?
I recently rebuilt my networks and segregated devices into proper VLANs and everything was working great until I tried to connect to #ProtonVPN. I tried tweaking all the different settings and could not get it to connect reliably if at all. Finally figured it out. They use 10.2.0.0 for their VPN subnet, which was the same one I was using for my client #VLAN. So now I get to rebuild stuff again. Ugh.
Habe es jetzt endlich hinbekommen, meine Inter-VLAN-Firewall sicherer zu gestalten. Nun können Geräte aus dem Hauptnetz auf IoT Geräte im IoT VLAN streamen aber die IoT Geräte gar nicht mehr aufs Haupt Netz zugreifen (außer „Established“ Verbindungen und die für das Streaming benötigten Ports). #VLAN #IoT #Netzwerk
Do I expect the average home user to understand these things? No. But could devices have better default options? Certainly yes. Business class switches already have Voice #VLAN auto-detect by MAC OUI -- there's no reason not to add a little more fairy dust and help home users keep their stuff separated intelligently while still enjoying the benefits of insecure #IoT devices.
Some day maybe it will be normalized to hire a pro to install these things, but until then ...
#sysadmin #networkSecurity
In a neighboring office, there is a device (some kind of smart Tuya gadget based on the MAC) that keeps trying to connect to our WiFi router.
```
hostapd: phy1-ap0: STA d8:d6:68:... IEEE 802.11: authenticated
```
We have fired and disabled it.
(For some reasons not specified here, it is not an option to go over and ask them what it is.)
Is there anything we can do about this? How common is this sort of thing?
