switch vs router

[brokebeardedguy]

not to beat a dead horse on this topic. in a offline network do I need a router if every devices has its own assigned ip address? or can I simply use a switch. I know there's managed and unmanages switches as well. my online network consists of a fiber converter to router to 24port dumb switch. with two wireless ap's

 

I'm creating a offline network for equipment that shares files and folders as well as security cameras I have no need to be online nor do I want them to be. so can I simply purchase a dumb switch or do I need something managed?

 

6pcs and 28 cameras found a good deal on 48port gigabit switches with 10gb uplink

[Windows7ge]

If you're really up for giving all of them static IP addresses then no a router is not required for all of them to communicate.

 

I have seen some instances with WebUIs such as IPMI on servers where they just do not work without a Default Gateway but if you don't have any problems like that then it should work the way you hope it will.

[LAwLz]

You only need a router to send traffic between two separate networks.

If you statically assign IP-addresses that belong to the same network (for example 192.168.1.1, 192.168.1.2, 192.168.1.3...) then no, you do not need a router. Any switch will be enough.

[beersykins]

Do you also need to facilitate WAN connectivity for any other equipment in that area?  You could leverage a managed switch and simply create an isolated VLAN for that offline gear.

[brokebeardedguy]

ok good stuff. networking is well out side of my wheelhouse. everything should have its own static ip

 

I'm not sure what all wan/vlan is or how to go about managed switches.

[LAwLz]

15 hours ago, brokebeardedguy said:

ok good stuff. networking is well out side of my wheelhouse. everything should have its own static ip

 

I'm not sure what all wan/vlan is or how to go about managed switches.

It's not needed for what you're going to do.

 

What he asked was if stuff like your security camera needed access to the Internet (WAN). If it did you would have to create several virtual LANs (VLAN) and segment your network that way. But you don't have to do that in this situation.

[brokebeardedguy]

9 hours ago, LAwLz said:

It's not needed for what you're going to do.

 

What he asked was if stuff like your security camera needed access to the Internet (WAN). If it did you would have to create several virtual LANs (VLAN) and segment your network that way. But you don't have to do that in this situation.

okay. I figured I would just use one of the additional ports on the server to allow nvr software to access the internet if I would choose to put online.

[Programmer Frank]

It depends what do you want to do. 

If you are home network, you have a nas, just use router.

If you are enterprise, you should have them both: switch for internal work, router for wifi.

But remember: I didn't recommend you put a switch only. If you need a switch, please put a router.

You can have a switch, but you cannot put a switch without a router.

You can only have a router, all good!

If you only put a switch, you will more uncomfortable.

[beavo451]

2 hours ago, Programmer Frank said:

It depends what do you want to do. 

If you are home network, you have a nas, just use router.

If you are enterprise, you should have them both: switch for internal work, router for wifi.

But remember: I didn't recommend you put a switch only. If you need a switch, please put a router.

You can have a switch, but you cannot put a switch without a router.

You can only have a router, all good!

If you only put a switch, you will more uncomfortable.

None of this is really correct.

[LAwLz]

8 hours ago, brokebeardedguy said:

okay. I figured I would just use one of the additional ports on the server to allow nvr software to access the internet if I would choose to put online.

Yeah that would work, but please note that you break the "air gap" when you plug your server into the network.

I assume you want to keep these devices offline because of security or privacy reasons, correct? Once you plug the server into the regular network you may open up a way for the other devices and data to access the Internet as well (indirectly). So depending on how seriously you want to take this, it might be best to think it through a bit more before you plug the server into the regular network.

 

 

2 hours ago, Programmer Frank said:

It depends what do you want to do. 

If you are home network, you have a nas, just use router.

If you are enterprise, you should have them both: switch for internal work, router for wifi.

But remember: I didn't recommend you put a switch only. If you need a switch, please put a router.

You can have a switch, but you cannot put a switch without a router.

You can only have a router, all good!

If you only put a switch, you will more uncomfortable.

No, he does not want/need a router in this scenario. And yes, you can "put a switch without a router". A switch is exactly what he wants in this scenario. A switch that is only plugged into the air gapped devices.

[brokebeardedguy]

On 2/5/2020 at 3:43 AM, LAwLz said:

Yeah that would work, but please note that you break the "air gap" when you plug your server into the network.

I assume you want to keep these devices offline because of security or privacy reasons, correct? Once you plug the server into the regular network you may open up a way for the other devices and data to access the Internet as well (indirectly). So depending on how seriously you want to take this, it might be best to think it through a bit more before you plug the server into the regular network.

Exactly why I wanted to keep it offline. I would assume at that point I would be looking at the additional purchase of a firewall?  I'm really quite torn because I would love to have the motion alerts available from certain cameras.

 

But on the flip side I don't want anyone being able to access any of the footage. I keep all of my servers offline with the exception of one it's a Plex server and I have about 20 terabytes of movie storage.

Some my systems have dual nic one running to the main Network and one running to the offline network. Keeping the offline side disabled when I'm not using them. Don't know if it really keeps them safe.

[LAwLz]

7 hours ago, brokebeardedguy said:

Exactly why I wanted to keep it offline. I would assume at that point I would be looking at the additional purchase of a firewall?  I'm really quite torn because I would love to have the motion alerts available from certain cameras.

If you want full control over how traffic in your network flows, you need a firewall, yes. And preferably a switch that supports VLANs too (so you can segment and force traffic through the firewall).

But the problem then is that you either have to buy a bunch of rather expensive, big and/or loud equipment. Or if you go and buy something like a used Cisco ASA5506, you will end up paying 300 dollars for something you probably can't manage (because they are really complicated if you haven't used enterprise firewalls before). Plus, I don't think it can even do 1Gbps throughput (tops out at like 700Mbps, I think).

 

 

It seems like Ubiquity has some decent products for cheap which could achieve what you're looking for.

Firewall and 8 port switch with PoE for 235 dollars on Amazon.

Throw in one or two access points too and you will have an "enterprise lite" network at home for like 300-400 dollars.

 

BUT!!!! I have next to no experience with Ubiquiti, and literally no experience with their firewall aka "security gateway". I have no idea how to configure them or how good they actually are.

If they work similarly to how the Cisco ASA I linked earlier works, then you could set up rules like "the security cameras are only allowed to send footage to the server and nothing else. The server is not allowed to talk to anything, only receive video from the cameras. My desktop computer is allowed to access the server to look at video, and it is the only computer that can do that". You can be super granular and control exactly how traffic is allowed to flow, in which direction and from which computers.

[brokebeardedguy]

23 hours ago, LAwLz said:

If you want full control over how traffic in your network flows, you need a firewall, yes. And preferably a switch that supports VLANs too (so you can segment and force traffic through the firewall).

But the problem then is that you either have to buy a bunch of rather expensive, big and/or loud equipment. Or if you go and buy something like a used Cisco ASA5506, you will end up paying 300 dollars for something you probably can't manage (because they are really complicated if you haven't used enterprise firewalls before). Plus, I don't think it can even do 1Gbps throughput (tops out at like 700Mbps, I think).

 

 

It seems like Ubiquity has some decent products for cheap which could achieve what you're looking for.

Firewall and 8 port switch with PoE for 235 dollars on Amazon.

Throw in one or two access points too and you will have an "enterprise lite" network at home for like 300-400 dollars.

 

BUT!!!! I have next to no experience with Ubiquiti, and literally no experience with their firewall aka "security gateway". I have no idea how to configure them or how good they actually are.

If they work similarly to how the Cisco ASA I linked earlier works, then you could set up rules like "the security cameras are only allowed to send footage to the server and nothing else. The server is not allowed to talk to anything, only receive video from the cameras. My desktop computer is allowed to access the server to look at video, and it is the only computer that can do that". You can be super granular and control exactly how traffic is allowed to flow, in which direction and from which computers.

yeah, that's all beyond me it seams a lot easier to just keep things off line. I don't need access outside at this point so I'm not worried. if I ever grow to where I'm manufacturing off premises ill have to figure something out.