SG-2100, do I understand this correctly?
-
I am planning a new network. I have a 100Mbps internet connection. I want the option of going to 400Mbps if I desire to do so. I have two NAS units, 2 smart TVs, 2 Rokus and an Nvidia Shield. There is nearly as much internal streaming as there is external. It's time I secure this network and go with a proper firewall. I have 3 8 port managed switches, but I'll probably get a UNFI switch when I order the UNIFI AP. I might eventually get all UNIFI switches.
I had thought a SG-1100 would be sufficient (and it probably is), but I'm leaning towards a SG-2100. The SG-1100 is one big logical switch, while the SG-2100 has a built in switch with a 2.5Ghz trunk to the 'router'. This is huge. I understand the 4 switch ports on the SG-2100 can be setup as 4 individual ports. The SG-2100 also has 4G ram and I assume that goes a long way when using pkgs. Please correct me if I'm wrong in any of this.
Also, TAC PRO for a year seems reasonable. Has anyone had any experience with it?
Will Avahi resolve discovery issues? Example, my Nvidia Shield will be on the same VLAN with the Plex servers and not on the IoT VLAN.
I have no idea what pkgs I might want to use, but I want the flexibility.
Any feedback is appreciated.
-
@yogibear said in SG-2100, do I understand this correctly?:
Will Avahi resolve discovery issues?
Short answer is yes, for mDNS/Bonjour. SSDP, for example G`Day plex discovery, requires another solution such as udpbroadcasdtrelay (there are a couple of threads concerning that).
Longer answer is: why go to the trouble of segregating those devices only to turn right around and break the segregation? Do you really need to have discovery? Can you access those devices by IP or FQDN? Do those devices actually present some risk that would require isolation from client devices? Not saying you're wrong to be thinking about this but do think it all the way through and be sure you're not dong it just because you can...
-
If the Shield is on the same vlan as the Plex server then you won't have a problem between them.
You would only need something like Avahi between different subnets/vlans.Steve
-
@stephenw10 NvIdia SHield is also a google home device. You know, "Turn off Shield", etc...
-
@jwj I'll have one device, Nvidia Shield, that is not on the IoT network. Is this an not an issue?
-
If you don't sign it into a google account it's harmless, yes? I don't have anything with any google stuff built in but that is my understanding?
I may be misunderstanding this. Do you want to use the google home features? It's always the big tradeoff, convenience vs privacy. Everyone's idea of how that balances out is different, just make your choice with your eyes wide open ;)
-
@jwj said in SG-2100, do I understand this correctly?:
If you don't sign it into a google account it's harmless, yes? I don't have anything with any google stuff built in but that is my understanding?
I may be misunderstanding this. Do you want to use the google home features? It's always the big tradeoff, convince vs privacy. Everyone's idea of how that balances out is different, just make your choice with your eyes wide open ;)
With the exception of Nvidia Shield, everything 'google home' will go on a separate subnet/VLAN (IoT), even my phone. I could add Shield to the 'IoT' network, but then I'm streaming... NAS/Plex->switch->router->switch->Shield. That makes no sense, I'd rather poke holes for Shield concerning 'google home' and make sure it's discovered.
There has to be a secure way to handle this. Once I put the firewall in place, I imagine I'll learn more than I want to know about google home, Philips Hue, etc... If I have to, I'll remove Shield from google home, but that is unlikely. I just need discovery and 'google commands' to function across subnets.
Privacy isn't the issue so much, it's security. I could careless what some company knows about me. It has ZERO impact on my destination. I don't walk in the dark.
-
Yeah, you can for sure get that to work across subnets. I have no direct experience with google home but a quick search here finds a lot of threads. You'll have to work through the noise to find the signal.
My quick look also finds lots of talk about privacy but I haven't seen any security risks. Like everything, keep them updated and maybe consider this is much to do about nothing... Use an isolated network for the IoT stuff like switches, bulbs and doorbells and put the rest on a single network.
-
The SG-2100 I ordered is 'out for delivery'. In end, the 4G is why I went with the SG-2100. That said, the options the integrated switch provides seems limitless. The light bulb came on when I watched a netgate video by Jim Pingle.
Thanks Jim!!!
-
This post is deleted! -
@kevinspooner said in SG-2100, do I understand this correctly?:
Hi. Have you received the package yet? How satisfied are you with your purchase?
I could not be more pleased. Beyond the quick delivery and the packaging, the gateway is amazing. I'm getting familiar with it before my Unifi switches and WAP arrive. The internal switch makes this gateway extremely flexible.
I chose the SG-2100 for the 4G of ram. I didn't really need the 4 ports. One 24 port switch is all I really needed. However, I can't bring myself to connect a switch at 1Gbps to the internal SG-2100 switch that has a 2.5Gbps uplink. That makes no sense. So, to make the best use of the internal SG-2100 switch, I created 4 individual networks (I'll use 3). This will also keep internal VLAN traffic off of the SG-2100.
That said, while the 4 ports look like they are discrete ports, they aren't. It's still a switch. I initially thought I'd address my Unifi switches (which aren't here yet) per the network they are on. This would mean the router would route the Unifi management traffic between networks. Then it hit me, try creating a VLAN and tagging it on all the ports. That works (I figured it would).
Bottom line, I couldn't be happier.
-
This post is deleted!