Creating a home network setup involving a switch, mesh WiFi, and server?
Creating a home network setup involving a switch, mesh WiFi, and server?
I'm searching for the optimal approach for my setup. I have an HP Proliant switch that I plan to use for most of my clients—my two children on the upper floor, myself on the ground floor, and my game server in the cellar. The crude drawing shows the switch and server in the same area. If I need separate administration for each family, should I run two CAT cables upstairs, or is there a way to install a switch upstairs to provide internet access and manage their connections independently?
You may utilize a switch upstairs instead of two cables. They would only share "just" 1gbit of bandwidth back to the main switch.
Lan is built with the assumption that everyone is trusted.
You have a few concerns. The first is that a switch can't really restrict internet use much. HP commercial switches are more powerful than consumer ones but still aren't firewalls.
The second problem is that it's simple to circumvent any restrictions you set. Even a young person knows about VPNs and how to bypass school filters. Changing MAC addresses and IPs is also straightforward.
I believe the professional switch series support 802.1x on ports. Combined with a radius server, this can significantly help authenticate users and stop MAC spoofing—mostly.
For extra security, load certificates onto the devices and verify them instead of relying on basic usernames and passwords.
This approach will deter even sophisticated attempts, such as inserting a router with VPN software. This is what staff try when running on clients you can't install software on, like VPN.
Ultimately, it's wiser to log traffic and, if needed, disable switch ports so no access occurs afterward.
It seems like you're looking for ways to secure your network. You might consider setting up a DIY PFSense firewall, which is a small computer with at least two Ethernet ports, or replacing your router with a PC-based PFSense firewall.