Tp link easy smart utility download6/18/2023 Who exactly is going to have access to your vlan 1 in the first place? And they are going to be doing a vlan hop attack?Īs you mentioned already if there was no actual layer 2 isolation then you would have issues with your multiple dhcp servers. So on vlan 1 can you arp for other devices on other vlans? If you are connected to a vlan 1 port, can you spoof a mac that is on different vlan and then gain access to that vlan device? I find it highly unlikely to be honest. ![]() ![]() "attacker on VLAN1 can spoof the ARP table for other VLANs." Now if you bump your budget to say closer to 200 then sure you can get some really feature rich switches. again its a LOW END smart switch - you get what you pay for. I wish it did more, has not snmp support, etc. Not worried about someone plugging into my av cab switch and doing a vlan hop attack on me ) And yeah I run vlan 1 on my "home" network - its just easier!! I have a netgear 108ev3 in my av cabinet. Then sure the tplink or negear low end less than $40 smart switches are fine. To expect the bells and whistles of a fully managed switch? If you want the ability to change your management vlan away from an untagged vlan 1 setup then your going to have to spend a few more $'sīut for quick and dirty hey I need to have vlan support on my home budget that is really low or the wife will kill me. But pretty sure your setting this up in you house right? Your looking at very LOW END smart switches. Your management vlan is not vlan 1, etc etc etc. While I agree in enterprise setup you always remove vlan 1, do not use vlan 1 etc. Are you worried about someone coming into your house plugging into one of your switch ports and doing a vlan hop attack on you? Really? ) I really don't see how that is an issue in a "home" setup. It might be very limited in what "vlan" its managment IP is on - most likely its going to be default vlan 1 with no way to change it. Pretty sure it does vlan isolation, kind of useless of them to state its a smart switch with vlan support if it doesn't actually isolate the vlans. Is there better alternative beside these easy smart lineup with similar price range?Īny help will be appreciated and apologize for bad englishĪre we talking installation in a DOD facility or your house? ) I read the whole 14 pages I found in this forum : but I can't seem to find anyone mention it. ![]() So it works but not for security, so it's useless. ![]() I have one of these and it's a huge hassle to get it working just so you can change the default password at minimum.Īnd more importantly the VLAN stuff, while obstensibly working, doesn't do network separation an attacker on VLAN1 can spoof the ARP table for other VLANs. However I look around the internet and found this post on reddit about the easy smart switch lineup. For example my sister laptop won't be able to access my NAS or PC. So what I'm trying to achieve is devices from other room won't be able to access the devices in my room. Modem -> pfSense -> unmanaged switch (will replace this with easy smart switch) -> patch panel -> keystone jack / wall plate across several rooms in the house -> devices I'm planning to buy TP-Link Easy Smart lineup (TL-SG1016DE and TL-SG108E) so I can separate my LAN.
0 Comments
Leave a Reply. |