For help, advice and discussion about stuff not related to aviation. Play nice: no religion, no politics and no axe grinding please.
  • 1
  • 9
  • 10
  • 11
  • 12
  • 13
By riverrock
FLYER Club Member  FLYER Club Member
#1890680
It isn't the first time Starlink sats have caused an airprox ( ok, no air).
https://www.theregister.com/2019/09/02/esa_starlink/
https://www.esa.int/ESA_Multimedia/Imag ... tarlink_44

They didn't come out of that smelling of roses.

They have regularly come within 1km of other satellites ( over 500 times).

However, unfortunately everything coming out of China will be seen ( often correctly) to have a political bent.
Of those Weibo accounts, how many do you think are state propaganda?

Much more concerning is the destruction of the free press in HK.
Colonel Panic, kanga liked this
By Colonel Panic
#1893563
I have been running with Dishy > PoE > Starlink Router > USG WAN1 for a week or so now, and all is fine. I have even disconnected PlusNet from WAN2 with seemingly no issues.

My LAN is based around 192.168.2.xyz, and TBH I am surprised that I can access the Starlink router on 192.168.100.1 ; I sort-of-thought that all devices needed to be in the same "range" to be able to talk to each other. So where is my understanding going wrong?
User avatar
By rikur_
FLYER Club Member  FLYER Club Member
#1893580
Colonel Panic wrote:My LAN is based around 192.168.2.xyz, and TBH I am surprised that I can access the Starlink router on 192.168.100.1 ; I sort-of-thought that all devices needed to be in the same "range" to be able to talk to each other. So where is my understanding going wrong?


A quick lesson in subnets, subnet masks, a default gateways.
A subnet defines what IP range is on the local network.
So if you see a subnet mask of 255.255.255.0 that means that anything where the first three octets matches your IP address, you should send packets to the local network.
Anything that is not on the local subnet, you send to the 'default gateway' - which forwards them on to the outside world.

In your case, 192.168.100.1 is not on your 192.168.2.0 subnet, so it gets forwarded via the default gateway, which in your case is correct, as that is where that network can be found.

(For more detail I wrote this a decade or two ago, but still broadly true: https://labs.f17.co.uk/page/subnets/)
By Colonel Panic
#1893715
Many thanks @rikur_ - that article was very interesting; I have always used 255.255.255.0 as a subnet mask but never understood what it did. It also explains why the Unifi USG is called a gateway! :oops:

Is there a disadvantage to changing the subnet mask to 255.255.0.0 and then having "normal" stuff on 192.168.2.xyz and IoT stuff on, say, 192.168.3.xyz? I have yet to get my head around VLANs - and know I should - so this is possibly an alternative...

I have just found this within my USG control panel - not sure if I set it up or not (#senior_moment) - but I now use WAN1 for Starlink and WAN2 for PlusNet. So it may not be needed / relevant.

Image
User avatar
By rikur_
FLYER Club Member  FLYER Club Member
#1893729
Colonel Panic wrote:Is there a disadvantage to changing the subnet mask to 255.255.0.0 and then having "normal" stuff on 192.168.2.xyz and IoT stuff on, say, 192.168.3.xyz? I have yet to get my head around VLANs - and know I should - so this is possibly an alternative...

You're starting to conflate too separate issues.

Re: changing the subnet to 255.255.0.0 - not really the thing to do. Sometimes in an office environment we might do 255.255.252.0 (i.e. 1024 addresses) but generally having more than few hundred devices on the same subnet is not a good idea.

Having separate logical networks for different types of devices however may be rational. I've currently got 5: -
    normal
    guest - can only access the internet, nothing else
    IoT - can only access the internet, nothing else
    kids - like the normal network, but via a content filter - can also access the normal network
    teenagers - same as 'kids' but different ruleset

If you did something like this, you might take a strategy of

normal = 10.10.0.0/24
guest = 10.10.4.0/24
IoT = 10.10.8.0/24
kids = 10.10.12.0/24

i.e. each is still a 255.255.255.0 mask, with 254 available addresses

Implicitly you're choosing 10.10.0.0/16 (e.g. mask 255.255.0.0) as the range you'll use for your internal networks. So if you were ever routing with another network, you could summarise your network as 10.10.0.0 mask 255.255.0.0. Unlikely in practice to happen in a domestic context.

For vlan think about these as logically separate wires and switches.
Each port will usually have 1 untagged VLANs associated with it, and 0 or more tagged VLANs associated with it.
Untagged simply means 'normal'. i.e. the network that a normal device plugged into that port will connect to. Usually people use VLAN = 0 as the general default network, so if all your ports are configured as VLAN =0, untagged you've just got a 'normal' network.

But then say you want to route 3 logically separate networks over one wire to an outbuilding, you may also add two 'tagged' VLANs onto that port. e.g. VLAN = 1 and VLAN = 2.
Add the other end of the wire you have another switch with the same config on it, and you've joined the two switches together for three logically separate networks.

For individual ports on both switches you can then choose which are untagged as VLAN 0, 1, or 2 and it's as if you've got 3 logically separate networks joined by one wire.

similarly for wireless you make an association between an SSID and a VLAN, and can have multiple logically separate SSIDs on the same hardware linking to logically separate networks.
User avatar
By JonathanB
FLYER Club Member  FLYER Club Member
#1893805
rikur_ wrote:Having separate logical networks for different types of devices however may be rational. I've currently got 5: -
    normal
    guest - can only access the internet, nothing else
    IoT - can only access the internet, nothing else
    kids - like the normal network, but via a content filter - can also access the normal network


I keep thinking I need to do this (I have a network based around a USG and Unifi AP as well), but I’m not sure how you then access the IoT stuff - do you have a rule/route that allowed normal into IoT but not the other way? How do apps on your phone work that look for their devices? (e.g. Philips Hue, Alexa, Fire TV etc.)

My two switches (Netgear GS308) don’t do VLAN tagging either, but that might not matter.
Colonel Panic liked this
User avatar
By rikur_
FLYER Club Member  FLYER Club Member
#1893822
JonathanB wrote:
rikur_ wrote:Having separate logical networks for different types of devices however may be rational. I've currently got 5: -
    normal
    guest - can only access the internet, nothing else
    IoT - can only access the internet, nothing else
    kids - like the normal network, but via a content filter - can also access the normal network


I keep thinking I need to do this (I have a network based around a USG and Unifi AP as well), but I’m not sure how you then access the IoT stuff - do you have a rule/route that allowed normal into IoT but not the other way? How do apps on your phone work that look for their devices? (e.g. Philips Hue, Alexa, Fire TV etc.)

My two switches (Netgear GS308) don’t do VLAN tagging either, but that might not matter.

That's where the real pain lies.
I tend to think of there being two types of connected device - those that you set-up and forget and work entirely cloud based (e.g. a sonoff switch), and those that you interact with via the LAN (e.g. a DLNA device).
Where I've ended up is that I have no routing between IoT and normal, and normally the IoT network is configured as a 'guest' network with no connectivity between devices on it.
When I get a new device, I temporarily connect my phone to the IoT network (and disable guest mode) to do the set-up, and then leave the device on there.
For those devices that I do want to access via the LAN (E.g. the TV) - they're mostly on the normal LAN.
An exception is the CCTV that's on the IoT VLAN, but I have NAT'ed it on the internet router, so I actually end-up accessing that 'via the internet' using its internet IP address, albeit the traffic is actually just looking through the router, not actually going off site.
I've also got a pi running pimd to allow device discovery between the normal/kids LANs (so that kids can access things like printers, TV, DLNA, etc).
It's certainly not a straight forward thing to get working as desired.
  • 1
  • 9
  • 10
  • 11
  • 12
  • 13