[ollien]

At my college, we have an airgapped network for security classes, and when assignments are due, we often run out of ethernet cables. I had just mentioned I would bring a switch with me the next day and people were confused why I'd be goofing off with a Switch so close to the deadline.

Now we can avoid that kind of confusion! :)

[thaumasiotes]

> when assignments are due, we often run out of ethernet cables. I had just mentioned I would bring a switch with me the next day

As I understand it, a switch will solve a shortage of ethernet ports, but will make the cable problem worse by requiring one extra cable. What's the purpose of the switch here?

[laughinghan]

I think they mean out of ethernet-cables-that-are-usable-to-get-network-access. So there's loose cables aplenty, but a shortage of cables that work in the sense of the far end being plugged in, due to a shortage of ports.

From the perspective of a student walking into the room with their laptop, that's a shortage of cable-ends that they can plug into their laptop to gain network access.

[randogogogo]

Either way, I'm surprised port security isn't enabled in an educational environment like this.

[tomjen3]

Why should it be, or even be detectable if OP attaches a switch? Afaik, those don't even have different MACs and even if they do, it is unlikely that the university has all the students laptops MACs.

[andykx]

Switches have MAC addresses.

[leetrout]

It probably is and they just don't know or the policy is lax enough to allow it but triggers an alarm in OIT.

[singlow]

Running out of cables may actually mean running out of ports. Spare cables with no place to plug in are useless.

[taneq]

They might have people in a couple of different rooms, and plenty of short Ethernet cables but not enough long ones. So a switch allows them to run one cable between rooms and use a bunch of shorter cables within the room.

[24gttghh]

I'd presume anyone bringing a network switch with them to class would also have some Cat5e kicking around. Otherwise, what good is the switch doing them?

[anoncake]

So bringing a switch solved the cable problem because the cables were in the same box?

[24gttghh]

Sure? lol

[greggman2]

switches route traffic to other machines on the same switch lowering network congestion between those machines and the rest of the network right ?

[robohoe]

Yes. They also minimize the broadcast storm domain.

[AnIdiotOnTheNet]

...no they don't. STP will help prevent broadcast storms, but a switch does nothing in and of itself to stop them.

[Enginerrrd]

shorter total cable length and a less cluttered environment?

[gberger]

Sure, but that doesn't solve the problem of shortage of ethernet cables

[m12k]

If the shortage is not of cables in general, but of cables that are long enough to reach the current connection point, then a switch would help.

[wlesieutre]

Maybe they have plenty of short cables, but not enough long cables to get to each person from the main network switch.

Adding a switch closer to you means multiple people can share the one long cable.

[SenHeng]

Similar story, I've been looking into getting ethernet switches to wire up my home and my initial search for switches turned up the console.

It is annoying when companies name their product after a commonly used word. Even more so if both are equally popular.

[bitwize]

Yeah, I saw a story titled "The Nintendo Switch" on Hackernews back in October 2016 and thought, "Nintendo is getting into network hardware now?!"

[walrus01]

If your college has any proper security on access ports, they'll be limited to one MAC address per physical port, and hopefully a decent 802.1x setup

[braindeath]

One MAC per port is very low yield, won’t do anything to stop even a mildly sophisticated attacker, and often just makes life more difficult than it needs to be. Especially for a college network where any notion that the general network is “secure” is a complete joke.

[walrus01]

It's not meant to be a comprehensive security plan, but rather a very easy thing to have configured on each port, to stop people from plugging $20 8 port dumb switches into managed infrastructure.

[braindeath]

But not a $30 wireless router.

And again there’s no need to be so draconian on something like a ResNet.

[tinco]

Why would 1 mac per port be proper security? Seems needlessly restrictive and ineffective to me.

[jrockway]

A lot of people think trusted L3 is a valid security solution.

[thaumasiotes]

NAT for IPs may be everywhere, but NAT for MAC addresses is inconceivable.

[mercora]

if you use a cheap router instead of a switch the far end will only see one MAC address which is the one of the router. doing NAT then is as easy as it could be. You could literally use just about any router out of the box without even configuring anything. you can also add an ethernet switch behind this device easily. only limiting a port to a single MAC is therefore somewhat pointless. you would prohibit valid use cases (adding a switch) without hindering any nefarious user (guy with a cheap router). Also, NAT for MAC addresses is a thing although not necessarily the most useful approach in this case...

[jlgaddis]

> an airgapped network for security classes

[Godel_unicode]

Wait till he finds out that people frequently use multiple VMs with their own MAC addresses on a given physical box. Especially in the kind of lab where people are working on security projects.

Edit: or that security includes availability in addition to confidentiality and integrity

[milankragujevic]

Eh, at work I either have to assign them pre-approved MAC addresses or get approval for VM MACs, or just use pretend my PC is a router and all VMs get a 100...* IP (10...* is used for the network already).

[Godel_unicode]

Why rfc6598 space instead of one of the other 1918 ranges? I would expect pretending to be a cgn on an internal network to blow up in spectacular fashion.

[walrus01]

I think he means doing NAT on his PC itself (such as is the default network configuration on virtualbox), where it doesn't ordinarily matter what private IP range the VMs are located in. VMs get DHCP leases and a default gateway from the host. The host presents only one IP address and MAC to what it's physically plugged into.

[milankragujevic]

Erm, the VMs see CGNAT, but it doesn't mean anything in my case, but still let's me access other PCs on the company Intranet on 10.x.x.x

[rovr138]

You can usually do NAT and Bridged.

NAT won’t have issues. Bridged will.

Regarding the IP range, on most most hypervisors that’s configurable.

[lonelappde]

Does your college teach security before networking? Probably a smart choice.