[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Advice Please - Extending a Network
I was obviously in the middle of constructing my email at the same time as
You are right, only a switch, some "bridges" or linux box configured as a
bridge can route ethernet traffic between network segments that are using
different types of ethernet packets (802.3, 802.3 SNAP, ethernet II a.k.a.
"DIX", fast ethernet, gigabit ethernet, etc.)
This is because hubs are like wires/coax, they just flash all packets
everywhere. Switches act a bit like routers, after discovering which NIC is
connected to which port they route packets down only that wire (in a sense).
See http://www.howstuffworks.com/lan-switch.htm for an excellent, simple
I agree that if cost is not an issue and the cost doesn't need to be spread
out over months/years then it's best to start migrating machines ASAP, that
way you can shake down problems as fast as possible.
The only thing to watch out for is that you shouldn't replace coax in a
"noisy" environment (electronically speaking), example would be in a machine
shop where electromagnetic interference might cause twisted pair networks to
malfunction, resulting in excessive packet loss.
----- Original Message -----
From: "Tobias Weisserth" <tobias@xxxxxxxxxxxx>
Sent: Saturday, January 10, 2004 2:56 PM
Subject: Re: [suse-security] Advice Please - Extending a Network
> Hi there,
> Am Sam, den 10.01.2004 schrieb John Andersen um 10:56:
> > Don't add another nic, It complicates matters beyond need.
> He's right. Replace NICs in every PC step by step, beginning with the
> > Replace your existing server nic with a 10/100 nic, any one will do,
> > intel works nice, as do most of the $10 nics.
> An additional hint: buy a nic that takes away stress from the CPU.
> Cheaper NICs leave much work to the CPU, like those Realtek chipsets.
> This is not a problem with fast CPUs but you'll notice the difference on
> weaker machines, like the battered Pentiums that route my network. A
> 3COM or Intel is usually a good choice.
> > Go down to the computer store and find a SMALL (5port) 10/100 switch
> > (or hub).
> Don't buy a hub. Buy a switch. I'm not sure this is totally right, but
> as far as I know a hub only takes the lowest speed connected while a
> switch can mix 100MBit and 10MBit. Is this right or do I confuse
> something here? I don't know for sure but I heard that switches have
> less problems with packet collisions because they route by hardware
> address? Does this make sense?
> I have two low cost 8 Port Switches here at home and they work perfectly
> > If lucky, you will find one with a cat5 port as well as a coax
> > port. Connect coax to it, and plug your server into one of the cat
> > 5 ports, or any combination of that which works.
> Actually, you don't need a switch/hub with a coax port. Since you're
> moving away from coax cable soon, you can as well connect those old
> 10MBit NICs with twisted par cables immediately. I assume those old NICs
> you are going to replace have a connection for coax AND twisted pair?
> Normally a 10MBit card has those two connectors. If yes, don't invest in
> something you are not going to need in the future. Buy a regular switch,
> buy cables to replace every coax cable now and replace NICs step by
> > Remember, all you want this cheap hub/switch for is its coax port.
> > So if you can't find one, buy one without a coax port and offer it in
> > trade to anyone who has an older hub which almost always had
> > coax ports.
> See alternative above.
> > Since you will be buying a big switch to handle the whole house
> > anyway, make sure its 10/100 autosensing, and you can
> > plug any old 10meg hub into it to carry the load till you
> > cut over.
> I totally agree. But you don't need the coax connection if you replace
> the cabling immediately. You don't have to change a thing at the old PCs
> if you use twisted pair instead of coax, so there really isn't any need
> to stick with the coax.
> > Don't add another nic, its just more routeing problems than
> > you need.
> Yes, this is true. It would be another story if you were using a token
> ring network though ;-)
> Tobias W.
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here