![]() I was able to verify that by looking in the Verizon router’s admin page where I could see all of the TiVos on the DHCP list, and all in the 192.168.1.X range. So when the TiVos are plugged into coax, they receive their network traffic via the Verizon router. But the question is, on which of my networks were the TiVos actually connected?Īs I mentioned earlier, the Verizon router is connected to the modem, and that’s over coax. We plugged the TiVos into the coax and that allowed them to talk to the Internet. As I explained in the discussion of the TiVos, our house has coax running to each room in the house, and because we have FiOS, that means we have a MoCA network, which is Ethernet over coax. Now I promised you that there was a TiVo angle to this story. For example, the Belkin switches can be controlled via an iOS app when I’m away from the house, so I can still do that, but they still can’t talk to the safe network. I can talk to the devices on the IoT network, but only if they’re set up to talk to the Internet. The two networks are completely isolated from each other. With this design, as Bart explained to us, any traffic sent to or from the unclean network hosted by the Airport simply cannot traverse over to the Netgear’s network. And of course that’s where we put our one Windows PC, the Kangaroo. On this network, we put all non-HomeKit devices such as our Nest smoke detector and our Belkin switches. In parallel, the Airport Extreme creates an internal network with the IP range of 10.0.1.X. We actively decided to trust HomeKit devices inside the same network with our most private data. Inside that network we have our Macs, including our Mac mini PLEX server, our Apple TVs, our iOS Devices, our Drobos (network attached storage) and finally any HomeKit-compatible IoT devices. The Netgear router creates its network in the IP range of 10.0.0.x. Each of those routers creates its own internal network. The Verizon router gives a static IP to the Netgear router at 192.168.1.10, and gives the Airport Extreme 192.168.1.2. The Verizon router then creates an intermediate network on IP 192.168.1.X. At the top we’ve got the nice little Internet cloud (which is a legal requirement for all network diagrams) which goes from the modem into the Verizon router. Let’s walk through the diagram to explain how all this works together. Plus, this gave me an excuse to make another draw.io diagram. Heck, I didn’t even tell you that there was “one more thing” about the TiVos because I couldn’t without explaining the network. I realized that if I didn’t explain this, I could never tell the last bit of the TiVo story from two weeks ago. Isolating the IoT devices and using the three routers to do it. What I never described was how I put the different pieces of Bart’s advice together. I already had the Verizon router and my Airport Extreme, so this meant I had an excuse to buy the Netgear Nighthawk X8 that I’d been coveting. Bart was careful to explain that you could do this with three cheap routers. The topology he suggests is to have one router that takes the Internet traffic from the modem, and then passes it to two routers in parallel with each other. He taught us how to use three routers instead of one to isolate our trusted computing devices on one router’s network and put the icky IoT devices on the other router’s network. Being Bart, he didn’t just talk about the dangers, he also gave us a solution. The purpose of that step was to eliminate the requirement to do port forwarding on both routers if I ever needed to access something inside the network.Īll of this worked great, I was able to pretty much ignore the Verizon router for the last three years.īut then In Chit Chat Across the Pond #435 last April, Bart explained to us the dangers of having IoT devices on our networks. We also set the DMZ on the Verizon router to a static IP and passed that right to the Airport. ![]() The basic idea is to disable WiFi on the Verizon router, and have it simply pass out IP addresses using DHCP and send traffic straight through to the Airport Extreme. It was non-obvious, so he drew a diagram that I turned into a full tutorial per his instructions. Back in August of 2013, Bart helped me figure out how to wrest control from the Verizon Actiontec FiOS router and let my Airport Extreme control my network.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |