VLANs was Q: Not state of the art LAN setup

Gordon Haverland

On Mon, 9 Dec 2019 04:10:00 +0000
"Andrew Stott" <andrew@...> wrote:

setup a VLAN for Guest access
VLAN is not something I have ever tried to design, I am trying to wade
through OpenWRT documentation, and little bits and pieces are making
sense. Are there tools to help with this design?

Anyway, the new WR1043N (a router with a WAN port and 4 LAN ports)
is I guess a specialised "managed switch". At least with OpenWRT as
the OS. A person can put VLAN ID on ports, make them tagged and
something to do with ON/OFF. This "router" will have its WAN port
connected to the Ubiquity PTP "local" port. Since some visitors to the
"farm" may access the "Internet" via the 2.4 GHz "service" that can be
provided by that router, I think I will need to "tag" packets from 2.4
GHz to indicate that these packets are more like DMZ than LAN.

I now have coming, an 8 port Ubiquity managed switch (60W POE).
Presumably it will have at least as much capability as any of the
routers running OpenWRT.

In the garage, I could easily end up with computers (perhaps some
running machining equipment), sensors and via the 2.4 GHz and 5 GHz
wireless capabilities of the Archer C7. At least in the near term,
it's 4+1 wired ports will all be the same (for trusted and wired
connections). The two wifi bands will be something like DMZ as well.

My existing router is an older WR1043N (I believe), and it too can be
set up somewhere so that it behaves as 4+1 ordinary wired ports, and
some possible 2.4 GHz wifi DMZ-like stuff.

It may be that 2.4 and 5 GHz are not usable on the farm, and I may have
to change to something like 900 MHz (a number of older technologies,
and the yet to come to market wifi-HaLow (802.11ah)) or wifi-LoRa (433
MHz). These lower frequency technologies might give me enough
non-line-sight to get to more locations on the farm more easily, and
tend to be longer range anyway.

One place I was thinking of wifi, is GPS rovers. Long ago when I was
doing Differential-GPS, we were using a 9600 baud radio link to
transmit corrections. I believe things like RTK require a little more
data to be shuffled, but not a lot more.

If I am going to be "broadcasting GPS corrections", I think that would
have to be done in an encrypted way. And I don't know how that
encryption would affect technologies such as 900 or 433 MHz wifi. If I
have a GPS base station going, I will probably broadcast "the time" in
some way, unencrypted. All of that being "trusted" (internal) packets
as far as my networking goes.

My PTP link can operate at higher data transfer speeds than I have
contracted for. I have actually contracted for the slowest service my
provider has. As this is about 3-4 times faster than what I got used
to while living in Grande Prairie, and I don't do video or music, it is
fine for me now. I think my peak data rate is supposed to be something
like 330kB/s (kb/s ?).

I have 3 unmanaged switches: one Trendnet with 8 ports and two Netgear
GS305 (5 port).

The desktop type machines I now have, will eventually be doing stuff
like parallel processing and acting like a cluster of amd64 CPU and
amdgpu (RX-460, RX-550, RX-560, RC-570) GPU. They will be using OpenCL
and OpenMPI. I think because of this, they all have to be talking
to each other via a common switch (the Trendnet).

It might be interesting to try and set up a bunch of RPi class
machines, to act as a second compute cluster, just to see what it can

I think the best way to communicate with roving or stationary locations
within the farm, is a mesh network of "routers" on the periphery.
Maybe they have directional antenna? If their range is too small, a
person can lower the power. But I think every "stationary" computer
"out in the field" should have rudimentary weather sensors on it. It
might be nice to dream that the periphery could be connected by
fibre-optic, but it probably takes very little effort on the part of a
cow, horse, deer, moose, pig or any number of other animals to cause a
break in a fibre-optic line. So, wifi probably needs to be used to
connect the periphery and to bring that data to the house.

Temperature and relative humidity on a single chip is easy to find.
Barometric pressure is easy to find. I have my doubts as to whether it
is useful to attempt to get windspeed and direction, at locations only
5 feet off the ground, and possibly near trees.

If I stick a "computer" with those 3 sensors on it on a fence post, I
have a feeling that someone is going to see that and say, "Hey. that
looks like my computer." and my hardware is gone. If I make up
"Stephenson boxes" (I think that is the term), I can mount the computer
inside that. And all people see is another weather station; and maybe
they leave it alone. As I am also interested in animals crossing my
farm boundaries, I can "hide" cameras in this Stephenson box to take
pictures of them. And you might need IR, ultrasound or other to help
with that (like game cameras). And a couple of locations may need
monitoring for cars and people as well (main driveway in for example).

But, the weather data is one class of data. If there are
cameras/microphones for the animals, that is another class of data. If
there are human concerns, that is a third class of data. The weather
could be sent unencrypted; the other data should be encrypted.

At this point, that is 5 different classes of internal data, and 2 (4?)
classes (from 3 points) of wifi (3 of 2.4 GHz, 1 of 5 GHz). And we
might have 900 and/or 433 MHz as well; which is now 11 VLANs? Maybe.

Should a person split the unencrypted from the encrypted on a VLAN
basis as well?

Some of the encryption could be trivial. I have on the order of 550
fence posts on the farm. The 570'th prime number is 4139 (I think).

Wasn't it Copycat Software that "encrypted" barcodes with an XOR of
FF? 4139 is a little bigger than 2^12 (4096), so if I happen to have a
weather station at fence post number 1, maybe I encrypt its data by XOR
with the 32 bit representation of "2" (or -2, to increase the
non-triviality, I can choose to use signed 32 bit numbers and what kind
of complement). I can also use compression either before or after
encryption (before makes more sense). Someone snooping the the wifi
channels could spend a lot of time, trying to figure out just what data
was being sent.

Well, I am going to go back to playing 20 questions with OpenWRT and
learning about VLANs. But, if people had comments or pointers on how
to design this stuff; or maybe even a comment that with the hardware I
have or will have soon, I don't have enough; that would be nice too.