Not To's

Things not to do…

Not to do Photo by lukasbieri from Pixabay

Enabling IPv6 Broke Functionality to My IP Security Cameras

Enabling IPv6 Broke Functionality to My IP Security Cameras

A cautionary tale of enabling IPv6 on all network interfaces/VLANs

After the long journey of learning more about IPv6 and how to enable it on my home network (see my page for detailed info), I discovered that I broke some functionality. When you have IPv6 enabled alongside IPv4 in a dual stack configuration, IPv6 will often take priority – after all, it is newest protocol intended to replace IPv4. I have created a network for my IP security cameras that is isolated from the Internet that I use as baby camera monitors.
Restricting Ports too much with Port Isolation on Network Switch

Restricting Ports too much with Port Isolation on Network Switch

Isolating ports on a switch can be great for IoT devices but what about network infrastructure devices?

For security reasons, I decided to put my IoT devices on their own network using VLANs. I also had a desire to restrict certain devices to only have access to the Internet but not any other devices on my network. This should help reduce the likelihood of a hacked device from trying to traverse through the network by hacking other devices. A good example of a device on my network that only needs Internet access would be the 3rd gen Apple TV (affiliate link).
Streaming Live TV on Plex Media Server Issues with OPNsense Intrusion Detection Blocking Enabled

Streaming Live TV on Plex Media Server Issues with OPNsense Intrusion Detection Blocking Enabled

Enabling intrusion detection with blocking (IPS mode) on your LAN interface can cause issues!

On my home network, I host the Plex Media Server software on my server and make use of its Live TV and DVR capabilities. It actually works quite well. To make use of the TV/DVR capability you must have a Plex Pass (monthly, yearly, or lifetime) and a compatible cable box such as any of the HDHomeRun products. Originally I placed my HDHomeRun Prime device on my IoT network to keep it separate from my server, which I think makes sense since it is essentially an IoT device that infrequently receives updates from the manufacturer.
Enabling All DoS Defend Options on TP-Link Switch without Testing

Enabling All DoS Defend Options on TP-Link Switch without Testing

What could go wrong by enabling all of the DoS protections on your switch?

In the interest of increasing security and reliability of my home network against malicious attacks, I thought enabling all of the Denial of Service protections on my TP-Link switch would be a good idea. So I enabled the setting and all seemed well enough. Some time later, my wife tries to use our old 3rd generation Apple TV in our bedroom while folding laundry. It was showing the Computers icon and the Settings icon but not the main Apple TV screen.
Enabling Guest Control in UniFi Controller Blocked Access to Local Network Services by Default

Enabling Guest Control in UniFi Controller Blocked Access to Local Network Services by Default

Properly configuring guest isolation in the UniFi Controller

For my guest wireless network, I like the idea of all of the network devices on the guest network to be isolated from one another. Since the guest network should be used for visitors and other untrusted devices, it makes sense to restrict communication between the devices to improve security. Even though captive portals are a pretty cool feature that can provide a “wow” factor for guests that log onto your guest network, I have read where the captive portal on UniFi wireless access points can reduce the throughput of the guest network.