when you have to sign in with an ID password, it means that your company is using WPA2 or WPA3 Enterprise. There is an authentication server that processes your credentials and grants access to network resources based on the network access control policy.
It is not possible to answer your question without knowing the details of the network access control policy.
what model is your access point? is it the Asus? is it in Access point mode?
you should be fine on that router.
you dont need 6E, most likely. Get the EAP670.
(that being said, you probably dont need 2.5Gbe either)
almost certainly your router and adguard installation only respond to web management on their own subnet.
Get a router that can actually do a PPOE Passthrough without NAT, such as a mikrotik.
may be a bit difficult to configure though.
DMZ on home routers is basically a 1:1 NAT with no firewall. so DMZ working correctly will still NAT.
if the issues are isolated to physical areas, the internet package isnt the problem.
so in that cases, mesh routers may be an option that works.
dont set any PVID, or leave it on 1.
no i didnt indent to highlight that portion. just the first sentence.
Does this make sense?
not really.
Are there any consequences I am not anticipating? Are there any performance considerations?
your IP scanners are gonna run a lot slower…other than that no. large networks are usually a symptom of a larger issue, but not a problem in and of itself. If for example you have 50 devices, putting them on a /24 or /20 or /21 wont likely make a difference. but if you have 1000 devices, deciding to solve that problem by creating a /20 does NOT solve the problem of 1000 devices on the same broadcast domain. but dont conflate those problems with “dont use large network sizes such as /20 or /21”. does that make sense?
I’ll never have 254 devices on this network, let alone 254 on a single subnet. Should I be… “spreading out” the assigned host addresses? Like instead of .1, .2, .3, assign them .8, .16, .32, etc.?
Most people do what you are doing but dont increase the network size just to do so.
for example, instead of 10.0.0.x make it 10.0.0.200-254
instead of user A’s devices being 10.0.1.x make it 10.0.0.10-19, 20-29 for the next user, 30-39 etc.
then the DHCP range make 100-199.
that way you still have equal “tidiness” without needing a humongous network size. but its up to you.
half the things you say you need are much better handled on business class equipment.
the only hang up you have there is that wifi on business class is kind of expensive.
i’d suggest something like a mikrotik router and two aruba instant on APs.
it doesnt really matter with the exception of the bandwidth left on the port.
What I would do is plug into the dock and see how it goes, if you dont get the full bandwidth plug directly into the laptop.
what you want to do is put your Fritzbox 6660 into “bridge mode” or get a modem only.
what you are calling a converter of some kind is a modem only – without any router functionality.
10G is always backwards compatible with 1G and 100M, but not always backwards compatible with 2.5G or 5G.
that being said, Macs with 10Gig ethernet, also support 2.5 and 5G.
tl;dr 10Mb is the only thing that wont work.
yeah totally easy. and you dont even really need to seperate into two LANs, use a policy for your computer’s MAC address and redirect the gateway and visa versa.
you can do it practically any way you want.
you are 100% correct that his systems arent air gapped before and they arent air gapped going forward.
that doesnt mean that there is no point doing anything in the middle.
some people are very paranoid about having financial data on any system that can access the internet. i was treating this as besides the point of the question OP asked and was keeping status quo. it is possible they are running outdated software that cannot have security vulnerabilities patched and that a decision somewhere has been made to keep these devices off of direct internet access.
there is nothing wrong with that.
nah you arent understanding what he asked for.
old configuration:
-POS terminals on a local non internet connected network.
-Debt machines on a seperate network that is connected to the internet
-Debt machines connected to POS terminals via serial cable.
New Setup:
-Debt machines will communicate with POS terminals through the TCP/IP network.
-therefore, the POS machines will theoretically now have network access to the internet.
many options, here are two:
you can set manual IPs on the terminals and simply don’t set a default gateway.
you can use literally any proper, business router and create the required access rules.
unifi makes outdoor poe switches, they also make enclosures as additional protection.
Look at the Flex and the Flex Utility for the enclosure.
look up surface mount keystone box. thats the best you are gonna be able to do.