Cable Cutting– Cisco Local Area Networks

Many home users no longer use television and video streaming content from cable television providers. Instead, they prefer to draw all their services over a single link running IP. Subscribing to video and other services over an IP-only Internet connection is called cable cutting or cord cutting. While there is still a physical cable, all in-home services—video, network connectivity, and phone—are provided Over the Top (OtT) via IP rather than using separate channels for each service.

Cable cutting allows users to use many different OtT streaming services rather than relying on the cable company’s video streaming.

Combining the MODEM with Other Devices

Combining the MODEM, router, and firewall, as shown in A and D in Figure 11-3, means any device can be used with only one of the five kinds of last-mile technology. Combining the MODEM  with other devices has some positive attributes, such as

• The user has only one physical device to wire, power, and manage.

• The provider can control the performance of this single device, ensuring a consistent customer experience.

• The provider understands the entire network, all the way to individual user devices connected to the network.

• There is only one physical device to troubleshoot and replace.

• From the provider’s perspective, they own the equipment, which is then leased or rented to the user, generating revenue.

Combining the MODEM with other devices also has some negative attributes:

• The user cannot replace their Wi-Fi system or router without replacing the MODEM—or contacting the provider, who then must send a technician out to do the replacement.

• The provider is responsible for the user’s internal home network experience, including Wi-Fi dead spots.

• The provider cannot replace the MODEM to upgrade their technology without replacing the user’s router and Wi-Fi system. Providers must pay more to upgrade last-mile technology if they combine the MODEM with other devices.

Choosing which to use—using several or one combined device —depends on the situation, the provider, and the user.

Demarcation

Two other terms you will often hear in networking are the demarcation point (demarc) and customer premises equipment (CPE ).

The demarc is the point at which the provider’s network ends and the customer’s network begins. Devices and wiring beyond the demarc are the customer’s responsibility from the provider’s perspective.

The demarc is a physical device in telephone networks like the one shown in Figure 11-6.

Figure 11-6 A Telephone System Demarcation Point

The demarc is not a single point when a provider supplies a home network’s router, firewall, and Wi-Fi system. The general idea, however, is to divide the part of the network the customer is responsible for from the network the provider is responsible for.

CPE is the provider-supplied equipment physically located in the home (or some other physical space owned by the user).

The SSID and Wi-Fi Guest Network

The service set identifier (SSID ) identifies a single set of services or a wireless local area network (WLAN). A single SSID might represent

• A Wi-Fi network on a single AP using a single channel

• A Wi-Fi network on a single AP using multiple channels

• A Wi-Fi network across multiple APs (like a Wi-Fi mesh system) using a single channel

• A Wi-Fi network across multiple APs (like a Wi-Fi mesh system) using multiple channels

• Multiple Wi-Fi networks on one or more AP(s) using a single channel

• Multiple Wi-Fi networks on one or more AP(s) using multiple channels

The SSID is not related to an AP or a Wi-Fi channel; it is a set of services. Each SSID represents a different segment or broadcast domain (although the physical channel may—or may not—be shared among multiple SSIDs).

Note

Devices connected to different SSIDs can only communicate through a router, while all the devices connected to the same SSID may communicate directly.

In a home network, you should choose a single SSID for each set of devices. For instance, you might create separate SSIDs for

• IoT devices like doorbells and thermostats

• Primary hosts, like laptops, tablets, and cell phones

• Guests

Most consumer-grade APs cannot create multiple SSIDs. In this case, you can create two SSIDs:

• The primary SSID for hosts and streaming devices like laptops, tablets, cell phones, and televisions. This SSID has access to the Internet and all internal devices.

• The guest SSID. This SSID has access to the Internet but no access to internal devices.

APs can implement a guest SSID either on a different channel as the primary (internal) SSID or a different channel.

Should you put IoT devices on the primary or guest SSID? The “wisdom of the Internet” is to place IoT devices on the guest SSID, but there are trade-offs (as usual). Some of the reasons to connect IoT devices to the guest SSID include the following:

• If an IoT device comes under the control of an attacker, the attacker cannot reach your internal network devices.

• You do not need to create special rules or policies on your network for IoT devices to communicate with their corresponding cloud services.

• The IoT device has no visibility into the traffic generated by your primary network devices.

Some of the reasons to connect IoT devices to the primary network (internal) SSID include

• The primary network SSID is probably better protected from external attacks.

• Attaching to the  guest network—which is generally considered an “open” access point by most users—does not gain access to home control systems.

There is no clear or correct answer to this question; it all depends on the kinds of IoT devices, the security posture of the network, and many other factors.

Leave a Reply

Your email address will not be published. Required fields are marked *