[Tfug] "Opening" a physical ethernet connection
Kramer Lee
krameremark1 at gmail.com
Tue May 28 07:33:21 MST 2013
Grounding blocks can protect against indirect lightning, so for any
network cable run outside the enclosed building or not in a lightning
protected area (somewhere where it might get a direct strike), it
should be physically unplugged when not in use, and brought back
inside too. Also these grounding blocks work a lot better if shielded
ethernet cables are used because that will divert the bulk of the
lightning current in most cases.
Wireless is great for lightning protection of the main system when the
access point is in a lightning protected area, only you and the
wireless device are in any danger. Using a wireless device in a
lightning protected area is best, as then, even if large voltages
penetrate the lightning protected area through the power lines, the
wireless device is isolated from the power lines. Unless you are
sitting somewhere in a manner that negates the isolation.
I suppose this whole conversation started because Bexley would like a
more convenient way to unplug a wired Ethernet connection? The RJ45
wears with mating/demating and that little detent clip keeps breaking
off. Then it is GB ethernet so maybe we can't screw up the
transmission line by adding series SPDT reed relays.
On 5/27/13, Tyler Kilian <vaca at grazeland.com> wrote:
> I'll add there are Ethernet grounding blocks to mitigate this issue.
>
> On May 27, 2013, at 1:38 PM, Kramer Lee <krameremark1 at gmail.com> wrote:
>
>> If you have a network line to an RJ-45 outside, and you pull the plug
>> on the network switch, but this is during monsoon season, and that
>> network cable is too close to a lightning strike, there is a good
>> chance that enough lightning energy will go right through the switch
>> and damage the network. Direct strike lightning protection will
>> significantly increase the cost of this project. A quick disconnect
>> network plug would be good for that application.
>>
>> On 5/2/13, John M <hankscorpioarizona at gmail.com> wrote:
>>> Anything remotely close would be an ethernet extension type of device or
>>> transceiver that has a "switch on/off" capability. But, I haven't see
>>> something like that. The "use a cheap switch and power it on/off" would
>>> be
>>> your best bet.
>>>
>>> On Wed, May 1, 2013 at 9:05 PM, Bexley Hall <bexley401 at yahoo.com> wrote:
>>>
>>>> Hi Christopher,
>>>>
>>>>
>>>> On 5/1/2013 8:20 PM, Christopher Robbins wrote:
>>>>
>>>>> Ideally, I want to be able to "unplug" a "physical ethernet
>>>>>>> connection" (i.e., a *cable*). This prevents the service(s)
>>>>>>> available on that connection from being accessed *and*
>>>>>>> protects the fabric from "assault" (e.g., someone taking a
>>>>>>> line cord and connecting it to the pins of the connector
>>>>>>> thereby frying a port in an *expensive* switch).
>>>>>>
>>>>>> What about routing your connection through a cheap switch[1], and
>>>>>>
>>>>>>> power it via a wall switch. Turn off the wall switch, the cheap
>>>>
>>>>> switch looses power and cannot talk to the rest of the network.
>>>>>> This only partially protects against your physical assault. If
>>>>>> someone did plug mains power into the RJ45, then you'd be out a $20
>>>>>> switch, but not your fancier many-port managed switch on the other
>>>>>> side.
>>>>>
>>>>> I may be a little late to the party...This sounds like an ideal
>>>>> solution.
>>>>
>>>> Yes, I was just hoping for a "two port switch" (bridge) designed
>>>> basically for this purpose. I.e., if it is implemented robustly
>>>> (read: bug free) it could remain powered *on* but simply refuse
>>>> to pass packets while a control input is "off", etc. I.e., like
>>>> a "managed 2 port switch" that can be commanded to pass/inhibit
>>>> based on a signal supplied on a "pin"/control connector (so you
>>>> don't have to send a packet to it to get it to "inhibit")
>>>>
>>>> I suggested "yank the power" as this is relatively easy to control
>>>> *and* the switch is supposed to be well-behaved in that unpowered
>>>> state.
>>>>
>>>>
>>>> Use cheap switches as an access layer, and shut the switches off as
>>>>> necessary. Do ports have to be unplugged via an on/off switch, or
>>>>> is it okay if the connection is actually unplugged?
>>>>
>>>> If unplugging is an option, then you (i.e., I) could just unplug the
>>>> cable from the main switch and not need any such mechanism :-/
>>>> The means by which the port is isolated needs to be "securable".
>>>> If an adversary can simply plug/unplug the cable/device/"protector"
>>>> in and subvert its function then you haven't gained anything.
>>>>
>>>> Ideally, you would locate the(se) device(s) someplace secure so
>>>> the user/adversary is forced to deal with the interface that it
>>>> wants to expose (while hiding the interface that it wants to
>>>> *protect*!).
>>>>
>>>> I'll have to see if I can reduce the cost of my "port module"
>>>> on the switch (actually a very large router) and fabricate it
>>>> in such a way that these are "disposable"... that way there are
>>>> no outboard devices to maintain, cable, configure, etc. It also
>>>> means every port gets this same capability "for free".
>>>>
>>>>
>>>>
>>>> ______________________________**_________________
>>>> Tucson Free Unix Group - tfug at tfug.org
>>>> Subscription Options:
>>>> http://www.tfug.org/mailman/**listinfo/tfug_tfug.org<http://www.tfug.org/mailman/listinfo/tfug_tfug.org>
>>
>> _______________________________________________
>> Tucson Free Unix Group - tfug at tfug.org
>> Subscription Options:
>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
More information about the tfug
mailing list