First time trying home network segmentation

GLaDOS

GLaDOS

In Runtime
Messages
307
Location
N/A
Hi all,

Looking for some guidance/feedback - I'd like to finally segment my home network; I'm thinking that creating separate VLANs is the best way to achieve this? Below is the architecture I'm thinking of:

VLAN1: Home
Home PCs/laptops/etc
Mobile devices (phones/tablets etc.)

VLAN2: Guests
Guest wifi network

VLAN3: Stuff that doesn't get patched often/at all
IOT devices
TVs
Game Consoles
Media players (Apple TV, Roku, etc.)
Maybe a Home Theater PC (HTPC)/Plex media server type device?

VLAN4: Lab*
Likely a NUC Homelab running several VMs (Windows servers, Windows desktops, Linux servers, pfsense, etc.)
**Once the lab is set up, I'd like to set up a VPN on my laptop so I can connect to it away from home

A few questions:

1. Is this the best approach to segmenting my network so that one part of my network can't talk to the other? Should anything else be taken into consideration here or done differently?

2. Is it possible to extend my entire network (all VLANs) or at least 1 VLAN using a second router in bridge mode? There are 1-2 rooms in my house that receive very poor wifi signal.

3. What's the best hardware to achieve this? One "high-end" router that supports VLAN or a managed switch that sits behind the modem/router provided by ISP?

Any guidance, suggestions, or feedback you could provide would be much appreciated. As mentioned, this is my first time doing this so any tips or reference material is also greatly appreciated.

As always, thanks!
 
Easiest and cheapest way to do this effectively would be to get some Ubiquiti Unifi gear IMO. The USG 3 will supply your guest network in a fancy package for you with a few clicks, and can easily segment your network the way you want with an easy to use GUI. They also have cheap enterprise class wifi gear for you to use too.
 
PP Mguire said:
Easiest and cheapest way to do this effectively would be to get some Ubiquiti Unifi gear IMO. The USG 3 will supply your guest network in a fancy package for you with a few clicks, and can easily segment your network the way you want with an easy to use GUI. They also have cheap enterprise class wifi gear for you to use too.
Click to expand...

Thanks PP Mguire. I've heard a lot of good things about Ubiquity lately. Just to confirm, this is the device you are referencing?

https://www.ubnt.com/unifi-routing/usg/

And this would need to be purchased with a switch in order to create VLANs (i.e. the router linked to above would not support VLANs on its own?) This is my first time dabbling in VLANs and network segmentation so I really appreciate the help!
 
Yeah that's the one! Technically you don't even need the USG, our network is setup with just the APs and the Switch. If you want historical data on throughput/latency or want to do DPI, then you'll need a usg
 
GLaDOS said:
Thanks PP Mguire. I've heard a lot of good things about Ubiquity lately. Just to confirm, this is the device you are referencing?

https://www.ubnt.com/unifi-routing/usg/

And this would need to be purchased with a switch in order to create VLANs (i.e. the router linked to above would not support VLANs on its own?) This is my first time dabbling in VLANs and network segmentation so I really appreciate the help!
Click to expand...
You technically didn't link any router unless you meant the USG. Ubiquiti Unifi gear runs off what's called the Unifi controller software which provides most features you want. All of the Unifi gear connects to this controller software and is ran off a simple GUI that can also be cloud controlled (as in you can configure your network from anywhere if you enable it). The USG provides DHCP, firewall, the guest network portal, DPI, port forwarding, VPNs, QoS, etc. In turn all the stuff a normal router provides minus extra ethernet ports and wifi. All these features are also enhanced with greater control if you use something like a Unifi switch BUT it's not necessary. The Unifi controller also controls the APs, and can give you greater control over your wifi. For instance you can have up to 3 SSID's off one AP. Their APs support all high end features you'd like, and are PoE so they're easy to place without needing a power adapter (they come with a PoE injector in the box if you don't have a PoE switch).

Basically the way I look at it is a high end router that gives you really good control over your subnetting, is high performance (can handle massive throughput 8Gbps non-blocking or higher), has a fast enough processor to handle all VLAN loads, and has good wifi radios will cost you well over 100 bucks. A decent sized managed switch will too, not to mention have to learn their webgui. The Unifi controller software is free and coupled with the USG 3 at 118 plus a cheap 5-8 port switch at 30 bucks will give you everything minus the wifi. You can add their Lite AP for the wifi.
https://www.amazon.com/Ubiquiti-Uni...&qid=1502733860&sr=1-1&keywords=unifi+ac+lite

They also have many other toys you can add to this like their own switches that provide PoE, LAG, mirroring, etc. They have wall APs to help areas of the house with spotty wireless like this product. Mesh technology, long range wireless solution (also Unifi), cameras (with their own NVR stuff that's free), and a **** ton more.

Do be mindful that the Unifi software IS actively being updated frequently and they are adding promised features rather quickly. For instance UPNP wasn't in the software until this year and it's still sometimes spotty but you can always program ANYTHING you want via CLI/SSH with the USG. If I can I'll try to make a video outlining some key features. THeir software does need to be run on a machine or you can buy their cloud key.

S0ULphIRE said:
Yeah that's the one! Technically you don't even need the USG, our network is setup with just the APs and the Switch. If you want historical data on throughput/latency or want to do DPI, then you'll need a usg
Click to expand...
If he wants to run just a dummy L2 switch and their AP he will still need a router behind it all to provide a firewall, DHCP, QoS and/or VPN.
 
Thanks SOULphIRE and PP Mguire. I'm going to diagram this out as soon as I get the chance to plan how I'm going to set this up. I think I'm definitely going to go with Ubiquiti gear. If I have any additional questions, I'll add them to this thread.

Thanks again, very much!
 
You must log in or register to reply here.

Similar threads

U
Network problem at home in 5GH - on the computer
Replies
1
Views
848
tehnokraat
T
S
Home network dropping
Replies
0
Views
747
Spud5437
S
A
Home Network Wifi Issues
Replies
2
Views
1K
petergroft29
P
M
How to control Siemens LOGO PLC through mobile network (4G, 5G...)?
Replies
1
Views
931
Antonio Turner
A
R
Help for my homelab
Replies
1
Views
578
PP Mguire
PP Mguire
Back
Top Bottom