First time trying home network segmentation - Techist - Tech Forum

Go Back   Techist - Tech Forum > Internet > Computer Networking and Internet Hardware
Click Here to Login
Reply
 
Thread Tools Display Modes
 
Old 08-10-2017, 09:12 PM   #1 (permalink)
Super Techie
 
GLaDOS's Avatar
 
Join Date: May 2012
Location: USA
Posts: 285
Send a message via AIM to GLaDOS
Question First time trying home network segmentation

Hi all,

Looking for some guidance/feedback - I'd like to finally segment my home network; I'm thinking that creating separate VLANs is the best way to achieve this? Below is the architecture I'm thinking of:

VLAN1: Home
Home PCs/laptops/etc
Mobile devices (phones/tablets etc.)

VLAN2: Guests
Guest wifi network

VLAN3: Stuff that doesn't get patched often/at all
IOT devices
TVs
Game Consoles
Media players (Apple TV, Roku, etc.)
Maybe a Home Theater PC (HTPC)/Plex media server type device?

VLAN4: Lab*
Likely a NUC Homelab running several VMs (Windows servers, Windows desktops, Linux servers, pfsense, etc.)
**Once the lab is set up, I'd like to set up a VPN on my laptop so I can connect to it away from home

A few questions:

1. Is this the best approach to segmenting my network so that one part of my network can't talk to the other? Should anything else be taken into consideration here or done differently?

2. Is it possible to extend my entire network (all VLANs) or at least 1 VLAN using a second router in bridge mode? There are 1-2 rooms in my house that receive very poor wifi signal.

3. What's the best hardware to achieve this? One "high-end" router that supports VLAN or a managed switch that sits behind the modem/router provided by ISP?

Any guidance, suggestions, or feedback you could provide would be much appreciated. As mentioned, this is my first time doing this so any tips or reference material is also greatly appreciated.

As always, thanks!
__________________

__________________
The Enrichment Center is required to remind you that the Weighted Companion Cube cannot talk. In the event that it does talk The Enrichment Centre asks you to ignore its advice.
GLaDOS is offline   Reply With Quote
Old 08-11-2017, 03:30 PM   #2 (permalink)
Build Guru
 
PP Mguire's Avatar
 
Join Date: Dec 2004
Location: Fort Worth, Texas
Posts: 27,744
Default Re: First time trying home network segmentation

Easiest and cheapest way to do this effectively would be to get some Ubiquiti Unifi gear IMO. The USG 3 will supply your guest network in a fancy package for you with a few clicks, and can easily segment your network the way you want with an easy to use GUI. They also have cheap enterprise class wifi gear for you to use too.
__________________

__________________
"Resolution is just a number." #Ubisoft
Origin/Steam = PP_Mguire Twitch = pp_mguire Instagram = ppmguire PSN = PP_Mguire

Access to my Plex PM me.
PP Mguire is offline   Reply With Quote
Old 08-13-2017, 07:30 PM   #3 (permalink)
Super Techie
 
GLaDOS's Avatar
 
Join Date: May 2012
Location: USA
Posts: 285
Send a message via AIM to GLaDOS
Default Re: First time trying home network segmentation

Quote:
Originally Posted by PP Mguire View Post
Easiest and cheapest way to do this effectively would be to get some Ubiquiti Unifi gear IMO. The USG 3 will supply your guest network in a fancy package for you with a few clicks, and can easily segment your network the way you want with an easy to use GUI. They also have cheap enterprise class wifi gear for you to use too.
Thanks PP Mguire. I've heard a lot of good things about Ubiquity lately. Just to confirm, this is the device you are referencing?

https://www.ubnt.com/unifi-routing/usg/

And this would need to be purchased with a switch in order to create VLANs (i.e. the router linked to above would not support VLANs on its own?) This is my first time dabbling in VLANs and network segmentation so I really appreciate the help!
__________________
The Enrichment Center is required to remind you that the Weighted Companion Cube cannot talk. In the event that it does talk The Enrichment Centre asks you to ignore its advice.
GLaDOS is offline   Reply With Quote
Old 08-14-2017, 02:13 AM   #4 (permalink)
Lord Techie
 
S0ULphIRE's Avatar
 
Join Date: Mar 2007
Location: Australia
Posts: 8,526
Send a message via MSN to S0ULphIRE
Default Re: First time trying home network segmentation

Yeah that's the one! Technically you don't even need the USG, our network is setup with just the APs and the Switch. If you want historical data on throughput/latency or want to do DPI, then you'll need a usg
__________________
"As a result of all this hardship, dirt, thirst, and wombats, you would expect Australians to be a sour lot. Instead, they are genial, jolly, cheerful, and always willing to share a kind word with a stranger, unless they are an American." -- Douglas Adams
S0ULphIRE is online now   Reply With Quote
Old 08-14-2017, 01:11 PM   #5 (permalink)
Build Guru
 
PP Mguire's Avatar
 
Join Date: Dec 2004
Location: Fort Worth, Texas
Posts: 27,744
Default Re: First time trying home network segmentation

Quote:
Originally Posted by GLaDOS View Post
Thanks PP Mguire. I've heard a lot of good things about Ubiquity lately. Just to confirm, this is the device you are referencing?

https://www.ubnt.com/unifi-routing/usg/

And this would need to be purchased with a switch in order to create VLANs (i.e. the router linked to above would not support VLANs on its own?) This is my first time dabbling in VLANs and network segmentation so I really appreciate the help!
You technically didn't link any router unless you meant the USG. Ubiquiti Unifi gear runs off what's called the Unifi controller software which provides most features you want. All of the Unifi gear connects to this controller software and is ran off a simple GUI that can also be cloud controlled (as in you can configure your network from anywhere if you enable it). The USG provides DHCP, firewall, the guest network portal, DPI, port forwarding, VPNs, QoS, etc. In turn all the stuff a normal router provides minus extra ethernet ports and wifi. All these features are also enhanced with greater control if you use something like a Unifi switch BUT it's not necessary. The Unifi controller also controls the APs, and can give you greater control over your wifi. For instance you can have up to 3 SSID's off one AP. Their APs support all high end features you'd like, and are PoE so they're easy to place without needing a power adapter (they come with a PoE injector in the box if you don't have a PoE switch).

Basically the way I look at it is a high end router that gives you really good control over your subnetting, is high performance (can handle massive throughput 8Gbps non-blocking or higher), has a fast enough processor to handle all VLAN loads, and has good wifi radios will cost you well over 100 bucks. A decent sized managed switch will too, not to mention have to learn their webgui. The Unifi controller software is free and coupled with the USG 3 at 118 plus a cheap 5-8 port switch at 30 bucks will give you everything minus the wifi. You can add their Lite AP for the wifi.
https://www.amazon.com/Ubiquiti-Unif...=unifi+ac+lite

They also have many other toys you can add to this like their own switches that provide PoE, LAG, mirroring, etc. They have wall APs to help areas of the house with spotty wireless like this product. Mesh technology, long range wireless solution (also Unifi), cameras (with their own NVR stuff that's free), and a **** ton more.

Do be mindful that the Unifi software IS actively being updated frequently and they are adding promised features rather quickly. For instance UPNP wasn't in the software until this year and it's still sometimes spotty but you can always program ANYTHING you want via CLI/SSH with the USG. If I can I'll try to make a video outlining some key features. THeir software does need to be run on a machine or you can buy their cloud key.

Quote:
Originally Posted by S0ULphIRE View Post
Yeah that's the one! Technically you don't even need the USG, our network is setup with just the APs and the Switch. If you want historical data on throughput/latency or want to do DPI, then you'll need a usg
If he wants to run just a dummy L2 switch and their AP he will still need a router behind it all to provide a firewall, DHCP, QoS and/or VPN.
__________________
"Resolution is just a number." #Ubisoft
Origin/Steam = PP_Mguire Twitch = pp_mguire Instagram = ppmguire PSN = PP_Mguire

Access to my Plex PM me.
PP Mguire is offline   Reply With Quote
Old 08-15-2017, 06:13 AM   #6 (permalink)
Super Techie
 
GLaDOS's Avatar
 
Join Date: May 2012
Location: USA
Posts: 285
Send a message via AIM to GLaDOS
Default Re: First time trying home network segmentation

Thanks SOULphIRE and PP Mguire. I'm going to diagram this out as soon as I get the chance to plan how I'm going to set this up. I think I'm definitely going to go with Ubiquiti gear. If I have any additional questions, I'll add them to this thread.

Thanks again, very much!
__________________

__________________
The Enrichment Center is required to remind you that the Weighted Companion Cube cannot talk. In the event that it does talk The Enrichment Centre asks you to ignore its advice.
GLaDOS is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
trying to build a computer for the first time Pegasus88 New Systems | Building and Buying 6 12-08-2012 05:52 PM
Trying to set up a home network Bradlays Computer Networking and Internet Hardware 22 02-23-2008 06:41 PM
First time poster...First time problem. "OPERATING SYSTEM NOT FOUND." oncearunner Hardware Repairs and Troubleshooting 1 01-07-2007 06:17 AM
Segmentation fault straightv6 Linux and Open Source 3 07-02-2005 02:27 PM
Problem Setting Up Home Network (first time) Junorion Computer Networking and Internet Hardware 3 04-16-2004 02:17 PM


Our Communities

Our communities encompass many different hobbies and interests, but each one is built on friendly, intelligent membership.

» More about our Communities

Automotive Communities

Our Automotive communities encompass many different makes and models. From U.S. domestics to European Saloons.

» More about our Automotive Communities

Marine Communities

Our Marine websites focus on Cruising and Sailing Vessels, including forums and the largest cruising Wiki project on the web today.

» More about our Marine Communities


Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 04:14 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.