Hi all,
Looking for some guidance/feedback - I'd like to finally segment my home network; I'm thinking that creating separate VLANs is the best way to achieve this? Below is the architecture I'm thinking of:
VLAN1: Home
Home PCs/laptops/etc
Mobile devices (phones/tablets etc.)
VLAN2: Guests
Guest wifi network
VLAN3: Stuff that doesn't get patched often/at all
IOT devices
TVs
Game Consoles
Media players (Apple TV, Roku, etc.)
Maybe a Home Theater PC (HTPC)/Plex media server type device?
VLAN4: Lab*
Likely a NUC Homelab running several VMs (Windows servers, Windows desktops, Linux servers, pfsense, etc.)
**Once the lab is set up, I'd like to set up a VPN on my laptop so I can connect to it away from home
A few questions:
1. Is this the best approach to segmenting my network so that one part of my network can't talk to the other? Should anything else be taken into consideration here or done differently?
2. Is it possible to extend my entire network (all VLANs) or at least 1 VLAN using a second router in bridge mode? There are 1-2 rooms in my house that receive very poor wifi signal.
3. What's the best hardware to achieve this? One "high-end" router that supports VLAN or a managed switch that sits behind the modem/router provided by ISP?
Any guidance, suggestions, or feedback you could provide would be much appreciated. As mentioned, this is my first time doing this so any tips or reference material is also greatly appreciated.
As always, thanks!
Looking for some guidance/feedback - I'd like to finally segment my home network; I'm thinking that creating separate VLANs is the best way to achieve this? Below is the architecture I'm thinking of:
VLAN1: Home
Home PCs/laptops/etc
Mobile devices (phones/tablets etc.)
VLAN2: Guests
Guest wifi network
VLAN3: Stuff that doesn't get patched often/at all
IOT devices
TVs
Game Consoles
Media players (Apple TV, Roku, etc.)
Maybe a Home Theater PC (HTPC)/Plex media server type device?
VLAN4: Lab*
Likely a NUC Homelab running several VMs (Windows servers, Windows desktops, Linux servers, pfsense, etc.)
**Once the lab is set up, I'd like to set up a VPN on my laptop so I can connect to it away from home
A few questions:
1. Is this the best approach to segmenting my network so that one part of my network can't talk to the other? Should anything else be taken into consideration here or done differently?
2. Is it possible to extend my entire network (all VLANs) or at least 1 VLAN using a second router in bridge mode? There are 1-2 rooms in my house that receive very poor wifi signal.
3. What's the best hardware to achieve this? One "high-end" router that supports VLAN or a managed switch that sits behind the modem/router provided by ISP?
Any guidance, suggestions, or feedback you could provide would be much appreciated. As mentioned, this is my first time doing this so any tips or reference material is also greatly appreciated.
As always, thanks!