VLAN, Separating Devices On Your Network At Home

Filed Under Networking at 3rd February 2020 0:01 by

Overview

I have recently swapped out my final unmanaged switch with a Ubiquity Unifi Switch completing a fully managed wired network at home. With the networking limitation removed it was time to start separating the network.

The goal of segregating the network is so that:

  1. Separation of data on the network.
  2. Allow different policies depending on the network they belong to.

Other sites and a quick google will describe what a VLAN is and worth reading up before going further.

I’m not a network admin so any suggestions to improve my setup would be really appreciated using the comments below.

Networks

I have created the following VLANs I’m additional the default:

Each network serves a purposes with different levels of access. Using a combination of firewall rules to control network and web access and Radius for authentication and identity management allows different policies on each network.

Guest

The guest network is designed to isolate each client and not allow access to the other networks. The guest network is the most locked down network. On top of this, a default DNS with filtering enabled is supplied to devices on the network. Firewall rules prevent users choosing a different DNS provider to get around the web filtering. VPN is also forbidden to prevent tunnels punching a hole through the filtering.

Children

Similar to guest, with the addition of age related content filtering added.

IOT

All Internet connected devices apart from personal devices such as laptops and phones. Connections can only be initiated from other networks to the IOT. Once established, data can go both ways. IOT devices could see eachother.

Example smart home devices like bulbs, switches, etc.

Internal

All other devices that do not fit in any of the categories above with minimal restrictions.

Issues

I have seen problems with updating firmware on devices if the device like you mobile phone is on a different VLAN. To get around this, I have allowed some devices to connect to different networks to workaround the issue.

Summary

Separating the network virtually allows a lot of flexibility and ways to control devices using the same cables. I will write up a future post on how to implement the above.

About Danny

I.T software professional always studying and applying the knowledge gained and one way of doing this is to blog. Danny also has participates in a part time project called Energy@Home [http://code.google.com/p/energyathome/] for monitoring energy usage on a premise. Dedicated to I.T since studying pure Information Technology since the age of 16, Danny Tsang working in the field that he has aimed for since leaving school. View all posts by Danny → This entry was posted in Networking. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *.

All comments must go through an approval and anti-spam process before appearing on the website. Please be patience and do not re-submit your comment if it does not appear.

This site uses Akismet to reduce spam. Learn how your comment data is processed.