Discussion Home Network Design

Toggle sidebar Toggle sidebar
J

jldodge710

Junior Member
Apr 26, 2014
9
0
66
After a lot of research and YouTube videos, I have come up with the following design for a home networking system in a home we are building. My objectives are to isolate the Personal PC network from the "household" (security, household, video) networks in case any of the connected devices were to be hacked. This would protect all of our personal/financial information from any intrusion. I also want to control settings, etc. from the Personal PC network which means I will need to access the other networks without allowing them to access the Personal PC network. I also want our personal PCs to receive all alerts, messages, etc. from the "household" networks. We also plan to have iPads for controlling the "household" networks, particularly the appliance apps, lighting, HVAC, and video cameras. We are both retired so this is our LAST home ...

I would appreciate any comments, advice or suggestions. I realize that the symbols are not the technically correct ones but that's because I am not a technical expert. Also, we will be having this wired and installed by technicians who have experience in this area. Finally, I am not sure exactly where I should be using a router or a switch so, any recommendations on that point would also be appreciated.


Home Network Diagram 2020-12-05_7-33-30.jpg
 
Sort by date Sort by votes
ch33zw1z

ch33zw1z

Lifer
Nov 4, 2004
37,765
18,045
146
VLAN's and firewall rules should accomplish this with a lot more ease and flexibility.

For instance, I have an isolated network that my son runs a minecraft server on. I have a firewall rule for his computer that allows traffic from our main network to the isolated network. His IP only. I have another rule for my pc so when my younger wants to join him, he can, I go enable the rule, he plays, then I disable the rule when he's done. You have to set static DHCP reservations so your PC's get the same IP all the time, easy to do tho.
 
Upvote 0 Downvote
J

jldodge710

Junior Member
Apr 26, 2014
9
0
66
Thanks for the feedback. I have done some more research on VLANs and it appears that is a better way to go -- simpler topology, less equipment & points of failure, and easier to administer. Admittedly, I am still learning but I have a few questions given the shift to VLANs.

It would appear that I may need at least 2 switches given the number of endpoint connections. I realize that I can trunk them to save ports but I may need a level 3 switch in order to enable certain VLANs to talk to each other. Does that make sense? Do I give up anything in terms of securing the networks, particularly the Personal PC Network, if one of the endpoint devices ends up getting hacked? I also plan to have two WiFi networks (one dedicated to the PC Network and the other accessible to "guests" and the other VLANs). Would that create additional problems or security risks?

Thanks in advance for any feedback ...
 
Upvote 0 Downvote
ch33zw1z

ch33zw1z

Lifer
Nov 4, 2004
37,765
18,045
146
jldodge710 said:
It would appear that I may need at least 2 switches given the number of endpoint connections. I realize that I can trunk them to save ports but I may need a level 3 switch in order to enable certain VLANs to talk to each other. Does that make sense?
Click to expand...

That's up to your config. If you start trunking ports on a managed switch, that means your passing multiple VLAN's across a single link, and you'll need a managed switch on the other end to pass trunked traffic.

What you need (layer 2 or 3 switch) depends on what you buy. If you buy something with the firewall built in, then that's all you need.

jldodge710 said:
Do I give up anything in terms of securing the networks, particularly the Personal PC Network, if one of the endpoint devices ends up getting hacked?
Click to expand...

If you isolate the VLAN's from each other, then no, there's no reason to suspect the "hacked" or compromised devices can access the personal pc network. Of course, it's up to you to verify the VLAN's are really isolated from each other

jldodge710 said:
I also plan to have two WiFi networks (one dedicated to the PC Network and the other accessible to "guests" and the other VLANs). Would that create additional problems or security risks?
Click to expand...

Again, when using VLAN gear, and the VLAN's are isolated, then LAN or WLAN doesn't make a difference, the traffic is still blocked from each other.
 
Upvote 0 Downvote
J

jldodge710

Junior Member
Apr 26, 2014
9
0
66
An additional question on how VLANS work. To simplify, I have three VLANS --- VLAN10 is my Personal PC Network, VLAN20 is for all of our lighting and appliance devices, and VLAN30 is for our security devices. VLAN10 and VLAN20 cannot access VLAN30. VLAN30 can access VLAN10 and VLAN20 to change settings and access video cameras. With these settings for the VLANs, here is my question. VLAN10 devices also include glass break sensors and motion detectors -- Can my iPhone (accessing the PC Network via WiFi) or one of the PCs on the PC Network receive the notifications from the glass break or motion devices? The same question for VLAN20 e.g. stove top is on or refrigerator door is open?

We are planning to go all out on the home automation and security networking which means we will have a large number of devices connected to the switch (at least two and maybe three). Given our dependency on the home automation, I am thinking about using Cisco equipment.

Again, any thoughts/comments are greatly appreciated. Thanks again ...
 
Upvote 0 Downvote
J

jldodge710

Junior Member
Apr 26, 2014
9
0
66
CORRECTED POST:

To simplify, I have three VLANS --- VLAN10 is my Personal PC Network, VLAN20 is for all of our lighting and appliance devices, and VLAN30 is for our security devices. VLAN10 and VLAN20 cannot access VLAN30. VLAN30 can access VLAN10 and VLAN20 to change settings and access video cameras. With these settings for the VLANs, here is my question. VLAN30 devices also include glass break sensors and motion detectors -- Can my iPhone (accessing the PC Network via WiFi) or one of the PCs on the PC Network receive the notifications from the glass break or motion devices? The same question for VLAN20 e.g. stove top is on or refrigerator door is open?

We are planning to go all out on the home automation and security networking which means we will have a large number of devices connected to the switch (at least two and maybe three). Given our dependency on the home automation, I am thinking about using Cisco equipment.

Again, any thoughts/comments are greatly appreciated. Thanks again ...
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom