• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Home Network VLAN Approach

B

BazLux

Junior Member
I am considering segregating my physical network at home for a couple of reasons.

1) We run a business from home and I would like it to be separate from our domestic requirements.

2) I have two boys who not long from now will be poking around where they shouldn't 😀

I would also like to create a guest VLAN and perhaps another "space" where the switches and potentially other boxes could live.

I currently run a Windows 2012 server with and 4 nics runnng multiple VM servers, one for business and one WHS 2011 for domestic use.

I have a Draytek 2850 as my router to the ISP and I also have two redundant Draytek 2820 routers at my disposal.

My current LAN is all hooked to a TP-LINK 24 port L2 switch, with a 8 port L2 switch in a remote part of the house.

Ideally, I would like to set something up that will allow my more private VLAN's to be able to access the less so. A bit like an onion 🙂 with my core being the VLAN where my switches and other boxes live, next up would be the business followed by domestic and finally guest where the printers would also live. A lot of this I believe I can achieve with the L2 switch and VLANS.

I guess what I'm looking for someone with experience to critique what I am proposing and\or suggest something better.

As you can probably guess, I'm not a networking expert but, I am prepared to research and learn. :thumbsup:
 
You can easily make multiple VLANs or networking subnets and have your router route between them. Many (most) routers also have guest network features that block the guests from seeing the rest - you could probably just stick your kids on the guest LAN and using nanny filtering.

BazLux said:
Ideally, I would like to set something up that will allow my more private VLAN's to be able to access the less so.
Click to expand...

This is tougher. Without creating routes rules for both directions of traffic, most things won't work. (You can ping the kid's computer, but the ACK won't have a route back to you.)

If you want to be able to monitor your childrens' activities or have access to "family" stuff (printers) from the "work" network but not visa versa, your best bet there may just be good old fashioned passwords, account-based permissions, and physical security when necessary. Unless your kids are more interested in packet sniffers than they are in pr0n. But that's a separate problem.
 
I've done a little reading over the weekend and I think I will try and utilise some of the capabilities of my L2 switches. So, my plan is:

Router will route traffic between the all the VLANs.
Use the L2 switch to:
Configure trunk back to the router.
Filter out on the TCP-Flag (SYN and RST) to secure VLAN from less secure VLAN.
Assign each port\mac combination in use to appropriate VLAN manually.
Default unused to the guest VLAN.

If my understanding is correct, this should allow the more secure VLAN to establish connections to the less secure but not the other way around. Once a conversation is started, the filter doesn't apply and should allow the conversations to continue.

What do you think?
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top