Home Networking

189 readers

1 users here now

A community to help people learn, install, set up or troubleshoot their home network equipment and solutions.

Rules

Please stay on topic.
Please use the search function to look for keywords related to what you want to ask before posting since most common issues have been answered.
No Ads. This community is for support and discussion. Ads and self promotion are not welcome here.
No product reviews or announcements. If you have a question about a product, be specific about what you want to know.
Be civil. Don't be a jerk. Not being a jerk is surprisingly easy.
No URL shorteners. URL shorteners tend to hide the real use of a link. For this reason, please use normal links, even if they're long.
No affiliate links.
No gatekeeping. With profession shall come professionalism. Extend help without judging others for their ignorance. The same goes for downvoting of comments or posts for "stupid questions" or not being as knowledgeable as others.

founded 10 months ago

MODERATORS

[email protected]

Network Segregation advice - Is this a good idea? (alien.top)

submitted 9 months ago by [email protected] to c/[email protected]

3 comments fedilink hide all child comments

Hi everyone,

I have lost myself in the networking rabbit hole... Read quite a few posts, watched YouTube videos, ... So I thought I could share my plan here and get some feedback, if I am over complicating things.

I have pulled the trigger on a Unifi network and am waiting now on my delivery of my UDM SE, APs and L2 Switches. I wanted to take more control of my network and make it more secure. That being said, the most security will be reached, once I am enhancing my docker networks (which will be done at a later stage). This is setting up the basics.

Networks I want to introduce (Subnets and VLANs):

Networking (LAN)
- Router, UDM, APs, ...
- Anything network related should live in this network
Servers (LAN)
- My NAS, Hypervisor, Pi, VMs, ...
Trusted (LAN/WLAN)
- Main home network for PCs, Laptops, Tablets, Phones, ...
Media (LAN/WLAN)
- TV, PS4, Alexa, Soundbar, ...
- Reson not putting it on IOT or Trusted, I need the Guest network able to reach it and don't want them to reach my Trusted network. IOT I want to be quite limited.
IOT (WLAN)
- Vaccum, Photovoltaics, ...
Guests (WLAN)
- Anyone visiting

In the following diagram you can see my thoughts on how I intend to configure the Firewall. Who can talk to who...

Maybe this diagram is a little clearer:

https://preview.redd.it/siftt8ydro2c1.png?width=666&format=png&auto=webp&s=0d2e8fcd57d8ce45bcb0bc62e2bdaf71cd6d2213

Old diagram

https://preview.redd.it/qqfce2ii4o2c1.png?width=770&format=png&auto=webp&s=f99ad2bb5817386c723c3749a3418f0076783ba2

Is this overkill? Am I blind and missing something?

Looking forward to your feedback and criticism.

Edit: Indication if just LAN, WLAN or both
Edit2: Second diagram, which might be a bit clearer

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 9 months ago

My advice would be to consider throttling the bandwidth on the guest network and also block ports and use a restricted dns server with that vlan.

You can't vet everyone's devices so you want to be proactive.