LilacDingo

joined 10 months ago
[โ€“] [email protected] 1 points 10 months ago

I personally run an OPNSense firewall on a Protectli Vault firewall appliance, they're pretty small units but powerful enough for what you're looking for and more I imagine. It sounds like you'll need an 8 port switch in your cabinet to feed networking into all your rooms then perhaps another 8 port in your office to run your home lab depending what else you're looking to connect. Make sure you buy managed switches if you're hoping to do vlans.

I'm also running Unifi APs and manage it via the Unifi Controller Docker container, if you're buying 8 port switches the PoE variants are pretty affordable to remove the need for PoE injectors, just check the switch PoE budget to ensure you can power all the APs you're planning and I would suggest buying something name brand and metal cases for performance and longevity.

Hope that helps

[โ€“] [email protected] 1 points 10 months ago (1 children)
 

Hey all, I'm looking to tighten up my home network by implementing some network segregation. I'm in the process of setting up a new OPNSense firewall and the plan currently is the following networks and vlans which will be setup.on my OPNSense and D-Link 1100 V2 series switch. Management - 10 LAN - 20 Server - 30 Docker - 40 Video - 50 GoogleHome - 60 SmartHome - 70 Guest - 80

I've got lots of experience with vlans but not so much with not using the native vlan for LAN or separating management from native vlan/LAN.

I'm thinking of separating Google Home devices from Chinese smart plugs etc. as the Google Home devices I consider more trust worthy and I'll also want to be able to cast to them and allow them to access my Plex instance while other smart home devices will just need internet.

The Server and Docker vlans I'm less sure about, I haven't really got straight in my head whether I need to separate any of them and or put them on the LAN etc or if I'm going to have a nightmare with dockers on different vlans all sharing the same hardware and shares. I'm running an unraid NAS with a Windows VM running Blue iris for my cameras and veaam 365 backup as well as a bunch of dockers: Sabnzbd ***arr Plex Swag Guacamole postfix SMTP relay Paperless Unifi management

For management I'm thinking of just putting my Windows VM on there with the firewall, switch, wifi etc. It is running on my Unraid NAS and also runs Blue iris for my cameras which will complicate it and might mean I need to bridge some networks with multiple NICs on the windows VM though so maybe best to run up another dedicated vm?

Wi-Fi is via 4 unifi APs, mixture of Pro and Lite, will need atleast 5 SSIDs I think - LAN, Guest, GoogleHome, SmartHome, Video. Not sure how to go about naming them, feel like I need to name them clearly to keep them straight but makes it more obvious which to target as well right?

I've got 4 Ethernet ports on my firewall so I'm also planning on using 1 for WAN and 3 combined in a LAGG to run all the vlans over, haven't done that before with a firewall but seems sensible.

Anywqy I think that's probably quite enough for one post, would love to hear if anyone has any thoughts on issues I might encounter, stumbling points or any improvements to suggest?