Hey guys,I am no networking expert but I have a reasonable sized LAN here at home, due to all the home automation gadgets and geekery I have around the place. Currently I have the following setup;Draytek Vigor 130 VDSL modem (no UFB here yet)Mikrotik 750GL2xUnifi UAPs24 point gigabit unmanaged switchCisco SPA122 VOIP ATAAll but 1-2 of my 24 ports on the switch are in use. I have 4 IP cameras around the place, 3 of which are WIFI and one is LAN. I also have a juicy server running Proxmox with a dozen openvz containers which run all my services etc - i.e. Unifi controller, Freeswitch VOIP server, motion server for IPC monitoring, openHAB server, dnsmasq for DHCP, web server with ownCloud etc.I also have a NAS running Freenas on a separate box, a RPi with some big external USB drives running as a simple backup server (via rsync from the nas), and a UPS.Now I have been reading a lot on these forums and others about the need for VLANs to isolate at-risk devices on my network and have decided this should be my next project. What I am after from GZ is some advice about how to structure my new network, and some advice about what hardware to buy.STRUCTUREAfter a bit of reading I came up with the following for my VLAN structure;ManagementVOIPData (Proxmox, NAS, BackupPi, printer, PCs, laptops, mobile devices)Security (IP cameras)Automation (all my Arduinos and RPi nodes etc, home automation devices/bridges etc)Media (couple of Kodi clients, 4-5 Squeezebox clients, IP connected AVRs/TVs etc)Guest (WIFI only)First question, is this overkill? I wasn't sure about the Media VLAN - is there anything to be gained by splitting out devices by function in this way? Or should Media be merged with Data?I would like to lock down VLANs 4 & 5 to have no internet access. Everything home automation based will be controlled/monitored via openHAB but the question then is, where does openHAB live? On the main Data VLAN, since it needs WLAN access? This is where I get a little unsure - i.e. the best way to protect certain devices/networks, yet still retain access from other devices on different VLANs.Do I need to worry about the Proxmox server since different containers will live on different VLANs? Is this easy enough to configure or am I completely dreaming with this?! I am not after specific config settings, just an idea of whether the plan _can work_ ;). HARDWARENext question is hardware. I have been looking at the Unifi switch since I could then manage it all via my existing Unifi Controller. They are not cheap but I am wondering if the ease of setup would be worth it in my case. Or would the EdgeSwitch be a better option? From what I understand these are not managed by the Unifi Controller but that might not be a bad thing?Or are these over priced bits of kit and I should be looking at a cheaper 24 port alternative? I don't need POE but I think it makes sense to get it if I am going to be spending the money. I am sure more and more devices will be coming that are POE and it would mean my two UAPs could run directly from the switch removing the need for the in-line power adapters I am currently using (minor benefit).The alternative I was considering is buying a much cheaper 8 port managed switch which would handle all the VLANs as listed above, and then have a few 8-16 port (plus my existing 24 point) unmanaged switches hanging off the smart switch. So each VLAN would have its own dumb switch for connecting all the individual devices. Or is this just plain stupid?! Sorry for the very long post, I just wanted to get down as much as I could in the hope someone would look at it and see what I am trying to do and have either already done something similar or have a good idea about the best way to approach it!Appreciate any/all suggestions!
↧