Secured the home network...finally

Networking and broadband talkabout. Need help with that new router or setting up a network?
Post Reply
User avatar
b-man1
Posts: 5201
Joined: Wed Nov 22, 2000 10:23 am

Secured the home network...finally

Post by b-man1 »

It's been a long time coming, but I finally made the effort to segment my home network. I was originally using a Ubiquiti Edgerouter X and several unmanaged switches. I added a few Ubiquiti UniFi 8-port PoE switches (didn't go with one of their USG devices...kept the Edgerouter X).

My WAPs are old Ruckus 7982s...they are beasts. Originally $1K WAPs, got them for next to nothing used. Only A/B/G, but the signal strength is unmatched so far in my stucco/concrete bunker Florida house. I'm looking for something comparable with better speeds, but unless I pay $$$$$$$, there isn't much of an option.

So, I added the following VLANs:

--Management (router, switches, etc)
--General home devices (all desktops, laptops, mobile devices)
--Guest WiFi
--IoT devices (Apple TV, FireTV, Roku, security cams, smart outlets, thermostats, etc)

The Guest and IoT are isolated from everything, meaning they cannot initiate connections to any other LAN devices. They only get DNS (via a Pi-hole) and DHCP from the router. Security cams are blocked entirely from internet access and only viewable via the NVR (sorry Russia!). The management and Home VLANs can initiate to IoT devices, however.

It ended up taking a bit to get the VLANs working on the ER-X due to an annoying glitch that wouldn't let me remove the IP from the Switch0 interface. That's required when enabling VLAN capabilities...end result was constantly being locked out of the router until I got it right.

If anyone is using an Edgerouter and has questions, let me know. There are a lot of forum posts out there on configuring it and a hundred different ways to do things. I'll try to help if I can.
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Secured the home network...finally

Post by FlyingPenguin »

I went through all that with my EdgeRouter-X last year. Isolated Guest/IoT & Trusted networks on different segments.

I like the EdgeRouter-X, I just wish it had a built-in ability to update the firmware instead of having to download it myself.

Strangely, the Ubiquiti Nano-Beams I'm using to link the networks in my two adjacent homes have built-in firmware update capacity, so I can't understand why the EdgeRouter-X doesn't.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
b-man1
Posts: 5201
Joined: Wed Nov 22, 2000 10:23 am

Re: Secured the home network...finally

Post by b-man1 »

UNMS should handle firmware updates for you, but it's another controller to run, like the UniFi controller.
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Secured the home network...finally

Post by FlyingPenguin »

Yeah, I didn't want to fart around with UNMS. Just seems weird that the Nanobeams would have the capability in their CPs but the router doesn't.

Otherwise pretty happy with it. Been a rock solid router.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Secured the home network...finally

Post by Losbot »

Probably because they know the beams will most likely be in a not-so-accessible location.
Post Reply