It's been a long time coming, but I finally made the effort to segment my home network. I was originally using a Ubiquiti Edgerouter X and several unmanaged switches. I added a few Ubiquiti UniFi 8-port PoE switches (didn't go with one of their USG devices...kept the Edgerouter X).
My WAPs are old Ruckus 7982s...they are beasts. Originally $1K WAPs, got them for next to nothing used. Only A/B/G, but the signal strength is unmatched so far in my stucco/concrete bunker Florida house. I'm looking for something comparable with better speeds, but unless I pay $$$$$$$, there isn't much of an option.
So, I added the following VLANs:
--Management (router, switches, etc)
--General home devices (all desktops, laptops, mobile devices)
--Guest WiFi
--IoT devices (Apple TV, FireTV, Roku, security cams, smart outlets, thermostats, etc)
The Guest and IoT are isolated from everything, meaning they cannot initiate connections to any other LAN devices. They only get DNS (via a Pi-hole) and DHCP from the router. Security cams are blocked entirely from internet access and only viewable via the NVR (sorry Russia!). The management and Home VLANs can initiate to IoT devices, however.
It ended up taking a bit to get the VLANs working on the ER-X due to an annoying glitch that wouldn't let me remove the IP from the Switch0 interface. That's required when enabling VLAN capabilities...end result was constantly being locked out of the router until I got it right.
If anyone is using an Edgerouter and has questions, let me know. There are a lot of forum posts out there on configuring it and a hundred different ways to do things. I'll try to help if I can.
Secured the home network...finally
- FlyingPenguin
- Flightless Bird
- Posts: 32784
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
Re: Secured the home network...finally
I went through all that with my EdgeRouter-X last year. Isolated Guest/IoT & Trusted networks on different segments.
I like the EdgeRouter-X, I just wish it had a built-in ability to update the firmware instead of having to download it myself.
Strangely, the Ubiquiti Nano-Beams I'm using to link the networks in my two adjacent homes have built-in firmware update capacity, so I can't understand why the EdgeRouter-X doesn't.
I like the EdgeRouter-X, I just wish it had a built-in ability to update the firmware instead of having to download it myself.
Strangely, the Ubiquiti Nano-Beams I'm using to link the networks in my two adjacent homes have built-in firmware update capacity, so I can't understand why the EdgeRouter-X doesn't.
Christians warn us about the anti-christ for 2,000 years, and when he shows up, they buy a bible from him.
Re: Secured the home network...finally
UNMS should handle firmware updates for you, but it's another controller to run, like the UniFi controller.
- FlyingPenguin
- Flightless Bird
- Posts: 32784
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
Re: Secured the home network...finally
Yeah, I didn't want to fart around with UNMS. Just seems weird that the Nanobeams would have the capability in their CPs but the router doesn't.
Otherwise pretty happy with it. Been a rock solid router.
Otherwise pretty happy with it. Been a rock solid router.
Christians warn us about the anti-christ for 2,000 years, and when he shows up, they buy a bible from him.
Re: Secured the home network...finally
Probably because they know the beams will most likely be in a not-so-accessible location.