I have a conceptual understanding on the concepts of networking, i.e. VLANs, LANs, Routers, Switches, APs, etc. But I am not in any way a network expert so am looking for some input and advice relative to my goals. Originally I had been thinking of a 'bucket' strategy based upon the FWG and its three physical LAN ports. However after reading more last night, I'm thinking that perhaps a 'layer cake' strategy of VLAN's might be a better approach?
Current Network Gear:
- TP-link 48 port jetstream switch & Omada software controller
- Verizon G3100 access point (router) & extender
- Intent to upgrade to TP-Link APs in lieu of the Verizon router
- Business PCs & Family PCs
- Windows Server
- LAN Multi-function printer/scanner
- Smart TVs & Game Console
- Mobile/Wireless Devices
- Smart Thermostats
- Isolate Business from Family devices
- Permit access to the LAN Printer from Business, Family and WiFi
- Apply FWG Add Blocking to Business & Family Devices, but not Smart TVs (I've read that add blocking can mess with things like Hulu and other add supported clients)
- Apply FWG Content Management policies to Family Devices & WiFi
- Have a guest WiFi versus 'Family' WiFi
- Isolate Smart Thermostats (may have to wait until I add TP-Link APs that allow for multiple SSIDs)
- Route/permit incoming VPN traffic from FWG only to specific Business Client(s).
- QoS to prioritize Business Devices over Family/Smart TVs, etc. (this is a nice to have, not required)
- I know from some additional reading that the G3100 (which has a guest WiFi SSID) tags the Guest SSID with a VLAN 10 tag. If I understand correctly I can therefore set the FWG Guest VLAN to 10 and create a VLAN in my Switch tagged with 10 and that would manage all 'Guest' traffic.
- I'm hazy on how best to "share" the printer, should it sit in its own VLAN?
- Should I bother with multiple LAN networks on either the FWG or Switch, or should I lag two (or three) of the FWG LAN ports to a pair of ports on the Switch, then use VLAN's in the FWG and Switch to manage traffic and application of policies?
- Should the VPN routing be managed with yet another VLAN?
- Is there something I missing, am I thinking about this 'all wrong'
Thanks so much for reading and your valuable advice and feedback.
Please sign in to leave a comment.