Networking Consultants for home network?

Comments

7 comments

  • Avatar
    James Willhoite

    Do you have switch that allows VLAN? How about access points that allow VLAN? Is the FWG and Switch in the same area or separate areas?

    0
    Comment actions Permalink
  • Avatar
    Ross

    What happened with this request for help?

    0
    Comment actions Permalink
  • Avatar
    David Whelan

    Nothing really happened and I’m still interested in finding someone they can help me properly set up my home network.

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    Previous Post:

    Do you have switch that allows VLAN? How about access points that allow VLAN? Is the FWG and Switch in the same area or separate areas?

     

    Happy to help on here, just need to know some more details.

    0
    Comment actions Permalink
  • Avatar
    David Whelan

    Configuration is: ISP (COX 1Gbit Cable) -> MB8600 modem -> FWG -> Unify US8-60-W Switch.

    Unify US8-60-W Switch port connections

    Port 1: To Wall connection which runs thru attic to son's room -> 8 port Netgear Switch (port 1 uplink) - Port 2 - Son's gaming PC - Port 3 Laptop

    Port 2: DS200+ NAS

    Port 3: FWG

    Port 4: iMac

    Port 5: Roku

    Port 6: Work Laptop

    Port 7: POE turned on - To wall outlet running thru attic to Unifi U6 LR access point in Home

    Port 8: POE turned on - To wall outlet running thru attic to Unifi U6 LR access point in garage/home theater

    Modem+FWG+8 port Unifi switch all located near each other. Yes, I believe my Unifi switch and AP's allow VLANS

    FWG ports 1-3 configured as LAN, 192.168.202.1/24 with DHCP server turned on, with IPv6 turned off.

    FWG port 4 configured as WAN, connection type DHCP, IPv6 turned off.

    Request:

    1) Should I create separate 2.4Ghz networks for iOT, and if so, how do I isolate them from everything else?

    2) Want Work PC to be totally isolated and unable to connect to anything else in my network (and nothing in my network to get to it)... basically internet access only

    3) Want two devices in Son's room (laptop and gaming PC) with internet access only

    4) Want a 5 Ghz guest network, with internet access only

    5) Regular trusted 5 Ghz and wired network that can communicate between devices (ie iMac and NAS, or iPads/iPhones and NAS connections possible between each other)

    I hope the above helps!  Any suggestions greatly appreciated!

    David Whelan

    davidwhelan1@gmail.com

     

     

     

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    1) Yes you should create a VLAN for all IoT devices. You can set rules for an entire network to not allow access to another inside the FWG.

    2) You can create a rule for the specific device to be internet only access, or create a group with a set of rules to not allow local traffic. Group would only have one device in it, but would be there if you added something else to the list.

    3) You can create a group in FWG to place your sons devices in, with a set of rules to only allow Internet access.

    4) Create a VLAN for guest network that only allows Internet Traffic.

    5) This is you basic LAN network that would be open.

     

    You have a Setup just like me. Modem -> FWG -> 24 Port Netgear Switch

    Port 24 is uplink from FWG with VLAN tags 300, 900 (300 is IoT and 900 is Guest)

    Port 1-3 are the TP-Link APs (those ports are tagged with the VLAN 300, 900 so the AP can send the packets through. Must tag the SSIDs with respective VLAN on the AP also)

    Port 4 goes to a 8 port NG desktop switch (dumb switch) that has my work Laptop and my Server which has about 5 Virtual Machines on it

    Port 5 goes to a unused port in the kitchen for future use

    I know I am only using 6 ports on the switch but the switch was free so can't complain, I plan to add more throughout the house but just haven't.

     

    As far as the FWG setup goes, I have port 4 on the FWG as my uplink from the modem. Port 3 then goes to the switch in the garage. Here is the Network Screen

     

    The IKEv2 is a VPN I have setup inside the FWG but really isn't used. I've got both VLANs tagged on port 3, I do not use port 1 and 2.

    As for the Rules this is what I have set up for my Guest Network (VLAN 300)

     

    My IoT basically follows the same set of rules, but I also apply the Target List "Log4j attackers". These rules say to block all traffic to my networks and only allow traffic to the internet. I also apply a QoS (smart queue) to the guest network that only allows them 1mbps upload and 10mbps download.

    Hope this is helpful.

    0
    Comment actions Permalink
  • Avatar
    David Whelan

    wow, thank you so, so much!  I'll take a shot at all this and circle back!

    -David

    0
    Comment actions Permalink

Please sign in to leave a comment.