Need help with setting up home network with VLANs

heartless

Broken In
I want to revamp my home network setup with the following features -
  1. VLAN support so that I can segregate my home network.
  2. Inter VLAN routing so that I can allow one-way/two-way communication between two VLANs or block it completely.
  3. Limit bandwidth of VLANs.
  4. PoE+ ports to power WAP/pi etc.
  5. Gigabit LAN so that I can stream content locally from my media server.
  6. Gigabit WAN to be future-proof.
  7. VPN support
  8. Web GUI for configuration with local user account. I shouldn’t have to register/login to any cloud services for setup.
  9. Should be able to survive running 24/7 in summer :)

Any gotchas/drawbacks with this setup that I should be aware of? Also, please suggest if there are any must have/usually sought after/good to have features I should be looking for.

What are my options for a router and a switch for this kind of setup? One obvious option is to use pfSense as router, but I don’t have any old system for that.
 

whitestar_999

Super Moderator
Staff member
You will either need to buy a Pi or an expensive wifi router to achieve all this. You also need to be quite familar with networking configuration & linux(in case using a Pi as a dedicated router/server/pi hole) to follow various online tutorials/guides.
 
OP
H

heartless

Broken In
You also need to be quite familar with networking configuration & linux(in case using a Pi as a dedicated router/server/pi hole) to follow various online tutorials/guides.
Can you post some links so that I can check if it's my cup of tea? In general, I'd say I'm somewhat familiar but I'm no sysadmin. I definitely don't want to configure firewall rules or vlan through cli, if that's what you meant.

You will either need to buy a Pi or an expensive wifi router to achieve all this.
Any recommendations for wifi routers?
 

whitestar_999

Super Moderator
Staff member
Can you post some links so that I can check if it's my cup of tea? In general, I'd say I'm somewhat familiar but I'm no sysadmin. I definitely don't want to configure firewall rules or vlan through cli, if that's what you meant.
*www.snbforums.com/threads/ac86u-vlan-creation-writeup-by-u128393-i-found-on-a-chinese-forum.63113/

Just to be clear, I am not saying it will be this complicated but it can/may be this complicated depending on your requirements/usage/future scalability.

Any recommendations for wifi routers?
Your budget because in India all good routers are comparatively expensive compared to abroad(asus routers mentioned in above link are stiill quite popular at snb forums but in India I have never seen their prices come down to reasonable levels except for their entry level 3-5k priced models).
 

whitestar_999

Super Moderator
Staff member
Why do you need vlan anyway, for a typical home network it is not really required. Only reason I see the need to use vlan for a typical home network is to isolate smart devices(like lights, tv etc) from interacting with each other & the rest of the home network & that can also be achieved by using guest networks/firewall unless you have too many of them in which case vlan becomes somewhat necessary.
 
OP
H

heartless

Broken In
*www.snbforums.com/threads/ac86u-vlan-creation-writeup-by-u128393-i-found-on-a-chinese-forum.63113/

Just to be clear, I am not saying it will be this complicated but it can/may be this complicated depending on your requirements/usage/future scalability.

Definitely not what I'm looking for. I'd prefer something that I can do from GUI. Similar to how you can setup vlan on pfSense.

Your budget because in India all good routers are comparatively expensive compared to abroad(asus routers mentioned in above link are stiill quite popular at snb forums but in India I have never seen their prices come down to reasonable levels except for their entry level 3-5k priced models).

I haven't decided budget yet. I wanted to know different ways of setting it up so that I could pick the cost effective one. One option is to buy all-in-one router like you suggested. I'd need to buy additional range extender in that case to cover two floors. Other would be to buy router, switch, and wap separately. This way I don't have to buy everything at once. I can simply use my existing router for wifi in the meantime.

I really liked udm pro. I don't need all the bells and whistles it comes with, but I expected at least PoE+ ports at that price point. It apparently also requires you to create a Ubiquiti account to set it up. So, is there something similar but at a smaller scale?

Why do you need vlan anyway, for a typical home network it is not really required. Only reason I see the need to use vlan for a typical home network is to isolate smart devices(like lights, tv etc) from interacting with each other & the rest of the home network & that can also be achieved by using guest networks/firewall unless you have too many of them in which case vlan becomes somewhat necessary.

That's pretty much it. I want to isolate smart devices. I don't think typical guest network on your router allow the same isolation level as vlan. I can set main vlan as 10.10.10.0/24 and guest as 192.168.10.0/24. I don't think you can do that without vlan.
 

whitestar_999

Super Moderator
Staff member
That's pretty much it. I want to isolate smart devices. I don't think typical guest network on your router allow the same isolation level as vlan. I can set main vlan as 10.10.10.0/24 and guest as 192.168.10.0/24. I don't think you can do that without vlan.
I have a typical 2k priced dlink router & its guest mode comes with the option of "internet access only" aka no home network access. I connect my smart devices to this guest wifi network with this option enabled. Many routers nowadays come with similar option of guest wifi network not letting access home network. Of course this setup has one annoying issue, if for any reason you need to reset the device & setup from the beginning then you need to turn off this option for guest wifi network as initial setup requires smart device being on same local home network as the device you are setting it from(mobile) & both can access each other.
 
OP
H

heartless

Broken In
I have a typical 2k priced dlink router & its guest mode comes with the option of "internet access only" aka no home network access. I connect my smart devices to this guest wifi network with this option enabled. Many routers nowadays come with similar option of guest wifi network not letting access home network. Of course this setup has one annoying issue, if for any reason you need to reset the device & setup from the beginning then you need to turn off this option for guest wifi network as initial setup requires smart device being on same local home network as the device you are setting it from(mobile) & both can access each other.

Let's say, I have a media server that I want to access from both tv and pc. Which network would I put my media server in? If I put it in guest, how can I ensure that guest network can reply to a request initiated by main network but it can't access main network directly i.e. one-way communication?
 

whitestar_999

Super Moderator
Staff member
Let's say, I have a media server that I want to access from both tv and pc. Which network would I put my media server in? If I put it in guest, how can I ensure that guest network can reply to a request initiated by main network but it can't access main network directly i.e. one-way communication?
I will search online for such scenario & will update here.
 

Nerevarine

Incarnate
Getting an old i3 system and setting up pfsense is the best way to deal with this. (IMO) Put it in small enclosure with as many NICs as you need.
 
Top Bottom