Everyone was kind enough to ram my brain chock full of knowledge about switches and I came away feeling like I can explain it to other people. (please don’t test me on this, I’ll fail)

But now I’m trying to figure out how I want my network to look and so it’s best I ask the people smarter than me that actually understand what I’m trying to do.

My house is an average sized, end of terrace in a big city and so while I can get decent Internet speeds, I get lots of WiFi signal congestion with neighbours, buildings, etc.

In my present router, which I really need to replace, I have my NAS and cable box plugged in via Ethernet, everything else is connected via WiFi. That’s a bunch of phones, a couple laptops, and a couple Raspberry Pi’s (including my one with all my home services, like Home Assistant and my Pi-Hole).

The design I’m cooking up, is that my NAS would be on a virtual LAN with no direct access to the Internet, my Raspberry Pis would have Internet access. I don’t need to worry about my smart home devices having Internet access since they’re all Zigbee devices. But I plan to switch my cable box to an IPTV box and I’m also wanting to get a video doorbell and security camera for the garden, so that’s at least three virtual local area networks. Four if I add a guest network.

My questions are really simple ones and you’re probably gonna laugh at how stupid they are… can I do this all with a single switch? Do I need a separate access points for each VLAN or can I have multiple vLANs on a single AP? How many ports should I be looking at on my switch? Would four be enough for my set-up? Also managed is best right?

  • not_fond_of_reddit@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    ·
    7 months ago

    Segment based on usage, a decent switch kan handle around 4k VLAN.

    • users (Ethernet)
    • users (wlan)
    • iot
    • cameras
    • servers
    • storage
    • media devices
    • phones
    • printers
    • guests

    If you can enable client isolation on WiFi, port protection/isolation on Ethernet and start using 802.1x for network auth… then you are off to a pretty decent start in case of a vendor bug, misconfiguration or some curious individual

    • sabreW4K3OP
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      Thank you so much. I’ll read up on network authentication because right now I have no clue what that is 😅