cross-posted from: https://lazysoci.al/post/12664364

Everyone was kind enough to ram my brain chock full of knowledge about switches and I came away feeling like I can explain it to other people. (please don’t test me on this, I’ll fail)

But now I’m trying to figure out how I want my network to look and so it’s best I ask the people smarter than me that actually understand what I’m trying to do.

My house is an average sized, end of terrace in a big city and so while I can get decent Internet speeds, I get lots of WiFi signal congestion with neighbours, buildings, etc.

In my present router, which I really need to replace, I have my NAS and cable box plugged in via Ethernet, everything else is connected via WiFi. That’s a bunch of phones, a couple laptops, and a couple Raspberry Pi’s (including my one with all my home services, like Home Assistant and my Pi-Hole).

The design I’m cooking up, is that my NAS would be on a virtual LAN with no direct access to the Internet, my Raspberry Pis would have Internet access. I don’t need to worry about my smart home devices having Internet access since they’re all Zigbee devices. But I plan to switch my cable box to an IPTV box and I’m also wanting to get a video doorbell and security camera for the garden, so that’s at least three virtual local area networks. Four if I add a guest network.

My questions are really simple ones and you’re probably gonna laugh at how stupid they are… can I do this all with a single switch? Do I need a separate access points for each VLAN or can I have multiple vLANs on a single AP? How many ports should I be looking at on my switch? Would four be enough for my set-up? Also managed is best right?

  • @[email protected]
    link
    fedilink
    10
    edit-2
    1 month ago
    • Single switch, yes. Personally I would probably aim for a managed (must have for vlan support) switch with at least 16 ports where 8 has PoE+ (Power over Ethernet) with at least 100W total budget. The goal would be to power access points and that security camera through PoE instead of separate psus.
      A cheaper alternative is to skip PoE for now and buy an 8-port managed switch now and a secondary PoE switch in the future if need be.
    • There are access points with VLAN support, so you can have an access point deliver multiple SSIDs that belong to different VLANs. Two things to look for here is Local Management and PoE powered. You don’t want your access points to become paper weights when the cloud management system is shut down. I don’t want to use cloud management at all to be honest.
    • PoE allows you to protect your camera and your APs with the same UPS you put in to protect your network rack.

    Draw up some plans beforehand, quick example where I forgot your video doorbell that would be on a separate SSID/VLAN through the APs if it uses WiFi. Which is kind of the point with drawing it up. It helps you find out what you missed.

    edit: And that is just an example on how to draw it up. I imagine you want your security camera and doorbell to save video on the NAS, so then their vlan need to be able to communicate with the NAS vlan, as another example of missing stuff in the drawing.

    • @sabreW4K3OP
      link
      61 month ago

      This is such an epic post. I am super grateful. I was definitely thinking about a POE switch because it just makes sense to me that you’d have the network power what it can rather than have to monitor batteries.

      Talking of which, I hope we get Power Over Thread coming to Matter 2.0. That would be glorious. It wouldn’t even need a lot of power, just enough to keep motion sensors topped up.

      Thank you so so much.

          • ilovecheese
            link
            fedilink
            3
            edit-2
            1 month ago

            Yep, it’s not as overkill as it first seems.

            One managed handles all the VLAN designations and most of the heavy lifting of the network,

            One is just a virtual switch in my Proxmox server dealing with the virtual machines and containers.

            And then a physical VLAN aware switch at each end of the house for all client devices on multiple VLANS, ie CCTV (no internet), Media VMs on VPN only VLAN, PC, laptop, phones etc on their own, and a management VLAN.

            • @sabreW4K3OP
              link
              21 month ago

              Would you recommend a separate POE switch for the cameras?

              Is there anything you would change if you had to start all over again?

              • ilovecheese
                link
                fedilink
                2
                edit-2
                1 month ago

                My main need of a separate POE is more logistical than networking, it’s convenient to power a couple of cameras from a distant switch.

                I think if I started over the only things I’d alter would be the number of ports on the main switch. 16 ports at least. I’ve used all 8 and still have things I would use more for.

                Here’s a physical diagram (not all clients are shown) that may help some more:

  • @[email protected]
    link
    fedilink
    51 month ago

    It’s worth noting that you will have to set up firewall rules on your new router to block internet access to specific vlans. By default your router will probably allow all traffic between all vlans.

    If you want to segregate the video doorbell it works the other way around, allow internet access to that vlan and block access to your main vlan.

    • @sabreW4K3OP
      link
      41 month ago

      Good thing you said that. I thought the firewall rules were automatically set via OpenWRT.