My home network is firewalled and reasonably secure (all permanent devices and IOT devices have MAC addresses tracked and registered) but I’d like to improve it even more:
-
Home devices (servers, printers, laptops, etc) with registered MAC addresses which can’t be accessed from my registered IOT devices or from unregistered guest devices.
-
QOS rules for all guest devices.
Using a HEX to run the network with unifi AP hardware.
It’s just my home network so only people who have the wifi password are getting on. This is more a learning project than rock-solid production security.
Ideally I’d like to keep IOT things on a separate VLAN so if one has an exploit it doesn’t have access to my regular home lan with servers and printers and such.
And I’d like to QOS the devices from family who visit over the holidays so they don’t crush my network with downloading and such.