Home Network with multiple VLANs
At one point I had a regular network at home, which only had a single LAN with all devices on the same network, but after watching several videos about VLAN setups I wanted to configure one in my network.
I grabbed the ZyXEL GS1900–16 since it was quite inexpensive and saw a couple of good reviews. For the router, I’m using the Ubiquit EdgeRouter Lite that I had previously gotten.
I still have to connect and configure a couple of devices and change the cables, but it has been an interesting learning experience, and little documentation appears to exist regarding some issues I encountered.
The router is handling the routing, obviously, between the VLANs that were created and is a router on a stick setup. All of the devices, even the cable modem, get connected to the switch. The diagram below shows how I setup my network
The VLAN 10 through 30 are user networks. But why would I need three user networks in a two person home? Well the VLAN 30 is for guests and doesn’t have access to any other network. The VLAN 10 connects to the Internet via the ISP, and the VLAN 20 connects via the VPN.
VLAN 40 is for DMZ as I plan to have SSH access to my home network at some point in the future. VLAN 50 is where all of the servers live. Also, the Apple TV and the Airport Express reside here. I might move the Apple TV and Airport Express to another VLAN in the future.
VLAN 60 is where all of the management of the network infrastructure takes place; this network has limited access to every other VLAN to prevent as much harm as possible.
VLAN 90 is created to house the ISP cable modem and to have it connected to the switch. This setup allows me to enable port mirroring on the switch and attach another device that can capture all of the packets between the router and the modem for monitoring, such as Intrusion Detection Systems, or for troubleshooting a connectivity issue.
I also grabbed the console cable and configured the EdgeRouter Lite through the serial console; this guarantees that I’m able to access the device during configuration. The ZyXEL switch also has a serial console port, but unfortunately, they left it inside, and it’s not easily accessible as you need to open the device.
In the following posts, I will go into the details of configuring each of the devices.
