I think I’m going to redo my home network and I thought I’d ask a few questions.
I currently have a pfSense box with WAN, LAN, and DMZ (IOT) ports. The LAN port goes to a D-Link DGS-2208 10/100/1000 8 port switch. Connected to this switch is Netgear GS108T 8 port gigagbit smart switch. I also have a ASUS-AC3100 WiFi access point connected to the LAN D-Link switch. AiMeshed in with the AC3100 I also have an ASUS RT-AX88U router to improve the coverage around the house. On the pfSense DMZ port I have ASUS RT-66R WiFi access point for my IOT stuff.
Do I really need the DMZ port on my pfSense box for the IOT devices (a few cameras, Ring doorbell, home control, TV, etc.), or would one of the 3 guest networks on ASUS routers be sufficient? I’d kind of like to use the ASUS guest network off my LAN for my IOT because the two AiMesh routers have better WiFi coverage around the house than the single ASUS RT-66R WiFi access point off my DMZ port.
Or should I set up a VLAN? I’m guessing in a perfect world the DMZ port has the most isolation. I haven’t messed around with VLANs so I was wondering if I should look into those.
Was in a similar boat to you, had about 10 routers doing all sorts of things.
However the wifi was always sub optimal.
Ultimately I ran ethernet in my house, ditching the routers and buying a “proper” access point.
If you are prepared to run some cables, it makes sense to buy a managed switch and an AP. Then you can run whatever vlans you want. Better APs will have about 8 SSiDs that can be used which can map to your vlans.
I’ve not implemented a DMZ but always thought they were intended for things like webservers you hosted yourself, don’t think having your IoT devices there makes sense.
Honestly, buy a managed PoE switch and a couple of access points, then give your routers away. You will always get better coverage with an AP because it’s much easier to place than a router acting as an access point.
Spectrum modem, router, pfsense appliance, full unifi stack(multiple switches and AP’s).
IOT crap resides on VL60, with multiple rules in place including DNS redirects, and unable to talk to anything else on the network segments. DMZ is not enabled ANYWHERE.
All of the unifi stuff is managed via the not so pretty gui.
I still have a Netgear GS108T 8 port gigagbit smart switch floating around somewhere, but it’s not connected.
I have a pfSense box with a four port intel ethernet card. Cable modem is connected to motherboard ethernet port. I have three Synology Routers that are now used as AP’s. Each are connected to their own ethernet port on the pfSense box. One is for secure network. One is for IoT devices. One is for an IoT device located in the Security Closet. My home was wired for ethernet. I was able to connect the devices that required ethernet using unmanaged switches. I only had to run one extra ethernet cable. This was from an extra jack in the office to the Family Room. Oops!