New Network Subnet/vlan?

9075knight · August 1, 2019, 12:01pm

Hello,

I am trying to build a home network that seperates into 3 or more networks. Though I get confused on the difference between a vlan and a subnet. For example I create 4 networks (Main,Family,Business,Untrusted)
How could I seperate them so that the devices on each can not talk or see eachother. Also would this provide any security in the case that a device was compromised?

Side Note: I am building on a pfsense router with an i5

w9hdg · August 1, 2019, 1:06pm

I don’t want to steer you wrong, I am not a networking expert and I do not play one on TV, heck I didn’t even stay at a Holiday Inn Express last night. That being said, I have a similar network to what you are describing. I have 5 VLANS with 5 separate subnets.

VLAN 1 - Internet Access
OpnSense Router (172.21.9.x)
Ubiquiti EdgeRouter Lite (172.21.9.x)

VLAN 10 - Main Lan (192.168.10.x)
VLAN 20 - Guest LAN (192.168.20.x)
VLAN 30 - IOT LAN (192.168.30.x)
VLAN 40 - Management/Unifi (192.168.99.x)

I have a 24 port Ubiquiti EdgeSwitch Lite that I have the various VLANs tagged in and it handles the routing between the VLANS (as well as the security through access control lists).

The way things work is this. Say my main computer wants to get the internet. My Computer sends the request to the switch on VLAN 10, which then routes the packet to VLAN1 and out of my OpnSense box. Say a compromised IOT box wants to scan the entirety of the 192.168.x.y subnet. The switch knows through its access control lists that it is not allowed to do that and blocks those attempts.

faust · August 1, 2019, 7:17pm

While w9hdg’s info is good and valid, I’ll explain vlan vs subnet in simple hopefully.

VLan is Port Tagging. It’s an optional feature based on how you want to create your network.

Subnet is IP Range Masking. It is not an option, it’s required for each IP segment you issue. The most common is a /24 network, and its typically the default with all consumer level devices.

You should first consider in your home example of wanting 3+ networks, whether they’ll be wired or wireless. If some is wireless, consider how many networks you want from that and how separate you want those. That will tell you your AP options.

From there you can start to better plan out your network arrangement.