Very Basic VLAN questions

LeoL · December 17, 2020, 7:48pm

I know this is a very basic question for most on this forum but I really need some advice.

At the moment I’m using an Edgemax X 5 (I think that is correct name) as my router and I’m quite happy with that for now, but my current network is just a basic switched network. For security reasons I understand that I should be using VLANS but I really don’t know how to segment my network.

The first issue seems to be replacing my dumb switches around the house with managed switches. Some people say to use Ubiquiti (like the 5 port Flex mini) and others say these do not follow standards. If I understand it correctly Ubiquiti switches can only be managed by Ubquiti software whereas other switches (like Netgear) can be managed by other free software using SNMP etc. What are peoples views?

The next issue is how to use VLANS? I have a number of Squeezebox Touch players with an LMS server and a number of OSMC players with a video server. Are there any advantages of putting the Squeezebox players and the OSMC players on different V:ANS?

All of the media players need access to the Internet to play Internet radio and video podcasts. The servers also need access to the Internet to download media info.

I know this is a very basic question, but if my media players are in a different VLAN to my main PC how do I manage the media players from my PC?

My video server records TV which I then edit on my main PC before returning to the media server and watching on the OSMC players. I don’t understand how I do this if they are on different VLANS? Do I define rules on the VLANS that allow my PC (with a fixed IP address?) access to the VLANS or something.

My main PC has two network ports so I can connect to both VLANS but does this mean my PC will then act as a router?

I have a similar situation for VOIP phones where I want to be able to take calls on my main PC as well as on the phones.

At some point I want to build a homelab to play with stuff and do some development work. I have an old managed switch that I have never used, so I plan to use that as the backbone for the lab. My question is how to connect this to the main network? I’d like to be able to run virtual machines on my main PC (Windows 10) that connect to the homelab.

Lastly, can I ask what IP address ranges do people use and why? At the moment I’m just using basic 192.168.0.xxx range but I’m wondering what people use for their VLANS? Are their any conventions for using IP address ranges for particular things? For example, are VOIP phones usually put into a particular range to make it clear they are VOIP phones?

Sorry, I did say it was basic!! Any advice much appreciated.

neogrid · December 17, 2020, 9:37pm

I’d agree it’s not self-evident why you need vlans and then how you go about it if you are coming from a standard ISP router.

I’m running pfSense with several netgear switches so perhaps it might be a bit different for your case.

Firstly it’s handy to have a guest vlan so that you are both not sharing the same wifi password, plus your guests can’t see your crapola but get internet access. If you have IP cameras they will soon go out of support so you can easily disable internet access for them.

Yes you need to have managed switches, but not all are the same, some will support SNMP, LACP aggregation etc and others will not on particular models, this is the case with Netgear. You need to read the manuals to be sure. Ubiquiti basically has one interface to manage all network devices, with Netgear you need to login to each device. Not a big deal for a home user. I’m not aware of any software that manages switches but something like Zabbix uses SNMP to return info on the switch like is up or not etc.

At least with pfsense you can create rules to route traffic between vlans, then include exceptions to an IP address on a blocked vlan.

You might want your media on a separate vlan if you are streaming alot of traffic from your server. On your media server you can add a multi nic card so different vlans can also connect to it, you can also combine ports in an aggregation if you have “many” devices connecting to the server.

Personally I would suggest buying a Dell or Lenovo desktop for cheap add 64GB ram (if newer they might take 128GB) along with a quad port NIC combine it will a half decent Netgear switch then you can start playing. I wouldn’t bother with Ubiquiti as they are expensive, I would suggest pfsense but it requires a lot of effort however the options you get for free are pretty amazing. Also you’ll have an easier time if your router supports vlans and not just your switch.

Again personally I found it much easier to install pfsense on actual hardware rather than a vm to suss out how it worked.

LeoL · December 20, 2020, 12:38pm

Thanks for the reply. Do you know if I can do this with the Edgemax?

neogrid · December 20, 2020, 1:59pm

I don’t have any unifi kit but I would imagine, that by default the vlans will block all incoming traffic LAN/WAN and allow all outgoing WAN.

In my pfsense I define an alias with my vlans, then construct a rule which controls traffic going across vlans, then a second which allows traffic out the WAN.

However, my way is painful, I block everything to start with then try and work out what I need to do to get applications to work.