What's new

Adding VLANs to my home LAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

unmesh

Regular Contributor
Hi,

I'm running a wired Gigabit LAN at home which connects to wired devices such as servers and desktops and several wireless routers configured to serve as access points. (Is it correct to call these endpoints?) I'd like to add IoT devices but would like to keep them separated from the main LAN just in case they misbehave and have begun experimenting with VLANs.

My gateway router runs TomatoUSB on which I created a bridge and a new VLAN and assigned to it an untagged physical port and a Virtual Wireless AP and confirmed that these are isolated from the main LAN by using ping. I'd like to distribute this VLAN over the existing wiring and could use some help. (I realize I could try and distribute the new VLAN wirelessly but there are too many intervening walls).

Specifically, if I had two Cat5 cables running to the various rooms, I would use for each of the LANs but I don't. This means I would have to get the router to produce tagged frames, connect to a switch to send these to various rooms and use a managed switch at the far end to map the VLANs to access ports since my endpoints are not VLAN aware as best as I can tell.

Do I need a managed switch at the gateway router to send tagged frames to the different rooms or will one of my existing consumer grade unmanaged switches do this?

Any recommendations for easy-to-use 5-8 port managed switches to use in the other rooms will also be greatly appreciated.

Thanks.
 
Sorry, I didn't intend to make light of your plight. With all of the infection and hacking spreading around the planet via the hundreds of billions of made in china IoT toys, I'm sure you'll find a bullet-proof way to keep yours from letting a big bear or infection into your house:) Nice system, Cheers.
 
Point taken! I was thinking of starting with connected thermostats from the likes of Ecobee followed by a connected LG TV and work my way down to random infected IoT toys ;)
 
Yes, that's the spirit:). These things are an epidemic, without a doubt.
Our Samsung 4K smart TV had a small bit of iOT in it, and acted just a tad too smart, and I investigated. There were some threads feeding in/out that I never was able to identify. Samsung claimed they were unrelated to their cloud-based hub-service, which we'd never agreed to nor enabled. We used the stock apps, like Netflix. I don't like chasing ghosts so the best thing to do was done and ended it's ability to reach out. Now it's a still a beautiful and quite dumb 4K TV. That may/may have not had anything to do with the CIA or other less than honorable actors.

Everyone has likely heard something about the dangers of AI or IoT, but what fully focused our attention was when a friend's home nearly burned to the ground. The final report concluded (forensic examination of the hard drive salvaged) the computer was compromised via one or more of many IoT devices in the former 'smart' home. Whoever was responsible, failed to accomplish damage to any of the IoT gadgets themselves, including the equisite refridgerator. However, the 'smart' IoT thermostat had mysterisouly been accessed and ramped all the way up, without tripping the cell phone alert or the home alarm system. The manufacturer claimed that wasn't possible and supposedly had never previously occured. First time for everything, at least this time there was evidence. Some material was too close to the heat source, and that's all it took, after several hours of smoldering. The home fire/smoke alarm was bypassed, but neighbors saw smoke and called the fire department who saved the place. Before rebuilding, the friend decided to de-smartify the home. Another friend who is quadrapleigic has an automated home but has a 24-nurse to keep an eye peeled for any gadget that decides to act up.

FWIW; the first URL echos part of Schneier's paper earlier this year, the second has other information
.
https://fortunascorner.com/2017/07/...y-26-27-2017-20th-year-of-annual-gathering-o/

https://www.schneier.com/essays/archives/2017/01/click_here_to_kill_e.html

I try to trust but verity, then when in doubt, pull the plug. Cheers, and good luck.
 
For me, I just got an unmanaged switch for home use because of its simple and easy configuration.

IF you need 8-port switches, Netgear or TP-link are not bad choice, I used to use them at home. Hope it would be helpful.
 
Amazon has a couple of nice managed/unmanaged Netgear switches with their week-long black friday sale; full disclosure, I don't hold any financial interest or stock in, nor am I a fan-boy of or employed by any of these companies mentioned. I presently have a good unmanaged DLink gigabit 8-port wwitch, that's working well, but Imm going to snag one of the Netgear managed switches with VLAN capabilties/tagging to replace it. I want to get-granular so as to nail down and fine tune the behavior of streams to the video boxes; they have a mind of their own regardless of my work in the router. With the low seasonal prices now, it makes sense to pay a bit extra for Netgear's life-time, next business day replacement warranty, even if you don't currently need a managed switch now, they work just as automatically as their cheaper brethren until the time comes that you need to get deeper into the nittty gritty of it all. I'm adverse to having to pitch gear when it fails and isn't feasible to replace due to worthless warranties. Some of their 'life-time' warranties are similart to TPLink's; after endless wrangling, you'll have to pay full UPS or FedEx shipping to return the failed unit, only to get a refurbed or older unit with less capable stats or bios, as a replacement, which in any event exceeds the original cost paid for the unit, not to mention the time lost during the wrangling, shipping, etc.

Someone else had posted a fine reference with illustrations how to use a managed switch for VLAN and sub-net management, and it beat all of my textbookx, how simple it made it look. I'll try to run it down and post it, if anyone is interested.

I had a rather unhappy go around with TP-Link several years ago, when I tried to invoke the warranty on a brand-new defective router; they ran me around in circles in unprecise Chinglish until I finally told them in no uncertain terms, I expected them to quit stalling and grant my warranty/RMA request, or I'd never spend another dime on their product line, and would advise my clients accordingly. Every single one of their support people parroted the exact same scripted replies/instructions, over, over, over and yet endlessly, like a needle stuck in the groove. I went over the archive of emails they sent, and realized that no matter what 'agent' they transferred me to, or what 'name' they used, it was in fact the same CSR. If you've ever done that sort of work, no matter how many years/decades ago, you never forget the tricks some of them employ.

There are lots of people who own and good luck with TPLink, at least until the unit breaks down, as with all cheaper switches, no matter who manufacturers them.

The good thing about Netgear Pro-Safe/Business class/Next Business Day replacement line, is that their Life-time warranty really works. I've had fair luck with the less expensive Netgear switches holding up, but when they begin to fail, it's usually the day after the warranty ends, and then the unit makes a dandy paperweight. Cheers.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top