Hi
Currently I have a flat network all in the 192.168.8.x range.
The network is a mix of PC's, MAC's, Linux boxes, Youview x2, NAS and various other devices.
Some are home use others are for my office as I work from home. I currently use IP Tables rules to restrict access from some office devices to my home devices.
I'm thinking of using VLANs to help make this more secure and stop broadcasts between the devices.
I have an Asus RC-68U Router running merlin firmware which I know can do Vlans but I'm not planning on enabling it on there. I have a netgear FS116p 16 port (8 POE) 10/100 switch and a Netgear GS108E 10/100/1000 VLAN switch. Some of the other network devices have switches built in that are VLAN capable but I'm not planning on using the VLAN features on there, they are currently configured as a normal switch.
This is what I'm planning to do.
VLAN 1 - INTERNET Access
VLAN 5 - NAS VLAN
VLAN 10 - Home VLAN
VLAN 15 - Home Plugs VLAN
VLAN 20 - Office VLAN
GS108E
PORT 1 -> Router VLAN 1 accessible to all devices/ports (VLAN1)
PORT 2 -> NAS not accessible internally only via the Internet - used by my son to store UNI work (VLAN5)
PORT 3 -> HOME VLAN (VLAN10)
PORT 4 -> HOME VLAN (VLAN10)
PORT 5 -> Home Plugs - no access is needed to any internal devices, they need internet access (VLAN15)
PORT 6 -> OFFICE VLAN (VLAN20) -> 16 Port FS116P Switch to run the office hardware from.
PORT 7 -> OFFICE VLAN (VLAN20)
PORT 8 -> Spare for testing.
Using this link, I think I can set this up.. (But may need some help) :
http://www.smallnetbuilder.com/lanw...how-to-segment-a-small-lan-using-tagged-vlans
Any issues with the above setup ? should it work as I expect ? ie: all ports can access the internet, but the office and home are separated. Nothing internally can get to the NAS or Home Plugs.
I have a couple of IP Phones that have 2 LAN ports. If I plug the phone into a POE port on the FS116P on VLAN 20 - will it be able to talk to VLAN 10 ? The phone does support VLAN tagging so I can set it's local VLAN tag and Second VLAN tag.
If I plug my main PC and printer into the spare ports on the Asus RC-68U connected to VLAN1 will they have access to all devices on the network. (home, office, nas and home plugs) ? I'm hoping so..
Finally my son connects to his NAS via a VPN to the router. Once he connected to the router, will he be able to access his NAS ?
Thanks
Currently I have a flat network all in the 192.168.8.x range.
The network is a mix of PC's, MAC's, Linux boxes, Youview x2, NAS and various other devices.
Some are home use others are for my office as I work from home. I currently use IP Tables rules to restrict access from some office devices to my home devices.
I'm thinking of using VLANs to help make this more secure and stop broadcasts between the devices.
I have an Asus RC-68U Router running merlin firmware which I know can do Vlans but I'm not planning on enabling it on there. I have a netgear FS116p 16 port (8 POE) 10/100 switch and a Netgear GS108E 10/100/1000 VLAN switch. Some of the other network devices have switches built in that are VLAN capable but I'm not planning on using the VLAN features on there, they are currently configured as a normal switch.
This is what I'm planning to do.
VLAN 1 - INTERNET Access
VLAN 5 - NAS VLAN
VLAN 10 - Home VLAN
VLAN 15 - Home Plugs VLAN
VLAN 20 - Office VLAN
GS108E
PORT 1 -> Router VLAN 1 accessible to all devices/ports (VLAN1)
PORT 2 -> NAS not accessible internally only via the Internet - used by my son to store UNI work (VLAN5)
PORT 3 -> HOME VLAN (VLAN10)
PORT 4 -> HOME VLAN (VLAN10)
PORT 5 -> Home Plugs - no access is needed to any internal devices, they need internet access (VLAN15)
PORT 6 -> OFFICE VLAN (VLAN20) -> 16 Port FS116P Switch to run the office hardware from.
PORT 7 -> OFFICE VLAN (VLAN20)
PORT 8 -> Spare for testing.
Using this link, I think I can set this up.. (But may need some help) :
http://www.smallnetbuilder.com/lanw...how-to-segment-a-small-lan-using-tagged-vlans
Any issues with the above setup ? should it work as I expect ? ie: all ports can access the internet, but the office and home are separated. Nothing internally can get to the NAS or Home Plugs.
I have a couple of IP Phones that have 2 LAN ports. If I plug the phone into a POE port on the FS116P on VLAN 20 - will it be able to talk to VLAN 10 ? The phone does support VLAN tagging so I can set it's local VLAN tag and Second VLAN tag.
If I plug my main PC and printer into the spare ports on the Asus RC-68U connected to VLAN1 will they have access to all devices on the network. (home, office, nas and home plugs) ? I'm hoping so..
Finally my son connects to his NAS via a VPN to the router. Once he connected to the router, will he be able to access his NAS ?
Thanks
