Hey guys, I have a CRS326 and a couple of CAP XL’s that are the core of my home network, currently all working.
I also have 20 Sonos music streaming devices and 40-50 home automation devices along with the usual phones/tablets/printer/server
There are 3 outcomes I’d like to achieve listed below, are VLANs for each the best option? Some of the details in this VLAN guide viewtopic.php?t=143620&sid=503a1b8a58de ... 31fa817ce8 seem to suggest to me that these could be used.
1) Split Sonos out to a separate network (VLAN) to help reduce the broadcast storm issues I seem to get – this is Sonos’ support recommendation after many calls and investigation. Would a VLAN be the best approach?
2) Create guest VLAN to keep guests away from my home devices
3) Create a home automation devices VLAN as I’m not 100% sure of the security risks of some of these devices and I’d like to keep them away from other devices/data on the network.
My last question is around the ‘how’. At the point I create my first VLAN, am I right in assuming that untagged traffic will still proceed unhindered, or do I need to implement changes to cater for all the above scenarios at the same time?
Thanks
Colin
Re: Would VLANS be the right approach here
Yes, thats the post i've mentioned.
Re: Would VLANS be the right approach here
Yes, VLANs are a very good solution to what you are trying to do. I am doing exactly the same at home.
VLAN 201 - 192.168.201.0/24 "Normal" home LAN. Wired devices only.
VLAN 202 - 192.168.202.0.24 Guest WiFi. Internet access only.
VLAN 203 - 192.168.203.0.24 "Private" WiFi. Known devices (phones, laptops, etc). Internet plus some other internal access
VLAN 204 - 192.168.204.0/24 A special LAN for some ham radio linking
VLAN 205 - 192.168.205.0/24 VOIP phones - there's actually only a couple of them.
VLAN 206 - 192168.206.0/24 IoT devices.
VLAN 207 - 192.168.207.0/24 Wired security camera system.
Yes, I made the third octet of the IP match the VLAN so it's simple for me to remember.
The Guest WiFi, Private WiFi and IoT WiFi are all separate SSIDs on my Meraki WiFi.
My network layout (simplified description) is a RB4011 router in the garage data cabinet along with a CSS326 switch. A VLAN trunk from the garage to another CSS326 in the family room. Stuff in the house is distributed from the family room CSS326. In my case I am using the RB4011 strictly as a router. All switch function in handled in the switches, so I am not using a bridge in the router.
VLAN 201 - 192.168.201.0/24 "Normal" home LAN. Wired devices only.
VLAN 202 - 192.168.202.0.24 Guest WiFi. Internet access only.
VLAN 203 - 192.168.203.0.24 "Private" WiFi. Known devices (phones, laptops, etc). Internet plus some other internal access
VLAN 204 - 192.168.204.0/24 A special LAN for some ham radio linking
VLAN 205 - 192.168.205.0/24 VOIP phones - there's actually only a couple of them.
VLAN 206 - 192168.206.0/24 IoT devices.
VLAN 207 - 192.168.207.0/24 Wired security camera system.
Yes, I made the third octet of the IP match the VLAN so it's simple for me to remember.
The Guest WiFi, Private WiFi and IoT WiFi are all separate SSIDs on my Meraki WiFi.
My network layout (simplified description) is a RB4011 router in the garage data cabinet along with a CSS326 switch. A VLAN trunk from the garage to another CSS326 in the family room. Stuff in the house is distributed from the family room CSS326. In my case I am using the RB4011 strictly as a router. All switch function in handled in the switches, so I am not using a bridge in the router.
Re: Would VLANS be the right approach here
Thanks for the response k6ccc