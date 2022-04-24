Hello all

Well out of my depth here, and I may not be using correct terms. So please bare with me.

I have your bog standard VF cable setup with Ultrahub. This also supports my landline.

I host my own servers and currently I have everything working properly. My servers are a big virtual server (proxmox) with many VMs (Plex, ISPconfig, Domoticz, Shinobi. etc).

My issue is one of security:

Currently my entire LAN is on a single subnet.

The Ultrahub DMZ is pointing to a VM. Therefore the only thing stopping a hacker from accessing the entire LAN is the FW on the VM.

I have several L2 managed switches (SMC) that support VLAN (new topic for me).

Here is my attempt at my solution:

Is it possible to connect the cable from the modem (not the ultrahub) directly to the switch, and then to configure the switch to do the work of the ultrahub (presumably via VLAN). Then connect the ultrhub to the switch and configure that port to manage the VOIP side of things. Then I can setup a different VLAN to support the rest of my LAN. This should give me a multi segment LAN and afford me some protection. This doesn't resolve the WIFI side of things, but I do have spare WIFI APs to utilize here. I assume I would setup another VLAN for that as well. Feeble attempt I know. But my serious lack of knowledge isn't helping my cause.

Failing that.

How could/should I secure my network properly?

I'm not adverse to getting additional hardware that is more suitable for my application.

I look forward to your comments.

Regards

Fred