Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1028 posts

Uber Geek


# 217996 21-Jul-2017 16:57
Send private message

Hi guys,

 

I've put the following together based on the little knowledge I have of networking (it was a few years ago so I've forgotten a fair bit!), so keen to see if it holds water in principle.

 

Essentially, I want a primary LAN for trusted devices, with the two AP's on a single SSID (effectively zero hand-off or whatever they're calling it these days).  This will be for devices that I administrate, so I know are patched etc.  I'll apply a moderate degree of firewall restriction, but devices on this LAN will have pretty much unrestricted access to the internet and other devices on their subnet (a printer, and maybe a NAS down the line).

 

The VLAN is for higher-risk devices - family, friends etc, and IoT-like devices, which could be unpatched/have weird connectivity requirements.  In other words I'm trying to achieve protection for clients on the primary LAN by reducing/removing the ability for insecure devices to ingress should they be compromised.

 

 

 

If this all looks ok, I'll ask some more specific questions!!


Create new topic
4243 posts

Uber Geek


  # 1826699 21-Jul-2017 17:29
One person supports this post
Send private message

Looks like you have the right idea! Sufficiently techo for a geeks home network haha.

Have you already got the USG and cloud key? If not, and you want to be able to tinker a bit more maybe consider the EdgeRouter and a Edgeswitch - if you want to stick with UBNT. Otherwise a Mikrotik router. Unifi software is great but I personally think the routing/firewall and VLAN options are a little left to be desired for proper geekery - there are plenty who disagree and are happy with how unifi does it

4570 posts

Uber Geek

Trusted

  # 1826706 21-Jul-2017 17:56
Send private message

Depends if you need access to the IOT devices from your main network.  I've just been through this.

 

 

 

I have a main network (corporate in unifi speak), a guest network for wireless devices with an easy password.  Has no access to my main lan,

 

I've just made an IOT network.  It was guest, but then I couldn't allow access to it easily from my main lan (incoming only).  So I made it also a corporate network, and put in firewall rules that blocks it from accessing my main lan, but my main lan can access it.





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00


Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41


Spark 5G live on Auckland Harbour for Emirates Team New Zealand
Posted 4-Nov-2019 17:30


BNZ and Vodafone partner to boost NZ Tech for SME
Posted 31-Oct-2019 17:14


Nokia 7.2 available in New Zealand
Posted 31-Oct-2019 16:24


2talk launches Microsoft Teams Direct Routing product
Posted 29-Oct-2019 10:35


New Breast Cancer Foundation app puts power in Kiwi women's hands
Posted 25-Oct-2019 16:13


OPPO Reno2 Series lands, alongside hybrid noise-cancelling Wireless Headphones
Posted 24-Oct-2019 15:32


Waikato Data Scientists awarded $13 million from the Government
Posted 24-Oct-2019 15:27


D-Link launches Wave 2 Unified Access Points
Posted 24-Oct-2019 15:07



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.