I’m trying to bring order and security to my home network (http://imgur.com/QE5ucn0). I have several questions regarding connections of switches, creation of subnets, etc. and solicit helpful comments. After I digest and implement suggestions, I’ll rackmount all equipment that can appropriately fit into a 45µ 4 post rack.
1. UTM device (Ubiquiti Vault Pro) has four ports as indicated. One of the OPT ports must be assigned (encumbered) for Open VPN. I am looking at using the Ubiquiti as the sole DHCP server on my net unless a case can be made for having an L2 switch serve IP addresses, I am looking at cascading one or more of the L2 switches off the L3 switch as the principle switch.
2. I think it appropriate to segment the LAN for data security with VLANS and sub-netting. I think all current and projected devices can fit within address space 192.168.1.1- 254 using subnet mask 255.255.255.255. I think I see a current and future need for 15 static IP addresses, range 192.168.236-250. One VLAN for workstations, server, and printer; one VLAN for Guest Wi-Fi; one VLAN for Surveillance cameras and NVR, and one VLAN for internal Wi-Fi
3. In the sense of best practices, here are my questions:
a. Hang each switch off a port on the router or, hang L3 switch off router and cascade L2s off L3?
b. Which VLAN(S) recommended for each scenario in 3a.
c. Is an additional VLAN required for all devices to reach the single router gateway or is some other setup more practical?
1. UTM device (Ubiquiti Vault Pro) has four ports as indicated. One of the OPT ports must be assigned (encumbered) for Open VPN. I am looking at using the Ubiquiti as the sole DHCP server on my net unless a case can be made for having an L2 switch serve IP addresses, I am looking at cascading one or more of the L2 switches off the L3 switch as the principle switch.
2. I think it appropriate to segment the LAN for data security with VLANS and sub-netting. I think all current and projected devices can fit within address space 192.168.1.1- 254 using subnet mask 255.255.255.255. I think I see a current and future need for 15 static IP addresses, range 192.168.236-250. One VLAN for workstations, server, and printer; one VLAN for Guest Wi-Fi; one VLAN for Surveillance cameras and NVR, and one VLAN for internal Wi-Fi
3. In the sense of best practices, here are my questions:
a. Hang each switch off a port on the router or, hang L3 switch off router and cascade L2s off L3?
b. Which VLAN(S) recommended for each scenario in 3a.
c. Is an additional VLAN required for all devices to reach the single router gateway or is some other setup more practical?
Facebook
Twitter
Instagram