Everyone was kind enough to ram my brain chock full of knowledge about switches and I came away feeling like I can explain it to other people. (please don’t test me on this, I’ll fail)

But now I’m trying to figure out how I want my network to look and so it’s best I ask the people smarter than me that actually understand what I’m trying to do.

My house is an average sized, end of terrace in a big city and so while I can get decent Internet speeds, I get lots of WiFi signal congestion with neighbours, buildings, etc.

In my present router, which I really need to replace, I have my NAS and cable box plugged in via Ethernet, everything else is connected via WiFi. That’s a bunch of phones, a couple laptops, and a couple Raspberry Pi’s (including my one with all my home services, like Home Assistant and my Pi-Hole).

The design I’m cooking up, is that my NAS would be on a virtual LAN with no direct access to the Internet, my Raspberry Pis would have Internet access. I don’t need to worry about my smart home devices having Internet access since they’re all Zigbee devices. But I plan to switch my cable box to an IPTV box and I’m also wanting to get a video doorbell and security camera for the garden, so that’s at least three virtual local area networks. Four if I add a guest network.

My questions are really simple ones and you’re probably gonna laugh at how stupid they are… can I do this all with a single switch? Do I need a separate access points for each VLAN or can I have multiple vLANs on a single AP? How many ports should I be looking at on my switch? Would four be enough for my set-up? Also managed is best right?

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    8 months ago

    A switch can pass VLAN tagged packets through it even if it doesn’t understand VLANS itself.

    The switch only has to be VLAN aware if you want the switch port itself to assign the VLAN tag.

    As long as you’re access point is capable of VLAN tagging, that should be sufficient for your scenario. Some access points like ubiquity can handle multiple SSIDs with different VLANs. If your device supports it then it should be fine

    A managed switch will make your life easier, but it’s optional. Especially if the hardware you’re going to plug into the switch can do its own VLAN management like Linux

    Depending on your threat model, you might require the switch itself to be vlan aware so that sensitively tagged packets are not exposed physically to untrusted devices.

    If you’re choosing your switch, how many devices do you want to plug into it, how many devices might you grow into in the future, what throughput requirements do you have, do you want manager unmanaged, does it need to be able to deliver POE? The more things you say yes to you the more expensive the switch

    Depending on how much you want to learn, vs things just working: Most Learning - A linux machine with a bunch of ethernet ports (you can get 4x/8x ethernet pcie cards dirt cheap now) do everything for your switch in linux. The most reliable and hands off “it just works” - A unifi managed switch.