Wednesday, May 27, 2020

Splitting the home network

Who wouldn't want to separate the traffic at home for security reasons. The more common ones include wireless guest and wireless users. I've logically classified my devices and users as:
  • Wireless guests and un-trusted wireless IOT devices, e.g. xiaomi and ewelink
  • Wireless users and tablets
  • Gaming machines and media boxes
  • An application/server type network

A lot of this has to do with configuring the router. I'm using the Asus RT-AC88U

Separating wireless traffic for guests

For splitting the wireless traffic, it's easy enough to use the wireless router and create a guest network without access to the intranet. This will allow "guest" devices to connect to the internet at a lower bandwidth and unable to connect to the local network.


QoS media, gaming and work machines

For gaming, i would say the router did it all. Just need to enable QoS and other router features that automatically prioritises the devices that you want.


Application/server network

While all the home network for 192.168.1.x does has enough IPs for most standard homes even with IOT, i needed another network for my lab work/play. To create this new network, I used VLAN segmentation on my TP-link TL-SG108E. It's important to tag which ports will be using the VLANs.





The new 10.0.x.x VLAN was to host these

  • Raspberry pi kubernetes cluster
Refer to raspberry pi kubernetes blog post
  • Virtualised servers (Hyper-V)
When creating network interface, bind the network interface in hyper-v to the VLAN tag


  • NAS
The QNAP NAS in networking > interfaces, has a drop down to add VLAN. Can use this and specify the static IP address for your server network.




The best thing about this is that I have a new network can simply set static IP addresses whenever I wanted. To enable routing between this network and the home network, I would suggest using the raspberry pi as a gateway and add the route to the router to allow all 10.0.0.0/16 traffic to be pointed to the 192.168.1.x IP address of the raspberry pi.


No comments:

Splitting the home network

Who wouldn't want to separate the traffic at home for security reasons. The more common ones include wireless guest and wireless users. ...