F5F Stay Refreshed Power Users Networks Segmenting networks and using VLANs are key strategies for improving security and performance.

Segmenting networks and using VLANs are key strategies for improving security and performance.

Segmenting networks and using VLANs are key strategies for improving security and performance.

Pages (3): 1 2 3 Next
T
Ted_Lemons
Junior Member
Find
15
12-05-2016, 05:35 PM
#1
Over the past few weeks I have been slowly organizing and segmenting my network layout. I feel I have a pretty good layout but what was wondering best practices for separating devices using Vlans. Here's a list of my devices. I use PfSense and ubiquiti managed switches and access points just FYI. -trueNAS server 1 with plex, ubiquiti controller, and home assistant. -trueNAS server2 (backup in another building via ptp) - personal desktop - smart light switches - ipmi for both servers - fire TV's - echo dots - security cameras - smart phones - kids tablets - printers - smart thermostats How would you separate all of this? My main issue is the TrueNAS Scale server. I want it to be secure, but it needs to interact with all my smart home stuff for plex and home assistant.
Reply
Reply
T
Ted_Lemons
12-05-2016, 05:35 PM #1

Over the past few weeks I have been slowly organizing and segmenting my network layout. I feel I have a pretty good layout but what was wondering best practices for separating devices using Vlans. Here's a list of my devices. I use PfSense and ubiquiti managed switches and access points just FYI. -trueNAS server 1 with plex, ubiquiti controller, and home assistant. -trueNAS server2 (backup in another building via ptp) - personal desktop - smart light switches - ipmi for both servers - fire TV's - echo dots - security cameras - smart phones - kids tablets - printers - smart thermostats How would you separate all of this? My main issue is the TrueNAS Scale server. I want it to be secure, but it needs to interact with all my smart home stuff for plex and home assistant.

Reply
Reply
Z
Zazzery
Member
Find
69
12-08-2016, 10:15 PM
#2
Segmentation basically prevents communication between components. While you can configure PFSense to allow interaction through the firewall, this undermines the original goal of segmentation.
Reply
Reply
Z
Zazzery
12-08-2016, 10:15 PM #2

Segmentation basically prevents communication between components. While you can configure PFSense to allow interaction through the firewall, this undermines the original goal of segmentation.

Reply
Reply
W
Wumty
Member
Find
195
12-13-2016, 04:24 PM
#3
This approach gives you the ability to manage how devices interact, directing communication only through the paths you specify. Not all devices require internet access. The plan involves selecting several VLAN options so far.
Reply
Reply
W
Wumty
12-13-2016, 04:24 PM #3

This approach gives you the ability to manage how devices interact, directing communication only through the paths you specify. Not all devices require internet access. The plan involves selecting several VLAN options so far.

Reply
Reply
B
Bajskorv123
Junior Member
Find
3
12-14-2016, 11:08 AM
#4
You can stop those gadgets from connecting to the web by leaving the default gateway blank when you give them a DHCP reservation or fixed IP. Setting up home networks can be overly complicated and confusing.
Reply
Reply
B
Bajskorv123
12-14-2016, 11:08 AM #4

You can stop those gadgets from connecting to the web by leaving the default gateway blank when you give them a DHCP reservation or fixed IP. Setting up home networks can be overly complicated and confusing.

Reply
Reply
N
Narenra
Junior Member
Find
12
12-14-2016, 11:24 AM
#5
Managing a home network with four VLANs is quite manageable.
Reply
Reply
N
Narenra
12-14-2016, 11:24 AM #5

Managing a home network with four VLANs is quite manageable.

Reply
Reply
T
ThatMiningGuy
Senior Member
Find
704
12-14-2016, 01:52 PM
#6
Reply
Reply
T
ThatMiningGuy
12-14-2016, 01:52 PM #6

Reply
Reply
T
Tbest20
Junior Member
Find
11
12-31-2016, 11:13 AM
#7
It's comparable to your setup, with a Security VLAN for cameras and a BlueIris Box. You're using OPNsense instead of PFSense.
Reply
Reply
T
Tbest20
12-31-2016, 11:13 AM #7

It's comparable to your setup, with a Security VLAN for cameras and a BlueIris Box. You're using OPNsense instead of PFSense.

Reply
Reply
A
AFKCosmos
Member
Find
183
12-31-2016, 05:34 PM
#8
Dude, vertical network segmentation isn't really about security. Most mid-sized companies I've worked with have VLANs scattered everywhere, and just managing traffic doesn't actually make the network better. Ethernet is already handling its own issues, and unless you're dealing with some specific video protocols like Crestron, filtering isn't necessary. If NetBEUI is still running, it might be time to shut down those older NT 4 SP1 devices. I'm in agreement about limiting internet access—only give devices what they truly need. Grouping devices on the firewall is a much cleaner solution than turning switches into a mess.
Reply
Reply
A
AFKCosmos
12-31-2016, 05:34 PM #8

Dude, vertical network segmentation isn't really about security. Most mid-sized companies I've worked with have VLANs scattered everywhere, and just managing traffic doesn't actually make the network better. Ethernet is already handling its own issues, and unless you're dealing with some specific video protocols like Crestron, filtering isn't necessary. If NetBEUI is still running, it might be time to shut down those older NT 4 SP1 devices. I'm in agreement about limiting internet access—only give devices what they truly need. Grouping devices on the firewall is a much cleaner solution than turning switches into a mess.

Reply
Reply
S
StampyKittenNZ
Member
Find
196
01-07-2017, 12:14 PM
#9
Combining all video cameras, phones, printers, and IoT devices onto a single 24/7 network works well.
Reply
Reply
S
StampyKittenNZ
01-07-2017, 12:14 PM #9

Combining all video cameras, phones, printers, and IoT devices onto a single 24/7 network works well.

Reply
Reply
D
DeathDark38
Member
Find
211
01-08-2017, 08:58 AM
#10
It seems you're questioning how your setup appears secure despite certain configurations. Your approach separates different traffic types effectively—guests isolated from core systems, IoT devices confined to limited ports, and sensitive data confined to a trusted management zone. By restricting privileged access and using segmentation, you create layers of defense. Even if someone gains access, the lack of direct pathways to critical assets like your NAS or VMs adds significant protection. While it might not be foolproof against sophisticated threats, it definitely reduces risk compared to a fully open network.
Reply
Reply
D
DeathDark38
01-08-2017, 08:58 AM #10

It seems you're questioning how your setup appears secure despite certain configurations. Your approach separates different traffic types effectively—guests isolated from core systems, IoT devices confined to limited ports, and sensitive data confined to a trusted management zone. By restricting privileged access and using segmentation, you create layers of defense. Even if someone gains access, the lack of direct pathways to critical assets like your NAS or VMs adds significant protection. While it might not be foolproof against sophisticated threats, it definitely reduces risk compared to a fully open network.

Reply
Reply
Pages (3): 1 2 3 Next