Home Networking

11 readers

1 users here now

A community to help people learn, install, set up or troubleshoot their home network equipment and solutions.

Rules

Please stay on topic.
Please use the search function to look for keywords related to what you want to ask before posting since most common issues have been answered.
No Ads. This community is for support and discussion. Ads and self promotion are not welcome here.
No product reviews or announcements. If you have a question about a product, be specific about what you want to know.
Be civil. Don't be a jerk. Not being a jerk is surprisingly easy.
No URL shorteners. URL shorteners tend to hide the real use of a link. For this reason, please use normal links, even if they're long.
No affiliate links.
No gatekeeping. With profession shall come professionalism. Extend help without judging others for their ignorance. The same goes for downvoting of comments or posts for "stupid questions" or not being as knowledgeable as others.

founded 1 year ago

MODERATORS

communick@selfhosted.forum

rglullis@communick.news

I want to separate my sons PC and wifi devices from default network. (alien.top)

submitted 11 months ago by domanpanda@alien.top to c/homenetworking@selfhosted.forum

10 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] domanpanda@alien.top 2 points 11 months ago (2 children)

I want to separate my sons PC and wifi devices from default network.

Even though im familiar with neworking - subnetting with masks, DNS, DHCP, VPNs (wireguard, openvpn, zerotier) somehow VLANS and tagging has never clicked in my head.

I have classic problem and pretty classic setup - edgerouterX and unifi AP as wifi device. All devices are in the same LAN. What i want is:

my son's PC (cable) is separated from default network
some particular wifi devices are also in this network (separate SSID)
this network does not have access to default network ...
... except some few things like in this example (wifi) printer - everybody should have access to it

Ive watched 3 videos about Vlans and have seen this tutorial. https://help.ui.com/hc/en-us/articles/115012700967-EdgeRouter-VLAN-Aware-Switch but it doesn't have double WIFI ssids.

So i still have questions.

Should i remove my current LAN or should i just tag it with id: 1 (this is tag for default networks right?). I dont want to creat entirely new network as i have things assigned to my IPs (like subdomains but not only that)
Should i tag eth1,eth2 and eth4 ports with tag id '1' or should i just set 'untag 1' for eth3?
eth4 should be "trunking" port right. Should i just set both tags on it - would it be enough?

[–] Pi-Guy@alien.top 3 points 11 months ago

This would be fine, except you're going to need to configure a second network on your router, give it DHCP and DNS, and set up port forwarding rules for your shared devices.

I'll be the guy though, why do you want to separate these devices from your network?

[–] TiggerLAS@alien.top 1 points 11 months ago

I don't use the default VLAN (VLAN1) on my network; I have one port assigned to VLAN1 on my ER-X, which I can plug into for management access to the ER-X. Everything else is on its own VLAN.

I created a few VLANs on my ER-X, and then used simple firewall rules to deny or permit access from one VLAN to the next as needed.

So:

VLAN1 = Unused, assigned to 1 port on ER-X for management. Untagged.

VLAN2 = PCs, phones, etc.

VLAN3 = Smart TVs, other smart devices.

VLAN4 = Guest network.

With that said, your plan would also work.

Add VLAN2 for your kid's devices. Add your NAT rules for internet access. Add Firewall rules to prevent access between VLANs. Add Firewall rules to allow access from your kid's network to printer. Trunk port to your access point, as you indicated in your diagram. Separate SSID for your kid's WiFi stuff, tied to their VLAN. Access port for your kid's hard-wired devices.