How to utilise my hardware the best way?!?
-
Phew…
Where to start?!?Problem is I would like to rearrange my network to utilise the hardware I have like a pro but I am not much better than a noob at best. Can you see the challenge? ;)
Setup:
ASRock AD2550R/U3S3 with 4GB memory and 2 Intel NIC on board
Intel Pro 1000 PT Quad Port card
3x Netgear GS108t switches
and a UNIFI AP-AC ProCurrently the Intel Pro 1000 is not even used and the LAN port just connected to one switch which is uplinked to the other two and all the devices plugged into the switches. I know, shame on me! :-[
Vision:
Onboard NIC_1 WAN
Onboard NIC_2 LAN - [i]How to utilise this? What to connect here as pretty much all devices will be connected to the switches / VLANs?Intel Pro 1000 1-3 each port is connected to a different switch to make 3 (or more) VLANs
Intel Pro 1000 4 is for the Unifi AP (I suppose this should be another VLAN as otherwise would not work?)Devices:
VLAN1 Totally distrusted units: eg Samsung TV, OBI202 VOIP
VLAN2 CCTV cameras POE (Zoneminder)
VLAN3 trusted but need separation like son's PC / laptop / phone for time restricted access
VLAN4 FreeNAS serverOn the Unifi AP I would have 2-3 different SSIDs tagged to VLANs
I reckon all the rest could be done by firewall rules:
- Zoneminder is running on the FreeNAS and need access to the cameras
- all computers and phones need access to the network printer (which would be preferably on VLAN1)
- Kodi box (on VLAN1 or VLAN2) need access to FreeNAS to access the movies
I would appreciate all your suggestions, thanks…
-
As I reread my post I just realised I might have some problems…
If I attach an Intel Pro 1000 port to a switch then the whole switch would serve that particular VLAN, wouldn't it?
However if I connect the onboard LAN port to a switch then I can configure the different ports (on the switch) to be on separate VLANs? -
There is no shame using a single LAN port on the FW. What Internet speed are we talking about? typically this is slow compared to the rest of the LAN.
If you have lots of LAN-LAN traffic, forcing them to go through the FW may slow down things more than help, they should be most efficient simply DEVICE-SWITCH-DEVICE. Assuming all switches are VLAN capable.
-
What switch(es) do you have? If your wanting to isolate devices via network/vlan then its kind of must for these switches to be vlan capable. They do not have to be expensive to do this $30 can get you an 8 port gig switch that does vlans.
Sure you can isolate your networks via different hardware, dumb switches on different interface to your firewall. But vlans make it possible for devices in the same room to be on different networks using the same switch.
Per your like a pro comment - first step would be switches that do vlans.. You make no mention of what make and model your switches currently are.
