Looking for assistance with segmenting my home network.

[Imola Ghost]

I'm just learning about VLAN's and really like that idea. So I want some assistance in how to segment my devices.

Here's a list of everything in my house.





WIRED DEVICES



Family Room

Sony Tv

AppleTV



Master Bedroom

Sony Tv

AppleTV



Bonus Room

Sony Tv

AppleTV

Xbox Series X

Node N130 Music Streamer

Marantz AV10 Preamp

Harmony Remote (POE)



Office

Mac Mini (Shares lossless music)

Eufy Video Doorbell Hub

Philips Hue Hub (with 12 Lights)







WIRELESS DEVICES

1. Trane Thermostat
2. Liftmaster Garage Door
3. Rachio Water Sprinkler
4. Sonos 5
5. Sonos 5
6. Sonos One
7. Sonos Play One
8. Leviton Outside Lights
9. Govee Permanent Outdoor Lights
10. DirecTV Stream
11. HP Printer
12. Anker Wired Charger
13. iPhone 16 Pro
14. iPhone 15 Pro Max
15. MacBook Pro
16. iPad 12"
17. iPad 10"
18. iPad ?
19. iPad ?
20. LG Washer
21. LG Dryer
22. Samsung Refrigerator
23. TCL TV
24. TCL TV Computer
25. Ford Vehicle
26. Nintendo Switch
27. Harmony Ultimate Remote
28. Harmony Elite Remote
29. Apple Watch Ultra 2
30. Apple Watch Series 10
31. Apple Watch Series 7
32. Rheem Water heater

 

[mfram]

The only reason to think about VLANs are if there's some set of devices that only need to talk to each other, not to anything else, and you want to secure them from outside access. Is that really the case for you?

 

[Imola Ghost]

The only reason to think about VLANs are if there's some set of devices that only need to talk to each other, not to anything else, and you want to secure them from outside access. Is that really the case for you?

That's a good way to explain it to me. Thanks. Makes sense.

For instance, the Rheem water heater. Why would I need access to it outside of the home? It's good to know if I went on vacation and forgot the put it in Vacation mode I could access it from many miles away. Would a VLAN keep me from accessing this in this instance?

Does VLAN's keep them from being updated for firmware updates?

 

[Romain_H]

No and no. Think of VLANs as separate networks without having to have multiple physical routers. Those multiple routers are there, just not in hardware, but in software. In other words, those multiple routers are virtual, hence the V in VLAN.

 

[mfram]

I do technical development at work. An example of VLANs would be we want to have standalone networks in our development lab where some test machines talk to each other but are isolated from the rest of the network to simulate the production environment. Another set of ports on the switch would represent the network the developers do their work on.

But IT only has one set of switches with hundreds of ports on them for everything in the lab. The network ports for the test machines are programmed on the switch to be their own VLAN. The developer workstations are on a different VLAN. IT only has the one switch to manage but it allows several virtual networks.

For home use, one use case I can think of is to have an isolated set of network ports for a 'guest' network you let your friends log into when they are at your house. That network wouldn't have your TVs, iPads, etc. But it also like implies the network has it's own wireless AP. I know my Liinksys AP has the concept of a 'guest Wifi network' built into the feature set. That's effectively a separate VLAN implemented within the wireless router.

Maybe another use case might be to have a separate network to hold security cameras. Since those ports might be accessible outside your home, you'd want to keep that network dedicated to the security cameras and the NAS keeping the video.,

 

[Imola Ghost]

I really appreciate all of the information and it has helped me gain some knowledge.

I guess another question is if you look at my smart devices (most of them are wireless), should I group ALL of them together in their own VLAN, or should some be segmented from some others?

How do you guys segment your smart devices and trusted devices into a VLAN's?

Does it matter if they are wired or wireless to VLAN?

 

[mcnallym]

The way I have segmented my home is as follows

Mac Studio, Apple TV, LG TV, iPad, iPhone, NAS, HDHomeRun, Printer.

Games PC

Work Computer, Work Phone

So have 3 VLAN.

The HDHomeRun and NAS are Wired. Rest are on Wi-Fi.
As long as make sure the Wireless SSID is on the same VLAN Tag as the wired ports want to be on the same VLAN then they will happily talk to each other.

I don’t allow my work VLAN access to my home VLAN or Games and vice versa.

I would definitely put my IoT devices into a seperate VLAN from my computer side, Group all your consumption devices, ie TV, Media a stream etc into another.

Remotes and anything they control should be on the same VLAN as need to communicate,

Games would put onto seperate VLAN mainly to ensure that any network traffic kept off the Games VLAN and doesn’t interfere with gaming. Ie if someone streaming a video then less interference locally.

 

[seggy]

I have a guest network on the main home lan which is isolated.
Same goes for the home-work segment where there is no need for data interchange between my home stuff and work.
This is pretty typical use of VLANs, I'd imagine.

I have two other physically separate networks in addition, using separate internet links.
One for home equipment that is remote monitored that I don't want touching anything else at home.
The other for a very high-risk, gaming related dev use (I don't even have wifi on this LAN).