Jump to content

Need some advice.... DHCP, seperating VLANs and subnets

Skipple
By Skipple
in Networking
 Share
Posted

Hi everyone,

So I recently got into to the hobby and have a fairly basic configuration. I have a understanding of how DHCP and internal IP addresses work, just not how to properly configure them and separate out the VLANs.
Right now I have everything on the same VLAN... 192.168.0.0/24 which is being handled by my EdgeRouter.

 

My question is.. Should it? I'm not sure if DHCP should be handled by my EdgeRouter or my managed switch? Are there best practices for this? I know the separations and firewalls between the VLANs will be done on the router side. Does anything need to be done on the managed switch? 

 

I want to start separating my devices to make myself more secure. I was going to start adding some security cameras as well and I certainly want those separated from the rest of the network.

 

Again, I have no idea what I am doing here, but from what I have seen from other user diagrams... this is what I have pictured:

Spoiler

54TvHoo.png

 

Also, I was thinking about upgrading my EdgeRouter to either a custom built pfSense or the UDM-Pro. Does that change things?

 

Please let me know if you need any more information. 

ask me about my homelab

on a personal quest convincing the general public to return to the glory that is 12" laptops.

cheap and easy cable management is my fetish.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Just use pfsense with lots of ethernet cards. I had 5-6 in mine so you can seperate your lans that way without the need for managed switches

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
1 minute ago, Biomecanoid said:

Just use pfsense with lots of ethernet cards. I had 5-6 in mine so you can seperate your lans that way without the need for managed switches

Right, I am actually thinking about building a pfsense box regardless, but I already own a managed switch with my EX3200

ask me about my homelab

on a personal quest convincing the general public to return to the glory that is 12" laptops.

cheap and easy cable management is my fetish.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

You want the router running the DHCP server. Your managed switch needs to be configured with VLANs and a truck port that goes back to the router. The router then needs to be configured with sub-interfaces & vlan tagging so it knows what traffic & network is assigned to each vlan otherwise all the traffic on other vlans can be read by programs like wire shark. It also helps shrink broadcast domains so things like security camera streams or other constantly broadcasting devices don't take up bandwidth from client communication.

Guides & Tutorials:

PROXMOX - Rebuilding ZFS RAID rpool After Disk Failure

Mass Deploying Customized Windows 10/11 Installs

Building a GNU/Linux Based Windows Deployment Server

GNU/Linux Installer Server: Installation & Configuration

How to: Use (i)PXE to Install Windows from a Network

Why Memorize IP's When You Can Self-Host DNS Instead?

Ventoy - The USB Multi-Boot Utility!

Introduction to PXE/iPXE Network Boot Featuring FreeBSD & Ubuntu Server

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×