Jump to content
RESET Forums (homeservershow.com)

Network Organization


heavy21
 Share

Recommended Posts

I want to optimize the performance and security of my home network of servers, PCs, laptops printers, smartphones, TVs, etc.  Current network appliances include layer 2 and 3 switches (Cisco small business) and Linksys router.  I’m looking to replace the Linksys with a security (pfSense) router appliance (w/OpenVPN).  I will also be adding security cameras and a NVR to the network.

 

The gigabit network is straightforward in structure with all Ethernet connections hanging off the24 port switch connected to the cable modem and router except a cascaded 8 port switch in a room to provide 4 Ethernet connections in a room with only one data port.  Wireless connections presently come off the Linksys but will eventually come off the to-be-purchased security/router appliance with a wireless card.  I don’t see more than 100 devices in total for the whole network.  No VLANS and no sub-netting.  All hardware supports IPv6.

 

Hardware line up is:

Dual Zeon server w/RAID 10 of 24 TB of storage, 64GB memory

Cisco managed switches layer 2 and 3

HPEX495 server

Workstations, Desktops, Laptops, Tablets, iPads

Printers

 

Software line up is:

Windows Server Essentials 2012 R2, single domain controller, storage and file server duties

Windows 10 Pro all non-server Intel computing devices

PLEX server for streaming audio and video to display units

Office 365

 

From what I’ve read so far, it appears that I need to incorporate an IP addressing scheme for clients and servers on the network.  It would also appear that I need to implement VLANS and/or sub-netting to protect access to certain files and security footage, provide guest networking with future consideration for electronic door locks and some sort of server based media distribution to various display devices,

What are best practices on assigning client and server devices to IP ranges, fixed or dynamic IP addresses?  Do I need to assign clients or servers to IP ranges?  What are the considerations in establishing sub-nets over VLANS or vice versa?  I’m pretty sure I want to restrict access to cameras and their security footage and personal files on my workstation.

 

Thanks for any resources and advice provided.

 

Link to comment
Share on other sites

If you've come this far you obviously have some kind of addressing scheme. I would suggest that vlan is not an airtight security mechanism in most configurations. Have you considered physically separate subnets? Sometimes there is no substitute for physical separation even though it may require some additional wiring.

 

In any case, you fill find lots of information already in the forums. something like the 'edge router light' might help with the separation, but please enjoy long threads herein about pfsense etc. i use a n40l micrososerver with some extra nics to provide firewall and more plus manage multiple physical LANs. the possibilities are almost endless.

 

cheers for wanting to up your game in the security area and good luck!

  • Like 1
Link to comment
Share on other sites

I agree with nrf.  If you are going to use something like pfSense, then use it with multiple NICs and create a physically separate network.  Though for different reasons, I have a drawing of my setup which does just that if that is of any interest.  

 

 

http://thedocsworld.net/home-network/

  • Like 2
Link to comment
Share on other sites

nice. what are the life goals of net 1 -vs- net 2?

 

Basically separation for simplicity and peace of mind.  Net 2 has young adults who do not truly appreciate security or use any caution whatsoever so I segregated them with there own switch, Wifi (including there own guest network), and a ton of web/app filtering.  They can't access any of the resources on Net 1 (by design).  This saves me from the P2P connections that seem to be still around in some of the games especially the free ones.  Working on Net 3 for IoT now and will be isolating all my IoT devices very soon.

  • Like 1
Link to comment
Share on other sites

I'm indebted to the thoughtful replies and diagram from both respondents.  There may be further questions arising from digestion and research of your comments. I have enough L2/3 switches to implement your suggestions and between current and planned servers and appliances, enough NIC capacity.

 

I notice Legend that you are using Storage Server Essentials and a WSE2012r2 VM.  Why both and what box hosts your Storage Essentials?  Also, what software are you using for your network diagram?

 

For NRF or Legend, what is the quintessential benefit of running a Windows VM?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...