Transcript of The 5 VLANs Every Home Network Should Have!

Hey everyone, welcome back to the channel. Are you thinking or planning out your next home network? Well, in this video, we're going to talk about some suggestions for the planning process, specifically using VLANs effectively so that your traffic is both secure and segregated. Whether you're using Grandstream, UniFi, or TPLink, the suggestions in this video should get you on your way to building out and planning your next network without over complicating things. So before we get started, let me know, are you already using VLANs or are you in the planning stages? Put that down in the comments. What are VLANs and should you even care? In the simplest terms, VLANs or virtual local area networks are like invisible walls inside your digital home. They separate devices into groups so that one group doesn't interfere or pose a security risk to another group. A network without VLANs, where you put all your devices on one network, is like throwing a bunch of people into one room in your home. They'd be bumping into each other. There'd be lots of congestion. Whereas a network with VLANs is taking that same group of people and dividing them up into different spaces in your home. So, in terms of network devices, it's like giving each group their own dedicated space in your home network. So next, let's talk about a core principle, one that's highly debated amongst techies, and that is whether or not it's okay to use VLAN 1 as your management VLAN. In enterprise or large corporations, VLAN 1 is usually disabled for security reasons wherever possible. And if it can't be disabled, they usually set up a totally separate VLAN, something other than VLAN one, to manage their core infrastructure devices. However, in a home network setup, there is a smart balanced approach. If you choose to use VLAN one as your management VLAN, that means your routers, your switches, and your access points all live in that VLAN. No TVs, no computers, no smart devices. This keeps management traffic isolated and easy to maintain. And the best part is most network devices already come configured to use VLAN 1 for management by default. Here's a basic design layout I use when setting up most home networks, including my own. Okay, before we go any further, I have a question for you. Which VLAN do you think will have the most devices in your home? Let me know down in the comments. Okay, so let's get into VLIN 1 management. This is where your router, your switches, and your access points live. It's best practice to give these guys static IP address. That means IP addresses that do not change. This way you can find these devices easily on your network. That said, it's also a best practice to change VLAN 1 address scheme to something other than the default of 1 192.168.1.1 or 1 192.168.0.1. In addition to those devices, it is okay to put an admin computer on VLAN 1. However, just be sure to block everything off from talking to VLAN 1 using firewall rules. Now, if you want, you can put that admin computer on what's called a trusted network, which we're going to be talking about in a few minutes, and then you can just allow that computer and only that computer to talk to VLAN 1 using firewall rules. All right, so next, let's talk about the trusted network. This is your everyday functional network. It's where you put your PCs, your laptops, maybe a NAS device or server. It's where you do your everyday browsing, your editing, your backups, etc. Now, you can give the trusted network full access to the management network if you need to access your router switches or access points. Or like I said earlier, you can just block it completely from the management network and just allow one admin computer access via a firewall rule to talk to VLAN 1. All right. So, next let's move on to the IoT VLAN. A must-have VLAN in my opinion for any home network setup. In fact, it's a main reason why home network should use VLANs in the first place. Things like smart plugs, smart switches, thermostats, all these types of convenience devices talk to the internet constantly. You want to isolate them so that you can keep all that chatter off your network. And you never know how often the firmware is being updated. So there can be potential security risks. Now it's okay to give them internet access, but you definitely want to make sure that they cannot talk to the management and your trusted networks. And this could be accomplished simply by using firewall rules. Next up, the guest VLAN. This is a VLAN that has internet access only, and it's a place where you can put your friends, family, and overnight visitors on the network to use your Wi-Fi safely. Now, do you need to have a guest VLAN? I guess it could be optional. Definitely not as important or must have like the IoT VLAN. However, that decision is totally up to you. Listen, if you have a lot of guests, probably not a bad idea to have a guest VLAN. Actually, even if you don't have a lot of guests and you have family and friends come over and you need to let them use your Wi-Fi, put them on the guest VLAN. This way they're isolated from your trusted and your management VLAN. It's not that you don't trust your family or your friends, but you never know what devices are being brought onto your network that could be potential security risks. And finally, last but not least, the surveillance VLAN or as some know it as the camera VLAN. This is where you put your IP surveillance cameras and your NVR. The devices can all talk to each other within the VLAN. However, it is important to block this VLAN from the rest of your network. That way, in case a camera gets compromised, the rest of your devices on the rest of your network are secure. Now, some people, myself included, actually block the security cameras from accessing the internet so that they can't call, as we say, home. All right. So, putting it all together, following these suggestions, you get a secure management VLAN, you get a trusted network, an isolated IoT VLAN, a guest network for your visitors, and a surveillance VLAN for your cameras. It's clean, it's scalable, it's secure, and easy to manage. If this video got you thinking about your current VLAN setup or a future VLAN setup, let me know down in the comments below. If you like the video, please give it a thumbs up. Consider subscribing to the channel. And to see more of this in action, actually click this video on the screen. It's the first in my home networking series. Again, thank you so much for watching.