To VLAN or not to VLAN - that is the question

I love VLANS. I only have 5: MGMT, secure, IoT, guest, and WireGuard. It’s a small home network but being able to separate and set access rules like this is great.

Clever title. I'm not currently using VLANs at home, but it's a project that I've wanted to undertake for quite some time. At the library, we use VLANs to keep the "Staff" traffic and the "Public" traffic separated.

No second guesses... always use VLAN's. I have a UDM-Pro and the the Pro-24 switch. I currently have 9 VLAN's setup. LAN, Admin, Printers, Guest, IoT, Cameras, Media Center, VPN, WebPage. Slowly getting them all set up with desired rules. A lot of Trial and Error, but I eventually will get them all the way I want them. Good video!

A video on vlans and home automation would be interesting. Let’s say a home with cameras, lighting, heating, blinds, smart tv, computers etc. How do you keep it all secure but make Automation still work

Thanks Willie! I would love to see more videos on vlans.

My two kids have such a hard time sharing I gave them each their own VLAN. 😀
I have had many VLAN's in my home/homelab and I have had as few as possible. Right now I am sitting at 6 VLAN's total looking at Unifi "Networks" listing. The one VLAN I have needed to add is an IoT network for things like smart switches and wifi LED lights and the like.

Always to VLAN.

I love VLans! In my industry Vlan's are important. Separating the clients devices, the "home automation" system and IoT devices is a must. I have reduced down default network to either /29 or /28 with GS because you can't turn off that network.

Thank you for defining what you consider to be IoT devices. I have the same definition. Some folks get too carried away and think (for example) their mobile phone and such are IoT, then come out looking for help asking why they can't (again, for example) chromecast to their TV, whatever.

Always vlan unless you just need an ultra simple flat lan. Good video man bout to check it out!

As a point of clarification, VLANs are a Layer 2 (MAC address) concept that exists inside a switch and, by definition ,have no relation to IP addresses, which is a Layer 3 routing concept. Systems like UniFi make it all too easy to simultaneously setup both the Layer 2 VLAN *and* the Layer 3 DHCP/routing config for devices connected to that particular VLAN. Such ease of configuration can blur the lines between the two concepts.
This means you can also setup a “raw” VLAN that has no Layer 3 IP routing whatsoever. The ports assigned to such a VLAN basically function together as a virtual unmanaged switch. This can come in handy when you need, say, a 4-port unmanaged switch and you have some otherwise unused RJ45 and/or SFP ports on your USW-48.

Reduced broadcast domain, which improves network organization, performance, growth, and expanded capabilities.

Every room should have a vlan, and all the fridges should have a vlan, even the Puppy should have one :). Good video Sir.

I would say that VLANs should be implemented when there is a *need* since they add complexity to a physical network that must be managed. So, as you mentioned, in the case of a VoIP setup, one should use a dedicated VLAN to segregate VoIP from LAN traffic, thus improving VoIP quality. Another need would be security if, say, one wants to make camera traffic inaccessible from the main LAN. I would not implement VLANs just because they are nifty but because there is a genuine need or substantial benefit (as when a subnet is too busy).

An added level of home network security. The security cameras, kids, IoT devices (smart lights, switches, streaming device, etc) must keep separate from the home management network.

I would be interested to know more if there are any performance issues we should be aware of using VLANs, (UDM-Pro user)

Great video thank you

I use vlans both at home and work. Work is pretty obvious (separate corp traffic from guest, IOT, management, DMZ, etc). If your business has more then a few employee's, I dont see how you could effectively operate a network without vlans, especially if you are using VOIP for your primary phone system. For home, I have all IOT devices of any kind on one network, separated from my home and guest wifi, I also have all gaming devices on their own vlan as well, just to keep any potential risk, limited to those devices.

I have tried vlans and had issues, but that is probably a me issue. I'm trying to separate my home network (personal, iot, work, etc).

From Alpha to Charlie ? (lol)
Target at the back ?

I think if the process of making a vlan was demystified and more clear, it would make more sense overall to people. I never cared about vlans until I needed to but that was when I had a small business network. Once we kept growing yea your going to need a vlan at a minimum. Eventually you’ll need 5-10 vlans.

VRF for the win.

Do you plan on doing a video on the new ACL feature? Would love to see if you've done this in production yet.

Hey good morning buddy

No thats not the question ,, always vlan!

The analogy is instead of a house where all occupants live in one room, we would have some living in one room while others in other rooms. These rooms are VLANs. However, the doors between these rooms can still be opened from both sides, allowing everyone to freely move from one room to the others. Therefore VLANs by default are not secured by any means. In a network, I can ping another computer from one VLAN to the other. Ping is a good test of this permeability. To secure VLANs, I have to set up firewall rules for them. Back to the analogy of rooms, I can erect speciality doors where some doors cannot be opened from ether side or a one way door like those in a cockroach traps that allow the critters in but they cannot leave. The directionality of the doors are the egress and ingress rules of the firewall. I can even modularize the firewall rules by allowing specific devices in 1 VLAN to reach another VLAN, but not others in the same VLAN based on the device’s MAC. Basically setting up VLANs is just the start. To make them functional and useful, we need firewall rules.

To Be or Not to Be in a VLAN, that's the question