VLAN's - Do I need one?

The #1 community for Gun Owners of the Northeast

Member Benefits:

  • No ad networks!
  • Discuss all aspects of firearm ownership
  • Discuss anti-gun legislation
  • Buy, sell, and trade in the classified section
  • Chat with Local gun shops, ranges, trainers & other businesses
  • Discover free outdoor shooting areas
  • View up to date on firearm-related events
  • Share photos & video with other members
  • ...and so much more!
  • Huuman

    Active Member
    Jul 20, 2019
    151
    You dont NEED vlan at home. But you can, let you segregate the difference appliances and devices in your house. Maximize speed, this is due to frequency settings. You are as fast as your weakness device, remember that.
     

    Sarguy7777

    Kwitcherbitchin
    Feb 26, 2012
    29
    Odenton
    I'm going to assume that you're referring to a VPN, but I'll address both.

    Definitions (For non cyber peeps):

    VLAN - Think of this like a separate home network so your devices are segregated on your network. Typically by default, all of your connected wifi devices (i.e. phones, tablets, computers, smart TVs, video doorbells, etc) can "see" each other, and potentially talk to each other on your home network. A VLAN is like putting your kids in separate rooms of the house so they can't see or talk to each other, each with their own exit door for the house so they can come/go without interaction. Default home router setups look like a big shared room that everyone stays in together. A network with VLANs looks more like a motel, where the devices can't see/talk to each other, and can each leave the premises through their own exit door.

    VPN - This is like having a secret underground tunnel that leaves your house and drops you out at the other end of town, to prevent people that may be watching your front door from seeing you come/go from your residence. Instead of your Internet traffic coming straight from your ISP (Verizon/Xfinity/whatever) servers.


    Here's the reasons for each:

    VLANs may be good to keep devices that may have less built in security features that you connect to your network (security cameras, smart refrigerators, IOT devices) from "seeing" your devices that you do your banking from, or type your SSN into.

    VPNs may be good for any scenario where you are unsure of how secure the network may be. I.e. hotel wifi, Starbucks, airport, Lowes, etc. The function here is that anything on the network would not see anything except your encrypted (assuming a high quality VPN service) VPN connection which would look like garbage to an attacker. Another reason some people like VPNs is to have their connection appear to originate from another county so they can watch Netflix shows not available on the U.S.


    Do you need it to be "safe" on the Internet? Here's a couple of common ways that you can get malware or have your precious data stolen:

    1. You click on a shady link or video in facespace or wherever that takes you to a different website, and your browser gets owned, and malware gets on your computer (neither protect you here)
    2. You open a shady attachment in an email and malware gets on your computer (neither protect you here)
    3. You connect to open wifi hotspot at hotel/airport/Starbucks/etc and there is an attacker actively sitting on the network, trying to exploit you, and they trick you into entering your information into their fake website that looks like a real one. (a reputable VPN protects you here)

    TBH, the only real need for a VPN is while traveling or connecting to wifi out in town. If you stay off of free wifi then you really don't need one. If you're worried about advertiser tracking and ad blocking (which I don't care about, it feels like cork sniffing to me). I do have paid VPN service for when I connect to wifi that's not mine or a friend's. It's especially handy for things like BLACKHAT/DEFCON.

    Do I VLAN? Nope, no need. It's extra hassle with no benefit. <shrugs>
     

    ToolAA

    Ultimate Member
    MDS Supporter
    Jun 17, 2016
    10,499
    God's Country
    Yeah - 4th post I clarified VPN...

    Thanks for the input though..

    Well for some reason I never read the 4th post. I didn't even know what a VLAN , when your first posted. Then I looked it up and decided that I should separate some of our network stuff. So thanks for posing the question, even if it wasn't the question you meant to ask. I learned something.

    Now I'm curious did you actually decide to get a VPN service? if so which one did you go with?
     

    Sarguy7777

    Kwitcherbitchin
    Feb 26, 2012
    29
    Odenton
    Well for some reason I never read the 4th post. I didn't even know what a VLAN , when your first posted. Then I looked it up and decided that I should separate some of our network stuff. So thanks for posing the question, even if it wasn't the question you meant to ask. I learned something.

    Now I'm curious did you actually decide to get a VPN service? if so which one did you go with?

    I use NordVPN personally, but there are plenty of great options.

    Here's a link to pros/cons of some highly rated choices:

    https://www.tomsguide.com/best-picks/best-vpn
     
    Last edited:

    babalou

    Ultimate Member
    MDS Supporter
    Aug 12, 2013
    16,019
    Glenelg
    Haha! I was trying to get my head around what your setup at the house must look like to need VLANs and MPLS!!!
    lololol... Actually, I do VLAN my wifi. Also, my wifi is on a different zone anyway but I have two vVLAN wifi- one for fam that can do certain more things and one for family and friends that come over. Since my youngest uses chromecast, she is on a separate wifi vlan since you need to open up things
     

    noloader

    Jeff Not G
    MDS Supporter
    Apr 3, 2022
    101
    Pasadena, MD
    I do VLAN my wifi. Also, my wifi is on a different zone anyway but I have two vVLAN wifi- one for family that can do certain more things and one for family and friends that come over. Since my youngest uses chromecast, she is on a separate wifi vlan since you need to open up things
    The network segregation is probably a good idea.

    I use a Protectli running pfSense. It does traffic shaping and VLAN tagging but I'm too lazy to turn it on. I should probably use VLAN tagging to enforce policies down at layer 2.
     

    babalou

    Ultimate Member
    MDS Supporter
    Aug 12, 2013
    16,019
    Glenelg
    The network segregation is probably a good idea.

    I use a Protectli running pfSense. It does traffic shaping and VLAN tagging but I'm too lazy to turn it on. I should probably use VLAN tagging to enforce policies down at layer 2.
    pfsense is pretty good. I am Sonicwall certified since like early 2000's. I have a nice one at home and APs. I use that and forced Comcrap to make my router bridge mode. Eff double NAT. I can shape on my firewall if I want but I do not care about uploading speeds like people do for after hours. Either layer 2 it using the tagging or like me a hybrid setup- mostly for the wifi.

    Example for some smaller clients where wifi they use laptops from home to access RDGateways but the public does not. etc. Or, if tons of money, set up ISE and anywhere client or whatever and vlan dhcp subnets and fixed IP subnets. I am not saying I may have done some of that at my house. hahaha.

    I have worked on pleanty od watchguards- sux and swalls and cisco and fortinets. we replaced a lot of our cisco stuff at work with fortinets, siems, and aruba 80GB port switches. our internet BGP is 10Gb.
     

    Alan3413

    Ultimate Member
    Mar 4, 2013
    16,922
    I use a bunch of vlans to segregate traffic that shouldn't be on the same network.

    Management traffic (what you use to configure your routers, switches, APs, etc) should always be on its own vlan.

    Then

    Admin VPN
    User VPN
    User wired network
    User WiFi
    Guest WiFi
    Work WiFi (not trusting any laptop I don't control)
    Cloud based IoT devices (Roomba and whatnot)
    Local control IoT devices (Raspberry Pis driving relays)
    VoIP devices
    Media devices (Roku, AppleTV)
    Security cameras
    Home security system

    Most categories have no need to talk to each other. Some have no reason to go out to the Internet. VLANs give you fine control when they're used with a router with a rule based firewall.
     
    Last edited:

    TheBert

    The Member
    MDS Supporter
    Aug 10, 2013
    7,687
    Gaithersburg, Maryland
    I use a bunch of vlans to segregate traffic that shouldn't be on the same network.

    Management traffic (what you use to configure your routers, switches, APs, etc) should always be on its own vlan.

    Then

    Admin VPN
    User VPN
    User wired network
    User WiFi
    Guest WiFi
    Work WiFi (not trusting any laptop I don't control)
    Cloud based IoT devices (Roomba and whatnot)
    Local control IoT devices (Raspberry Pis driving relays)
    VoIP devices
    Media devices (Roku, AppleTV)
    Security cameras
    Home security system

    Most categories have no need to talk to each other. Some have no reason to go out to the Internet. VLANs give you fine control when they're used with a router with a rule based firewall.

    You do realize that the Roomba maps out your house and records what you have an sends it to the local criminals.
     

    Alan3413

    Ultimate Member
    Mar 4, 2013
    16,922
    You do realize that the Roomba maps out your house and records what you have an sends it to the local criminals.
    Yes, I fake the gps location on my phone when pairing, so the Roomba thinks that's the White House it's mapping.
     

    hobiecat590

    Ultimate Member
    MDS Supporter
    Feb 2, 2016
    2,434
    I've used Nord and Nortion VPNs. If Comcast is your ISP, then Norton is free. Both Nord and Norton VPN servers are frequently flagged by email servers and finincial institutions. Nord was much worse in this regard. When your VPN server gets flagged, email send mode won't work and you will not be able to login to some sights like BoA, etc. The solution is to disconnect from the VPN, login to the site blocking your access, then "turn on" the VPN again once you are done. This is a major PITA and why I gave up on Nord. If any of you have a VPN where this issue is not an issue, I'd love to hear about it.
     

    Antarctica

    YEEEEEHAWWW!!!!
    MDS Supporter
    Sep 29, 2012
    1,728
    Southern Anne Arundel
    Your friend has probably drank the marketing kool-aide.

    Note that VPNs are probably not as secure as you think. Also see vpn provider turns over logs.

    What problem are you trying to solve?

    Anonymity, being tracked by everything.

    I've never done anything yet, because its not clear to me (as you also point out) that paying for anonymity actually gets my anonymity, and I really find hate paying for any type of recurring 'service'.
     

    Users who are viewing this thread

    Latest posts

    Forum statistics

    Threads
    274,921
    Messages
    7,259,041
    Members
    33,349
    Latest member
    christian04

    Latest threads

    Top Bottom