Our home networks are become busier places. Working from home, more wi-fi enabled light bulbs and switches, home automation, tablets and smartphones all add to the complexity.
Shortly before the pandemic, I had upgrade my service to fibre and gigabit bandwidth. With the new service came a new modem/router, and a very dumbed-down management interface that provides minimal control over the network.
My previous service provider provided a modem/router that ran in bridged mode, so I was able to bypass their router and use my own router. The router has a very rich management interface, so I wanted to keep using it. It also wasn’t that old.
So looking at the devices on our home network, I was able to divide them up into 3 categories:
- work computers
- family computers, tablets, and phones
- home automation devices, Google Home or Mini’s, and a couple appliances
I wanted to set things up so that family computers couldn’t see or access anything else on our work computers, and also isolate the home automation, Google devices, and assorted wi-fi enabled light bulbs and switches from everything else.
One function my router was missing was the ability to create VLANs. I purchased a small Netgear managed gigabit switch to to do this. I connected one of the ethernet ports of the service providers router to the Netgear switch, and another ethernet cable from the provider router to my router.
Basically, I use the service provider router to provide a guest wifi network, and use it’s ethernet outputs to connect my own router and a managed switch. The managed switch provides 3 VLANs for work computers and our home automation hub. My router is configured so that our IoT devices operate within it’s guest network, and the rest of the router is use for family computers, printer and phones.
In Canada, we have access to an excellent DNS service, called Canadian Shield. It provides an additional layer of security for the family – and I have my router configured to use it.
Of course there are also the standard things needed to ensure your home network is secure:
- Make sure any default passwords have been changed on your router – and use STRONG PASSWORDS.
- Set your router to update it’s firmware automatically. Most manufacturers are pretty proactive to get their firmware updated as new threats and bugs are discovered. Make sure the manufacturer is proactive and providing timely updates – and if it isn’t, seriously consider purchasing a new one from a manufacturer that is proactive.