G'day :-)
SOHO situation. I have around 10 devices in my LAN. Some Synology servers, desktops, laptops, and HTPC's. I have just ordered a wireless access point, and since wireless might mean risk (I live next to a big shopping center which also provides free wireless, so people in there are used to using wireless networks - and some of the bad visitors over there will probably want to break into my LAN).
So basically I have two reasons for wanting to implement VLANs:
1. The security mentioned above; separate wireless (is some sort of way, I'll explain below) from wired LAN
2. Some sort of load balancing; I am a rather high profile downloader (a man's got to have a hobby :-)), and what I want to achieve is that my download server *automatically* eats up all the bandwith available *unless* my wife, or my kids, are using the internet for something; then I want the download server to *automatically* be restricted on the bandwith it gets, so wife and kids are not disturbed.
Now I have two problems, both actually caused by me not really being an 'IT-pro' in the sense that you all are, meaning: I don't know that much about VLANs and how to set it all up, and Google doesn't seem to be my friend these days in helping me find answers to my questions:
1. I have 3 separate devices that can all 'do' VLANs, and I don't know which one I should give the job to it:
A. My pfsense router; connected to my ISP's modem on the WAN-port, and connect on the LAN-port to my:
B. HP Procurve V1910 managed switch.
C. The new wireless access point I ordered (Ubiquity Unify-Pro)
2. I don;t understand how this should safely work in terms of the wireless:
- I don't want outsiders to be able to access my (wired) LAN (my servers, my desktops, my HTPC's)
- I DO want my wife and kids to be able to access the same (wired) LAN from their wireless desktops (for example: look up some information on the Synology data server).
So I am confused here:
- If I separate wired from wireless via a VLAN, wife and kids, when on the wireless, won't be able to access the Synology;
- If I don't separate them, 'hackers' in the nereby shopping mall might be able to get on my LAN (and, for example, 'just for fun', delete all the data on my Synology data server).
I would be *Most* grateful if somebody could set me in the right direction as to what to do:
- Which appliance to use for setting up the VLAN (or perhaps a combination?)
- How to avoid wife and kids to not be able to access the LAN-servers while on wireless, yet at the same preventing 'outside' hackers from doing what my wife/kids are allowed to do.
Again, I would be in debt for any clues :-)
Thank you very much for any replies,
Bye,