SecCon
Occasional Visitor
So I am in no way new to networking, I have built my own Cat6 network, pulled my own cables, connected my own patch panels and all that. My equipment is pretty good with EdgeMax 6P Router, EdgeMax Switch and all my fixed devices connected to those via wall sockets I installed myself and everything checks out. The Wifi goes via an AirCube, also Ubiquiti. Got a friend who works as network installation engineer and does these things for a living and got thumbs up from him while doing it.
That's the physical part.
I have a few servers, one running Ubiquiti UISP for an overall looksie and other stuff like a couple of workstations. My main File share is on a standalone Windows Server with 14 TB on it, and its backed up to a NAS on a different location.
Everything runs on 192.168.1.1-255. I have some static mappings for my NAS and the servers and the UISP, but that is about it, oh and the printer and the IP phone line. Everything runs the same network segment. All the static mapping is done on the Router via entries in the DHCP table. All in all we are talking about some 50 devices, laptops, desktops, tablets, smartphones, a TV and an IP phone. Most runs Windows and Android except for some Ipads and iPhones we got from work. One ubuntu running the UISP in Docker.
So why do I post? I seem to have a working network and happy with that.
Well I post because I see all these recommendations about creating sub nets and vlans and what not. I read up a bit yet see no real reason why. Sure, in a complex network you may want to do load balancing and sort out segments per locations and direct one type of devices one way and other types of devices other ways, and of course keeping some sensitive stuff off the web. Separating Wifi from Lan, even separating IP telephony and direct it via its own sub net with optimizations for their protocols and even putting the Aqara Smart Home sensors on its on vLan, becasue they are made in China and you "need to keep them off the internet becasue otherwise they will hack you and give the Chinese or NSA another botfarm" and stuff like that.
So summing up the questions: Is my take on this terribly wrong and what should I do instead and , most importantly, why?
That's the physical part.
I have a few servers, one running Ubiquiti UISP for an overall looksie and other stuff like a couple of workstations. My main File share is on a standalone Windows Server with 14 TB on it, and its backed up to a NAS on a different location.
Everything runs on 192.168.1.1-255. I have some static mappings for my NAS and the servers and the UISP, but that is about it, oh and the printer and the IP phone line. Everything runs the same network segment. All the static mapping is done on the Router via entries in the DHCP table. All in all we are talking about some 50 devices, laptops, desktops, tablets, smartphones, a TV and an IP phone. Most runs Windows and Android except for some Ipads and iPhones we got from work. One ubuntu running the UISP in Docker.
So why do I post? I seem to have a working network and happy with that.
Well I post because I see all these recommendations about creating sub nets and vlans and what not. I read up a bit yet see no real reason why. Sure, in a complex network you may want to do load balancing and sort out segments per locations and direct one type of devices one way and other types of devices other ways, and of course keeping some sensitive stuff off the web. Separating Wifi from Lan, even separating IP telephony and direct it via its own sub net with optimizations for their protocols and even putting the Aqara Smart Home sensors on its on vLan, becasue they are made in China and you "need to keep them off the internet becasue otherwise they will hack you and give the Chinese or NSA another botfarm" and stuff like that.
So summing up the questions: Is my take on this terribly wrong and what should I do instead and , most importantly, why?