sean's place

Network Reorganization

(warning, below contains palpable geekery and some thinking aloud. proceed with caution)

As I become more network aware (filling in the blanks with my Cisco course), I’m starting to rethink how my network at home is structured. Specifically, these things concern me:

1. Uncontrolled devices. These are devices that need internet access but no resources on my private network, but live on my private network anyway. These devices include my Dish DVR, the Wii, the VoIP ATA, and “unknown” wireless clients (guests, et. al).
2. Internet-only public network hosts. So far, I only have 1 of these. It’s my backup name and mail server. It lives on the public internet (it has a public and routable IP) primarily and aside from a NFS mount to my file server, requires no private network access.

So far, I am making progress towards segregating these devices. I plan on creating 4 VLANs (I already have 3 of these setup):

1. The “red” network. My private network; my workstations and development servers go here.
2. The “green” network. This is the public internet-facing network.
3. The “yellow” network. This is a mirror for the “green” network and serves up content between “green” servers on a private subnet and away from prying eyes.
4. The “blue” network. This network is for uncontrolled devices. It lives in RFC1918 space and has access to the internet and to each other, but never the “red” network (exception in the next sentence). Conversely, the “red” network should be able to see and access the “blue” network for configuring devices on it.

I need a router with a relatively sophisticated packet filter to make the blue network possible. I’m thinking about picking up a late-model Cisco on eBay or something, so I can set this up and toy with IOS. We’ll see. I’d also like a wireless access point that’s intelligent enough to tag packets onto the “red” network from specific devices and onto the “blue” network otherwise. That might be wishful thinking.