Hey all, I’m looking to tighten up my home network by implementing some network segregation. I’m in the process of setting up a new OPNSense firewall and the plan currently is the following networks and vlans which will be setup.on my OPNSense and D-Link 1100 V2 series switch. Management - 10 LAN - 20 Server - 30 Docker - 40 Video - 50 GoogleHome - 60 SmartHome - 70 Guest - 80

I’ve got lots of experience with vlans but not so much with not using the native vlan for LAN or separating management from native vlan/LAN.

I’m thinking of separating Google Home devices from Chinese smart plugs etc. as the Google Home devices I consider more trust worthy and I’ll also want to be able to cast to them and allow them to access my Plex instance while other smart home devices will just need internet.

The Server and Docker vlans I’m less sure about, I haven’t really got straight in my head whether I need to separate any of them and or put them on the LAN etc or if I’m going to have a nightmare with dockers on different vlans all sharing the same hardware and shares. I’m running an unraid NAS with a Windows VM running Blue iris for my cameras and veaam 365 backup as well as a bunch of dockers: Sabnzbd ***arr Plex Swag Guacamole postfix SMTP relay Paperless Unifi management

For management I’m thinking of just putting my Windows VM on there with the firewall, switch, wifi etc. It is running on my Unraid NAS and also runs Blue iris for my cameras which will complicate it and might mean I need to bridge some networks with multiple NICs on the windows VM though so maybe best to run up another dedicated vm?

Wi-Fi is via 4 unifi APs, mixture of Pro and Lite, will need atleast 5 SSIDs I think - LAN, Guest, GoogleHome, SmartHome, Video. Not sure how to go about naming them, feel like I need to name them clearly to keep them straight but makes it more obvious which to target as well right?

I’ve got 4 Ethernet ports on my firewall so I’m also planning on using 1 for WAN and 3 combined in a LAGG to run all the vlans over, haven’t done that before with a firewall but seems sensible.

Anywqy I think that’s probably quite enough for one post, would love to hear if anyone has any thoughts on issues I might encounter, stumbling points or any improvements to suggest?