VLANs in the Home

So it’s been a few weeks of selling old video cards (and anything else I could scrounge) to reduce my clutter and to free up funds for my UniFi setup. I now have my 3 APs, and 3 UniFi switches. The icing on the cake is that I also pulled fiber between them, so now I have a really cool setup to play with. Further, my WiFi is noticeably better, especially when wandering around using FaceTime.  Now it’s time to implement my VLAN design.

Equipment

First, in case you’re wondering, here is what I ended up buying:

US-24-250W. 24 port POE switch. It’s in the basement as my backbone switch.

US-8-150W. 8 Port switch in my back room.

US-16-150W. 16 port switch in my attic.

4 GTek SFP Fiber Transceivers. These plugged right into the switches, were immediately recognized, and give 1GB fiber links. Only the 48 port switches support SFP+ for 10GB links, sadly. Two of the transceivers are in the 24 port hub, and one each in the other two.

2 25 Meter LC to LC Multimode Fiber Optic Cables.  They plugged right in.

This combination worked for me, and with it I was up and running after all my ebay sales closed.

UniFi has an awesome topology visualizer, so my network looks like:

My Network Map
My Network Map

It’s pretty cool. And really easy to set up. The UniFi interface is really intuitive, and I didn’t have to google anything. Until I tried to experiment with VLANs, that is…

Here There Be Tigers…

I admit it – I was spoiled by my old D-Link switch, which has a quirky, but safe, VLAN implementation. By default, you can create isolated VLANS – effectively partitioning your switch into mini-switches. I use an HDMI over IP solution,  which works really well, except I’m pretty sure the transmitter is just multicasting its signal. Therefore, when I plugged it into my old switch, the switch basically stopped due to either flooding or resource exhaustion.

With the D-Link VLAN, I was able to create a ‘symmetric’ VLAN, assign it to ports, and it just worked. Effectively, in this model, each port is assigned to one VLAN, and not multiple, thus creating separate switches. All my HDMI equipment was on one VLAN, completely separated from the main network.

‘Real’ VLANs are different. The principle is this:

Each network frame has a place for a VLAN tag. A piece of equipment, like an Access Point, can tag frames for a VLAN. Also, a port can tag untagged frames that come in to it. And finally, the switch can set any port to let any tags through it to equipment plugged into it. This is an ‘asymmetric’ VLAN, since data coming into a port and data leaving through a port can have different VLAN rules. You can create unholy networks with it, and you can also lock yourself out of your network. Which I did. Repeatedly.

What to do When you Make a Mistake

UniFi is ‘Software-Defined Networking’ or SDN. The great thing is that the controller software knows your configuration, and you can reset your configuration pretty easily if you take certain precautions.

I’ll go over the design details in my next post, but here is how I built my safety net:

The first thing I managed to do was prevent most traffic from accessing the controller by assigning it to only one VLAN that nothing used. That rendered my controller inaccessible, since my PC’s traffic wasn’t tagged to the VLAN that the controller was on.

So I brought down a backup un-managed switch, plugged the controller, firewall, the new switches, and my laptop into it, and was able to access the controller again. Then I made my changes and saved them, but it didn’t do anything. The final step was to factory-reset my switches, then re-adopt them. And that restored them quickly to a working configuration.

A backup switch was invaluable to me for this task. The UniFi system is very forgiving this way. Once I got the gist of this, I was able to fix problems pretty quickly by fixing the controller and resetting the switches.

I would also recommend doing this sort of stuff when your children are not home, since kids these days are the canaries in the coal mine for internet outages. Within one minute of doing this, I hear ‘Daaaaaaddddy! Skip to my blue isn’t working!’. My daughter’s first YouTube video was an animation of Shimmer and Shine (don’t ask) dancing to the children’s song ‘Skip to my lou’. Because of this, she thinks anything on YouTube is called ‘Skip to my blue’.

So: VLAN lesson #1: Have a spare switch standing by. Very important.

Next time: designing and setting up the VLANs.

What I’m listening to as I do this:

Kool G Rap and DJ Polo’s Road to the Riches, on Vinyl.  It’s super hard to find, I suspect because of sample clearance issues. So I got an import vinyl, and it’s a great old-school hip-hop album. I randomly heard ‘Road to the Riches’ on Pandora, and realized I needed this album.