The secure, upscale network in the single-family house

Hello everyone,

I am currently thinking about how we will implement the network in our house. In this context, I thought it would be nice if some of you share how you have individually implemented the advanced network. I am an IT professional myself, but my focus lies elsewhere. Nevertheless, feel free to get technical; I assume I will understand you.

I am interested in:
- how you have segmented your networks
- which devices you use (manufacturer independent)
- which devices (manufacturer independent) you have together in which network and why
- which networks you allow to communicate with each other
- how you have implemented external access, if desired
- do you possibly have a DMZ
- what do you consider a "must have" and what a "nice to have"

@rick2018 [USER=46794] and @Mycraft [USER=19382] will certainly have quite a few ideas...

They are certainly predestined. But there are more. Superzapp, and the good colleague whose name I can't remember right now. Sorry ops:

There are certainly many who can write more about this and may also be professionally involved with it. You are aware that you will be far outside an all-in-one box (like a Fritzbox), right? "Upscale" is also relative. Unifi is just clicky-colorful and you have centralized management. They are great value for money with APs. If you are willing to invest more time, Mikrotik routers, PFsense, etc. are certainly an alternative. HP and Cisco are luxury. The new Unifi also have augmented reality. I am not from the industry. For me, the fairly good ease of use combined with the possibilities was decisive. I can live with the limitations. I also don't want to have to hire an administrator for my network.

Regarding your questions:
- Networks are divided into management (all network devices such as switches, APs, Cloudkey...), cameras, home automation, security, IoT, home network (productive network), guest, outdoor, VPN. If we had children or it was necessary for work, I would separate more for these applications.

- Devices are cable modem, 10GB router, 10GB switch, 2 x POE switch (48-port), 1 x switch (48-port), APs, cameras, NAS...

- I have a fairly large NAS plus expansion card. Thus, it is connected to different networks. Depending on the network, only certain services are provided. The printer is available in the home and guest network. TVs, smart speakers, robot vacuum cleaners, kitchen appliances, charging station, mailbox, etc. go into the IoT network. All components of home automation are together in one network. Likewise cameras.

- Only my three devices (laptop, phone, and tablet) have full access to the other networks. Otherwise, they are separate. Home server gets access to the camera streams. Phones to the IoT network. "Normal access" to the cameras is via the NAS.

- External access via VPN (on the router). Only two port openings with non-critical services.

- Currently, I am running a DMZ. However, this is due to the current situation with my temporary network. Later it will be switched to a router.

- Must-have: sufficient LAN sockets and APs. Nice-to-have: cameras, home automation

What exactly do your requirements look like? What do you want to operate in your network? If it’s just about some surfing/streaming + printer + NAS, honestly, I wouldn’t know why you should make it so complicated. I’m an IT professional too, but at home it’s nice when things just work and you don’t have to configure much.

Ubiquity recently has the UniFi Dream Machine Pro in its range. It has many useful features at a very good price.