guide for setting up home network with a managed switch

[rangor gubbins]

Anyone know of any good, and easy to follow for non-It professionals, guides/books/websites for setting up a slightly above basic home network with a managed switch.

I'm looking for some guidance on how to set up our home network. the structure looks like this:

lte modem with 4G sim card -> router (Teltonika RUT950) -> Zyxel GS1900 managed switch -> devices around the house (PCs, media centre, R-Pis, etc.) and WiFI APs (not yet bought).

I'm a novice at this stuff and never used a managed switch before. There are a few things I'm not clear on.

1. What can or should i set the switch's IP address to be.
2. Should the LAN IP allocation be static or DHCP? Can i have both? Static for permanent devices, and dynamic for guest devices connecting by wifi?
3. How do i link the LAN to the WAN, or how do connect and setup the switch to the router?
4. I'd like to set up at least 2 vlans. One vlan I'd like to be accessible via wifi, and one vlan only via the LAN, but I'm not entirely sure how to do this.
5. what security or 'good house keeping' stuff should i do?
6. I don't have the APs yet. Any suggestions of what to get. I think 1 or 2 would be enough. Don't want to spend lots of money. The switch is not PoE but i guess i could add a couple of injectors or (more likely) just power the APs conventionally.

All this networking stuff is a bit daunting so a beginners guide would be great but i can't find one that is simple enough for me to follow but also covers everything (i think) i want to do.

 

[WJA96]

This pretty much redefines steep learning curve! The Teltonika has every possible option exposed to the user, so be VERY careful what you adjust. It’s very easy to put a 1 or a 0 in a box and FUBAR the entire network. And I doubt very many folks on here know anything about Zyxel managed switches, so you’ll need to figure it out from the manual most likely.

Before you do anything else, disconnect the switch from the router, turn it off and then back on again.

1. For what are probably really good reasons, Zyxel have set the default IP address of the switch to be 192.168.1.1, which is the same as the default IP address on the RUT950, so plug your computer directly into the switch and go to IP v4 configuration and give the switch the IP address of 192.168.1.2 with a subnet mask of 255.255.255.0 and a default gateway of 192.168.1.1. Everything else you can leave as it is.
2. Static or fixed IP addresses is a bit of a personal preference thing. Some people like to put things like printers on static IP addresses and it can help in some situations. Others think that DHCP is the best option because the DHCP server (usually in the router) should always be on top of where everything is on the network anyway. In the LAN tab on the RUT950 you can set the DHCP range" By default the RUT950 gives itself 192.168.1.1 with a 255.255.255.0 subnet mask. That means the router can see any IP address from 192.168.1.0 to 192.168.1.255 but obviously .0 and .255 are reserved so your practical IP address range is .1 to .254. In the LAN tab, enter a start address where you want your DHCP range to start e.g. 50 and the number of DHCP addresses it can issue (254-50 = 204 in my example). You can then give your individual fixed IP address devices any IP address from 192.168.1.2 to 192.168.49 and the DHCP server cannot issue those addresses to anything else.
3. The WAN interface in your case is built-in to the RUT950. Its the internal route inside the RUT950 that gives the data from the SIM card to the LAN interface on the RUT950. So by default, it’s already connected.
4. You will need to set the VLANs on the RUT950 so maybe your WiFi VLAN would be 20 and your wired VLAN would be 30. The numbers are irrelevant, you’re just giving the router a tag for each VLAN. Then, in the switch interface you tell it which ports are on which VLAN. So maybe your first access point is on port 1 of the switch so port 1 is on VLAN 20. Your wired clients might be on ports 2, 3, 4 and 5 so they would all go on VLAN 30. At this point, you will need to access the management interface on the switch, so you will need to log into it via it’s IP address. From the Zyxel manual it seems to work in a standard way ie. you give a port a VLAN. Bear in mind that unless you have a specific use-case for them, VLANs are pointless. They are NOT a security mechanism and if you use them as such you are wide open to any VLAN exploits (and there are a couple).
5. Just leave all the security settings on the RUT950 at default. It’s pretty safe out of the box. Don’t turn off NAT in the WAN. You might want to later on, but for now, leave it on.
6. Ubiquiti UniFi seem to be the flavour of the month as regards access points but you could use anything really.

 

[rangor gubbins]

Hi WJA96, that is an awesome reply, thanks for taking the time to reply with so much info. It certainly clears up a lot of the bits i was unsure of. I should have time in the next couple of days to connect the parts up. I may be back if i get stuck!

Have a great new year's eve