This is an issue that might have been addressed in prior KnowHow episodes, but I need a refresher

[G+_Joel G. J]

This is an issue that might have been addressed in prior KnowHow episodes, but I need a refresher.

 

Would the best case for this setup be a VLan or is there an alternative?

 

I am getting a new router and I want to mitigate slowdowns on devices that are connected to the wireless {Media devices such as Chromecast, Streaming devices & Smart TVs}. I also want to allow temporary guest access to these devices. What is the best route forward.

 

Also want some general tips on what space should I reserve for static IP addresses. Our house does not have Ethernet, so most of the media devices are connected via WiFi.

[G+_Marco van Laerhoven]

Vlans provide for a way to split-up your lan. The use of a vlan will allow you to reduce traffic within the network segment but at the same time it creates separation ... only devices in the same segment can freely communicate, the other traffic needs to be routed. You need to decide which you prefer.

 

Usually Chromecast traffic is restricted to one (v)lan but you can setup your router to forward the traffic to other segments. This allows you to define firewall rules to specify which device has access to the Chromecast

[G+_Travis Hershberger]

Frankly, wireless VLANs make no sense for security. Wireless security depends on WPA2 (which is a whole other topic in itself.)

 

If the goal is to put devices on different networks, then that is what a VLAN is for.

 

With a wireless receiver, I can look at everything being transmitted. Which is why any security starts and stops with encryption.

[G+_Marco van Laerhoven]

Travis Hershberger Hmm, I'm not sure I share your view it doesn't make sense to use them in WiFi. I do agree it's not security by itself, but it allows us to force routing and also separately encrypted networks even over WiFi.

[G+_Travis Hershberger]

Marco van Laerhoven Remember that the VLAN is just a header tag. Without additional physical security, I can easily mangle packets to contain a different VLAN tag. It's not a view, it's just how the system works.

[G+_Marco van Laerhoven]

Yes, you've got point there. So you may be able to see the frames at layer 2. That's similar to the traffic on a trunk port on wired lan, you would be able to see ask traffic too. But the data in layer 3 is still encrypted under wpa2, using different keys across SSID (each vlan had its own SSID).