Audio network separated from home network

Anyone with scenarios made or thinking of ?

I’m in the game now, basic idea to add VLAN in home network, under the aim to separate audio components from rest of my home network.
As my basic AVM Fritzbox 6690cable cannot register VLAN’s i started using “Guest LAN” for my audio components, which main source is RS130 via fibre and SoTM switches.
On my living room access point i registered Guest WLAN as well, so i reach RS130 through Rose One app.
This scenario is a first step generating more silence on LAN.
Believe to go further with i.e. Unifi Internet Gateway Fiber / Unifi access for real VLAN.

What do you made / think ?

Not really a good idea.

You said your goal was to 'generating more silence on the LAN.

What makes you think you have a lot of ‘noise’ on your home network?
Assuming when you said noise, you meant traffic.
(You really don’t have a lot of traffic)

The simplest solution is to buy a 10GbE switch and call it a day.
The potential choke point would be that your switch doesn’t have enough fabric.
And this assumes that you have a lot of traffic. Several orders of magnitude that you would have in a normal home.

Now you could create a different sub net and then turn a pc into a gateway and then put all of your audio connections on the subnet switch. But again… this is really overkill.

separating traffic like this is a best practice in networking. good move.

No, its not.

You don’t have enough bandwidth to saturate a ToR switch.
If you did, the first thing to do is to look at the fabric in the switch.
Then if you want to isolate it… you can create a subnet, then put a PC w two NICs in as a gateway which will isolate the traffic and then use two different switches. That would be the fastest ways to do it. Also cheaper than buying a managed switch capable of implementing a proper vlan.

Again… show me why you think you’re pushing the limits on your switch’s fabric.

You are incorrect in your assumption, that’s not what he wants to do. He simply wants to: “aim to separate audio components from rest of my home network”

He never mentioned “choke point” or “saturating”. He simply wants to segregate the audio traffic from everything else. THAT is a best practice, and not only for audio.

His instincts are spot-on, and I know this from a network and security level of expertise I am certain you are not at. Why do I say that? You made an assumption about the limits of the fabric …but you didn’t actually think about what he said. Listen more, leap less.

Yes indeed, i want to segregate my audio traffic from 2 or more smartphones, tablets, notebooks, PC, units in my kitchen etc. When i get visited even more smartphones/components reach my home network.

Well, i am a bit familiar onto network and VLAN architecture, due to my job and i’m lucky having an Cisco certified engineer in my family: Sometimes funny and not always easy to follow him, but let me point out we are here in this forum about our audio hobby…, some of us get triggered from compontens, cables etc. which brings fun and confidence.

Here a german report from a nice guy, who reports from audio aspects and personally experience, he call it “The most subjective reports in the net”, with a wink from a high end dealer.

Like his style.

But what do you want to segregate them for? If it is for any SQ improvements, it won’t do anything at all. If for security reasons, when you have streamers with internet access but not necessarily developed following any security best practices it makes a lot of sense. With a Cisco engineer in the family it should be quite doable. Make sure you pay attention to the needs of whatever software you are using (e.g. Roon is a pain to set up to work across VLANs).

Exactly. (Weird that we agree)

Segregation for segregation sake… makes no logical sense.
The only reason you would do this is if you have saturated your network.
@vicweast this is why I talked about network saturation.

Security? You’re already within your 4 walls and again there is no logical reason for security.
And the OP never said anything about this…

Totally brain dead.

Its not a question of doable. It is.
Its a question of why and expense.

Ok,
What you want to do is a bit brain dead.
Let me explain why…

You have two issues.
Wired and Wireless.

In terms of segmenting your wireless network… its simple. You just use separate SSIDs.
Now the devices on one SSID can’t see the devices on the other SSID.
You do this when you want to segment your home from your guests.

Then there’s the wired network.
You can buy a more expensive managed switch that offers VLAN capability.
Or you can segment your network via a PC/Router and two switches.

But here’s the rub.
You want to use airplay, or spotify connect, tidal connect, etc …
You can’t unless your iPhone or PC is on the same network.

So what do you actually gain from segmenting your network?

It would be one thing if you wanted to segment your security cameras and home alarm system from the rest of your home, but here, you’re talking about segmenting your audio.

Which means your audio will not be accessible by your PC, iPad, iPhone, TV because they are on a separate network. (VLAN)
This kind of defeats the purpose unless you’re going to have a dedicated TV,iPad, PC or other connected device on that VLAN.

So what is the point?

Now its one thing to segment your wireless traffic between home and guest.
Its another want to segment your audio network because it is interconnected with the rest of your home.

Odd, innit?!

And unless one still uses hubs from year 1990, logical segmentation won’t help much here anyway. Even with consumer level 1Gb switches it is quite difficult to saturate a network, unless one is pushing multichannel DSD files to multiple devices or something like that.

It is a common recommendation to try to isolate IoT devices from the main network as they tend to have more security holes than unpatched Windows 95. And a streamer exposed to Internet (and a Rose streamer at that, we all know that their software team is not the best in business) might be considered a security risk.

Unless different SSIDs also map to different subnets with no routing between them, devices on different SSIDs absolutely can and do see each other. Same way devices on WiFi see wired devices…

But in the end, this is a lot of trouble, might require some specialized software for connecting various multicasts and discovery protocols across VLANs for no real benefit.

Yes its odd.
And yes its my point that you wouldn’t be saturating your network.
This is the internal LAN so you would have to be pushing multiple full res 8K camera feeds across the network. And you bought a cheap switch that doesn’t have enough fabric. Highly doubtful.

And yes. Security makes sense. You want to isolate this traffic and not have other devices on the network see these devices or connect to them.

Its a simple thing to try.
Just put your RS520 on one SSID and then your iPhone on a different one.
I would expect that it can’t see it. Think about it. You create a guest network which should be a separate subnet and while it can go to the internet it wouldn’t find the traffic on the other subnet.

And yes, there’s no real benefit.

We used to have to do VLANs in data centers because someone put the cluster of servers spread across the open slots in the racks. It sucks and performance is horrible.

Sorry anyone who thinks this is a good idea needs to get their head examined.

Unless the wireless router specifically provides a separate SSID for a guest or IoT network, they will absolutely see each other. They will even see each other if the 520 is not using any SSID at all and is connected to Ethernet.

Any consumer router allows one to specify different SSIDs for different WiFi bands but still assigned to the same internal LAN. Devices connected to different SSIDs see each other just fine.

The router does isolate the network by SSID so that they don’t see each other.

Granted it is possible to allow the traffic to route between the two subnets, by default they won’t.
Think about it. Beyond a guest ‘splash’ page… you do want the networks to be isolated.

This is SOP when you have a large corporate office. One network for corporate machines… the other for the guests. And you’re using the same Access points… just different SSIDs.

Sigh.

No. An enterprise one might, if you tell it to. Consumer home router will likely have different SSIDs (unless you change them) for 2.4, 5, and 6 (if it has it) GHz bands that all map to the same LAN as the wired ports do, with absolutely no isolation.

SSID, network isolation, VLANs, are all completely orthogonal concepts.

Nope.
For each SSID you can specify which bands you want to use.
However you can put each SSID over all the bands.

OP says his family member is a CISCO certified network engineer.
So he could consider Meraki, although to use it you need to pay for cloud access. However the security and set up is first rate.

If you look at consumer… yes YMMV, however the better units will do the segmentation for you. And yes of course you can allow it to route between them … Personally if you’re going to take the time to set it up, you’re doing it because you want to keep your home network private.

Again, bottom line… what the OP wants to do is a bit brain dead.

At least we agree that there is no need to do what the OP wants to do, and definitely not for the mentioned reasons.

That said, consumer units (Linksyses, Netgears, and other TP_Links of the world) only allow you to set one SSID per band for the main network (and it can be the same or different, it does not matter). Some more advanced models do have a separate SSID (or SSIDs across frequency bands) for guest and/or IoT network. Decent ones even can isolate any given device from the network regardless of it even using any SSID as all (because IP does not cqre if you are connected with wires or not).

We are going really off-topic for the OP’s question, but SSID is for the link-layer. It’s well below IP (and really does not care if you are moving IP packets or something completely esoteric over it)and has absolutely nothing to do with IP network segmentation or anything like that…

Seriously…

Well, actual i have 2 x LAN and 2 x WLAN. Renamed SSID from Guest-WLAN as <HomeSSID_audio".
My WLAN is outsourced to an Fritz 3000 AX in access mode configured.
Seeing this 2 SSID’s on my living room iPad, i can toggle between this 2 SSID’s to reach RS130.
Only way to work with actual Fritz components.
Using an “exclusive audio iPad” in audio WLAN , possible, but costs nearly this:
Products from Ubiquiti (without an eye to their non audiograde power-supplies)
as their internet gateway boxes / access points provides VLAN and multiple SSID’s.
Not as easy to configure, but nice idea. Chance to make fixed ip adress on all segments…

Only my mind.

There is no such thing.

But if you really are dead set on doing this, Ubiquity might be the cheapest and easiest way of achieving this. I assume that Fritz can be set to bridge mode, disabling its internal router.

Then you need better gear.

Using separate SSIDs per bandwidth is mixed. Some advise against it because it limits the ability to use multiple bandwidths as needed. Like if you’re trying to use 5MHz but can’t you may want to go to 2.4MHz for a better connection albeit less bandwidth. Yet in some cases you only want to offer the specific bandwidth or force the machine to not drop down.

There’s a lot of different gear on the market these days…

I think you may want to watch this…

But to your SSID configuration… you have to switch SSID networks. And this can be problematic.

The point we’re trying to make is that you really don’t want to segment your home network for a separate audio subnet. You really haven’t shown why you need to do this other than you want to waste money.

The issue isn’t buying better quality networking components… its the time and effort to set it up and to maintain it.