Question Setting up a home network, with switch, Mesh WiFi, server etc. ?

[Duplex_]

Crude img of house cross section

I'm looking for the best solution for my application. I have an HP Proliant switch that I want to use for most of my clients, (my two kids on the top floor, me on the ground floor and my game server in my cellar.) Crude drawing but switch and server will be in the same location.

If I want to use my HP switch to administrate my two kids seperately, do I need to run two CAT cables upstairs, or is there any way to put some sort of switch upstair to give them internet and (seperately) administrate their internet/bandwitch etc.)?

 

[bill001g]

You can use a switch upstairs rather than 2 cables. Of course they would share "only" 1gbit of bandwidth back to the main switch.

Pretty much lan is designed that everyone is trusted.

You have a couple of issues. The first is a switch has limited ability to limit internet. The HP commercial switches have more than a consumer switch but they are still not a firewall.

The second issue is it is pretty easy to bypass any limits you try to impose. Even a 12yr old know all about VPN and how to bypass restrictions at their schools. It is also trivial to change mac addresses and ip addresses.

I think the proliant line of switches support 802.1x on ports. This along with a radius server can go a long way to authenticate users which prevents spoofing mac addresses....well mostly. To be extra sure you would load certificates into the end machines and authenticate the certificate rather than some simple userid and password.

This will prevent even fairly advanced attempts to bypass your security like inserting a router with vpn software on it. This is what employees attempt that are running on clients that you can not install software....like vpn.

In the end you are better off just logging the traffic and if you find something after the fact you use the option to turn off the ports on the switch so they get no access.

 

[cruisetung]

As suggested, a switch can't do much. You probably need to put a DIY pfsense firewall (a mini pc with at least 2 ethernet ports) between your kids' devices and internet or replace your router with a pc based pfsense firewall,

https://www.amazon.com/s?k=pfsense+mini+pc