Hi, hoping I can get a steer / sense check from those with more knowledge / experience. I'm pretty comfortable with a bit of *nix CLI work as a freelance web dev, but my knowledge of networking is limited and I want to change that.
First off, please point me to info which allows me to read up and learn. I don't expect or want anyone to provide me an "out of the box" config, just direction to arm myself with the right info and tools.
I have a fairly simple network at my home but it is all consumer kit currently - Asus RT-N66U router and 3x 8 port unmanaged switches. Connected in to these are all the usual things: living room switch has tv, receiver, htpc, collection of consoles; home office switch has my PC, microserver providing samba/web dev/vms, old NAS, printer; last switch I have my son's PC and some raspberry pi's which I use for experimenting etc. Wifi has the normal collection of mobile phones, tablets, chromecasts and a couple of laptops/chromebooks. WAN is on a BT OpenReach pppoe modem to a 72 down, 15 up connection.
I've purchased an EdgeRouter-X and UAP-AC-Lite to replace the Asus unit. It seems easy enough to put the eth1-4 into switch mode with the wizard, connect in all the existing dumb switches to eth1-3 and the AP to eth4 for PoE passthru. Add a DHCP server and a few port forwarding rules to replicate what I have on the Asus and I have effectively the same setup. This is likely what I'm doing short term just to get the kit in and running.
The complication in my mind then comes in with the use of my PC and microserver in the office. I game on my PC, hosting the odd dedicated server to play via LAN with my son, as well as doing freelance work. The microserver samba has both shares for my freelance code as well as media which is streamed throughout the home. Without actually purchasing dedicated hardware for my freelance to allow straight foward separation by physical interface (which I want to avoid), I'm not sure where to go with logical separation.
Questions:
In the short term is there anything I could do on the ERX to improve security? I know bridging on the ERX is software and would result in a performance hit, but the traffic on this LAN is so small I can't imagine it would be impacting?
Is my best medium to long term choice buying managed switch(es) which allows me to set up VLANs?
If I'm looking to buy managed switches and use VLANs, does that mean the unmanaged switches need to go? (I presume so, but this is where my knowledge is insufficient).
Sorry for the wall of text! Figure that more info is better than less.
