After the long journey of learning more about IPv6 and how to enable it on my home network (see my page for detailed info), I discovered that I broke some functionality. When you have IPv6 enabled alongside IPv4 in a dual stack configuration, IPv6 will often take priority – after all, it is newest protocol intended to replace IPv4. I have created a network for my IP security cameras that is isolated from the Internet that I use as baby camera monitors.
For security reasons, I decided to put my IoT devices on their own network using VLANs. I also had a desire to restrict certain devices to only have access to the Internet but not any other devices on my network. This should help reduce the likelihood of a hacked device from trying to traverse through the network by hacking other devices. A good example of a device on my network that only needs Internet access would be the 3rd gen Apple TV (affiliate link).
On my home network, I host the Plex Media Server software on my server and make use of its Live TV and DVR capabilities. It actually works quite well. To make use of the TV/DVR capability you must have a Plex Pass (monthly, yearly, or lifetime) and a compatible cable box such as any of the HDHomeRun products. Originally I placed my HDHomeRun Prime device on my IoT network to keep it separate from my server, which I think makes sense since it is essentially an IoT device that infrequently receives updates from the manufacturer.
In the interest of increasing security and reliability of my home network against malicious attacks, I thought enabling all of the Denial of Service protections on my TP-Link switch would be a good idea. So I enabled the setting and all seemed well enough. Some time later, my wife tries to use our old 3rd generation Apple TV in our bedroom while folding laundry. It was showing the Computers icon and the Settings icon but not the main Apple TV screen.
For my guest wireless network, I like the idea of all of the network devices on the guest network to be isolated from one another. Since the guest network should be used for visitors and other untrusted devices, it makes sense to restrict communication between the devices to improve security. Even though captive portals are a pretty cool feature that can provide a “wow” factor for guests that log onto your guest network, I have read where the captive portal on UniFi wireless access points can reduce the throughput of the guest network.