Introduction I purchased the budget friendly TP-Link T2600G-28TS L2 managed switch (affiliate link) for my home network since I wanted to be able to segregate the devices on my network to help address the security concerns of hosting public services and using various IoT devices. (A word of caution: if you are a married man, you may have a desire to accomplish this task without frustrating your wife by adding unnecessary complexity or by excessive network outages while you are building out your network.
Introduction Network port isolation is one way you can restrict communication between network devices. You can restrict certain PCs from accessing your server, for instance, or you may even prevent certain devices from accessing the Internet by blocking communication with the switch port connected to your router. Port isolation may be used to increase the security of your IoT devices by only allowing access to the port connected to your router.
Introduction I recently obtained the TP-Link T1500G-10MPS Power over Ethernet (PoE) smart switch (affiliate link) to use in my home network. A handful of devices that I currently own support Power over Ethernet. To minimize the cost, I chose the 8-port instead of the 24-port PoE switch. In the long run I probably will not need more than 8 ports, but I may eventually use all 8 ports. I also own the TP-Link T2600G-28TS switch (affiliate link).
Introduction In this how-to, I will using the TP-Link T2600G-28TS L2 managed switch (affiliate link) and the TP-Link T1500G-10MPS PoE smart switch (affiliate link) to show the difference between the firmware versions. I am assuming the switch is currently configured with the default settings from the factory. To begin configuring the switch, first plug a desktop or laptop computer into any port in the switch. The switch does not need to be plugged into other network device such as a router until the initial configuration is completed.
For security reasons, I decided to put my IoT devices on their own network using VLANs. I also had a desire to restrict certain devices to only have access to the Internet but not any other devices on my network. This should help reduce the likelihood of a hacked device from trying to traverse through the network by hacking other devices. A good example of a device on my network that only needs Internet access would be the Apple TV (3rd generation).