February 2021

The Big Network Refactor – Part 2

The next step in setting up my network was adding additional “LANS” to my network. So while before I was happy with two networks 192168.1.1/24 and 10.10.10.1/24. I really wanted more isolation from my IoT network, Security Camera Network, my Raspberry PI and Smart-Home network and the computers and devices we use all the time.

Here’s a list of my networks:

  • Home Private Network
  • Semi-Private Network & Private WiFi
  • Raspberry Pi Network & WiFi
  • Security Camera Network & WiFi
  • IoT & Media Network & WiFi
  • Guest Network

To do this I needed a router and firewall (EdgeRouter-X) and I needed a few managed switches because I didn’t want to run new cable.

Starting with the router I set-up the following:

EdgeRouter-X Swtich0 Configuration

The interesting thing I needed to learn here is the PVID is a “tagged” VLAN. I made this correspond to the network 192.168.4.1/24. This means anything that connects to this port “unmanaged” will get an IP from the 192.168.4.1/24 DHCP server. But if there’s a managed switch connected to this network, it will be able to route traffic for the VLANs 10,20,30, and 40.

The second thing I needed to do was configure my managed switch. DLink DGS-1100-08V2.

Managed Switch VLAN Configuration

The tagged VLAN port here is eth1. This is tagged with VID = 4. This is the same PVID leaving the router. I have 2 untagged ports eth6 and eth7 for this VLAN. This means they will get IP addresses from the 192.168.4.1/24 DHCP server just like it was connected to eth4 from my EdgeRouter-X.

I connected my Access Point and my other managed switch to eth6 and eth7.

I have eth2 mapped to 10, so now anything connected there will get 192.168.10.1/24 addresses. I have eth3 mapped to 20, so now anything connected there will get 192.168.20.1/24 addresses. I have eth4 mapped to 30, so now anything connected there will get 192.168.30.1/24 addresses. I have eth5 mapped to 40, so now anything connected there will get 192.168.40.1/24 addresses.

Notice the PVID up on the top row as well. 4, 10, 20, 30, 40, 4, 4, 1.

The last setting was configuring my access point. This is an EnGenius EAP1300.

EnGenius EAP1300 Wireless Settings

The Big Network Refactor – Part 2 Read More »

Installing OctoPrint w/Docker on Pi3

I always found it a pain to deal with Python libraries and virtual environments on my Raspberry Pis. I decided to give Docker a try as it would completely isolate my OctoPrint environment from the other stuff I had running on the PI.

Step 1 – Installing Docker

curl -fsSL https://get.docker.com -o get-docker.sh

sudo sh ./get-docker.sh 

sudo usermod -aG docker pi

#remember to logout and back in

docker info

docker run hello-world

You should get an output like this:

Step 2 – Install and Run OctoPrint

# find your serial port
ls -latr /dev/tty

# create a volume
docker volume create octoprint

# run your container
docker run -d --restart unless-stopped -v octoprint:/octoprint \
-p 5000:80 --device /dev/ttyUSB1:/dev/ttyUSB1 --name octoprint \ octoprint/octoprint

Replace 5000 with the port you want it on and ttyUSB1 with your serial port identifier.

Now you can browser to your PI’s IP address http://ipaddress:5000

That’s it. Happy Printing!

Installing OctoPrint w/Docker on Pi3 Read More »

The Big Network Refactor – Part 1

I’ve been having network problems of late and also because of security I wanted to better isolate my network from IoT devices from Google, Amazon, Hue, Etc.

I basically had a few ASUS routers (which have been great) and I’ve been using a Double NAT (Network Address Translation) with my more secure stuff behind another router. It’s worked fine for about 15 years but I wanted more security and more isolation.

First I tried to replace my Asus RT-AC86U and its DUAL WAN capabilities with an EdgeRouter-X by Ubiquity. No luck with the DUAL WAN and multiple LANs. As soon as I unplugged one of the WANS things worked and if I only had one LAN with DUAL WANS it would have worked. In hindsight, I could have just used a managed switch on the other side but I also didn’t want to spend another $300+ on access points.

So I decided to keep my Asus network and its AI Mesh routers for IoT and Media Streaming. My new purchases included:

Total cost $224 plus tax.

With these purchases, I get a VLAN capable Router with a firewall. A few managed switches with simple stand-alone management and web interface. A VLAN capable Multi-SSID Access Point also with stand-alone management.

The Big Network Refactor – Part 1 Read More »

Scroll to Top