If you have networking equipment that can support them, setting up virtual local area networks (VLANs) makes sense from a security and management perspective. Your devices will still think they're on a physical LAN and will be able to talk to each other, but the different VLANs will only be able to talk to each other if you allow it.That's perfect for keeping insecure IoT devices away from your data, your data away from your guests, and your guests away from the contents of your computer. Unless you decide you want them to talk to each other, of course. It essentially gives you multiple networks from one set of equipment, and makes your life much easier as a budding homelabber or network admin.

6 Inventory your network devices

You can't manage what you don't know you have

Before you even set up your first VLAN, the first thing is to take stock of the networked devices in your home. That way, you know what you're about to manage and can sort them into groups according to whatever metrics you choose.

These could include:

Laptops

Mobile devices like phones and handheld gaming consoles

Desktops

IoT devices like video doorbells, smart thermostats, and smart lights

Network-attached storage (NAS) devices

Servers

Devices that are regularly at your home but not owned by you

Don't forget to add your networking equipment to this list because some devices will be unmanaged and need grouping onto VLANs, while some will be managed and creating the VLANs for use by other devices.

5 Decide on how to group them

VLANs are awesome for keeping essential services accessible but safe

One of the best features of using VLANs is better security, as devices that might be easier to attack can be kept on their own VLAN. Maybe you want to keep all your networked devices that have essential services on their own VLAN, like printers, NAS and other storage devices, and media servers. Keeping your mobile phones on a separate VLAN keeps them connected to the internet while not letting them touch other devices, and keeping laptops or desktops on their own VLAN makes things easier if one gets infected by malware.

However, how you want to group your devices is up to you, and finding the right balance between security and ease of administration is key here. You can even have a demilitarized zone (DMZ) on one VLAN to let web servers and game servers have incoming access from the internet, without opening the rest of your network to a potential attack vector. You'll still want to run a hardware firewall on your network, but having VLANs correctly configured can slow or stop the spread of attacks if the firewall fails.

4 Don't forget the guest network

You want to be a hospitable host, but not too hospitable

Access to the internet is almost a human right at this point, and you don't want to tell your friends they can't use your Wi-Fi to save their data plan while they're around. But at the same time, you don't want to let them access your file servers or your other devices. When you set up a guest network on your router, you're setting up a VLAN that's already configured to give devices connected to that network access to the internet while keeping them away from your other networked devices. Your friends get internet access, you stay safer, and everyone is happy.

3 Keep IoT devices segregated

They're a big security risk and are best kept apart from your other devices