Home Network Segmentation with CIDRs
Segment a home network using CIDR blocks for IoT, guest, and main devices. Covers VLAN-based segmentation, router configuration, and inter-subnet routing.
Detailed Explanation
Segmenting Your Home Network with CIDRs
Network segmentation isolates different types of devices into separate subnets, improving security and reducing the blast radius if a device is compromised. This is especially important with IoT devices.
Why Segment?
- IoT isolation — Smart cameras, bulbs, and appliances are often insecure and should not access your main devices
- Guest isolation — Visitors' devices should have internet access but not reach your NAS or printers
- Work isolation — Keep work devices on a separate subnet from personal devices
Example Segmentation Plan
Using the 192.168.0.0/16 space:
192.168.1.0/24 -> Main devices (laptops, phones, desktops)
192.168.10.0/24 -> IoT devices (cameras, sensors, smart home)
192.168.20.0/24 -> Guest network
192.168.30.0/24 -> Home lab / servers
192.168.40.0/24 -> Work VPN devices
How It Works
Each subnet becomes a VLAN on your router/managed switch:
| VLAN | CIDR | SSID | Internet | Cross-VLAN |
|---|---|---|---|---|
| 1 | 192.168.1.0/24 | HomeNet | Yes | Full access |
| 10 | 192.168.10.0/24 | IoT | Yes | Blocked |
| 20 | 192.168.20.0/24 | Guest | Yes | Blocked |
| 30 | 192.168.30.0/24 | - | Yes | From VLAN 1 only |
| 40 | 192.168.40.0/24 | Work | Yes (via VPN) | Blocked |
No Overlaps Required
All subnets use distinct /24 blocks from the 192.168.x.0 space, ensuring zero overlap. The router handles inter-VLAN routing with firewall rules controlling which VLANs can communicate.
Using This Calculator
Enter all your planned subnet CIDRs to verify:
- No overlaps between segments
- Each segment has enough addresses for its devices
- The parent 192.168.0.0/16 properly contains all segments
Use Case
Setting up VLAN-based network segmentation on a home router like pfSense, OPNsense, or UniFi to isolate IoT devices from main computers and create a secure guest network.