Homelab Environment

View an interactive mapping of my personal lab setup below, detailing the culmination of my networking knowledge implemented on a small scale.

My Topology

Select a region to view information. Sensitive details have been omitted to protect my network’s architecture.

My Topology
Management VLAN IoT Network Guest Network Server VLAN Router, Firewall, and UPS Switch and APs Return to Homepage

Management VLAN

This is the primary VLAN that encompasses trusted hosts.  Each client’s network access is managed on a granular level to ensure they can talk directly to other local clients and access resources on the web if need be.  By establishing trusted devices on a single VLAN, this method enabled me to then consider which clients should be allowed to talk to each other via access controls.  As such, devices in this network include:

  • A wired desktop computer.
  • Wireless clients  cell phones and a laptop.
  • NVR surveillance cameras.
  • My local printer.

IoT Network

This is the VLAN that has the most hosts and (aside from the guest network) strictest firewall rules in my topology, the reason being IoT devices are not considered the most secure since they are at the mercy of third-party companies managing their security.  There is always some organization headlining the news over mishandled data or breaches resulting from poor security, oftentimes due to software vulnerabilities or lackadaisical practices.  Anyone setting up VLANS for the first time should ensure that IoT devices only access the internet, but limit their local traffic as much as possible without infringing on their usability.  Mileage will vary here.  In my own topology, I have anything from smart bulbs to motion sensors, Wi-Fi-enabled appliances, and their respective smart controllers incorporated in a controlled, segmented network.

Guest Network

I implemented a guest network into my setup in the event that I have company over and they need to access the internet.  I can do so by either issuing them the password, or a temporary access token.  This allows anyone I permit to browse the internet while reducing access to my private network at the same time.  Strict firewall rules not only limit their communication across my VLANs, but also what websites they are able to access by configuring the DNS nameservers for the guest network.

Server VLAN

My server network contains isolated hosts that can only be accessed via the management VLAN, or through a reverse-proxy for select devices.  This network includes:

  • A recursive DNS server, which also doubles as an ad-blocker, optimized for running quick DNS queries and caching responses.
  • My Home Assistant smart home server.  To learn more about what integrations and features I implemented, please click here.
  • An on-prem NAS, which is used as a backup file server for my data.  Also performs encrypted cloud backups to mitigate the chance of data loss.  Additionally, I use this NAS to not only spin up Docker containers, but also as a means of hosting a media server to serve in-browser content for clients.

Router, Firewall, and UPS

My internet access is facilitated via a fiber backbone, courtesy of my ISP.  To improve high availability in the event of a power outage, I incorporated a UPS into my setup to power some of the intermediary devices that would cause a loss of WAN connectivity.  Works like a charm!  Next, my router has my firewall and intrusion prevention system software onboard.  Considering I self-manage my reverse-proxy services, this is useful to monitor and log traffic that enters my network remotely so I can attempt to identify any malicious signatures, determining who is trying to gain access to my network and when.  Lastly, I installed an SSD in my server rack’s NVR to provide local storage for camera footage.

Switch and APs

My PoE switch gives power to a wired AP, which provides internet access to all IP cameras, IoT devices, computers, phones, and guest clients.  To increase Wi-Fi coverage, I use a wireless AP in a mesh configuration to seamlessly connect clients throughout my home.