New House = New Network

Hey there everyone, sorry for not posting recently, I have been in the process of buying a house so things have been hectic! Given the new house I am moving into has some generous square footage, I thought I would take the opportunity to build an enterprise class home network to support all my needs. The idea is to create a separate VLAN for home traffic, lab network, and guest network. I happened upon a fantastic deal on a Ubiquity AirRouter and 2 Unifi APs. So here’s the breakdown of gear for the new network:

 

  • 1 x Netgear cable modem
  • 1 x Ubiquity Air Router
  • 1 x Ubiquity Unifi AP
  • 1 x Ubiquity Unifi AP -LR (long range)
  • 1 x Dell Powerconnect 5324

 

I started by creating VLANs 100, 200, and 300 respectively home, lab, guest on the AirRouter creating a virtual IP for the gateway on each. From there I connected LAN0 to G1 on the Dell Powerconnect. On the Powerconnect I trunked G1 to carry all 3 VLANs on the network. From here I connected ports g23 and g24 to the APs trunking VLAN 100 and VLAN 300 with an VLAN tagged for each SSID on the APs in the Unifi software wireless controller. For each of my 3 VM hosts I trunked the relevant VLANS (100 & 200) and setup vSwitches to tag each so that they can be assigned as needed to VMs, allowing my fileserver/print server, DC/DNS, and DHCP to remain on the home VLAN while isolating VMs for lab testing on their own VLAN 200. For each DRAC port I have tagged an access VLAN, as well as the tagged an access VLAN on my NAS’s switchport. All in all this setup is working great, the ability to roam between APs seamlessly and the isolation offered is fantastic. The setup took a while to configure, but it was definitely worth it.

 

So you may be asking yourself why so much network segmentation. The answer is quite simple, I wanted to provide my guests the ability to access the internet but to safeguard the rest of our network from any viruses or malware our guests might bring with them. The decision to isolate the lab from home was also a calculated decision to be able to experiment with DHCP and other things that may disrupt the normal flow of our home network thus invoking the “wife rage” when her internet stops working. I’d be interested to see what other folks are running in their home network, feel free to comment and discuss your home network topology or home labs.

]

Hey there everyone, sorry for not posting recently, I have been in the process of buying a house so things have been hectic! Given the new house I am moving into has some generous square footage, I thought I would take the opportunity to build an enterprise class home network to support all my needs. The idea is to create a separate VLAN for home traffic, lab network, and guest network. I happened upon a fantastic deal on a Ubiquity AirRouter and 2 Unifi APs. So here’s the breakdown of gear for the new network:

  • 1 x Netgear cable modem
  • 1 x Ubiquity Unifi AP
  • 1 x Ubiquity Unifi AP -LR (long range)
  • 1 x Dell Powerconnect 5324

I started by creating VLANs 100, 200, and 300 respectively home, lab, guest on the AirRouter creating a virtual IP for the gateway on each. From there I connected LAN0 to G1 on the Dell Powerconnect. On the Powerconnect I trunked G1 to carry all 3 VLANs on the network. From here I connected ports g23 and g24 to the APs trunking VLAN 100 and VLAN 300 with an VLAN tagged for each SSID on the APs in the Unifi software wireless controller. For each of my 3 VM hosts I trunked the relevant VLANS (100 & 200) and setup vSwitches to tag each so that they can be assigned as needed to VMs, allowing my fileserver/print server, DC/DNS, and DHCP to remain on the home VLAN while isolating VMs for lab testing on their own VLAN 200. For each DRAC port I have tagged an access VLAN, as well as the tagged an access VLAN on my NAS’s switchport. All in all this setup is working great, the ability to roam between APs seamlessly and the isolation offered is fantastic. The setup took a while to configure, but it was definitely worth it.

So you may be asking yourself why so much network segmentation. The answer is quite simple, I wanted to provide my guests the ability to access the internet but to safeguard the rest of our network from any viruses or malware our guests might bring with them. The decision to isolate the lab from home was also a calculated decision to be able to experiment with DHCP and other things that may disrupt the normal flow of our home network thus invoking the “wife rage” when her internet stops working. I’d be interested to see what other folks are running in their home network, feel free to comment and discuss your home network topology or home labs.

[/wr_column]

Leave a Reply

Your email address will not be published. Required fields are marked *

thirteen − 1 =