My Home Network Lab

Note: This is a live document. It serves as the network documentation for my home network/home lab and updates whenever changes are made.

Building out a home lab means that I can give myself permission to buy gear for educational purposes. I've found that getting hands on experience and applying things I've learned from my network technologies program and my certifications journey helps my understanding (and it's fun). My setup continually evolves depending on how busy I am, so I decided to make this page a living document of my network.

My lab in its current configuration consists of two parts. One set of equipment for personal use that I utilize daily and experiment with networking, operating systems, virtualization, containers, and servers. The other is specifically for learning Cisco equipment to prepare for the CCNA exam. The Cisco equipment is only powered on when I'm studying since they're loud, draw an enormous amount of power, they're huge, and overkill for a two bedroom apartment.

Contents:

• Hardware
• Networking
• Server Services
• Network Diagram
• Cisco Lab
• Notes

Hardware

• Palo Alto Networks ION 2000 running pfSense
• Linksys WRT3200ACM wireless router running OpenWRT in bridge mode
• NetGear GS108 Unmanaged PoE Switch
• ThinkCentre M920Q tiny desktop
• Dell Optiplex 7060 micro desktop
• Dell Optiplex 3020 micro desktop
• Raspberry Pi 5
• Cenmate Dual-bay DAS with 2x 14TB HDDs, configured as a RAID1 array
• Toshiba 4TB Canvio external HDD
• DeskPi RackMate T1 8U
• DeskPi Rackmate 12 Port Patch Panel

That's basically it. There's also my 2017 Thinkpad X1 Carbon (Hostname: Saturn) and my wife's 2018 Thinkpad X1 Carbon (Hostname: Venus).

Networking

I recently picked up a Palo Alto Networks ION 2000 off of eBay. It's running pfSense and has a 6Gb ports, a quad-core Intel Atom CPU, and 4GB of RAM. I'm using it as a firewall, but I've also set it to handle all the routing on my network. Eventually I intend to configure a VPN for remote access.

Before the pfSense box, I had been using the Linksys router running OpenWRT for a few years, but it's now just a WAP in bridge mode.

I initially bought the NetGear GS108 Gigabit switch because it was advertised as a "managed smart switch", and I wanted something to tinker with. Little did I know there's nothing "smart" or "managed" about it. However, it does have PoE so that's nice.

They're currently configured with the Internet/ONT connected to the controller port on the pfSense box, and the pfSense box has a single connection to the switch. The switch has all other devices connected to it, including the WAP.

Servers and Services

At one point I had consolidated all physical servers into virtualized servers within Proxmox, but I gradually reverted back to bare metal after experiencing instability and to simplify my configuration. However, I'll more than likely experiment with virtualuzation again in the future.

• Hostname: Jupiter (ThinkCentre M920Q)
  Specs: i7-8700T @ 2.4GHz, 24GB RAM
  Storage: 1TB NVMe SSD, dual-bay DAS (2x 14TB HDDs configured in RAID1)
  OS: Fedora 42
  IP: 192.168.1.10
  Notes: Primary server.
  Services:
  
  • Pihole - a network-level advertisment and Internet tracker blocker that functions as a DNS sinkhole, blocking advertisements from making their way to hosts. It essentially provides false information in response to DNS queries, preventing connections to unwanted domains.
  • Samba/SMB - access files from the dual-bay DAS locally.
  • Jellyfin server - a media server service with a lovely GUI.
  • Cloudflare tunnel - configured to share a couple of services outside of my home network.
  • Syncthing - a peer-to-peer file synchronization application that syncs files across multiple devices. I sync a few directors across my laptop, phone, and server to sync to the DAS.
  • Portainer (docker) - a graphical front-end for Docker.
  • Audiobookshelf (docker) - audiobook management.
  • Immich (docker) - a pretty way to manage photos.
  • Wallabag (docker) - a read it later app.
  • Nextcloud (docker) - not really used, primarily for testing.
  
  
• Hostname: Mercury (Raspberry Pi 5)
  Specs: Arm Cortex A76 @ 2.4GHz, 8GB RAM
  Storage: 256GB NVMe (w/ NVMe base), 4TB external HDD
  OS: AlmaLinux 9.5
  IP: 192.168.1.20
  Services:
  
  • rtorrent - ran with gnu screen
  • mullvad-cli - preffered VPN service running
  • Syncthing to sync folders
  
  
• Hostname: Neptune (Optiplex 7030)
  Specs: i7-8700T, 16GB RAM
  OS: VMware vSphere
  IP: 192.168.1.30
  Notes: Currently experimenting with virtualization (previously was using Proxmox).
  
  
• Hostname: Mars (Optiplex 3020M)
  Specs: i5-8590T, 12GB RAM
  Storage: 256GB SSD
  OS: Fedora 42
  IP: 10.0.1.2
  Notes: Currently used in CCNA homelab as a host.
  

Network Diagram

I made this diagrams.net (formerly draw.io).
[In Progress]

Cisco Home Lab

My Cisco home lab setup consists of a few Catalyst switches and a couple Cisco routers. I managed to get a couple of these from an intstructor, and bought the rest off of eBay. These are specifically for labbing, learning, and expermenting. At the moment, I'm learning spanning-tree protocol, link aggegation, and FHRP. I don't have them powered on all the time, nor currently have them connected to my home network. Not only are these beefy machines produce too much noise, running all five at the same time pulls well over 100 watts of power with no traffic. They're designed for enterprise environments and certainly not ideal for my personal day-to-day use. They're also a bit dated with the majority of ports limited to 100Mbps.

• Cisco Catalyst 2950 (WS-C2950-24) Switch w/ 24-ports
• Cisco Catalyst 2950 (WS-C2950T-24) Switch w/ 24-ports + 2 Gigabit ports
• Cisco Catalyst 2960 () Switch w/ 48 ports + 2 Gigabit ports
• Cisco Router 2911 w/ 3 Gigabit interfaces
• Cisco Router 2801 w/ 3 Fast Ethernet interfaces

Notes

I've been considering separating services across multiple servers, primarily for fault isolation and the risk of a single point of failure. I've also been thinking about configuring a backup server that takes over if my primary server crashes and doesn't automatically recover, but that adds more complexity (and my home isn't an enterprise environment, nor does it have critical services running).

Further reading.