Question First Homelab Design - Looking For Feedback on Design & Gear

subterminal303

Commendable
Oct 13, 2017
64
0
1,530
0
Can't get image to work, so here's a link: View: https://imgur.com/gAZEnOb


Howdy, folks! I have gotten pretty excited about learning networking and have been watching Net+ and Sec+ videos (Mike Meyer) in my free time lately. I'm ready to start some hands-on learning and wire up my house. I designed what I would like my home network to look like and am looking for feedback on anything I may be missing in the design/bad design/etc, as well as any feedback on gear.

Description
I want three distinct VLANs:
  • Private Home:
    • Personal devices such as desktops, laptops, phones
    • NAS for easy file storage and sharing
    • Printing
  • Home Media
    • Two TVs on wifi
    • PleX server and P2P torrenting (wired)
  • Guest
    • WiFi for friends
    • Captivate portal so I can mess around with said concept
I will use whatever ISP provided router and bridge the connection to an old computer (i5, 4GB DDR3) running pfSense for firewall, routing, and DHCP/DNS services. I'll use a managed switch to configure VLANs, and a patch panel for cables. Finally, I'm hoping to get by with 1 WAP for the 3 wifi subnets unless there's any limitations or security issues.
The gear that I don't have and am looking to purchase is the switch and WAP. I'll also be looking to incorporate a server for VMs to add future functionality, as well as just to practice/learn more stuff.

So... Does the design look sound? Any recommendations on a switch and WAP? Any additional feedback?

Thanks!
 

kanewolf

Titan
Moderator
What benefit do you believe segregating the media from the home vLAN provides? You will probably want to access your NAS from your Plex box and the vLAN will make that more difficult. TVs should be wired rather than wireless for streaming performance.

The number of access points required is difficult to determine. You need to do a wireless survey to get an idea. BUT, for most home situations, I would recommend 2 or 3 APs. If you are going to use Ubiquiti APs, then the Ubiquiti switch and management software make vLANs and multiple SSIDs pretty easy.
 

subterminal303

Commendable
Oct 13, 2017
64
0
1,530
0
What benefit do you believe segregating the media from the home vLAN provides?
I figured that since the PleX box also doubles as the torrenting box, it would be best to keep it separate from regular network for questionable files.

TVs should be wired rather than wireless for streaming performance.
That's a good point and I'll probably do some runs for the TVs while I'm in the ceiling. However, do you think it's a big issue if the plex files are 1080p max and netflix is the only other service?

BUT, for most home situations, I would recommend 2 or 3 APs. If you are going to use Ubiquiti APs, then the Ubiquiti switch and management software make vLANs and multiple SSIDs pretty easy.
I'm super un-educated and no real experience with brands, so I may be totally wrong here, but I've been reading that people are unhappy with a few Ubiquiti issues including a phone-home function built into the firmware that cant be turned off, lack of true L3 control, and GPL violations. Again, no real experience so I'm totally open to opinions.
 

kanewolf

Titan
Moderator
I'm super un-educated and no real experience with brands, so I may be totally wrong here, but I've been reading that people are unhappy with a few Ubiquiti issues including a phone-home function built into the firmware that cant be turned off, lack of true L3 control, and GPL violations. Again, no real experience so I'm totally open to opinions.
The phone home was introduced in a version of the firmware. It has been removed from the current beta firmware. It will be reintroduced when the opt-in or opt-out option has been added to their controller software. I run Ubiquiti hardware for my home. I am less concerned than some. I don't understand what you mean by "true L3 control" so I can't comment on that. I have been on their forums for about a year, and I haven't seen any significant discussion on GPL violations.

If you are concerned about sketchy downloads on your torrent box, then it should be in a DMZ somewhere totally isolated from the rest of your network, IMO. I have ethical issues with torrenting so I do not do it.
 

subterminal303

Commendable
Oct 13, 2017
64
0
1,530
0
I have ethical issues with torrenting so I do not do it.
I suppose it depends on what someone is torrenting. I'm really big into game modding, and the community seems to like p2p for sharing mods. But I've seen people put malicious files out there under the guise of a game mod, so I like to torrent them to my linux box and scan them before transferring them over.

Anywho, I'll have to read more on Uniquiti stuff. The phone-home thing was a big complaint of mine. Happy to know it's being changed
 

nigelivey

Distinguished
By default your Pf box will allow routing across all Vlans but only a connection from your native Vlan to the outside world. Learning the way the firewall rules work is crucial here. Personally I'd pick up a second hand Cisco 2960e or similar, just so you get to play with their cli. I'm not a fan of Ubiquiti but the price is compelling.
 

ASK THE COMMUNITY

TRENDING THREADS