Over the last year, I have been trying to work through getting VLAN’s setup and operational in my Homelab… so that I can not only experiment, but also to start segregating services from PC’s and putting things like IOT devices and Guest devices on their own VLANs.
I come to you today, with a working solution for my own homelab. This post is mainly just to discuss the current state of my homelab, but also look for suggestions on how you would make any changes to my layout.
Current Hardware:
1x TP-Link Omada TL-SG2428P (my core switch)
3x TP-Link Omada TL-SG2210P (leaf switches on different floors)
2x HP EliteDesk 800 G4 (i5-8500T 6C6T, 32GB DDR4) aka Hyper2, Hyper3
2x HP ProDesk 800 G4 (i5-7500T 4C4T, 32GB DDR4) aka Hyper5, Hyper6
Whitebox server (i7-4790k, 32GB DDR3) aka Hyper4
TrueNAS whitebox (AMD FX-6350 6C6T, 32GB DDR3 ECC) aka TrueNAS
VLAN’s:
50 Infrastructure
60 Trusted
70 IOT-Secure (No internet access)
71 IOT-Insecure (Internet Access)
99 Guest
1 LAN (default)
All servers are running Proxmox as my hypervisor. Proxmox nodes are NOT configured with VLAN and currently only reside on LAN. Haven’t made the move to put those on VLAN … when one of them hosts the system that controls traffic to those VLAN’s… so thinking just leaving them on LAN and limiting access.
VM’s & Containers:
Hyper2:
Ubuntu VM (Frigate) VLAN 50
Ubuntu VM (RDT-client) VLAN 50
Hyper3:
Ubuntu desktop VM (crashplan) VLAN 50
Ubuntu VM (Immich, Immich Power Tools, Remmina, Tautulli, Vikunja, Mealie, Paperless-NGX, Linkwarden) VLAN 50
Hyper4:
AdGuardHome LXC VLANs 1, 50, 60, 70, 71, 99,
WireGuard LXC VLAN 50
Windows Server 2022 vm VLAN 1, 50
OPNsense VM (DHCP)
Ubuntu VM (*arr stack, Adguard-Sync, Uptime Kuma, Gitea, Minecraft Bedrock) VLAN 50
Ubuntu VM (NGINX) VLAN 50
Ubuntu VM (OpenVPN) VLAN 50
Hyper5:
MQTT LXC (for home assistant) VLAN 50
Ubuntu VM (Home Assistant focused: MariaDB, Zigbee2MQTT, RTL-433; Nextcloud [app, redis, mariadb]) VLAN 50
Ubuntu VM (Prowlarr, NZBGet, QBittorrent, flaresolverr) VLAN 50
Home Assistant OS VM (HAOS) VLAN 50
Ubuntu VM (Wazuh) VLAN 50
Hyper6:
AdGuardHome LXC VLANs 1, 50, 60, 70, 71, 99,
WireGuard LXC VLAN 50
Windows Server 2022 (AD, DNS) VLAN 1, 50
Ubuntu VM (Omada controller) VLAN 1, 50
Ubuntu VM (nothing running yet) VLAN 50
Ubuntu VM (Plex, ErsatzTV, Maintainerr x2, Immich Machine Learning) VLAN 50
Ubuntu VM (OpenVPN) VLAN 50
This all works pretty well currently. I’ve been doing some more research and finding that folks have done things a bit different with their server VLAN’s… and just trying to get opinions on what would be better. I recognize that currently, my reverse proxy is in the Infra VLAN, which would be fine… but it’s the same RP that is used for public access… which has me thinking that it should go in the DMZ OR I should setup a second RP (but introduces an issue with keeping TLS Certs in sync …
Tear my setup apart… let me have it. What suggestions do you have? What am I doing wrong? What am I doing right (if anything)?
You must log in or register to comment.
You might want to add your instance to Lemmy federate
The big downside of having so many vlans is your router becomes a network bottleneck.
Do you lock down the network ports to a specific vlan? Or can any client do their own vxlan tags?
I actually have my instance already setup with Lemmy Federate and it seems to be doing some work :)
Yeah, I’m aware that the router is becoming the bottleneck. I’ve been looking into either: getting a Layer 3 switch that can do inter-vlan traffic (such as my NAS to all my proxmox hosts without going through the router) OR setting up my router with 2x 1Gig Ethernet ports in LAGG to the core switch. I haven’t had the balls to do that yet, same reason I’ve struggled with removing vlan 1 default, because it breaks the networking gear when I do :(
The network ports are locked down to specific VLAN tags if they have a single client on that port OR have a group of clients that are all going to be on the same VLAN. I really haven’t looked into vxlan tags though.
