Like many households, I had a sprawling home network of devices. Everything worked well, but it was becoming a little too overbearing, and attempting to explain how everything worked to aid others in troubleshooting specific network-related issues was almost pointless. That’s when I decided to simplify things slightly. I took a local area network (LAN) with multiple switches, access points, IoT devices, IP cameras, numerous client devices, and an OPNsense firewall, and created something much more streamlined yet every bit just as powerful.
I used to believe having the most complicated network setup was a testament to experience and perseverance, but it ended up causing more issues for those who aren’t as tech-savvy. That’s no good in a world where more people are online and interac…
Like many households, I had a sprawling home network of devices. Everything worked well, but it was becoming a little too overbearing, and attempting to explain how everything worked to aid others in troubleshooting specific network-related issues was almost pointless. That’s when I decided to simplify things slightly. I took a local area network (LAN) with multiple switches, access points, IoT devices, IP cameras, numerous client devices, and an OPNsense firewall, and created something much more streamlined yet every bit just as powerful.
I used to believe having the most complicated network setup was a testament to experience and perseverance, but it ended up causing more issues for those who aren’t as tech-savvy. That’s no good in a world where more people are online and interacting with self-hosted services and network-attached storage (NAS). The more complicated a home network is, the greater the chance you have of encountering some failure or issue related to hardware or how software interacts with one another. Simplifying everything provided peace of mind without sacrificing versatility.
The battle of will
Do I really need this?
I’ve always been one to champion using as many network features as possible. They provide immense functionality, from ensuring you have smooth internet access to providing security through segmentation, keeping all those pesky IoT devices separated from the rest of the LAN. But does everyone need a VLAN (or a few)? Should we be running multiple SSIDs and employ rigid firewall rules? I viewed this process of simplification as akin to using multiple servers for similar tasks, instead of pooling resources together with a single system to maximize efficiency.
The perfect opportunity to rethink my entire network stack came about with our house move. After buying our first home, I finally had free rein to do as I desired, without being constrained by the landlord and not owning the property. But instead of going all-out and making an even more complicated setup, I opted to keep everything simple and grounded. First things first, I needed to sort out how everything was physically connected. Because we have a detached garage and office, the cabling needed to be routed underground for a few meters.
I decided to use three switches. One for the office to handle the single SFP+ link from the house and route data to and from PCs and other devices, including an access point. A second inside the home with the OPNsense firewall, providing Power-over-Ethernet (PoE) for the access point, and a third in the garage, which is where the home lab magic happens. All three switches needed to be L2 with SFP+ ports for the fiber uplinks, and the garage switch would offer considerably more ports for all the local hardware in and around the cabinet.
Compared to how I configured everything at the old house, this was notably more straightforward. The network started with the OPNsense firewall, connecting to a single switch, which then links up with two more switches. Devices are then connected to these hubs, and everything creates a bus network. It’s easy to understand, troubleshoot, and work with, even if someone happens to know next to nothing about networking, aside from what an IP address is.
Two SSIDs to rule them all
VLANs are a smart home must-have
Firstly, I had multiple SSIDs for the wireless network points. We had one for general clients, a second for guests, a third for IP cameras, and one more for IoT hardware. These were utilized in conjunction with VLANs to provide not only the backend to handle segregation, but also to make it clear which network we’d be connecting to and which AP would handle it. That’s convoluted and not quite right for the setup we’d need for the new home, which would have a single AP in the garage, a second downstairs in the house, and a third in the office.
All three can provide blanket coverage throughout the home and around the property, too, allowing us to get connected on the driveway, in the garden, and other areas, making automation and Home Assistant all the more consistent with better connectivity and coverage. The best part about this approach was using just two SSIDs and allowing VLANs, APs, switches, and OPNsense to handle the rest. It keeps it simple and allows everyone to connect to the same wireless SSID.
Now, we can provide a QR code for guests to scan and easily connect to the dedicated SSID. Once connected, they’re kept away from sensitive clients and provided the means to connect to the wider world. But it’s not just VLANs and SSIDs that can get out of hand; there’s also the matter of assigning IP addresses, which can (and did) consist of multiple subnets, static IP assignments, and manually assigned pools. Now, I have a single subnet and reserved ranges for different client types.
For 192.168.1.1 through 20, we’ve got networking hardware and server equipment. Everything that manages the LAN or runs services is located here. Then there’s 21 to 50 for all our self-hosted services and every other destination (think NAS, etc.) that can be accessed from within the LAN. 51 to 60 are IP cameras. 61 to 80 are IoT reservations, and 81 to 110 are approved clients. Everything else thereafter is unassigned (or guests).
Checking charts infrequently
Get carried away with monitoring
It’s easy to get carried away when it comes to monitoring your network. I know I sure did. Once everything is up and running, it can be fun to keep tabs on how everything is using your LAN, but this can become overbearing, especially when configuring specific hardware to do the job. The same goes for tracker and advertisement blocking, which can be carried out on just about anything, but can also be handled by OPNsense.
As well as simplify the network, I wanted to rely on fewer devices and reduce the number of failure points. And then there are the alerts. Using monitoring software to see what was going on throughout the LAN caused me to receive far too many alerts and notifications. I focused on key metrics, namely traffic spikes and security alerts. I also rely on just one dashboard to oversee everything, instead of segmenting data views across a range of hosted platforms.
It’s one thing to adequately document and map the network, but even with an entire MediaWiki dedicated to your home network, you’d still have to spend time looking things up instead of intuitively achieving tasks. My LAN is now notably more compact, easier to use, and far quicker to troubleshoot should something go wrong, which can avoid those instances where the family is knocking down the home lab door, asking why the Wi-Fi is down or if Jellyfin is offline.
Going beyond the network
I use a few security cameras to keep a watchful eye on our surroundings, but we always relied on branded apps. This is perfectly fine if you’re within a locked garden such as Ring, but when using IP cameras from various brands, things can get a little messy. That’s where Frigate came in, allowing me to consolidate all our IP camera feeds into one interface, again partitioned within the network with rules to allow specific VLANs access.