Note: I posted this article on LinkedIn around February of 2016. As I’m going to use this space to add all my future notes I’m also copying it here. The original post is here.

When my wife and I moved to California in 2012, we arrived with just our laptops and our smartphones. Being the techie I am, I immediately started gathering a collection of new, used and re-purposed hardware to build my home network. I ended up putting together a basic LAN for Internet access and a NAS for family pictures, home videos and personal data, on a limited budget and with whatever I happened to have at hand at the time.

Over the years, it evolved into something more complex and harder to manage, and today my setup includes:

  • Internet router: x86 nettop running pfSense
  • NAS: Buffalo Linkstation
  • App server: Old laptop with two external hard drives in a USB enclosure.
  • Backbone: Netgear 8-port GbE switch.
  • Wi-FI Access Point: Ubiquiti AP Pro

I put everything in a cabinet like this:

current-setup

 

Of course it all works, but it’s not very professional.

Other things lying around in the house these days are:

  • Three laptops (PC, Mac and Linux)
  • Three wireless printers (two laser, one inkjet)
  • PS4
  • Smart TV
  • Smartphones and tablets of varying quality.

On top of it all, whoever installed the cable service left the only outlet right next to the TV, and not in the home office where I have all my equipment. Because of that I had to install a pair of Power Line Network Extenders to bridge the gap rather than risk running a UTP cable through the walls. They work well (surprisingly well, in fact) but the link speed varies wildly based on time of day, network load, and whether or not the neighbors are doing the laundry. I’m not making that up.

So  this year I finally decided to put my savings to good use and bought a proper 12U server rack and a new set of equipment to replace the old servers with newer and more powerful ones:

new-gear

 

Not shown in the picture: a pair of GbE Cisco switches (SG-200-8 and SG-300-10) that will be the new backbone of the network.

My objective is to rebuild the LAN using industry standard practices like:

  • Separate VLANs for local data, guests, streaming video and gaming.
  • QoS and traffic prioritization through the Internet gateway.
  • Isolation of the different services running on the server (Hello WordPress zero-days!).
  • Centralized user accounts management.
  • Proper credentials management for VPN clients.
  • Authentication for WLAN clients, including guest users.

And I decided to document the process and put it up here in case my notes and experiments are useful to other people.