Home Lab Infrastructure

Full Network Topology

A segmented, multi-VLAN home lab built for security research, automation, monitoring, and production services — running on enterprise-grade hardware with dedicated routing, switching, and hypervisor layers.

5 VLANs Network Segments
2 Routers MikroTik CHR + VyOS
30+ Running Services
1 Host HP DL380 G7
Reference

Network Overview

Full topology from WAN edge to service layer, segmented by function and trust level.

WAN / ISP
Edge / Firewall
Core Switch
Wireless / Clients
Hypervisor / Storage
VLAN 10 · Lab Servers
VLAN 20 · Prod Servers
VLAN 40 · Mgmt Net
VLAN 50 · Alt Solutions
VLAN 60 · Recovery
WAN Edge
📡
Comcast Business Modem
ISP Gateway · WAN Uplink
Firewall / DHCP
🛡️
pfSense Firewall
WAN Edge · Central DHCP
DHCP Relay · VLAN 10 DHCP Relay · VLANs 20/40/50/60
Core Switching
🔀
HP 24-Port Managed Switch
VLAN Trunk Distribution
802.1Q Trunking PoE
Physical Infrastructure
🖥️
HP DL380 G7 Host
Primary Hypervisor
vmkr1 · LAB Trunk (VLAN 10) vmkr4 · PROD Trunk (20/40/50/60)
💾
Synology NAS
Network Attached Storage
📶
Unifi AP
Wireless · Slated → CT Migration
2.4GHz 5GHz
🖱️
Wired Clients
Direct Switch Connections
Work Laptop Personal Laptop
Wireless Clients (via Unifi AP)
💻Personal Laptop (WiFi)
💼Work Laptop (WiFi)
📱Personal Phone
📺Smart TV (WiFi)
🔊AI Assistant Speaker / Hub
📷Reolink Security Cameras
🌦️Ecowitt Weather Stations
🔔Ring Devices
Virtual Routing Layer

Core Routers & VLAN Segments

Two virtual routers handle segmented VLAN routing — MikroTik CHR for the Lab network, VyOS VM for production and management segments.

🔧
MikroTik CHR
Core Router · EV for VLAN 10
Lab Router
VLAN 10 LAB-SERVERS 192.168.10.0/24
📋 Log Collection & Aggregation
Wazuh Graylog Open-Archive / OpenSearch
📊 Monitoring & Metrics
Grafana Prometheus Zabbix web-stack
⚙️ Security Automation & Orchestration
Ansible Jenkins Semaphore
🧪 App Services & Code Quality
Apache Tomcat SonarQube
🔍 Data, Search & Knowledge
InfluxDB Jupyter Notebook
🖥️ Lab OS Platforms
Debian Lab VMs Ubuntu Lab VMs
🎬 Media & Cameras
Plex MotionEye
⬇️ Download & Automation
Autobrr Radarr qBittorrent Prowlarr Bazarr
🔀
VyOS VM
Core Router · SVIs for VLANs 20/40/50/60
Prod Router
VLAN 20 PROD-SERVERS 192.168.20.0/24
🏠 Home Automation
Home Assistant
🌐 Core Network Services
Pi-hole UniFi Controller
VLAN 40 MGMT.NET 192.168.40.0/24
🧰 Management
DevOps WorkStation Test Lab Console
VLAN 50 ALT-SOLUTIONS 192.168.50.0/24
🔄 Alternate / Redundant Instances
Graylog (Alt) Open-Archive / OpenSearch (Alt) Zabbix (Alt) Semaphore (Alt)
VLAN 60 RECOVERY-ENVIRONMENT 192.168.60.0/24
💿 Backup & Recovery
Proxmox Backup Server
Architecture Notes

Design Decisions

Key rationale behind the network segmentation and tooling choices.

🛡️
pfSense as Central DHCP
Single DHCP authority across all segments with relay agents forwarding per-VLAN leases. Provides centralized control, consistent logging, and a clean audit trail for IP assignments.
🔧
Dual-Router Architecture
MikroTik CHR owns Lab VLANs; VyOS handles Production, Management, Alt, and Recovery. Segmentation ensures lab experiments can't impact production services even with misconfigurations.
📶
UniFi AP → CT Migration
The UniFi Access Point is slated to move into a Proxmox Container (CT) for consolidated management, reducing dedicated hardware footprint and enabling snapshot-based rollbacks.
🔄
VLAN 50 — Alt Solutions
Parallel instances of monitoring and log tools allow for version testing, config experimentation, and hot-standby capability without risking the primary lab observability stack on VLAN 10.
💾
VLAN 60 — Recovery Environment
Proxmox Backup Server lives in a fully isolated recovery VLAN with restrictive ACLs. Only backup-specific traffic is permitted, protecting the last line of defense from lateral movement.
📊
Observability Stack (VLAN 10)
Wazuh + Graylog + OpenSearch + Grafana + Prometheus + Zabbix provides layered SIEM, log aggregation, metrics, and alerting — replicating an enterprise SOC environment at home lab scale.