Show me your home network

[mikehhhhhhh]

I was surprised to find that there wasn't really a thread already for this.

I've just got mine to a usable state. It's modest compared to some I've seen, but still over-engineered for a house of 3

Mine lives in the corner of my attached garage;


A quick run down of what the network consists of;
900/100 FTTH connection from Zen,
400/50 5G connection for failover from EE
Mikrotik 4011 router
Netgear GS724TP 24 Port POE switch chosen for it's big POE capacity for low (used) cost
Cyberpower CP1500 UPS that'll run everything for around 60-80 minutes and auto shutdown via NUT
Synology DS918+ for NAS, some docker services and NVR
RPI4 running Home Assistant for home automation and zigbee control
Camect for CCTV object detection and alerts
Server is old J1900 router appliance for remote ssh access/jump box and testing
Access points are Ubiquiti U6-Lites

I work from home, so one of the core requirements when I built this was that everything still works if the power goes off. This is mostly achieved by a fairly decent sized UPS powering the rack, using POE where possible and a separate 12v UPS for the FTTH ONT.

Next steps are a Dell R2x0 to replace the server with something more powerful, and an extra Ubiquiti U6 Professional AP on the ceiling in the hallway to cover the majority of the wifi in the house.



Hopefully that's interesting for some of those interested in home networks / home labs, but what I'm really interested to see is what setups other people have;

Fire away!

 

[HatMan]

When you say RPi Home Assistant, what is your Pi doing? Mine is a recursive DNS server running PiHole. My network is partly shown below. An Edge X router is served by the FTTP modem. DNS redirect and recursive DNS lookup using the Pi in the metal case by "Monkey". The 16 port Gigabit managed switch goes to a single 5 port Gigabit switch in the main lounge. That feeds all the downstairs TVs and Sky HD box (Won't touch Q till they fix it), and a PC. From the 16 port is my PC, my Dad's PC in his room in the garden via SWA Cat 7 (he is a Ham Radio operator and got dropouts without the CAT 7 shielding.), my two printers, NAS, Sky HD, TV, test points and up into the attic to feed a 4 port PoE switch that connects and powers the CCTV cameras. My 1080p PTZ is powered separately. The CCTV PVR is connected to the 16 port too.

Wifi is provided by three BT discs on a separate 10.0 network with firewall rules and mac management. 10.0 cannot talk to 192.168 but 192.168 can talk to 10.0. All Wifi SSID are hidden and the discs are not linked together (BT firmware tickbox) Two BT discs are on 10.0 and one for me is on 192.168. That only allows connections from my iphone and ipad. Test PCs being worked on connect to 10.0. Firewall rules do allow my NAS on 192.168 to be used by my TV and PC only. On 10.0 Wifi is also a stupid worthless bint called Alexa and a more knowledgeable useful semi stupid hag called Hey Google. Neither Smart - yeah right - device can access 192.168.

Before anyone asks, if indeed they are going to. This network was put together by asking two million questions, and watching the entire Ubiquiti Online tutorials.

 

[ChrisD.]

All Wifi SSID are hidden

Why are they hidden?

 

[HatMan]

Wifi is the point at which a network can be hacked. WPA 2 was cracked ages ago, so at least with SSID not broadcast it is another obsticle. I have a quest network downstairs that is hidden too. I change the password on that monthly if I remember. Smart Devices are almost wide open to attack so using MAC filtering etc I make it has hartd as I know how for me to be compromised. The chances are low where I live but there is also an element of knowing I am trying.

 

[ChrisD.]

Wifi is the point at which a network can be hacked. WPA 2 was cracked ages ago, so at least with SSID not broadcast it is another obsticle. I have a quest network downstairs that is hidden too. I change the password on that monthly if I remember. Smart Devices are almost wide open to attack so using MAC filtering etc I make it has hartd as I know how for me to be compromised. The chances are low where I live but there is also an element of knowing I am trying.

If someone wants to break into your network the first thing they'll do is use a network scanner which makes hiding the SSID completely redundant. If anything, it makes you more of a target as the would be hacker thinks you have something to hide.

 

[mikehhhhhhh]

When you say RPi Home Assistant, what is your Pi doing?

Home Assistant is home automation software. So it orchestrates my automations and integrates with IoT devices including Zigbee ones via a USB Zigbee adapter as well as exposing it all via Homekit for easy control via Apple Products

I agree on the SSID comment. Most issues have been patched by decent vendors by now, assuming you're using AES-CCMP anyway.

 

[Armageus]

Wifi is provided by three BT discs on a separate 10.0 network with firewall rules and mac management. 10.0 cannot talk to 192.168 but 192.168 can talk to 10.0. All Wifi SSID are hidden and the discs are not linked together (BT firmware tickbox) Two BT discs are on 10.0 and one for me is on 192.168. That only allows connections from my iphone and ipad. Test PCs being worked on connect to 10.0. Firewall rules do allow my NAS on 192.168 to be used by my TV and PC only. On 10.0 Wifi is also a stupid worthless bint called Alexa and a more knowledgeable useful semi stupid hag called Hey Google. Neither Smart - yeah right - device can access 192.168.

I have no idea what you are trying to accomplish by having 2 different IP ranges?

Even if it's purely paranoia against Google/Amazon smart devices, then surely there are better ways of doing this (VLANs?). Seems pointless having 3 wifi discs if they don't all broadcast the same SSIDs?

 

[ChrisD.]

Seems pointless having 3 wifi discs if they don't all broadcast the same SSIDs?

Massively pointless for home use, it's like he read all the tin foil hat books on network security and chose all the options, extremely overkill.

 

[Dg834man]

Not to mention the fact it looks a complete abortion

 

[mikehhhhhhh]

Not to mention the fact it looks a complete abortion

Crikey, no wonder no one wants to share their setup.

Let us see your ultra-sleek setup then?

 

[Deleted member 77746]

I’m fairly sure there used to be a thread for home network setups. I’ll try find it.

I knew there was;
https://www.overclockers.co.uk/forums/threads/show-us-your-racks.17599176/

 

[ChrisD.]

Mine lives in the corner of my attached garage;

How well is your garage insulated? Have you had any problems with spiders etc? And how is the heat in there in the summer? I'm waiting to move into a new house and I want to put some of my kit in the garage.

 

[Dg834man]

Crikey, no wonder no one wants to share their setup.

Let us see your ultra-sleek setup then?

There is **** all to see apart from wall sockets i took the time to run the cables under the floor and up a service conduit then it all terminates under the stairs.

 

[mikehhhhhhh]

How well is your garage insulated? Have you had any problems with spiders etc? And how is the heat in there in the summer? I'm waiting to move into a new house and I want to put some of my kit in the garage.

It's attached to the house on two sides, garage door is soon to be replaced with an insulated sectional door. However, the roof is flat with exposed rafters and one wall is single skin and uninsulated.

I plan on insulating the roof at some point, but trying to avoid insulating the single skin wall to keep as much space as possible.

I'm not really worried about spiders but temperature could be a concern, it's something I'm monitoring - I've only been here a month.

The Miktrotik has hovered around 36c with no air intake into the rack. I'm about to add two filtered fans to try and create positive pressure in the cabinet, I think they'll improve the situation and may even end up ducted from outside if the filters don't do a decent job of filtering the dust.

 

[ChrisD.]

Thanks @mikehhhhhhh - my new garage has rafters and I was going to put my NAS, a few switches and my two (soon to be three) Dell Xeon workstations in there once I get the gaps boarded.

 

[Deleted member 77746]

I’m fairly sure there used to be a thread for home network setups. I’ll try find it.

I knew there was;
https://www.overclockers.co.uk/forums/threads/show-us-your-racks.17599176/

 

[mikehhhhhhh]

Thanks @mikehhhhhhh - my new garage has rafters and I was going to put my NAS, a few switches and my two (soon to be three) Dell Xeon workstations in there once I get the gaps boarded.

Make sure you get some decent insulation in there!

Your post just motivated me to go fit the fans to the cabinet. They've dropped the internal temp of the Mikrotik by 5c to 31c which is pretty impressive and hopefully they'll lead to less dust as they are filtered.

 

[mikehhhhhhh]

I’m fairly sure there used to be a thread for home network setups. I’ll try find it.

I knew there was;
https://www.overclockers.co.uk/forums/threads/show-us-your-racks.17599176/

Ah nice, thanks for sharing!

 

[Kei]

Mine is as follows:

Cisco 1921 router with VDSL modem card - Connected to basic BT FTTC 80/20
Juniper EX3300 24P POE core switch - Handles both 10Gbe and 1Gbe for the whole house (my PC, dad's pc and the server are 10Gbe connected via OM3 fibre)
HP 1910-8G - Handles all devices in one bedroom
D-Link DAP-2695 WAP - Handles wifi for the front half of the house/garden
Cisco CAP3502i WAP - Handles wifi for the back half of the house/garden (freebie from work)


The diagram I drew up a few years back includes a POE passthrough switch downstairs (Netgear GS105PE) as I wanted to provide some additional ethernet ports. The house was wired way back in the 90's when 10/100 was king and no extra provision was put in, meaning just a single cat 5 between upstairs and downstairs. I still haven't added it as the need is not great, plus some people say that the POE passthrough doesn't work that well so the AP may not function.

 

[HatMan]

Its funny how angry some people get when they see someone elses attempt at implementing something. It works for me and if not for you that is fine. They way some of you "users" go on anyone would think I broke into your houses and urinated on your kids.