Network Configuration: Difference between revisions
Wikisailor (talk | contribs) Tag: Reverted |
Wikisailor (talk | contribs) Tag: Manual revert |
||
| Line 36: | Line 36: | ||
* Production Backbone: 2.5Gbps Managed Switch (VLAN Tagged) | * Production Backbone: 2.5Gbps Managed Switch (VLAN Tagged) | ||
{| class="wikitable" style="margin:auto | {| class="wikitable" style="margin:auto" | ||
|+VLAN & Subnet Map | |+VLAN & Subnet Map | ||
| Line 56: | Line 56: | ||
| 111 || Terminal || 192.168.111.0/24 || RDP / NoMachine gateways | | 111 || Terminal || 192.168.111.0/24 || RDP / NoMachine gateways | ||
|} | |} | ||
== Switch Configuration == | == Switch Configuration == | ||
Revision as of 21:47, 25 January 2026
Introduction
With the addition of a second host, Kiwi, some new decisions need to be made on how to access its services. At the same time now is a good time to increase the throughput in the entire Home Lab
Hardware Configuration
Some new hardware has been added as follows.
Pear
Pear is the original host and was setup with a single 1 Gb p/s NIC. As it only had one NIC the management and LAN were both using the it. Now I have added a second 2.5 Gb p/s NIC. The management is still via the original NIC and the WAN port of Pfsense is also still on the original NIC
- Management port is 192.168.1.111:8006
- Pfsense WAN Port is 192.168.1.125
Kiwi
Kiwi is the new host with a single 2.5 GB p/s NIC and a WIFI NIC. It will have no direct access to the Internet and the WIFI NIC will probably be disabled. The single 2.5 NIC will have to be used as the management port. The VLANs will also be connected to this 2.5 NIC and hence through to Pear and it's Pfsense gateways.
- Management port is 192.168.1.112:8006
Grape
The desktop PC Grape has also now got a new 2.5 GB p/s NIC that will be connected to the new managed switch and the VLANs some caution will be needed as the original NIC connects to the internet on 192.168.1.1/24 so some care needs to be taken to stop any of the home lab VLANs from bypassing the Pfsense firewall and linking directly to the internet.
Switches
There is the original Dumb 4 port switch connected to ISP, Desktop PC, Pear's 1 Gb p/s NIC, and port 1 of the new managed switch. Now there is new managed 4 +2 switch (the 2 SFPs lots are unused).
Potential Problems
The problems that need to be avoided are mainly not allowing any path to internet that is not supposed to be allowed and not having any routing loops
VLANS
The old protected LANs on Pear were all simply unbridged networks now they are changed to VLAN aware networks and bridged to the new 2.5 GB p/s NIC.
- ISP Gateway: 192.168.1.1
- Management Subnet: 192.168.1.0/24 (Physical Dumb Switch)
- Production Backbone: 2.5Gbps Managed Switch (VLAN Tagged)
| VLAN ID | Name | Subnet | Purpose |
|---|---|---|---|
| 1 | Management | 192.168.1.0/24 | Proxmox GUIs, pfSense WAN, ISP |
| 100 | Production | 192.168.100.0/24 | Webservers, MYSQL servers, gameservers any other services |
| 110 | Infrastructure | 192.168.110.0/24 | Internal services (DNS, NTP, Auth) |
| 130 | VPNNet | 192.168.130.0/24 | WireGuard / OpenVPN VMs |
| 120 | Lab | 192.168.120.0/24 | Sandboxed testing / POCs |
| 99 | MGT (Internal) | 192.168.99.0/24 | Internal server management (Pfsense, Prometheus and etc) |
| 111 | Terminal | 192.168.111.0/24 | RDP / NoMachine gateways |
Switch Configuration
Dumb Switch (1Gbps Management) Connects ISP Router, Pear 1Gbps NIC, Win11 1Gbps NIC, and Managed Switch Port 1.
Managed Switch (2.5Gbps Backbone)
- Port 1 (Uplink to Dumb Switch):
- VLAN 1: Untagged (PVID 1)
- All other VLANs: Excluded (Prevents leaks to ISP router)
- Port 4 (Pear - Host 1):
- VLAN 1: Excluded (Management stays on 1Gbps NIC)
- VLANs 30, 110, 130, 120, 99, 111: Tagged
- Port 2 (Kiwi - Host 2):
- VLAN 1: Tagged (Enables management over single NIC)
- VLANs 30, 110, 130, 120, 99, 111: Tagged
- Port 3 (Win11 Desktop):
- VLAN 1: Untagged (Optional fallback)
- VLAN 30: Tagged (For 2.5G production access)
