As a lot of people, I am currently working from home. That means:
- I start about one hour earlier in the morning
- I have a looong lunch break
- I finish at the same time as in office
- I do not have to commute – that saves me 90 minutes each day!
So, time to spend on some private projects. The first project I started (and completed) was to rebuild my home network. Being a network engineer, my network at home is a bit bigger and more complex than a usual domestic network:
- I have separate guest network
- I have (and use) IPv6
- I operate my own mail server at home
- I have a number of VPN tunnels up and running
So, most people do not have that. My old network was simply a Fritzbox, with Guest LAN enabled, three switches (two with VLANs, one unmanaged) and two Wifi access points.
First thing to be replaced were the switches. I wanted only managed switches and VLANs everywhere. Why? Because a lot of “consumer electronics” have internet clients build in (like my TV or my BluRay player, even the the oven has Internet connectivity), but these devices have not received any security updates for the last 5 years or longer. So I do not trust them, I do not want them in the same LAN as my normal infrastructure.
So I replaced my switches with some Ubiquity smart switches, with the additional benefit that two of them also support PoE (Power over Ethernet), so I can power some end devices from the switch (with the help of PoE splitters) and can get rid of quite a number of USB power supplies.
This is a diagram of my new infrastructure at home:
You might notice that I also added an Ubiquity Security Gateway, this is for Firewall and address distribution. Works fine! No, connectivity is not any faster, but all “consumer devices with Internet connectivity” are now separated from the rest of the network. To be continued….