Over the last year, I have been trying to work through getting VLAN’s setup and operational in my Homelab… so that I can not only experiment, but also to start segregating services from PC’s and putting things like IOT devices and Guest devices on their own VLANs.

I come to you today, with a working solution for my own homelab. This post is mainly just to discuss the current state of my homelab, but also look for suggestions on how you would make any changes to my layout.

Current Hardware:

  • 1x TP-Link Omada TL-SG2428P (my core switch)
  • 3x TP-Link Omada TL-SG2210P (leaf switches on different floors)
  • 2x HP EliteDesk 800 G4 (i5-8500T 6C6T, 32GB DDR4) aka Hyper2, Hyper3
  • 2x HP ProDesk 800 G4 (i5-7500T 4C4T, 32GB DDR4) aka Hyper5, Hyper6
  • Whitebox server (i7-4790k, 32GB DDR3) aka Hyper3
  • TrueNAS whitebox (AMD FX-6350 6C6T, 32GB DDR3 ECC) aka TrueNAS

VLAN’s:

  • 50 Infrastructure
  • 51 PiKVM’s
  • 52 VPNs
  • 53 Jumpboxes
  • 60 Trusted
  • 70 IOT-Secure (No internet access)
  • 71 IOT-Insecure (Internet Access)
  • 99 Guest
  • 1 LAN (default, soon to be retired)

All servers are running Proxmox as my hypervisor. Proxmox nodes are NOT configured with VLAN and currently only reside on LAN. Haven’t made the move to put those on VLAN … when one of them hosts the system that controls traffic to those VLAN’s… so thinking just leaving them on LAN and limiting access.

VM’s & Containers:

Hyper2:

  • Ubuntu VM (Frigate) VLAN 50
  • Ubuntu VM (RDT-client) VLAN 50

Hyper3:

  • Ubuntu desktop VM (crashplan) VLAN 50
  • Ubuntu VM (Immich, Immich Power Tools, Remmina, Tautulli, Vikunja, Mealie, Paperless-NGX, Linkwarden) VLAN 50

Hyper4:

  • AdGuardHome LXC VLANs (all)
  • WireGuard LXC VLAN 52
  • Windows Server 2022 vm VLAN 1, 50
  • OPNsense VM (DHCP)
  • Ubuntu VM (*arr stack, Adguard-Sync, Uptime Kuma, Gitea, Minecraft Bedrock) VLAN 50
  • Ubuntu VM (NGINX) VLAN 50
  • Ubuntu VM (OpenVPN) VLAN 52

Hyper5:

  • MQTT LXC (for home assistant) VLAN 50
  • Ubuntu VM (Home Assistant focused: MariaDB, Zigbee2MQTT, RTL-433; Nextcloud [app, redis, mariadb]) VLAN 50
  • Ubuntu VM (Prowlarr, NZBGet, QBittorrent, flaresolverr) VLAN 50
  • Home Assistant OS VM (HAOS) VLAN 50
  • Ubuntu VM (Wazuh) VLAN 50

Hyper6:

  • AdGuardHome LXC VLANs (all)
  • WireGuard LXC VLAN 52
  • Windows Server 2022 (AD, DNS) VLAN 1, 50
  • Ubuntu VM (Omada controller) VLAN 1, 50
  • Ubuntu VM (nothing running yet) VLAN 50
  • Ubuntu VM (Plex, ErsatzTV, Maintainerr x2, Immich Machine Learning) VLAN 50
  • Ubuntu VM (OpenVPN) VLAN 52

This all works pretty well currently. I’ve been doing some more research and finding that folks have done things a bit different with their server VLAN’s… and just trying to get opinions on what would be better. I recognize that currently, my reverse proxy is in the Infra VLAN, which would be fine… but it’s the same RP that is used for public access… which has me thinking that it should go in the DMZ OR I should setup a second RP (but introduces an issue with keeping TLS Certs in sync …

Tear my setup apart… let me have it. What suggestions do you have? What am I doing wrong? What am I doing right (if anything)?