Previously I had Ubiquiti Edgerouter Lite, two managed Netgear Switches and Unifi AP-SHD WiFi. When my Edgerouter Lite suddenly died and there was no warranty left I thought that I could redo my home network and learn something new while doing it. I had some principles that I wanted to full fill when redoing my setup:
- The setup needed to be robust
- The setup needed to offer great configurability
- I wanted to have possiblity to isolate different devices to different VLANs
- I wanted to have PoE capability
For this task I chose Unifi product family from Ubiquiti because they combine quality hardware with great configurability and I had heard good about them. I decided that the Unifi AP-SHD WiFi box was good enough to stay but the other parts I wanted to redo. So I got the following gear:
- Unifi Security Gateway Pro 4
- Unifi US-24-250W Managed PoE Switch
- Unifi Cloud Key Gen2 Plus
- Unifi Cloud Key G2 Rack Mount
Physically I have setup my devices so that both USG and US-24-250W switch are behind a UPS and Cloud Key & AP-SHD are powered via PoE from the switch. All the devices but WiFi box are sitting inside my a little closet waiting for my storage room renovation to finish. After it's finished I will assemble a proper rack for my gear :) So the final setup has to wait for my renovation to finish and that I do better internal cabling inside our apartment.
Network wise I have setup my stuff so that I have the following different VLANs:
- Management VLAN for all my network gear
- LAN VLAN for my computers, tablets and phones
- IoT VLAN for my media boxes, TVs etc.
- Playground VLAN for my home servers
I've setup these so that the IoT devices can't connect to internal networks but my devices from LAN VLAN can connect to IoT devices. This way I can for example stream from my phone to my Apple TVs. I have also setup Pi-hole so that I have DNS level ad-blocker. This way I don't need to use browser add-ons for ad-blocking and I can also limit how much data IoT devices are sending to the internet. My Pi-hole setup is running on top of Kubernetes cluster which I have setup on top of three Intel NUCs. I have also setup Metallb with BGP to handle load balancing to have actual fault tolerance for my Kubernetes cluster. Also to be able to access my home network remotely I have setup WireGuard VPN to my Unifi USG.
I know my setup is more than I would actually need as my home setup but I have also been wanting to learn new stuff. This is why I for example have a three node Kubernetes cluster at home. If you are interested I will publish more detailed posts on my Pi-hole and WireGuard setups in the future.