wiki / homelab-network-map
Homelab network map
The lab is deliberately boring at the network layer so the experiments can be exciting at the service layer.
VLANs
| VLAN | Purpose | Notes |
|---|---|---|
| 10 | Trusted LAN | people devices only |
| 20 | Servers | the rack, wired only |
| 30 | IoT quarantine | no east-west, egress-filtered |
| 66 | Pentest lab | fully isolated, see Pentest lab on one box |
Core services
- Reverse proxy with wildcard TLS terminating everything on VLAN 20
- Internal DNS with split-horizon so lab names never leak
- Nightly config backups to a box that is not in the rack
The one rule
Nothing gets a static config that isn't in the git repo. If a service can't be rebuilt from the repo in an afternoon, it doesn't belong in the rack — a lesson paid for twice, receipts in Bench failure log.