My Home-Office Network

There’s a forum over at www.broadbandreports.com where people post photos and drawings of their home and home-office networks. Some people have some really simple setups, while others have truly sophisticated installations.

I’m sure ours is somewhere in the middle. I posted a drawing over there so I suppose that it only makes sense to post it here as well.

Network Diagram
Click on the image for a larger, more legible version

This drawing doesn’t include the Portech MV-370 GSM gateway as that’s brand new. Nor does it include various pieces of gear that come and go for work related projects.

I’m still surprised at how many ports we need on our switches. I never would have guessed that our home would grow to this size, and it shows no signs of getting smaller. The 8 port switch in the house is soon to be replaced with a 16 port model. I’ll be adding more gear to interface the doorbell to the Astlinux server. That may include a SIP door phone if the funds are available.

3 thoughts on “My Home-Office Network”

  1. Nice diagram.

    Do you segment your network with multiple subnets and VLAN’s?

    If not, it is a great learning experience. Keeping, LAN, VOIP, WLAN and XTRA (media and guests) subnets/VLAN’s separated is a good idea, but can also create problems… no longer is your whole network a single broadcast domain and unless your file server access is in the same subnet, the traffic must pass through your m0n0wall, which can slow things down.

    I use a Soekris net5501 with an Intel Pro 1000 GT PCI card and m0n0wall. The WAN is an untagged main board interface and all local traffic goes through the purely tagged Intel/1000 interface to an HP Procurve 1800-24 switch. I also use an untagged main board interface as an “Admin” subnet that has access to all subnets so there is a fail-safe to configure m0n0wall, this interface is usually not connected.

    It takes a fair amount of planning to ‘organize’ your network in this way, and expect your wife to complain at least once when you make a mistake, but that is a part of learning.

  2. The long and short of it is that, no, I don’t subnet or use VLANs in that fashion. My experience working within larger organisations in my day job has lead me to believe that VLANs in particular might be conceptually more secure in a large enterprise…but are ultimately no better than what I do now given the scale & scope of my network.

    I could break a lot of the household stuff onto its own subnet, but even that seems like it would just complicate matters unnecessarily.

    In fact, there’s been a lot of news lately about VLAN hopping as a security exploit. This has many people thinking that VLANs might be less than effective as a security strategy.

    If I were to reconsider everything then my major concern would be load balancing across the DSL and cable modem, which is not in the drawing. It’s on a private LAN serving a Slingbox.

  3. I should also add that I don’t allow unknown guests. Period. My router will only issue IPs to known MAC addresses. My wifi APs are powered off using X-10 modules during various periods, like overnight or when I’m away.

Comments are closed.