skills/homelab-network-setup

stars:0
forks:0
watches:0
last updated:N/A

Homelab Network Setup

Use this skill to design a home or small-lab network that can grow without needing a full rebuild.

When to Use

  • Planning a new home network or redesigning an ISP-router-only setup.
  • Choosing gateway, switch, and access point roles.
  • Designing IP ranges, DHCP scopes, static reservations, and DNS.
  • Preparing for future VLANs, Pi-hole, NAS, lab servers, or VPN access.
  • Troubleshooting a new network that has double NAT, unstable Wi-Fi, or changing server addresses.

How It Works

Start by separating device roles:

Internet
  |
Modem or ONT
  |
Gateway or router      NAT, firewall, DHCP, DNS, inter-VLAN routing
  |
Managed switch         wired clients, AP uplinks, optional VLAN trunks
  |
Access points          Wi-Fi only; ideally wired backhaul
Servers and NAS        stable addresses, DNS names, monitoring
Clients and IoT        DHCP pools, isolated later if VLANs are available

Pick a gateway that matches the operator, not just the feature checklist:

OptionBest fitNotes
ISP routerBasic internet onlyLimited control and often poor VLAN support
UniFi gatewayManaged home networkGood UI, ecosystem lock-in
OPNsense or pfSenseFlexible homelabStrong VLAN, firewall, VPN, and DNS control
MikroTikAdvanced network usersPowerful, but easy to misconfigure
Linux routerTinkerersDocument rollback before using as primary gateway

IP Plan

Avoid the most common default, 192.168.1.0/24, when you expect to use VPNs. It often conflicts with hotels, offices, and ISP routers.

Example small homelab plan:

192.168.10.0/24  trusted clients
192.168.20.0/24  IoT and media devices
192.168.30.0/24  servers and NAS
192.168.40.0/24  guest Wi-Fi
192.168.99.0/24  network management

Gateway convention: .1
Infrastructure reservations: .2 through .49
Dynamic DHCP pool: .50 through .240
Spare room: .241 through .254

Use home.arpa for local names. It is reserved for home networks and avoids the leakage/conflict problems of ad hoc names like home.lan.

nas.home.arpa
pihole.home.arpa
gateway.home.arpa
switch-01.home.arpa

DHCP And DNS

  • Use DHCP reservations for anything you SSH into, bookmark, monitor, or expose as a service.
  • Hand out the gateway as DNS until a local resolver is intentionally deployed.
  • If using Pi-hole or another DNS filter, give it a reservation first, then point DHCP DNS options at that address.
  • Keep a small static/reserved range per subnet so replacements do not collide with dynamic leases.

Cabling And Wi-Fi

  • Prefer wired AP backhaul over mesh when you can run Ethernet.
  • Use a PoE switch for APs and cameras if the budget allows it.
  • Label both ends of each cable and keep a simple port map.
  • Put the gateway, switch, DNS server, and NAS on UPS power if outages are common.

Examples

Beginner Upgrade

Goal: Keep the ISP router but stabilize a small lab.

  1. Set DHCP reservations for NAS, Pi, and any SSH hosts.
  2. Move local names to home.arpa.
  3. Disable duplicate DHCP servers on secondary routers or APs.
  4. Wire the main AP instead of relying on wireless backhaul.

VLAN-Ready Plan

Goal: Prepare for future segmentation without enabling it immediately.

  1. Choose non-overlapping /24 ranges for trusted, IoT, servers, guest, and management.
  2. Reserve .1 for the gateway and .2-.49 for infrastructure on every subnet.
  3. Buy a gateway and switch that support VLANs and inter-VLAN firewall rules.
  4. Document which SSIDs and switch ports will eventually map to each network.

Anti-Patterns

  • Double NAT without a reason or documentation.
  • Using 192.168.1.0/24 when VPN access is planned.
  • Dynamic addresses for NAS, Pi-hole, Home Assistant, or other service hosts.
  • Consumer routers repurposed as APs while their DHCP servers are still enabled.
  • Flat networks with cameras, smart plugs, laptops, and servers all sharing the same trust boundary.

See Also

  • Skill: network-interface-health
  • Skill: network-config-validation
    Good AI Tools