AUTOMATION

Building My Home Lab: Network Segmentation & Monitoring

Published on December 5, 2024
15 minute read
3,241 views

Abstract

Complete guide to building a professional-grade home lab with enterprise networking, security monitoring, and automation capabilities. Investment: ~$2,800 over 6 months with immediate ROI through career advancement.

The Vision

As an IT professional transitioning from supply chain operations, I needed a comprehensive home lab to practice enterprise-level networking, security, and automation concepts. This lab needed to simulate real business environments while staying within a reasonable budget.

Lab Architecture Overview

Internet ←→ [pfSense Firewall] ←→ [Managed Switch] ←→ [Lab Network]
                    ↓                      ↓
              [DMZ VLAN]            [Internal VLANs]
                    ↓                      ↓
            [Web Services]     [Domain Controller, Proxmox, etc.]

Hardware Foundation

Network Infrastructure

  • 🔥 pfSense Box: Protectli VP2420 (4-port Intel NICs)
  • 🔌 Managed Switch: UniFi Switch 24 PoE (24 ports + SFP+)
  • 📶 Wireless: UniFi Access Point WiFi 6

Compute & Storage

  • 💻 Hypervisor: Dell OptiPlex 7070 (32GB RAM, 1TB NVMe)
  • 💾 NAS: Synology DS218+ (2x4TB WD Red drives)
  • 💰 Total Investment: ~$2,800 (6 months)

Network Segmentation Strategy

VLAN Design

# VLAN Configuration
VLAN 10: Management (192.168.10.0/24)    # Infrastructure access
VLAN 20: Lab Servers (192.168.20.0/24)   # VMs and containers
VLAN 30: DMZ (192.168.30.0/24)           # Public-facing services
VLAN 40: IoT (192.168.40.0/24)           # Smart home devices
VLAN 50: Guest (192.168.50.0/24)         # Visitor access

Firewall Rules Implementation

# pfSense Rules Example
# Block inter-VLAN communication by default
pass out on LAN from LAN:network to !LAN:network keep state
block in on LAN from !LAN:network to LAN:network

# Allow specific services
pass in on IoT_VLAN proto tcp from IoT:network to LAB:192.168.20.100 port 53
pass in on GUEST_VLAN proto tcp from GUEST:network to any port { 80 443 53 }

Virtual Infrastructure

Proxmox VE Setup

Running multiple environments on a single hypervisor:

# VM Allocation
├── Domain Controller (Windows Server 2022) - 4GB RAM
├── Security Tools VM (Kali Linux) - 8GB RAM
├── SIEM Server (Ubuntu + ELK Stack) - 8GB RAM
├── Development Environment (Ubuntu) - 6GB RAM
└── Vulnerable VMs (Metasploitable, DVWA) - 4GB RAM

Container Services

# Docker Compose for monitoring stack
version: '3.8'
services:
  prometheus:
    image: prom/prometheus
    ports:
      - "9090:9090"
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
  
  grafana:
    image: grafana/grafana
    ports:
      - "3000:3000"
    environment:
      - GF_SECURITY_ADMIN_PASSWORD=admin123

Monitoring and Alerting

Key Dashboards Created

Network Monitoring

  • • Real-time bandwidth per VLAN
  • • Traffic flow analysis
  • • Connection tracking

Security Events

  • • Failed login attempts
  • • Blocked connections
  • • Intrusion detection alerts

Real-World Learning Outcomes

Security+
Passed Nov 2024
AWS SAA
Scheduled Feb 2025
CCNA
Planning Jun 2025

Skills Developed

Technical Skills

  • • Network Architecture (VLAN design, routing, firewalling)
  • • Virtualization (Proxmox management, resource allocation)
  • • Monitoring (ELK stack, Grafana dashboards, alerting)

Automation & Security

  • • Automation (Ansible, PowerShell DSC, Docker)
  • • Security (Vulnerability management, incident response)
  • • Cloud Integration (Site-to-site VPN, hybrid setup)

Cost-Benefit Analysis

Investment Breakdown

  • 💻 Hardware: $2,200
  • 📀 Software Licenses: $400
  • Power/Internet: $40/month additional

Value Gained

  • 🎯 Training Course Value: $3,000+
  • 📈 Career Development: Practical IT skills
  • 🔒 Home Network: Enhanced security

ROI: Lab paid for itself within 6 months through improved job prospects and salary negotiations.

Lessons Learned

What Worked Well

  • ✅ Started simple with basic pfSense setup
  • ✅ Documented everything in a wiki
  • ✅ Regular VM snapshots before changes
  • ✅ Active in r/homelab community

Pitfalls Avoided

  • ⚠️ Resisted over-engineering from start
  • ⚠️ Stuck to planned budget phases
  • ⚠️ Built redundancy in critical services
  • ⚠️ Treated lab with production-level security

Future Enhancements

Planned Upgrades

  • 🚢 Kubernetes Cluster: 3-node setup for container orchestration
  • ☁️ Cloud Integration: Site-to-site VPN with AWS
  • 🛡️ Advanced Threat Detection: SOAR platform implementation
  • 🔐 Zero Trust Architecture: Implement work project concepts

Essential Tools & Resources

Core Technologies

  • 🔥 pfSense: Open-source firewall/router
  • 📦 Proxmox VE: Enterprise virtualization
  • 📊 ELK Stack: Elasticsearch, Logstash, Kibana
  • 📈 Grafana: Metrics visualization

Learning Resources

Fernando McKenzie

IT Operations Specialist passionate about home labs and enterprise technology.

All Articles Portfolio