A production-ready network infrastructure featuring VLAN segmentation, enterprise routing, managed switching, and comprehensive network servicesβall running on enterprise hardware in a dorm room environment.
Internet (College Network)
β
βΌ
βββββββββββββββββββββββββ
β MikroTik hEX S β
β (Router) β
β β’ NAT/Firewall β
β β’ VLAN Gateway β
βββββββββββββ¬ββββββββββββ
β ether2 (Trunk: VLANs 10,20,30,40)
βΌ
βββββββββββββββββββββββββ
β Netgear GS105E β
β (Managed Switch) β
β β’ 802.1Q VLANs β
β β’ Port Mirroring β
βββββββ¬ββββββ¬ββββββ¬ββββββ
β β β
ββββββββββ β ββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββ ββββββββββββ ββββββββββββ
β Mini PC β β Pi 5 β β Wi-Fi AP β
β (N100) β β (Infra) β β (Future) β
β VLAN 20 β β VLAN 20 β β VLANs β
βββββββββββ ββββββββββββ ββββββββββββ
MikroTik hEX S (RB760iGS)
5Γ Gigabit Ethernet ports, 1Γ SFP cage, 880 MHz dual-core CPU, 256MB RAM, RouterOS v7
Handles routing, NAT, firewall, DHCP, and VLAN inter-routing
Netgear GS105E
5-port Gigabit managed switch with 802.1Q VLAN support, port mirroring, and QoS
VLAN-aware distribution layer with trunk and access ports
Mini PC (Intel N100)
Quad-core Alder Lake-N, 16GB RAM, NVMe + external 2TB SSD storage
Runs Docker containers for services and applications
Raspberry Pi 5
ARM Cortex-A76, 8GB RAM, Ubuntu Server 24.04 LTS
Critical infrastructure services: DNS, NTP, VPN, logging
Network is logically segmented into four VLANs for security, performance, and organization:
| VLAN ID | Name | Purpose | Access Level |
|---|---|---|---|
| VLAN 10 | Management | Router, switch, AP management interfaces | Admin only |
| VLAN 20 | Servers | Mini PC, Raspberry Pi, infrastructure services | Trusted devices |
| VLAN 30 | Clients | Laptop, phone, personal devices | Standard access |
| VLAN 40 | Guest | Visitor devices, IoT, untrusted hardware | Internet only |
| Port | Device | Mode | VLANs | PVID |
|---|---|---|---|---|
| Port 1 | MikroTik ether2 | Trunk | 10, 20, 30, 40 (Tagged) | β |
| Port 2 | Mini PC | Access | 20 (Untagged) | 20 |
| Port 3 | Raspberry Pi 5 | Access | 20 (Untagged) | 20 |
| Port 4 | Wi-Fi AP | Hybrid | 10 (Untagged), 30+40 (Tagged) | 10 |
| Port 5 | Laptop / Spare | Access | 30 (Untagged) | 30 |
Network-wide DNS filtering and ad blocking. Provides DNS resolution for all VLANs with blocklist filtering.
ACTIVENetwork Time Protocol server for accurate time synchronization across all devices.
ACTIVEVPN client for secure remote access and encrypted tunneling when needed.
ACTIVECentralized log forwarding to Mini PC for aggregation and analysis.
ACTIVEPrometheus node exporter and custom metrics collection for infrastructure monitoring.
ACTIVEInfrastructure automation and configuration management hub.
PLANNEDLog indexing and SIEM platform for security monitoring and analysis.
PLANNEDMetrics collection and visualization for infrastructure monitoring and dashboards.
PLANNEDNetwork intrusion detection system using switch port mirroring for traffic analysis.
PLANNEDContainerized applications and services for easy deployment and management.
PLANNEDThis homelab demonstrates practical implementation of enterprise networking concepts in a resource-constrained environment. Despite the 28.8 Mbps college network limitation, the infrastructure provides:
This setup serves as both a learning platform and a practical infrastructure for daily use, proving that professional-grade networking doesn't require a dedicated server room or enterprise budget.
Email: ethanlawson20@outlook.com
LinkedIn: Ethan Lawson | LinkedIn