This is an overview of my current home network setup, including the hardware, VLAN layout, and some things I’d do differently. A follow-up post will cover the storage and services side.
Topology Overview
Everything runs through OPNsense, which handles routing, firewalling, and WireGuard for remote access. From there it trunks down to two managed switches over 802.1Q, and each switch powers a TP-Link EAP610 access point via PoE+.
The two APs are managed through Omada and each broadcasts three SSIDs mapped to different VLANs: Trusted, IoT, and Guest.
Switches
This is where I’d do things differently if I were starting over. My 2.5G PoE switch handles the heavier traffic, specifically my Proxmox cluster and TrueNAS server. I went with a cheap Chinese brand because it had the specs I wanted at the price, but it’s been a headache. The interface is confusing, support is basically nonexistent, and it doesn’t fit naturally with the rest of my setup.
My second switch is a TP-Link, and the difference is noticeable. The UI is clean, configuration is straightforward, and it works the way you’d expect.
If I were doing this again, I’d just buy two TP-Link switches from the start. Saving money on networking hardware isn’t worth the frustration when things don’t work the way you expect.
Access Points
Both APs are TP-Link EAP610s running Wi-Fi 6 with WPA3. Omada makes managing them easy, especially for VLAN tagging per SSID. Roaming between the two is seamless.
VLANs
All VLANs are carved out of a 10.212.0.0/18 block and trunked from OPNsense to both switches.
| VLAN | Subnet |
|---|---|
| LAN | 10.212.1.0/24 |
| Servers | 10.212.10.0/24 |
| Trusted | 10.212.20.0/24 |
| IoT | 10.212.30.0/24 |
| Guest | 10.212.40.0/24 |
| Management | 10.212.99.0/24 |
The Management VLAN is locked down and only used for accessing network hardware. Servers get their own subnet isolated from the main LAN. IoT and Guest are both restricted from reaching anything internal.
What I Learned
Mixing a cheap 2.5G switch into my TP-Link network has caused me some issues. I can’t integrate it with Omada (TP-Link’s SDN) and the firmware is pretty outdated. I’m also worried about reliability, though it’s held up for about a year now. Whether that’s a sign of decent quality or just luck, I honestly can’t tell.
Last modified on 2026-03-13