Hi all, I recently went HAM on my home network. I thought I’d share the outcome since lots of people here like building completely overkill networks. I’ve also tied this into my Overkill Home Network 101 wiki guide. First off, let’s have a little look at my home network structure. Without further adieu, the worlds ugliest network diagram:
Now that I’ve failed to explain my network to you in this diagram that took way too long to create, let me give a list of relevant equipment we’re going to deal with:
- Ubiquiti USG
- 2x Unifi Switch 8 (PoE)
- Unifi Switch 24 (non-PoE)
- 2x Unifi AP-AC-PRO
- Proxmox lab environment (2x mismatched servers, Unifi Controller is running here)
- whitebox OpenMediaVault server
If you want to find out, more in-depth, how to build out a network like this, see the link, above, to the wiki page.
I found out quickly that it’s helpful to keep your USG on the default subnet (192.168.1.1/24) to avoid needing to SSH into the damn thing before connecting it to the controller. This is because the USG’s LAN port defaults to 192.168.1.1/24. This means you’ll have to either play some bastardized IP based musical chairs with your USG, controller and workstation or you’ll have to accept using the default subnet for LAN.
I chose Musical chairs.
I set my LAN subnet to 192.168.0.0/23 to give me a bit more space for leases and organizational reasons.
The connection process (Unifi calls it Adoption) is pretty straightforward, but doesn’t provide a ton of extraneous information, so it can be a bit nerve-racking to wait for the USG to pair. It took my network about 25 minutes to pair the damn thing. We’ll see if that’s par for the course.
Next up: Switches.
Switches were pretty easy. I clicked adopt, updated the firmware and let them be for the initial setup.
After I got everything up and running, I found that configuring VLANs was extremely easy, but did require creating what they called a Port Profile for each configuration I wanted. A bit annoying, but it works.
I tagged all my favorite VLANs into my servers, configured the VLAN ports on proxmox and I was off to the races. I now had a physical network that supported my virtual labs. More pentesting for me!
Next up: WiFi.
I’ve got two AP’s. I’ve redacted a sensitive AP name, but I thought I’d mess with the neighbours a bit by creating some fun SSIDs.
it’s really simple to create additional SSID’s and assign them to different VLANs. I haven’t gotten to assigning VLANs yet, but that’s going to be my next goal since I’m planning to do some WPA2-Enterprise aircrack practice.
I’m planning to send different wireless networks to different VLANs soon, but that’s a bit down the line. I’ve really only had 6 or so hours of experience with the whole stack so far.
Overall, the equipment is definitely top-notch. The only gripe I have is the difficulty in setting up the USG, but once that’s up, the rest is gravy. I’m all in on hardware for $680 and it’s definitely not cheap, but I’ll say this: if you’re a network addict, aspiring network engineer or someone who really wants to have a ton of control over their network, the Unifi gear is a great place to start. It’s not Cisco gear, but it’s also nowhere near as expensive as Cisco gear and is easier to configure.
