Context
Personal project to build a professional homelab for hands-on practice with enterprise-grade infrastructure. The goal: a setup that closely mirrors a real production environment, fully self-managed from home.
Equipment deployed
| Equipment | Hostname | Role | Details |
|---|---|---|---|
| Dell PowerEdge R720 | pve-01 |
Primary hypervisor | 2× Xeon, 386 GB RAM, Proxmox VE 8.4.19 |
| HP ProDesk 600 G2 | pve-02 |
Secondary hypervisor (24/7) | i7-6700, 32 GB RAM, Proxmox VE 8.4.19 |
| Sophos SG210 (repurposed) | pfsense-sophos |
Router/Firewall | pfSense CE 2.8.1, WAN + 5 VLAN trunks |
| Cisco 3560-CX | sw-core-3560cx |
L3 core switch | IOS 15.2(7)Ex, ip routing active |
| D-Link DGS-1210-08P | sw-access-dgs1 |
PoE access switch | 802.1Q VLANs, powers Wi-Fi APs |
| 3× UniFi AP | — | Managed Wi-Fi | VLAN-tagged SSIDs, self-hosted controller |
| VM pfSense | pfsense-vm |
VM instance (PVE-02) | Mirror config, documented failover |
What I did
Architecture design
- IP addressing plan with 5 segmented VLANs (MGMT, SERVERS, IOT, TRUSTED, GUEST)
- Uniform naming conventions for equipment, VMs and LXC containers
- Physical rack layout plan for the VEVOR 12U (cable management, equipment placement)
Physical build
- 12U rack assembly: patch panel, rack-mounting all equipment, cable dressing
- Cabling 15 RJ45 links between equipment with per-port documentation
- Bare-metal installation of Proxmox VE 8.4.19 on both servers
Network configuration
- Initial setup of the Cisco 3560-CX (IOS 15.2(7)Ex): VLANs, 802.1Q trunks, SVIs
- D-Link DGS-1210-08P: PoE VLANs, access port assignment
- UniFi AP deployment with self-hosted LXC controller
- pfSense CE 2.8.1 installation on the repurposed Sophos SG210
VLAN addressing plan
| VLAN | Name | Network | Gateway |
|---|---|---|---|
| 10 | MGMT | 172.16.10.0/24 |
172.16.10.1 |
| 20 | SERVERS | 172.16.20.0/24 |
172.16.20.1 |
| 30 | IOT | 172.16.30.0/24 |
172.16.30.1 |
| 40 | TRUSTED | 172.16.40.0/24 |
172.16.40.1 |
| 99 | GUEST | 172.16.99.0/24 |
172.16.99.1 |
Physical rack layout (12U)
┌─────────────────────────────────┐
│ U1 — 24-port patch panel │
│ U2 — Cisco 3560-CX (sw-core) │
│ U3 — D-Link DGS-1210-08P │
│ U4 — Sophos SG210 (pfSense) │
│ U5 — HP ProDesk 600 G2 (PVE-02)│
│ U6 — Dell R720 (PVE-01) │
│ U7-8 — PDU / Cable management │
└─────────────────────────────────┘
Logical architecture
Internet (ISP)
↓
[Sophos SG210 — pfSense WAN/NAT]
↓
[Cisco 3560-CX — L3 core, ip routing]
↙ ↘
[DGS-1210] [PVE-01 / PVE-02]
↓ ↓
[UniFi APs] [VMs / LXC]
Skills covered
This project covers network infrastructure design (B2.1), installation and testing of network equipment (B2.2) and IT asset management through systematic inventory and documentation (B1.1).