Primary Goal
Build a real infrastructure environment that can be documented as a technical portfolio and used for hands-on networking, systems, and security practice.
A practical infrastructure lab focused on firewalling, networking, DNS, DHCP, Cisco switching, virtualization, documentation, and future security monitoring.
The homelab is currently in its foundation phase: edge firewall deployed, public site online, and managed switching / virtualization planned next.
Build a real infrastructure environment that can be documented as a technical portfolio and used for hands-on networking, systems, and security practice.
Stabilizing the firewall, documenting the network foundation, and preparing the next hardware and virtualization milestones.
Configure Cisco switching, establish switch management, then move into Proxmox virtualization and segmented lab services.
This table tracks the current state of the core homelab components.
| Component | Status | Purpose |
|---|---|---|
| pfSense Firewall | Deployed | Primary edge firewall, router, DHCP, DNS foundation, and NAT. |
| Static Public IP | Online | Public WAN address delivered through ISP DHCP reservation. |
| Cloudflare Pages | Online | Public hosting for the InfraSynth Labs website. |
| Cloudflare DNS | Active | Public DNS management for the domain and future services. |
| Cisco Catalyst 3750G | Pending | Planned core switch for lab devices and future VLAN work. |
| Proxmox | Planned | Future virtualization host for Linux servers, Docker, and lab services. |
| VLAN Segmentation | Planned | Future separation for admin, servers, guest, IoT, and public services. |
| Monitoring | Planned | Future visibility into uptime, logs, performance, and network health. |
The current network is intentionally simple. Complexity will be added only after each layer is stable and documented.
Internet │ Fiber ONT │ pfSense Firewall │ Lab Network │ Clients / Server Hardware
Internet │ Fiber ONT │ pfSense Firewall │ Cisco Catalyst 3750G │ ├── Admin Workstation ├── Proxmox Host ├── Lab Clients ├── Future Wi-Fi AP └── Future Server / Services
Hardware is being introduced in stages to keep the environment stable and easy to troubleshoot.
Primary firewall and router for the lab. Currently handles WAN access, LAN routing, DHCP, DNS foundation, NAT, and firewall policy.
Planned core switch for managed switching, lab devices, switch management, future trunking, and VLAN design practice.
Planned Proxmox host for Ubuntu Server, Docker services, monitoring, internal tools, and future lab workloads.
Desktop systems available for admin access, testing, lab clients, and future endpoint experiments.
ISP handoff for the internet connection. pfSense connects behind the ONT as the primary firewall.
ISP router has been removed from the primary routing role. It may be repurposed later only if needed.
The lab will move from a flat foundation into a more structured environment over time.
The current design uses pfSense as the main firewall and gateway. This keeps the network stable while the lab foundation is documented and verified.
| VLAN | Purpose | Status |
|---|---|---|
| VLAN 10 | Trusted LAN / admin devices | Planned |
| VLAN 20 | Servers and internal services | Planned |
| VLAN 30 | DMZ / public-facing services | Planned |
| VLAN 40 | IoT, test devices, and isolated clients | Planned |
| VLAN 50 | Guest network | Planned |
| VLAN 99 | Management network | Planned |
The lab is designed around controlled exposure, segmentation, documentation, and public-safe reporting.
Management interfaces should remain internal. Public services should be intentional, isolated, documented, and separated from personal devices and administrative systems.
Planned milestones for turning the current foundation into a stronger infrastructure portfolio.
Deploy pfSense, confirm WAN connectivity, establish LAN DHCP/DNS, and document the initial network.
Configure Cisco Catalyst 3750G baseline management, hostname, management IP, secure login, SSH, and saved configuration.
Install Proxmox, create the first Linux VM, and begin hosting internal lab services.
Introduce VLANs, inter-VLAN firewall rules, service isolation, and management separation.
Add monitoring, logging, dashboards, uptime tracking, and future security visibility.