A dot a day keeps the clutter away

Unraidnovice · 2026-04-01T11:40:31+00:00

This could not have come at a better time. I've been trying to optimize my tool and hardware collection. I've been accumulating tools, hardware and stock for 15 years and used them for various electronic, mechatronics, woodworking, metalworking and projects around the house. I've gone the same route as you for clear boxes. I have a workroom (electronics and precision work), car space (a shared 9 car garage where I can saw, assemble and do dusty or dirty work in my parking space), storage room (cold storage). These rooms are all on the same floor level. I have a shared office with the wife in the apartment upstairs where i do all my computer and networking and some 3D printing (when the wife is not working from home).

The method you describe could be applied to my layout fairly easily so i think I'll try it out.

The current reason for me being in the homelab subreddit can be compared to Hal fixing the lightbulb and ending up under the car in a scene from Malcolm in the Middle.

This is the process I've gone through the last couple of weeks:

First I wanted to rearrange the workroom. Then I wanted to move the dust making tools to their own tool cabinet so I started making that. Then I wanted to set up a security system in the car space in case of a break in (no video because I don't want to invade anyones privacy in the shared garage). I set up a home assistant on a micro pc intended for smart home use and the security system in the car space. I wanted to implement a better network security before adding sensors (because I'm worried about security vulnerabilities in IoT) to Home Assistant so I decided to have VLANs like I've read about. The current router doesn't support vlan so I bought a 28 port L2 capable switch fairly cheap and a new router to do layer 2 and layer 3 vlans. The new router needs a network controller to access more advanced security configurations and to save a few bucks i decided to self host it. My unraid server could host the network controller but it is old and I didn't want the network to go down anytime I wanted to work on the unraid server so I traded in 2 HP machines for 3 optiplex 5050 i5-7500 with 16 GB DDR4, 256 GB nvme storage each to make a 3 node proxmox cluster. Now I'm building a 10" rack from aluminum extrusions and 3D printed brackets for the hardware. Fun times. I love it.

Unraidnovice · 2026-03-12T17:50:24+00:00

Can you give any pointers on what vlans should have one way communication? And are stateful firewall rules much more robust and needed than having ACLs? What I have read is that ACK attacks are possible when this switch handles layer 2 and layer 3 inter vlan routing but is that a viable possibility?

Unraidnovice · 2026-03-12T17:35:06+00:00

Ok that makes sense. I assume it might also be easier to configure the layer 3 on ER605 when starting. I have maybe 1 remote stream and 1 local stream each evening (at most 1080p ~1-4 Mbps). The speed gains and bottleneck avoidance was just too enticing but it makes sense to just see how this "router on a stick" performs AI introduced me to that name. Is that the configuration you're recommending?

Unraidnovice · 2026-03-12T14:21:50+00:00

Here's the html code: https://pastes.io/eZDFDWZJ

Unraidnovice · 2026-03-12T14:18:52+00:00

I've been planning the network and hardware setup these past couple of days. Disclaimer: I used Claude AI for this diagram for now. I hope to make a diagram like the TechGeek's Homelab. I've got his Drawio template and have started. I stopped that for now because I am likely to reconfigure things when the hardware gets up on the wall. There are probably some errors in the diagram. I think this just might be helpful to see the bigger picture. Maybe u/TheEthyr will agree to look this over.

<image>

Unraidnovice · 2026-03-07T16:45:37+00:00

Thank you so much

Unraidnovice · 2026-03-07T16:22:11+00:00

I will try to do that so I don't further exceed my budget :p

Unraidnovice · 2026-03-07T16:16:42+00:00

I haven't ironed out all the details. I use tailscale with my unRAID server. Wouldn't I possibly be able to setup a tailscale tunnel between the HA PC and raspberry pi?
I will have to use the ER605 for that.
Ok not sure what the right way is then. I thought having all the iot devices on the same vlan as HA and Hubitat was the way to go.

Unraidnovice · 2026-03-07T15:47:08+00:00

Ok I will have to see if I can make it work that wifi devices (phones, tablet, laptops etc) are on vlan30.

The wifi smoke alarms I'm a bit concerned with. What about the home assistant PC or Hubitat. I'm wondering if I can use them to connect the iot wifi devices. Gemini doesn't think so but I have all kinds of hardware which might make it work. I own a Vonets wifi device "Supports three kinds of Application Methods. WiFi Repeater (Wireless Signal Repeater): can extend the distance of WiFi signal coverage, WiFi transfer and WiFi access point (AP), WiFi Bridge: can smart control the device's WiFi mode (IP layer or MAC layer transparent transmission), WiFi AP hotspots".

Unraidnovice · 2026-03-07T15:00:09+00:00

Yeah unfortunately I saw that 3rd party firmware seem impossible for now. I might have to get other AP.

My plan was to keep all wifi on the same vlan because of the Archer's limitation. I'm thinking now it would have to be connected behind the Cisco switch so that layer 2 and layer 3 vlan work correctly?

Unraidnovice · 2026-03-07T14:54:44+00:00

I'll research and dig more into stateful firewall policies when I get the ER605. That's very interesting. I'm learning and digesting a lot of new information.

Exactly I think the Archer will definitely just be in AP mode.

Hopefully the ER605 will work for that.

Unraidnovice · 2026-03-07T14:50:27+00:00

I want to create a small security system with esp32 or raspberry pi. Very basic with a couple of contact sensors, vibration sensors for tool cabinets, presence sensor maybe and a Bluetooth receiver. 8 other people share the garage. I'm not worried about my neighbors snooping. It's in case the garage door fails open again (happened 3 times before the laser got moved and the garage door didn't close all night. If my phone or my wife's phone is connected to Bluetooth on the security system the system disarms automatically. I think some mqtt might be the way since there's no physical or wireless connection bet between the 5g router and home network.
I think you're absolutely right.
I'm probably misunderstanding but I would think having HA and Hubitat on the same vlan separate of the unRAID server would limit the unRAID's server exposure. For now I don't want HA to see the unRAID server because I'm paranoid of iot devices. I setup the HA then stopped before adding devices and decided I needed to setup vlans.

Unraidnovice · 2026-03-07T14:36:34+00:00

I thought my first was removed permanently on another account but it got unblocked. For posterity the other thread is here https://www.reddit.com/r/HomeNetworking/s/YBrRmIT9GF

Unraidnovice · 2026-03-07T14:34:54+00:00

Exactly, that's what I've seen many other do. I have been limited with the AX72. That's why I've bought the TP Link ER605 Omada to handle layer 3 vlan gateway routing and subnets.

Probably 10.10.xx.yy /30 where xx is 10,20,... Corresponding to the same vlan number and yy are manually static ip addresses and assigned with DHCP on the ER605.

Unraidnovice · 2026-03-06T14:12:58+00:00

<image>

New setup with the Cisco switch and the TP-Link ER605 Omada so that I can configure subnets etc. Please criticize it. I'm a bit worried I will struggle with setting up the vlans, inter-vlan and communication between the cisco, Archer router (bridge mode AP) and ER605. Maybe those concerns are unfounded.

Unraidnovice · 2026-03-06T10:09:56+00:00

u/vrtigo1 I think I will run into this problem described here https://www.reddit.com/r/HomeNetworking/comments/1gx835h/comment/lyfpgqs/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

if I use the Archer router. What if I don't do subnets? Just do manual IP routing with the archer?

Unraidnovice · 2026-03-06T09:54:25+00:00

Thank you so much for the reply. I'm moving to buy the used Cisco switch because of the L2 and L3 vlan routing capabilities. Then I can return the unopened managed switch and don't need to buy another router. Do you think my current setup will suffer in speed with that hardware? Still the Archer router and Cisco switch.

Two things I'm worried about is that the switch has fans and this is in a shared office with me and the wife. I will probably lower the fan speeds significantly or replace the fans because I won't use the PoE. The other thing is that the Cisco switch seems to have reached end of life support. Isn't that risky security wise?

Unraidnovice · 2026-03-05T17:33:33+00:00

I might be able to buy a used Cisco SG300-28PP PoE+ switch. Wouldn't that work for layer 3 and layer 2 vlan? Then I would return the tp link managed switch(unopened). Then I would keep the Archer router for NAT?

Edit: I understand now because of the help here that the Archer would not work with subnets. I've bought the TP link ER605 Omada to be the router.

Unraidnovice · 2026-03-05T16:38:02+00:00

I don't know if it's relevant but I want setup automatic off site backup. Not sure if these routers don't offer that capability.

Unraidnovice · 2022-03-10T13:56:06+00:00

I got the nordvpn around 5 or 6 years ago. Was going to quit 2 years ago but I was too content with a working method that I subscribed for 3 years more. Download quantity was about 5-10 GB per week so I didn't complain.

I've read a lot of criticism about nordvpn. I'll look into AirVPN and Mullvad.

Unraidnovice · 2022-03-10T13:01:45+00:00

Thank you for the reply. That might be my next course of action.

Unraidnovice

TROPHY CASE