homelab-network-setup
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseHomelab Network Setup
家庭实验室网络搭建
Use this skill to design a home or small-lab network that can grow without
needing a full rebuild.
使用本技能设计可扩展的家庭或小型实验室网络,无需后续彻底重建。
When to Use
使用场景
- Planning a new home network or redesigning an ISP-router-only setup.
- Choosing gateway, switch, and access point roles.
- Designing IP ranges, DHCP scopes, static reservations, and DNS.
- Preparing for future VLANs, Pi-hole, NAS, lab servers, or VPN access.
- Troubleshooting a new network that has double NAT, unstable Wi-Fi, or changing server addresses.
- 规划新的家庭网络,或重新设计仅依赖ISP路由器的现有网络。
- 选择网关、交换机和接入点的角色。
- 设计IP范围、DHCP作用域、静态保留和DNS配置。
- 为未来的VLAN、Pi-hole、NAS、实验室服务器或VPN访问做准备。
- 排查存在双重NAT、Wi-Fi不稳定或服务器地址频繁变化的新网络问题。
How It Works
工作原理
Start by separating device roles:
text
Internet
|
Modem or ONT
|
Gateway or router NAT, firewall, DHCP, DNS, inter-VLAN routing
|
Managed switch wired clients, AP uplinks, optional VLAN trunks
|
Access points Wi-Fi only; ideally wired backhaul
Servers and NAS stable addresses, DNS names, monitoring
Clients and IoT DHCP pools, isolated later if VLANs are availablePick a gateway that matches the operator, not just the feature checklist:
| Option | Best fit | Notes |
|---|---|---|
| ISP router | Basic internet only | Limited control and often poor VLAN support |
| UniFi gateway | Managed home network | Good UI, ecosystem lock-in |
| OPNsense or pfSense | Flexible homelab | Strong VLAN, firewall, VPN, and DNS control |
| MikroTik | Advanced network users | Powerful, but easy to misconfigure |
| Linux router | Tinkerers | Document rollback before using as primary gateway |
首先分离设备角色:
text
Internet
|
Modem or ONT
|
Gateway or router NAT, firewall, DHCP, DNS, inter-VLAN routing
|
Managed switch wired clients, AP uplinks, optional VLAN trunks
|
Access points Wi-Fi only; ideally wired backhaul
Servers and NAS stable addresses, DNS names, monitoring
Clients and IoT DHCP pools, isolated later if VLANs are available选择与运营商适配的网关,而非仅看功能清单:
| 选项 | 适用场景 | 说明 |
|---|---|---|
| ISP路由器 | 仅基础上网需求 | 控制权限有限,通常VLAN支持较差 |
| UniFi网关 | 可管理的家庭网络 | 界面友好,但存在生态锁定 |
| OPNsense 或 pfSense | 灵活的家庭实验室 | 强大的VLAN、防火墙、VPN和DNS控制能力 |
| MikroTik | 高级网络用户 | 功能强大,但易配置错误 |
| Linux路由器 | 技术爱好者 | 用作主网关前需记录回滚方案 |
IP Plan
IP规划
Avoid the most common default, , when you expect to use VPNs.
It often conflicts with hotels, offices, and ISP routers.
192.168.1.0/24text
Example small homelab plan:
192.168.10.0/24 trusted clients
192.168.20.0/24 IoT and media devices
192.168.30.0/24 servers and NAS
192.168.40.0/24 guest Wi-Fi
192.168.99.0/24 network management
Gateway convention: .1
Infrastructure reservations: .2 through .49
Dynamic DHCP pool: .50 through .240
Spare room: .241 through .254Use for local names. It is reserved for home networks and avoids the
leakage/conflict problems of ad hoc names like .
home.arpahome.lantext
nas.home.arpa
pihole.home.arpa
gateway.home.arpa
switch-01.home.arpa当你计划使用VPN时,避免使用最常见的默认网段。它经常与酒店、办公室和ISP路由器的网段冲突。
192.168.1.0/24text
小型家庭实验室规划示例:
192.168.10.0/24 可信客户端
192.168.20.0/24 IoT与媒体设备
192.168.30.0/24 服务器与NAS
192.168.40.0/24 访客Wi-Fi
192.168.99.0/24 网络管理
网关惯例:.1
基础设施保留地址:.2 至 .49
动态DHCP池:.50 至 .240
备用地址:.241 至 .254使用作为本地域名。它是为家庭网络预留的域名,可避免这类临时域名带来的泄露/冲突问题。
home.arpahome.lantext
nas.home.arpa
pihole.home.arpa
gateway.home.arpa
switch-01.home.arpaDHCP And DNS
DHCP与DNS
- Use DHCP reservations for anything you SSH into, bookmark, monitor, or expose as a service.
- Hand out the gateway as DNS until a local resolver is intentionally deployed.
- If using Pi-hole or another DNS filter, give it a reservation first, then point DHCP DNS options at that address.
- Keep a small static/reserved range per subnet so replacements do not collide with dynamic leases.
- 对所有需要SSH连接、添加书签、监控或作为服务暴露的设备使用DHCP保留。
- 在有意部署本地解析器之前,将网关作为DNS服务器分配给客户端。
- 如果使用Pi-hole或其他DNS过滤器,先为其设置保留地址,再将DHCP的DNS选项指向该地址。
- 每个子网保留一小段静态/预留地址范围,避免更换设备时与动态租约冲突。
Cabling And Wi-Fi
布线与Wi-Fi
- Prefer wired AP backhaul over mesh when you can run Ethernet.
- Use a PoE switch for APs and cameras if the budget allows it.
- Label both ends of each cable and keep a simple port map.
- Put the gateway, switch, DNS server, and NAS on UPS power if outages are common.
- 若能布设以太网,优先选择有线AP回传而非Mesh网络。
- 预算允许的话,为AP和摄像头使用PoE交换机。
- 为每条线缆的两端贴标签,并保留简单的端口映射表。
- 若经常断电,将网关、交换机、DNS服务器和NAS连接到UPS电源。
Examples
示例
Beginner Upgrade
新手升级方案
Goal: Keep the ISP router but stabilize a small lab.
- Set DHCP reservations for NAS, Pi, and any SSH hosts.
- Move local names to .
home.arpa - Disable duplicate DHCP servers on secondary routers or APs.
- Wire the main AP instead of relying on wireless backhaul.
目标:保留ISP路由器,同时稳定小型实验室网络。
- 为NAS、树莓派及所有SSH主机设置DHCP保留。
- 将本地域名迁移至。
home.arpa - 禁用二级路由器或AP上的重复DHCP服务器。
- 为主AP布线,而非依赖无线回传。
VLAN-Ready Plan
支持VLAN的规划方案
Goal: Prepare for future segmentation without enabling it immediately.
- Choose non-overlapping /24 ranges for trusted, IoT, servers, guest, and management.
- Reserve .1 for the gateway and .2-.49 for infrastructure on every subnet.
- Buy a gateway and switch that support VLANs and inter-VLAN firewall rules.
- Document which SSIDs and switch ports will eventually map to each network.
目标:为未来的网络分段做准备,无需立即启用VLAN。
- 为可信设备、IoT、服务器、访客和管理网络选择不重叠的/24网段。
- 每个子网预留.1作为网关地址,.2-.49作为基础设施地址。
- 购买支持VLAN和跨VLAN防火墙规则的网关与交换机。
- 记录最终将映射到各网络的SSID和交换机端口。
Anti-Patterns
反模式
- Double NAT without a reason or documentation.
- Using when VPN access is planned.
192.168.1.0/24 - Dynamic addresses for NAS, Pi-hole, Home Assistant, or other service hosts.
- Consumer routers repurposed as APs while their DHCP servers are still enabled.
- Flat networks with cameras, smart plugs, laptops, and servers all sharing the same trust boundary.
- 无理由或未记录的双重NAT。
- 计划使用VPN时仍使用网段。
192.168.1.0/24 - 为NAS、Pi-hole、Home Assistant或其他服务主机分配动态地址。
- 将消费级路由器改作AP使用时,仍启用其DHCP服务器。
- 扁平化网络,摄像头、智能插头、笔记本电脑和服务器共享同一信任边界。
See Also
相关技能
- Skill:
network-interface-health - Skill:
network-config-validation
- Skill:
network-interface-health - Skill:
network-config-validation