How I Secured My Home network with VLANs using an ASUS router and a cheap Switch

As a tech enthusiast with a passion for learning and experimenting, I decided to secure and organize my home network using VLANs (Virtual Local Area Networks). When I set out to do this fun project, I was inspired by two excellent resources: Lenin Alevski’s blog post “Pfsense + UDM + VLANs: The Perfect Home Network” and Gerard O’Brien’s Ultimate Cybersecurity Lab series.  Their insights helped me envision and implement a VLAN-based network that not only secures my devices but also provides a playground for learning cybersecurity. In this post, I’ll walk you through my setup, which utilizes an ASUS GT-AX11000 router, a $10 Steren switch, and Proxmox to host a Cybersecurity Home Lab.

Why I Chose VLANs for My Home Network

VLANs allow me to segment network traffic into isolated groups. This approach enhances security and performance while enabling me to dedicate specific network segments for various devices and purposes. Here’s what my VLANs are used for:

1. IoT Network (VLAN 10)
   The Internet of Things (IoT) devices like smart bulbs, cameras, and voice assistants are kept on a separate VLAN. IoT devices are often vulnerable to cyberattacks, so isolating them minimizes the risk to the rest of my network.

2. Guest Network (VLAN 20)
   This network is dedicated to visitors in my home. It ensures that their devices don’t have access to my primary network resources, such as computers, storage devices, or smart home systems.

3. Home LAN (192.168.50.0/24)
   This VLAN is reserved for my personal devices, including desktops, laptops, smartphones, and media devices like TVs and gaming consoles. It also includes a media server for centralized entertainment and a Pi-hole to block ads and provide DNS-based filtering, enhancing privacy and reducing unnecessary traffic. It’s where most of the everyday traffic flows.

4. Cybersecurity Home Lab (VLAN 30)
   This is where the magic happens! I set up a dedicated network for practicing cybersecurity skills and experimenting with tools.

Cybersecurity Lab: A Playground for Learning

The Cybersecurity Lab is the highlight of my setup. It’s designed for testing tools, learning penetration testing techniques, and exploring vulnerabilities in a controlled environment. It’s designed to mimic real-world scenarios while being completely isolated from the rest of my network. Here’s what I included:

Proxmox Cluster

Proxmox is the backbone of my lab. It’s a Type 1 hypervisor that allows me to run multiple virtual machines (VMs) and containers efficiently. 

Network Segmentation with VLANs

I created multiple VLANs in the lab, each with a specific purpose:

VLAN 1 (10.10.1.0/24)

Hosts some security tools like:

• Nessus: For vulnerability scanning.

• Cortex and TheHive: For incident response and threat management.

• Security Onion: Intrusion detection and monitoring.

• Wazuh: Host-based intrusion detection.

• Caldera: Automated adversary simulation.

VLAN 10 (10.10.10.0/24)

Reserved for vulnerable systems and penetration testing tools like:

• Metasploitable2: For exploitation practice.

• VulnHub: Pre-configured vulnerable VMs.

• bWAPP: A buggy web app to practice web application hacking.

VLAN 20 (10.10.20.0/24)

A Windows domain environment for practicing domain administration, including:

• Active Directory: Kerberoasting anyone?

• Windows 10 and 11 VMs: It’s always nice to have some windows machines to play with.

I would love to change my Active Directory to run something like GOAD (Game of Active Directory) and practice with something my nerd brain will extremely enjoy.

VLAN 30 (10.10.30.0/24)

Reserved for containerized environments, running:

• Docker: For lightweight virtualization.

• Portainer.io: Docker management.

The Hardware Setup

ASUS GT-AX11000 Router

The ASUS GT-AX11000 router is an amazing device capable of VLAN tagging and serving as both a switch and a Wi-Fi access point. It also includes Trend Micro AIprotection and a bunch of other features.

Steren Switch

To keep the setup cost-effective, I used a $10 Steren switch to cluster all my small-form-factor (SFF) PCs. This allowed me to connect them to a single port on the ASUS router, saving ports for other purposes. Despite being an inexpensive solution, it works seamlessly for this application.

Proxmox Cluster

This server runs all the virtualized environments, acting as the central hub for my Cybersecurity Lab. The hardware for the cluster includes:

• HP G600 G1 SFF

• Dell Optiplex 3040 SFF

• Dell Optiplex 3050 SFF

These small-form-factor (SFF) PCs provide the computational power needed to run virtualized environments while being energy-efficient and cost-effective.

Why This Setup Works for Me

Cost-Effective: By using budget-friendly hardware like the Steren switch and SFF PCs, I kept costs low without compromising functionality. The ASUS GT-AX11000 router, although pricey in comparison to other routers in the market, offers an all-in-one solution that includes a firewall, Wireless AP, VPN solutions, and a managed switch that makes it worth the price.

Enhanced Security: VLANs isolate potentially insecure devices, preventing them from compromising sensitive resources.

Learning Opportunity: The Cybersecurity Lab is a safe space to practice hacking techniques, test tools, and simulate attacks without risk to my home network.

Scalability: The setup can easily accommodate new devices, tools, or VLANs as needed.

Peace of Mind: With a well-organized and secure network, I can focus on learning and exploring without worry.

Setting up VLANs and creating a Cybersecurity Lab has transformed my home network into a secure and versatile environment. With the addition of an ASUS router, a cost-effective $10 switch, and some SFF PCs I refurbished from Facebook MarketPlace, my network is ready for both everyday use and some shenanigans. If you’re considering a similar project, take inspiration from the great resources I mentioned and don’t hesitate to start small—sometimes, a $10 switch is all you need to get started!