Upgrading Network Infrastructure

With more people working from home, more IoT devices creeping into daily life, and an increasing desire to self-host services, it was time to take control. I wanted better Wi-Fi coverage, proper segmentation for security, a way to make full use of my 1 Gbps internet connection, and above all, a network I could expand and experiment with.

My first step was to put my all-in-one ISP box in bridge mode (modem only). I got a mini PC to serve as a pfSense router, giving me powerful firewall capabilities and complete control over traffic and VLANs. For wireless access, I installed a TP-Link Wi-Fi 6 AP, which not only solved my dead zone issues but also gave the whole house a noticeable bump in wireless stability and speed. I then added a TP-Link 8-port managed PoE switch to handle VLAN trunking and wired connectivity. All devices are now connected using new CAT6 cables, routed through the attic and managed properly for both function and aesthetics.

I’ve segmented my network with dedicated VLANs: IoT devices live in their own restricted VLAN; workstations used for remote work are on a separate VLAN; and there are individual VLANs for admin devices, network management, guests, services, and even a DMZ for exposed or risky systems. Even my CCTV cameras (which I set up a while ago) live on their own isolated VLAN.

This segmentation, combined with a carefully planned set of pfSense firewall rules, has significantly improved both security and performance, except for when I break something of course. I’ve also configured WPA3 security for wireless access, and my Proxmox server (covered in a previous blog post) is now isolated with controlled access to reduce exposure.

This setup gives me room to grow. While I don’t have access to fiber just yet, the infrastructure is semi-ready for it. I plan to expand with multiple Proxmox nodes, continue self-hosting more services, and eventually integrate even more advanced monitoring and automation.

If there’s one thing I’ve taken away from this experience, it’s that I genuinely enjoy working with networks. Configuring devices, writing firewall rules, watching packets flow. There’s something empowering about having that level of control over your digital space. My only regret is not doing this sooner. If you’re someone who’s into tech, enjoys learning, or simply wants more control over your home infrastructure, I can’t recommend this kind of project enough. It’s worth every hour and every cable crimp!