Hello ITPRO Team,
Is there a video or discussion regarding how to setup a segregated lab at home using the same ISP. I would like to setup a lab that does not interfere with my home network but using the same ISP.
I know you now have virtual labs but I came across the software and hardware so I'd like to build a lab. Please advise.
Keep up the good work! Thanks
'
My ISP gives me up to 3 devices or Mac address's on my account. So I just Went from my Cable Modem into a switch. From the switch I went into my Wireless router which handles all my home network stuff. Then on the 2nd port of the switch I went into another router which is what all the Lab stuff is built into. I have a older HP DL380G5 which I have ESXi running on. My home network is connected to the management network and I have the 2nd and 3rd NICs on the server connected to my Lab network.
@Ralph-Dejesus Hi Ralph,
As I plan this, and the more I think about this the more concerned I am with this setup. What I would like to avoid is bringing down connectivity to others in my house due to my test lab. For example, if I use a separate DNS or Gateway on my lab it most likely will interfere with my home network.
So what I want to do is isolate it from the rest of the house.
Your solution seems to work as well, but I want to make sure. If there's an existing video or post somewhere I can use that to make sure.
Thanks
The details will depend on the goals for your lab and the equipment you use to implement it. And they will evolve as your goals and equipment change and you get more experience. A lab used to explore network designs would look very different from a lab used to try different server configurations, and different still from a lab used to try penetration testing and forensics techniques. Some labs should not be connected to the Internet at all (for example, one used to understand malware like viruses and worms). Ralph's solution is pretty robust; the home network is protected from the lab network by the same firewall/router that protects it from the Internet in general.
I don't understand your comment about using a separate DNS or gateway. You would definitely use a separate gateway since it is a different network. You may want a lab DNS server to resolve local names, depending on what your goals are, but this would not affect your home devices.
A risk with any setup where your home and lab networks share an ISP connection is that you are sharing the bandwidth. If a lab device uses most of the available bandwidth, other family members watching Netflix won't be very happy!
I found my answer: https://www.youtube.com/watch?v=dIFKmJ4wufc
I wasn't looking to build anything complicated, I'm merely trying to prevent any potential problems due to testing as stated on the YouTube video link.
Interesting video. For a lab to test out different server setups, I must admit that his solution is conceptually simple, and should work fine. But as a network designer, it makes me cringe! He's basically using layers of NAT to replace routing. Don't use it to learn networking, but it's fine if all you need is a simple segregated network to play with computers.
cool..thx for the heads up, once I get my setup I will make my way to the networking class.
later
My 2 cents:
A capable router will accomplish the segregation you seek. Ditch that ISP provided router (If you can, some bundled services might depend on their gear being the gateway) and get a capable home router that provides the use of multiple subnets and access controls.
flashrouters provide pre flashed routers (as the name implies) that are super capable of doing all sorts of networking kung-fu.
Personally I just put all of my networking/server lab stuff on VLAN 17, The rest of my home is on VLAN5. Everything connects to the same router (well switch that is connected to a router) which NATs for both VLANs. I have an ACL in place that states only my VPN VLAN can talk to VLAN17. you need to authenticate in order to be able to communicate to VLAN17. Outbound connections are allowed from VLAN17.
Now the major advantage in having a VPN capable router is that I can lab remotely. When I have down time at work I hop on my home network , power up my switches and routers and start configuring.