Jamie/Networking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fd5c19d0f49510430205b4c8dccb554c7c7f118a
Networking/README.md
Jamie fd5c19d0f4 Update README.md
2026-06-22 05:47:49 +00:00

10 KiB
Raw Blame History

Home Network Infrastructure Documentation

Overview

This documentation covers the complete home network setup including IP allocation scheme, DHCP reservations, VLANs, and device inventory for a 192.168.0.0/24 network managed by OPNsense.

Network: 192.168.0.0/24
Router: OPNsense at 192.168.0.1
Last Updated: June 1, 2026

Network Architecture

Core Infrastructure

  • Router/Firewall: OPNsense (192.168.0.1)
  • DNS/Ad Blocking: AdGuard Home (192.168.0.11)
  • Reverse Proxy: Nginx Proxy Manager (192.168.0.10)
  • VPN: Tailscale integration

IP Allocation Scheme

192.168.0.1         - OPNsense Router
192.168.0.2-9       - Reserved for future infrastructure
192.168.0.10-29     - Core Services (VMs/Containers)
192.168.0.30-49     - User Computers & Laptops
192.168.0.50-69     - Mobile Devices & Tablets
192.168.0.70-79     - TVs & Media Devices
192.168.0.80-99     - Available (IoT devices migrated to VLAN 20)
192.168.0.100-119   - Network Infrastructure (APs, switches)
192.168.0.120-139   - Hypervisors & Storage
192.168.0.140-149   - Reserved for expansion
192.168.0.150-200   - DHCP Pool (Guest devices only)
192.168.0.201-254   - Future expansion

VLAN Structure

Network Subnet VLAN SSID Purpose
Main LAN 192.168.0.0/24 (none) TeePee General devices, VMs, servers
IoT Devices 10.10.3.0/24 20 IoTeePee Smart home, bulbs, plugs, sensors
Security Cameras 10.10.2.0/24 30 Cameras IP cameras (wired, pending migration)

Firewall Rules

  • IoT VLAN (20): Devices can reach the internet and Home Assistant (192.168.0.15) only. All other VLAN access is blocked.
  • Camera VLAN (30): Devices can reach the internet, Home Assistant (192.168.0.15), and the Frigate/FoundryVTT VM (192.168.0.16) only.
  • Main LAN: Unrestricted access to all VLANs and the internet.

Infrastructure - Core Services (10-29)

Hostname Service IP MAC Address Type Status
npm Nginx Proxy Manager 192.168.0.10 bc:24:11:5b:1d:a2 Docker Active
adguard AdGuard Home 192.168.0.11 BC:24:11:47:27:43 LXC Active
vaultwarden Vaultwarden 192.168.0.12 BC:24:11:A8:44:A1 LXC Active
nextcloud Nextcloud 192.168.0.14 02:99:5b:4c:b3:e6 VM Active
homeassistant Home Assistant 192.168.0.15 02:46:0b:d8:35:7c VM Active
foundryvtt-frigate Frigate (NVR) + FoundryVTT 192.168.0.16 bc:24:11:ad:cb:f6 Pop!_OS VM Active
openmediavault OpenMediaVault (NAS) 192.168.0.17 bc:24:11:2c:68:58 VM Active
wordpress-irodori WordPress - Irodori 192.168.0.18 bc:24:11:42:70:2a VM Active
wordpress-dustin WordPress - Dustin 192.168.0.19 bc:24:11:7e:fc:ff VM Active

User Devices - Computers (30-49)

Hostname Device IP MAC Address Notes
jamiepc Jamie's PC 192.168.0.30 50:eb:f6:5a:71:f2 Primary workstation
3d-printer 3D Printer (Bambu A1) 192.168.0.32 10:b4:1d:d7:02:2c Network printer
haruka-laptop Haruka's Laptop 192.168.0.33 a8:41:f4:8d:b9:5b Laptop
hp-printer HP Printer 192.168.0.34 a8:b1:3b:01:c2:ce Network printer

Mobile Devices (50-69)

Hostname Device IP MAC Address Notes
jamie-phone Jamie's Mobile (S23) 192.168.0.50 1a:de:e8:f1:a5:d3 Samsung Galaxy S23
haruka-phone Haruka's Mobile (S25) 192.168.0.51 4e:c7:f7:bc:f1:c5 Samsung Galaxy S25
samsung-tablet Samsung Galaxy Tablet 192.168.0.52 ee:a1:23:9f:1e:c5 Tablet

TVs & Media Devices (70-79)

Hostname Device IP MAC Address Notes
unknown-media Unknown Media Device 192.168.0.71 a0:d0:5b:c7:13:28 Likely TV or streaming

IoT Devices (VLAN 20 — 10.10.3.0/24)

All smart home devices have been migrated from the main LAN (192.168.0.80-94) to the IoT network (10.10.3.0/24, VLAN 20, SSID: IoTeePee). They now receive dynamic IPs via DHCP on the IoT interface. Static IPs are no longer assigned.

Hostname Device MAC Address Notes
tapo-hub-h100 Tapo Hub/Chime H100 a8:29:48:88:84:d6 Smart home hub
tapo-leak-t300 Tapo Water Leak Sensor T300 20:23:51:d0:b1:7d Battery powered
tapo-bedside-l530 Tapo Smart Bulb L530 - Bedside 20:23:51:08:19:76 Smart bulb
tapo-bedroom-l530 Tapo Smart Bulb L530 - Bedroom b0:19:21:17:a7:c3 Smart bulb
tapo-hallway-a-l530 Tapo Smart Bulb L530 - Hallway A f0:09:0d:b6:4a:8d Smart bulb
tapo-hallway-b-l530 Tapo Smart Bulb L530 - Hallway B 40:ae:30:67:a2:46 Smart bulb
tapo-porch-l530 Tapo Smart Bulb L530 - Porch 3c:64:cf:63:58:da Smart bulb
tapo-plug-a-p110 Tapo P110 Smart Plug 40:ae:30:50:c8:62 Power monitoring
tapo-plug-b-p110 Tapo P110 Smart Plug b0:19:21:17:a5:7e Power monitoring
yeelight-color4 Yeelight Smart Bulb 58:b6:23:41:e1:ff Smart bulb
reolink-kitchen Reolink E1 Camera - Kitchen 54:ef:33:bd:be:e0 Security camera
reolink-outdoor Reolink Camera - Outdoor e8:ca:c8:6d:b0:7f Security camera
TPC100 Tuya Backyard Camera a8:b1:3b:01:c2:ce Backyard Camera
TPC100 Tuya Living Room Camera 58-04-4F-4A-D1-E1 Living Room Camera
TPC120 Tuya Garden Camera B8-FB-B3-7A-68-81 Garden Camera

Pending Camera Migration (VLAN 30 — 10.10.2.0/24)

The three IP cameras (TPC100 backyard, TPC100 living room, TPC120 garden — formerly 192.168.0.92, .93, .94) will be migrated to the Camera network (10.10.2.0/24, VLAN 30) once physically reconnected. Until then, they remain on the IoT network (VLAN 20).

Network Infrastructure (100-119)

Hostname Device IP MAC Address Notes
u7-lite UniFi U7 Lite AP 192.168.0.159 Managed by UniFi OS controller; pending static DHCP reservation

Hypervisors & Storage (120-139)

Hostname Device IP MAC Address Notes
proxmox-1 Proxmox Server 1 192.168.0.120 10:ff:e0:11:46:9f Primary hypervisor
proxmox-2 Proxmox Server 2 192.168.0.121 74:d4:35:97:f4:9d Secondary hypervisor

DHCP Configuration

Current Settings

  • DHCP Pool: 192.168.0.150 - 192.168.0.200 (51 addresses)
  • Purpose: Guest devices and temporary connections
  • Static Reservations: 20 devices with confirmed MACs

DNS Settings

  • Primary DNS: 192.168.0.11 (AdGuard Home)
  • Secondary DNS: 192.168.0.1 (OPNsense fallback)

VPN / Tailscale

IP MAC Address Purpose
100.65.128.1 e0:cb:19:60:87:70 Tailscale VLAN device
100.65.159.134 bc:24:11:be:cf:af Tailscale VLAN device (permanent)

Network Statistics

  • Total Active Devices: 33
  • VMs/Containers: 10
  • User Computers: 5 (3 PCs + 2 printers)
  • Mobile Devices: 3 (2 phones + 1 tablet)
  • TVs & Media: 3
  • Smart Home/IoT: 15 (9 Tapo + 1 Yeelight + 2 Reolink + 3 Tuya) — all on VLAN 20
  • Network Infrastructure: 1 (UniFi U7 Lite AP)
  • Hypervisors: 2
  • Static Assignments: 20 devices
  • DHCP Pool Size: 51 addresses

Known Issues

Tapo App Issues

  • Some Tapo devices may show incorrect info in app after VLAN migration
  • 3D printer plug: App showing wrong MAC, verify after print finishes
  • Resolution: Use OPNsense ARP table MACs as source of truth

Devices Needing Attention

  • Factory reset recommended for Tapo devices showing app glitches after VLAN migration

Maintenance Tasks

Regular Tasks

  • Monthly: Review DHCP leases for new unknown devices
  • Quarterly: Audit static IP assignments
  • Quarterly: Update device firmware (routers, APs, cameras)
  • Yearly: Review and optimize IP allocation scheme

Pending Tasks

  • Factory reset Tapo devices with app issues

Security Considerations

  1. Network Segmentation: VLAN 20 (IoT) and VLAN 30 (Cameras) isolate untrusted devices from the main LAN
  2. Guest Network: DHCP pool isolated from static devices
  3. Firewall Rules: OPNsense enforces strict inter-VLAN rules — IoT can only reach HA; Cameras can only reach HA and Frigate/FoundryVTT
  4. DNS Filtering: AdGuard Home provides ad/tracker blocking
  5. Remote Access: Tailscale VPN for secure remote access

Backup Strategy

What to Backup

  1. OPNsense Configuration: XML backup from web interface
  2. DHCP Reservations: CSV export (included in this repo)
  3. Network Documentation: This README and related files
  4. AdGuard Home Config: Settings and filter lists

Migration Notes

Troubleshooting

Device Not Getting Reserved IP

  1. Check MAC address in router's ARP table
  2. Verify DHCP reservation exists
  3. Release/renew DHCP lease on device
  4. Check for MAC address conflicts

Cannot Access Device

  1. Verify device is online (ping IP)
  2. Check if device changed MAC (WiFi vs Ethernet)
  3. Review firewall rules in OPNsense
  4. Check DNS resolution in AdGuard Home

IoT Device Issues

  1. Tapo devices: Check app vs ARP table for correct MAC
  2. Battery devices (water sensor): Won't always appear in ARP
  3. For offline devices: Power cycle or factory reset

Tools & Commands

Identify Device by MAC

# Online MAC lookup
curl -s "https://api.macvendors.com/5c:62:8b:8d:cb:d6"

# Or use OUI lookup
# First 6 characters (3 octets) identify manufacturer

Scan Network

# Using nmap
nmap -sn 192.168.0.0/24

# Using arp-scan (more reliable)
sudo arp-scan --interface=eth0 192.168.0.0/24

Check Current IP/MAC

# View ARP table
arp -a

# Or on OPNsense
arp -an | grep 192.168.0

Configuration Files:

  • dhcp-reservations.csv - DHCP static assignments export
  • Network Inventory.docx - Human-readable network map
  • opnsense-config.xml - OPNsense configuration backup (not in repo)

Last Updated: June 1, 2026

Reference in New Issue View Git Blame Copy Permalink