Introduction
The goal of this project was to build a compact and functional home network while gaining hands-on experience in configuring and managing network infrastructure. Throughout this process, I enhanced my understanding of network topology, segmentation, and hardware integration.
Objectives
- Gain practical experience with network infrastructure deployment and management.
- Improve network security and efficiency using Pi-hole + Unbound DNS for ad and tracker blocking.
- Build a custom, space-efficient networking rack using 3D printed parts.
Hardware
| Component | Description |
|---|---|
| Patch Panel | Improves cable management and provides structured wiring |
| Patch Coupler | 2 x Keystone RJ45 CAT6A shielded couplers |
| TP-Link TL-SG108PE | Managed 8-port Gigabit switch with PoE & VLAN support |
| Raspberry Pi 4 8GB | Runs Pi-hole (DNS filtering) + Unbound (recursive DNS) |
| 16x2 LCD Display | Displays real-time Pi-hole stats (DNS queries, uptime, etc.) |
| 3D Printed Mounts | Custom-designed brackets for component mounting |
| Metal Frame | Provides structural support for the rack |
| CAT6A SFTP Cables | Various lengths (6-inch, 16-ft, and 82-ft) |
Rack Diagram
Raspberry Pi Setup
- OS: Raspberry Pi OS
First, I set a static IP address on my Raspberry Pi, then I installed Pi-hole following the steps from their repository. The installation process was pretty straight forward and after that the Pi-hole dashboard can be accessed at http://<ip_address>/admin using the provided password (it can be changed later with the command pihole -a -p your_password). To enable recursive DNS resolution, I followed the official setup guide and configured Pi-hole to use Unbound as the upstream resolver. This setup enhances privacy and reduces reliance on external DNS providers.
In order to permanently monitor my Pi-hole stats in real-time, I attached a LCD display to my Raspberry Pi, and used this repository for displaying the stats. A little tip to run the program in background, is to use screen -S session_name and then press Ctrl+a d to detach from the Linux Screen session.
Network Segmentation
Since my router lacks VLAN support, VLANs were configured only on the switch:
- VLAN 10 (Main): Main trustworthy devices (PCs, phones, TV)
- VLAN 20 (IoT/Media): Smart devices, cameras (isolated from main network)
- VLAN 30 (Guests): Network for guests (untrusted devices)
Enhancements
- Isolated IoT traffic to reduce security risks.
- Implemented DNS-level protection (Pi-hole).
- Applied firewall rules.
Challenges & Solutions
| Challenge | Solution |
|---|---|
| Router lacks VLAN support | Used switch-only VLAN for segmentation |
| Pi-hole installation | Pi-hole prompted an error when installing, and it needed a fresh OS install on a new SD card |
| LCD script wouldn’t persist | Used screen to run the script in the background |
Future Improvements
- Upgrade to a VLAN capable router.
- Add a UPS for power stability.
- Implement network monitoring.
- Add security cameras on the PoE ports.
- Add a mini-PC in the rack - run multiple VMs and containers for homelab experiments.
Results and Conclusion
- Performance improvements: faster browsing and fewer/no ads.
- Security enhancements: DNS-level filtering blocks malicious domains.
This project improved my networking skills, gained me hands-on experience with VLANs, DNS, CAD modeling and 3D printing. By successfully creating this project, I demonstrated my problem-solving and DIY engineering skills and it serves as a foundation for more advanced setups (like homelabs and enterprise networks).