This project documents the design, configuration, and deployment of a fully segmented and secured home network built by Diego Arriagada Zamora (V0rt3xS0urc3). The core idea is straightforward but ambitious: take enterprise networking concepts — VLANs, QoS, ACLs, and encrypted remote access — and apply them to a real home environment using a professional-grade Cisco 892FSP router. The result is a network that cleanly isolates security cameras, gaming PCs, smartphones, multimedia devices, guests, and administrative management into independent segments, each governed by its own access policy.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/V0rt3xS0urc3/RedTeam-Portfolio/llms.txt
Use this file to discover all available pages before exploring further.
Project Objectives
The network was designed around six concrete goals:Network Segmentation (6 VLANs)
Isolate traffic by device type and trust level. Cameras, gaming rigs, multimedia devices, smartphones, guests, and the admin management plane each live in their own VLAN with no unintended cross-talk.
Quality of Service (QoS)
Prioritize gaming traffic from VLAN 50 to guarantee minimum latency, even when other devices are streaming or transferring large files simultaneously.
Camera Network Isolation
Lock the IP camera and NVR segment (VLAN 10) away from the internet and from every other VLAN. Cameras cannot phone home, cannot be accessed from a compromised guest device, and cannot reach internal services.
Secure Remote Access via WireGuard
Enable encrypted remote access to the home lab from any location using a WireGuard VPN server, with all traffic tunneled through the admin segment.
Centralization with Cisco 892FSP
Use the Cisco 892FSP as the single network core — handling inter-VLAN routing, DHCP for all segments, NAT, QoS enforcement, and ACL-based access control in one device.
Hardware Overview
All components used in this project are real, physical hardware — no virtualization of the network layer.| Component | Model | Role |
|---|---|---|
| Core Router | Cisco 892FSP | VLANs, DHCP, NAT, QoS, ACLs |
| Primary WiFi 6 AP | EDUP RT2980 (OpenWrt) | 5GHz gaming (VLAN 50), 2.4GHz multimedia (VLAN 20) |
| Secondary APs | Aztech WL559E (×2) | Smartphones (VLAN 30), Guests (VLAN 40) |
The Cisco 892FSP has no PoE capability. External power supplies are used for cameras and access points where needed.
Explore the Documentation
Architecture
Physical port assignments, trunk links, VLAN routing design, and WiFi 6 AP integration.
VLANs
All 6 VLAN segments: IP addressing, purpose, internet access policies, and DHCP config.
QoS & ACLs
Cisco MQC QoS for gaming priority and ACL rules enforcing VLAN isolation.
WireGuard VPN
Encrypted remote access setup: server config, client config, and Cisco port forwarding.
This project is built and documented for educational and portfolio purposes by Diego Arriagada Zamora (V0rt3xS0urc3), a Chilean pentester and ethical hacker. All configurations reflect real deployments on physical hardware.