Discovering 124 devices in my “simple” home network
I thought I knew my home network. I had a router, some switches, a few VLANs that made sense at the time, and everything just… worked. Until the day I decided to actually document what I had.
Turns out, I didn’t know my network at all.
The Discovery
I fired up the UniFi controller expecting to see maybe 40-50 devices. You know, the usual suspects: phones, laptops, smart home devices, maybe a few Raspberry Pis. The controller reported 124 active devices.
*One hundred and twenty-four.*
I immediately had questions. Important questions like “what the hell is ubuntu-server-17?” and “why do I have *seventeen* devices all named ubuntu-server?”
The Forensics Begin
Armed with an AI agent and a growing sense of dread, I started the archaeological dig. The results were… enlightening:
The Good:
- 5 security cameras actually recording to my NAS
- A functioning Kubernetes cluster (three of them, actually)
- Two Proxmox hosts quietly doing their job
The Bad:
- 17 identical
ubuntu-serverinstances (spoiler: they were old SQL Server experiments) - Devices with names like
Unknown-b0:8b:a8:40:16:b6(which turned out to be my Levoit air purifier) - Four SSIDs serving the same flat network because… reasons?
The Ugly:
- Everything on VLAN 1
- No segmentation whatsoever
- My security cameras had full access to my file server
- My IoT devices could theoretically SSH into my Proxmox hosts
The Uncomfortable Truths
I had built this network over years, making pragmatic decisions that made sense *at the time*. Need another VM? Spin it up on VLAN 1. New smart device? Connect it to the existing SSID. Another Raspberry Pi project? You guessed it—VLAN 1.
The result was a flat network that looked like a child had organized my sock drawer: functional, but deeply concerning to anyone who knew what they were looking at.
The Breaking Point
Two things finally pushed me to action:
1. The Device Census: After identifying and cleaning up the obvious cruft, I still had 77 active devices with zero network segmentation.
2. The “What If” Scenario: What if one of my IoT devices got compromised? It would have unfettered access to everything. My NAS. My Proxmox hosts. My Kubernetes clusters. Everything.
I couldn’t just clean up the device list and call it done. I needed actual network segmentation. Zone-based firewalls. The works.
The Plan
I decided on an 8-VLAN architecture:
- VLAN 1: Management/Infrastructure (ProCurve, UCG Max, core gear)
- VLAN 10: Trusted (my actual devices)
- VLAN 20: IoT (smart home stuff that definitely shouldn’t access my files)
- VLAN 30: Surveillance (cameras recording to NAS)
- VLAN 40: Media (streaming devices, Chromecast, etc.)
- VLAN 50: Lab (Kubernetes and experimental infrastructure)
- VLAN 60: Services (NAS, Home Assistant, critical services)
- VLAN 99: Guest (for when people visit and I don’t trust their devices)
Conservative? Maybe. But after discovering 124 devices in what I thought was a “simple” network, I was ready to embrace some architectural paranoia.
What’s Next
The past few weeks have been interesting, and the plan is to document my migration over a few posts.
- First: Immediate security wins (guest network isolation, device cleanup)
- Second: VLAN infrastructure and zone-based firewall policies
- Third: Device-by-device migration with minimal disruption
- Fourth: The scary part—migrating my Kubernetes clusters without breaking everything
I’ll be documenting the journey here, including the inevitable mistakes, late-night troubleshooting sessions, and that special moment when you realize you’ve locked yourself out of your own network.
Because if there’s one thing I’ve learned from this experience, it’s that home networks are never as simple as you think they are.
This is Part 1 of a series on rebuilding my home network from the ground up. Next up: Why “G-Unit” became my SSID naming scheme, and how zone-based firewalls changed everything.