My Overkill Home Network
My home network is probably more than it needs to be. Multiple VLANs, 802.1x authentication, encrypted DNS, segmented IoT, Cloudflare tunnels in front of anything exposed externally. I do it because I find it interesting — but there's a reasonable philosophy underneath it: things I trust and things I don't shouldn't share the same network, and if something does go wrong, I want the blast radius to be limited. This post covers the hardware, the segmentation, the wireless setup, and some of the rougher edges.