← Back to blog

My Current Network Setup (and Why It Needs to Change)

Fastweb FTTH, Fastweb NeXXt, Xiaomi mesh — the network setup that got me this far and the limitations pushing me to rethink everything.

homelab networking smart-home
On this page

Before diving into VLANs, firewalls, and advanced topologies, it makes sense to take a step back and talk about where I’m starting from. Because to design a better network, you first need to understand what’s wrong with the current one.

The Connection: Fastweb 2.5 Gbit FTTH

The starting point is excellent. I have a Fastweb FTTH (Fiber To The Home) connection at 2.5 Gbit/s. The fiber optic cable arrives physically inside my apartment, which means extremely low latency and bandwidth that most people can’t even saturate.

For those unfamiliar with the terminology: FTTH means the fiber optic cable reaches your home directly, unlike solutions such as FTTC (Fiber To The Cabinet) where the last stretch — from the street cabinet to your home — still uses old copper wiring. The difference in speed and stability is massive.

The fiber terminates in an ONT (Optical Network Terminal) built into the ISP modem, which converts the optical signal into an electrical Ethernet signal. In my case, the ONT is integrated inside the Fastweb NeXXt, the modem/router provided by the ISP.

The Current Device Chain

Here’s how everything is connected today:

Fiber optic (2.5 Gbit FTTH)


┌─────────────────┐
│  Fastweb NeXXt   │  ← Integrated ONT + modem/router
│  (modem only)    │     but used only as a modem
└───────┬─────────┘
        │ Ethernet (1 Gbit)

┌─────────────────┐
│  Xiaomi AX3000   │  ← Main router + WiFi mesh
│  Mesh System     │     handles routing, DHCP, WiFi
└───────┬─────────┘

   ┌────┴────┐
   │         │
 Devices   Additional
           mesh nodes

In practice, the Fastweb NeXXt is relegated to being a simple modem: it converts the optical signal to Ethernet and passes it to the Xiaomi AX3000 mesh system, which handles everything else — routing, DHCP, DNS, and WiFi coverage throughout the apartment.

The Limitations of This Setup

Does it work? Yes, for standard home use it works just fine. But when you start having homelab-level requirements, the problems surface quickly.

1. Two Devices Where One Would Suffice

I have two devices running 24/7 — the Fastweb NeXXt and the Xiaomi mesh system — both consuming power around the clock. The NeXXt, used only as a modem, is essentially wasteful. It does one thing (convert the optical signal) and beyond that, it’s a 15-20W device generating heat and taking up space for no good reason.

2. The 1 Gbit Bottleneck

Here’s the most frustrating paradox. I have a 2.5 Gbit/s connection, but the Ethernet port on the Fastweb NeXXt that connects to the Xiaomi router is a standard Gigabit port (1 Gbit). The result? It doesn’t matter how fast my fiber is — all wired traffic gets throttled to 1 Gbit/s.

For WiFi this is less relevant (a single wireless device rarely saturates 1 Gbit), but for wired traffic — server backups, file transfers between devices, storage access — that limit is noticeable. And it will be even more noticeable with a serious homelab setup.

3. No VLAN Support

This is the real deal-breaker. Neither the Fastweb NeXXt nor the Xiaomi mesh system supports the creation and management of VLANs (Virtual Local Area Networks).

For those unfamiliar: VLANs allow you to divide a single physical network into multiple isolated logical networks. Think of it as having multiple separate WiFi networks, but at the infrastructure level — devices on one VLAN can’t communicate with those on another unless a firewall explicitly allows it.

Why does this matter? Because in my setup, IP cameras, IoT smart home devices, the Home Assistant server, and personal computers are all on the same flat network. If a cheap IoT device gets compromised, it has direct access to everything else. From a security perspective, it’s a nightmare.

The Plan: Two Key Steps

Since the Zero to Lab project is about starting from scratch, it’s the perfect time to rethink the network from top to bottom.

Step 1: Free Modem and ONT Replacement

In Italy, there’s a legal right to use your own modem instead of the ISP-provided one (similar to the “device freedom” principle in other EU countries). For Fastweb FTTH, this means requesting the replacement of the integrated ONT inside the NeXXt with a standalone external ONT — a small dedicated device whose only job is converting the optical signal to Ethernet.

The advantage? Completely eliminating the Fastweb NeXXt from the chain. Instead, I’d have a compact external ONT that converts the optical signal and directly provides a 2.5 Gbit/s Ethernet connection to my router, without a bulky intermediary device consuming power and limiting speed.

One less device, less power consumption, less heat, more speed. A win on all fronts.

Step 2: A Router That’s Up to the Task

The Xiaomi AX3000 mesh system is a great consumer product, but it’s not built for what I have in mind. I need a router that:

  • Supports VLANs — to segment the network into zones (management, production, IoT, lab)
  • Handles 2.5 Gbit or 10 Gbit ports — to actually leverage the connection and internal traffic
  • Offers advanced firewall capabilities — inter-VLAN rules, traffic shaping, IDS/IPS
  • Is expandable — ability to add mesh nodes or access points for WiFi coverage
  • Runs a mature operating system — RouterOS, OPNsense, pfSense, or similar

I’m still evaluating options — MikroTik, Ubiquiti, or a custom solution with a mini PC running OPNsense. Each option has pros and cons that deserve a dedicated analysis, and I’ll cover that in a future post.

The Network of Tomorrow

The end result will be a completely different network from what I have today:

Fiber optic (2.5 Gbit FTTH)


┌─────────────────┐
│  External ONT    │  ← Optical signal → Ethernet
└───────┬─────────┘
        │ 2.5 Gbit

┌─────────────────┐
│  New Router      │  ← Firewall, VLANs, advanced routing
│  (TBD)           │
└───────┬─────────┘

┌───────┴─────────┐
│  Managed Switch  │  ← VLAN tagging per port
├─────────────────┤
│ VLAN 10: Mgmt   │
│ VLAN 20: Prod   │
│ VLAN 30: Lab    │
│ VLAN 40: IoT    │
└─────────────────┘

From a flat network with a modem serving as a paperweight to a segmented infrastructure with firewall, VLANs, and native 2.5 Gbit speeds. The leap is significant — and the best part is that the cost of the change is contained, since most of the investment goes into the server hardware anyway.

Next Steps

In the next post, I’ll take a closer look at my current server setup — what’s running on that mini PC today, the services I depend on, and why it’s no longer enough for what I have in mind.

The journey continues.