So I work from home and the home network is important for a number of reasons (TV runs through it being the most lol).
Last summer while I was traveling I got a call from the wife that internet was down and the TV’s didn’t work. About an hour later my neighbor texted a picture of a hole blown in the ground at his house by lightning. A direct hit to the cable wire, it severed it! No equipment in his house was damaged, but as I would find not true at my place!
When I got home I found that though I had an enterprise grade APC battery backup/surge protection device lightning had found it’s way through both the cable modem AND my HD Homerun Prime. The damage:
- Cable modem dead
- HD Homerun prime dead
- Asus wireless router dead
- 2 TP-link gig switches dead
- Media center PC on-board NIC dead (PC ok)
- Swaan security DVR on-bard NIC dead (unit worked at console though).
In all $700ish in equipment lost or broken.
I ordered replacements for all of it and got to thinking that I’d realllly like for that to not happen again. So I did what any other (in)sane person would do and I optically isolated both the cable modem and HDHomerun Prime from my LAN.
My initial setup involved 4- TrendNET Media Converters w/2 multimode patch cables:
A rough diagram looked like this:
So now my network was optically isolated. Lightning could take out the cable modem and/or the HD HomeRun, but not anything past it…. It cost me roughly $220 for the 4x converters + fiber cables….
One odd problem I had/have is that I can’t connect the HDHomerun directly to the media converter or the TV pixelates. I have to put a dumb switch between it and the converter, still looking at that one….
At some point later I added a LOT of IP cameras (PoE) and IP Phones (also PoE) and began looking at managed switches. I picked up a used HP ProCurve (lifetime warranty!) 24 port POE switch on ebay as well as two mini-gbic’s for fiber….
I bought a HP Procurve 2520G-24-POE:
You’ll see that that last 4 ports look odd, thats because they are shared minigbic ports. I put two multimode transceivers in those ports.
I created an isolated VLAN for the internet on port 20 and port 24. The cable modem network jack goes to a Media converter changing it to fiber, that plugs into port 24 on the HP, from there port 20 is connected to the WAN port on my Asus router and the switch allows the fiber to to convert back to copper while being on an isolated VLAN it keeps the internet/LAN traffic separate. The config for this is below: (you can do this in the GUI or SSH to the switch).
vlan 200
name “INET”
untagged 20,24
no ip address
exit
I did the same for the HDHomeRun Prime with the exception of leaving it on the default LAN VLAN. (Port 23 take the fiber from the converter to the switch, from there the device is talking to the LAN as usual.)
I later upgraded to a 5406zl – see my other posts about this….
tinkeringdadblog 
One thought on “Lightning-proofing the home LAN”