Home Network Advice Please: Firewall/Router, WiFi Access Points/Multiple SSIDs, Switches and VLANs?

xleetxleet
in Help

I need to replace my home network. I have had enough of Sophos and their free UTM (for home users).

WHAT I HAVE:
I have a direct Ethernet bridge (cable modem) with DHCP to the internet. I get one public IPv4 address and a typical IPv6 (/64?) home connection. Ethernet cables go between the office closet and all rooms in the house. There are switches in some rooms that have multiple devices. There are four WiFi access points in various rooms to yield full coverage of the house and backyard.

WHAT I NEED:

  • Firewall / Router that supports the network. I have an 8 port "SG135" Sophos appliance, but do not mind wiping it and installing other software on that same hardware.
  • Four WiFi access points that support multiple SSIDs. I want to isolate home appliances and devices from the primary LAN that personal computers use. That requires multiple SSIDs. A "guest network" is not sufficient. I assume it would use a separate VLAN for each SSID.
  • Small VLAN-capable switches in a few of the rooms.
  • A VLAN-capable switch in the office closet.
  • The access points and VLAN switches must be reasonably easy to manage and configure. I understand that it is complex, but some models of access points and VLAN switches make the problem much harder.

I bought some very cheap TP-Link switches. Not only are they not secure, but they are nearly impossible to configure. It becomes a real "bootstrap" nightmare trying to configure access points with SSIDs on VLANs, then the TP-Link cheap switches, and then the office closet equipment without cutting something off accidentally. It is a nightmarish bootstrap process. The TP-Link switches run HTTP with open passwords on the network. No more of that, please.

This is a home network, not a business. I do not want to spend excessive amounts, nor do I want any license "subscriptions" or "renewals".

-> What would you recommend? I need access points, smart switches, and a good firewall/router to put it all together.

Thanked by (1)cxg
Tagged:

Comments

  • terrorgenterrorgen OG
    edited August 2023

    @xleet said: I bought some very cheap TP-Link switches. Not only are they not secure, but they are nearly impossible to configure. It becomes a real "bootstrap" nightmare trying to configure access points with SSIDs on VLANs

    I happen to have a TL-SG108E and I found it easy to configure, once you understand VLANs. Yes, the web interface is unsecured, but given this is a home network, I firewall the heck around it and call it a day.

    @xleet said: Four WiFi access points that support multiple SSIDs.

    I use 3x Unifi AC Lites bought used for about $50 each. I run the controller in a VM.

    Here are my VLANs
    Default: lan (catchall for all devices not fitting the vlans below)
    VLAN2: iot (iot devices)
    VLAN3: guest (guest wifi)
    VLAN4: work (for work related devices)

    As for the router, I use plain old linux (NixOS these days).

    Thanked by (1)xleet

    The all seeing eye sees everything...

  • tetechtetech OG

    I use a Mikrotik as the gateway router, and Dell switches where extra outlets are needed - can pick them up fairly cheap on eBay.

    I also use UniFi APs but have been getting less happy with them as time goes on. The AC Lite is best. U6 is a disaster (runs very hot/high load and seems to need rebooting regularly). AC-LR is "OK" but I have roaming issues with it, seems to be something in the 2.4/5 GHz selection.

    Thanked by (1)xleet
  • kviddenkvidden

    Cisco SMB (CBS lineup) like 220 or 250 and you have good switches.
    A little pricier them Ubiquiti but way better.
    If you don't mind spreading out switches and have smaller ones Ubiquiti have a 8Port 60W switch that are good for the money though, but then again you are back at Unifi...
    But for switching L2 it will work OK though even with Ubiquiti.

    For AP I would say something like Cisco 150AX.
    Config one (webgui) and as long as rest are in same VLAN they will get config etc. Its a EWLC type of config.
    And they are not more expenses the. Ubiquiti WiFi 6 APs either!

    Firewall I would go for *sens if you don't want to change hardware.
    If new hardware is needed and you want something that is somewhat OK a UDM-Pro would be handling the Unifi switches with the built-in switch controller.
    If a little more power or features is needed maybe a firepower or fortigate.

    But I would say stay away from Ubiquiti APs at least 😀

    Thanked by (1)tetech
  • tetechtetech OG
    edited August 2023

    @kvidden said: For AP I would say something like Cisco 150AX.
    Config one (webgui) and as long as rest are in same VLAN they will get config etc. Its a EWLC type of config.
    And they are not more expenses the. Ubiquiti WiFi 6 APs either!

    This was good info. I might try to rotate out the Ubiquiti.

  • mannenmannen Hosting Provider

    I use pfSense, Zyxel GS1900-24E and 2x TP-Link Omada EAP225 series APs at home to achieve what you want to achieve.
    The TP-Link Omada controller is running in docker and is very easy to use and configure multiple SSIDs and map them against different VLANs.
    I'd get the new EAP6xx series now though that support Wifi6 like the EAP610.

    RIPE LIR

Sign In or Register to comment.