Hello folks.
I’ve been fiddling with my home and family network, taking control of our digital life and such. I am confidently and optimistically planning another stab at a solution and will appreciate your ideas.
My previous stab resulted in the following unintimidating mess of wire. I’d like to do significantly better and set up a network that I can lean on for the next 10 years.
tldr; Scroll down to “A new plan and a new budget”
Here goes my journey, I hope that you find my ignorance entertaining!
Current hardware, not very intimidating:
ISP -|
EdgeRouter X SPF
|- AC AP LITE
|- 50ft of Cat5e to an unmanaged Netgear HUB
Ha! This is a modern household. There are devices of varying level of trust hanging off of that network. There is a Synology NAS, there are baby cams, IoTs, Pis, 3D printer, tree printer, just a whole lot of gadgetry and some firewall rules (on the ER-X) to match my level of paranoia.
The plan was to overlay VLANs on top of the physical network to get it all under control.
The astute among you will notice the gaping hole in my plan. The unmanaged hub cannot tag VLANs, it can’t even switch after all. I knew this, but that’s the equipment that I had on hand. The idea was to only put “crap” there, such as consoles, Apple TV, etc. It all went downhill from here friends…
I later purchased an EdgeRouter PoE, thinking I’d replace the hub with the ER-X, move some Raspberry Pis to the PoE router, vlan tag some WiFi networks, slap hands together, dust off, done. So clever I, saving monnneyyyy, connecting things togetttther.
Lessons learned and remembered:
- There is a bad taste in my mouth from running a switch, a router, and a firewall on the same low power device and working around the quirks of such a setup. I prefer to buy once, with ample room to grow.
- I have an utmost concern for both privacy and security. I would like to run an open source firewall.
- I don’t like having to run Unify Controller just to configure the AP.
- The EdgeRouter PoE has passive ports and raspi PoE hats require 48V active ports, duh! (You could technically drop a buck converter on there and it will probably not fry any of your equipment. Lame, dangerous, but very cheap.)
- I don’t trust some of my laptops and workstations, due to age, neglect, and negligence.
A new plan and a new budget:
ISP -|
Netgate SG-5100 (utter overkill, by design)
?- EdgeSwitch
|- Synology NAS
|- Up to 3 computers
|- Up to 5 Pis over PoE
?- airCube Home Wi-Fi Access Point
|- 3 iPhones
|- 3 Laptops
|- 3 Tablets
|- Guests
|- ~10 IoT devices (50+ in 5 years?)
|- 50ft of Cat5e to ER-X configured as a switch
|- Media devices, consoles, Apple TV, etc
Questions:
- Should I hang the ER-X directly off the Netgate or daisy chain off the main switch?
- Should I hang the NAS directly off the Netgate or put it on the switch?
- I would like to setup offsite backups between my Synology and a Synology at different location. Is VPN the way to go? I could install my unused EdgeRouter PoE at the other location.
- Is the airCube a significant downgrade from AP LITE? I could always add more APs or upcycle some old hardware for low bandwidth IoT devices.
- I don’t want my workstations to have access to network configuration. What other options do I have for managing the various routers, switches, etc? I’m interested in maximum security, not a fancy dashboard. UNMS? Or a separate control network/plane?
P.S. Tom’s YouTube channel has been a tremendous resource on my journey. If you’re reading, thank you!