I am thinking about my network set up, and for some reasons, I wondering what would be a good solution for:
current modem / router from ISP (current dowload speed is 300 Mbit/s; I could upgrade to a theoretical 1 Gbit/s next year). No wifi repeaters / no powerline extenders. Only one (old) wifi bridge.
add a personal router between the modem/router and the devices, for additional security and privacy (and flexibility, if I want to change ISP ...)
I have read that it could be wise to isolate some devices. Therefore I would appreciate if I could have several wifi networks separated to each other (1 for work devices / 1 for personal devices / 1 for IOT / 1 for guests / 1 for kids)
is it possible to have different parameters for the different wifi networks? I mean, different DNS for instance, or apply a VPN to one wifi network only, or ad tracker blocking solutions - parent controlling to a single wifi network ...
most of my devices (currently 15 - usually not more than 5 simultaneosly connected) are wifi5 (only few are currently wifi6)
how expensive would be solution to do the above? I would look for a device readily available in Europe (France)
how complex would be to set up and maintain the above solution? Would it be possible with a graphical interface?
Thank you in advance for your suggestions
PS: It might appear that I am asking some very obvious questions, but IT is not my field, and I am not knowledgeable about networking, so please understand that I might ask for further explanations to your replies. Thank you in advance for your understanding
you can find supported devices filtered for latest release
pick which has more flash+ram, has gigabit ports, and supports 5GHz wifi (ac). ax may or may not work.
there is data for VLAN support. usually multiple SSIDs are supported, but check comments too: eg. there are devices which in theory support this or that but in reality some features are broken.
if you want to use more and or resource hungry services please bear in mind there is cost: either financial (you have to pay for stronger but more expensive device), or have to adjust your expectation. typically VPN, SQM, services planned for real servers (e.g. file sharing) or delivering more wan bandwidth require stronger CPU these typical home routers are short of. there is a good article here about what to expect if you have 500+ Mbps WAN for example.
price range is depending on your pocket's depth.
once you picked a device search this forum regarding experiences, issues. don't buy before checking real user reviews!
FYI I have setup my home network with following devices
Modem - from Cable provider; wifi turned off
Router - RPi4 2GB RAM + TP-Link UE300 running on OpenWrt
Switch - Linksys LGS108P (with 4 PoE ports + 4 unpowered ports)
Access Points - TP-Link EAP615-Wall running on OpenWrt (PoE, Fast Roaming 802.11r works outstanding)
Connectivity follows this route: Modem > Router > Switch > Access points + lan devices
On RPi4 router I have additionally installed
Adblock: centralized adblocking for all home devices
SQM QoS: traffic shaping to prevent Bufferbloat
Attended sysupgrade: for upgrading OpenWrt
parental control: to set time restriction based on MAC address on children devices
Network isolation with Guest Wifi / VLAN / DSA is in theory possibly, however I did not configure any of those.
OpenVPN on my work-laptop is preinstalled so I did not need to configure this on my router
Maintenance is 1 minute work per device when a new OpenWrt SP is released (start Attended sysupgrade)
Installation is a lot more work due to gaining knowledge in several areas (but it is fun though)
ps: an alternative router (smallest 1Gb router on the planet)
RPi CM4 2GB RAM|No MMC|No Wifi + DFRobot IoT Router Carrier Board Mini
The only problem though is that RPi devices are currently very hard to get.
You can monitor https://rpilocator.com/ for availability
pps: In case you need to setup vpn than I would advise to look into WireGuard
Hi @RadioOperator , for the moment I do not complain about the modem router, therefore I would say that a router should be enough. Otherwise I will think about adding an AP
I had a look at what could fit my needs ... something easy to flash (OEM GUI), that seems recent and could support VLANs and multiple SSIDs ...
Either I have missed something, or there are not many options out there for me ... if I remove what is unavailable, in work, not easy to flash ... it seems that I am restricted to some Netgear and Linkesys, in terms of brand that I knew ... Probably the Netgear WAX202 or WAX206 ...
Do you think they would be a good choice for me?
a) easy to install OpenWRT
b) futureproof (300 Mbps from my ISP at the moment, but I could upgrade to 1 Gbps. Wifi AX is there, the only additional topic I need to work out is about the number of SSID possible / isolation of the clients... in the future I could add perhaps some VPN or adblocker in the future ....)
I have tried to look at the posts about the WAX206, and:
it seems it is one of the easiest device to flash (let's cross fingers when I try )
it should be able to handle 300 Mbps - 1 Gbps from the ISP (WAX206 connected by ethernet to the modem router from the ISP - how to configure the WAX206 in such a set-up... well, I will try ... )
clients will be connected to WAX206 only, via wifi (wifi of the ISP modem router will be switched off). Now the question would be: how many SSIDs can be created with the WAX206? Somewhere I read 3, with the original firmware; would it be the same with OpenWRT? I am asking this because I have several devices (most likely, 7 devices connected at the same time) that I would like to isolate (they need internet connection, but not to talk to each other), and I am wondering how I can do that (is there a proper device isolation if they are on the same SSID? Or can I use several SSIDs, each for a different purpose, which seems the easiest option, at least for my understanding? In such a case, I would need to group the devices in 9 different SSIDs, if that is feasible. Or should I try VLANs?)
VLANs are a very good way to isolate different groups of clients. For example, you might want to set up four different VLAN network interfaces for home, guest, IOT and security networks. Once these network interfaces are set up, then wireless interfaces, each with a different SSID, can be bridged to a VLAN. You may even want to assign two SSID's to each VLAN, for example Guest-2G for 2.4 GHZ WiFi and and Guest-5G for 5 GHz WiFi, both bridged to the same Guest VLAN network. It is entirely up to you. OpenWrt is very flexible.
You can set up as many VLANs and SSID's as you like with OpenWrt. Efficiency decreases the more you set up; however, you will get tired of setting them up long before you have so many that you would notice the efficiency penalty.
If you do not want devices within a particular group to be able to communicate with each other (for example, perhaps you do not want clients on the guest VLAN to be able to communicate with each other), then check the Isolate Clients box for the SSID (or SSID's) assigned to the wireless interface(s) for that group - just as frollic suggests.
Thank you very much @eginnc for your detailed answer.
I am happy to see that I could create more SSIDs ... in my simplistic way of seeing it, it looks the easiest way to separate stuff ...
do you know where I can find a (easy enough) guide (GUI, not CLI ) how to set up VLANs properly?
This post provides an example of how to set up vlans on a single gateway router that should help get you started. A WAX206 uses DSA, so you would want to look at the DSA network file example, not the swconfig network file example (if you choose a WAX206).
I just bought it, and yes it's very easy to flash. But you might need to setup the stock firmware in router mode before you can flash.
I have much higher link speed so I can tell: A rough test with WAX206 my laptop got ~1.3Gbps WiFi throughput with 160MHz channel width (since there is only 1 x 2.5G WAN, only WiFi can give > 1Gbps speed)
Turn on "Client Isolation" option in your AP settings.
)
... )