Feedback on current upgrade plans - Rpi4 based

Hi all,
I'm seeking for some validation of my plan to buy some hw device to upgrade my current network setup.
I've settled on a solution but I'm open to listen to suggestions if any.
Mind that my understanding of the networking domain is relatively limited despite having played with OpenWrt in the past so I might be reporting things in a way that could not make sense.

I have a gigabit internet at home, based on the router given by the internet provider, Vodafone:

It mostly does its job but it has very little configurability and has some bug where it sometimes does not allow wifi device to rejoin if it loses power and has to reboot.

I wanted to gain control and use an OpenWrt based solution.
Reading the forum a possible suggestion is to go down the Rpi4 road + dumb access points and that's what I was after.

My plan is to buy:

  • 1 Rpi4 with 4GB ram
  • TP-link UE300
  • TP-Link EAP245 (one or more, depending on the range I can get at my home)

My needs are mainly to:

  • get control over routing, separating multiple wifi networks to isolate IoT from the rest
  • leverage the nominal speed offered by the provider
  • eventually add services on the router (currently Adguard is running on Rpi with Home Assistant, but it could change location)
  • achieve fast wifi switching between different floors if it's confirmed that a single EAP245 does cover the all area

My idea was to keep the current Vodafone router that gets the optic fiber cable and use all its 4 ports as a switch and connect the Rpi OpenWrt rotuer and the Access Points to it.

Additionally, I'd like to ask if it makes sense to put OpenWrt on the EAP245 or if there is no need for that.

Does my set up make sense?

thank you

paolo

get two AP's and consider not using the router for additional complex services like these (Adguard may be ok... HA your better off with a second PI or similar at least short/medium term)

most likely not going to work - unless your voda box allows you to setup vlans.
you need to buy a dedicated switch - recommended ZyXEL GS1900-8 as it's supported by openwrt 21.02

If going that route then I'd considered the GS1900-10HP. It will power the EAP245s. And it might be possible to move the SFP from the Vodafone box, dropping that one completely. Unless they require some MAGIC only provided by their CPE?

I've tried asking the same to my provider but they refused then maybe Vodafone will be more cooperative so their support is required for removing the CPE

Thank you for you comments.

From my exploration of the Vodafone router UI there seem not to be any way to configure VLANs. The router support isolation for 2 Wifi networks if I leave to it, but I don't see anything other than that.

Could you help me though to clarify what's the role of the switch in this setup.
I get it's to setup VLANs but I haven't understood if it's mandatory for providing isolation or if it would be a requirement for general connectivity.
Additionally, to allow me to chose between alternative hws (the suggested model is quite large and I have limited space where the equipment needs to be installed), what are the characteristics that I'd strictly need vs. what are just "nice to have" ?

for you needs (IOT isolation) VLANs are only nice-to-have from a security perspective so you can choose any gigabit switch (5 or more ports - depending on your requirements) but I really recommend getting a VLAN aware switch (compact like netgear gs305e - even if it's not supported by openwrt) as it's a good investment especially in this phase (bill of material - BOM - no actual config/traffic) as you might find it more difficult in the future to replace a dumb switch/configure vlans

I don't expect any provider to support this kind of setup, or even admit it is possible. I believe that is fine. They sell a mass market service. Supporting anything non-standard is expensive. So they cannot publish anything which could be misunderstood as "you can use your own equipment".

That doesn't mean that it won't work.

My only experience is with a local provider, with a similar looking setup. They use a pretty standard BX (single strand bidi) SFP in their CPE. I am using it in a GS1900-10HP with OpenWrt instead. The provider splits Internet, TV and management/phone into 3 VLANs, so the SFP port must be confgured with the correct VLAN IDs. I only have Internet at this site, so I only needed one of them. But it still has to match the provider of course.

Figuring out which VLAN to use, if any, might require a bit of snooping. But you should be able to do that using the switch. If the providers CPE has RJ45 WAN as an alternative, you might even be able to put the switch temporarily between the fiber and the CPE to inspect the traffic.

I have no idea what Vodafone does, and it this is relevant at all.

The cases I can think of where this wouldn't work is if the provider makes their network config depend on CPE management somehow. E.g having only an open management VLAN be default, and then enable Internet service etc after talking TR069 to the CPE.

They could also have some mac-address filters, but you should be able to work around that by cloning the address from the provider CPE.

EDIT: wrt the size of the complete installation - I posted a picture of my setup a while ago: Searching for router to buy - #38 by bmork .The GS1900-10HP with the RPi4 attached is physically smaller than my provider's CPE.

You don't need those USB UART dongles of course - they are just there for debugging.

I have two Unifi 6 Lite APs connected to, and powered by, the GS1900. Both are configured with two SSIDs - one for IoT and one for more trustworthy devices.Using VLAN tagging to split the different layer 2 network segments, so that the Internet WAN VLAN from the fibre goes to the single RPi4 ethernet port along the VLANs used by the APs, The RPi is both router and "server" in this network.

Many ISPs are using some variation of GPON, in which case it isn't that simple, as an ISP-blessed ONT (with registered serial numbers, etc.) is needed. While those do exist in a SFP form factor, the problem is getting yours registered (or finding a way to spoof the necessary ISP settings).

Yes, true, GPON will normally force you to use the ONT from the ISP.

But IIUC, @paoloantinori got a CPE with an SFP from the ISP. So that means that the ISP either is using active ethernet, or that the ONT is integrated in the SFP. Either way, that SFP should work fine in the GS1900 too.

1 Like