also available with built-in eMMC Flash (ie CM4002008); this is a bit harder to install though.
Access Point
Recent Mediatek/Filogic targets are rapidly being added lately - see i.e. https://downloads.openwrt.org/releases/23.05.0-rc3/targets/mediatek/filogic/. My advice here would be to order one of the below and drive them with stock firmware for the moment and decide later on whether you want to switch to OpenWrt.
fail2ban (Intrusion Detection/Prevention - when running inbound services like Apache)
ps1: GS-1900-24 does not have PoE - in case you do prefer Zyxel I would advice to check GS1900-24EP
ps2: the Pi-hole in your drawing might be redundant since similar service can be done directly on the router.
I'll assume the requirements are pretty well defined now and move on to questions about the recommendations.
Wow. This seems almost too good to be true. It checks off all the requirements on performance, reliability and functionality. I'm not even sure I could find a crappy router for less money.
It almost makes me think that a bunch of the "it depends" responses could be replaced with, "If you want to take full advantage of a 1Gbps WAN link just get this router."
It makes sense to start with the stock firmware and only upgrading if there's something that actually needs to be fixed.
I see that both of those support WiFi6 and PoE. I looked up the power consumption on the Netgear and an extra 10W doesn't make that much difference. The prices are similar too.
It's not clear to me that a slightly higher "coverage" actually translates to better network connections for users.
When it comes to choosing between these two, are they similar enough that I'm basically picking which one I think will look nicer or are there more serious considerations?
I should have included fanless as a nice to have or a requirement. I appreciate the lower maintenance that comes with fewer moving parts.
I don't have any brand loyalty so I don't care if it's ZYXEL or Netgear. Thanks for pointing out that the switch also needs to support PoE. Is there a reason to care about PoE vs PoE+?
For the switch, does it also make sense to also plan to use the stock firmware first and only install OpenWRT if there's some particular problem with it?
Is there any other particular reason to choose the Netgear over the ZYXEL, or vice versa?
Do I understand correctly that all these services, including Pi-hole, could potentially just be put on the router, since it's a general purpose computer?
Are these also light-weight enough that (given the specs of the router) I can basically ignore their performance impact?
Well...there is one catch - CM4 units are currently hard to get (larger supplies will arrive in December)
you can monitor https://rpilocator.com/ to see if cm4002000 or cm4004000 pops up - or otherwise the eMMC version CM4002008
or check aliexpress (bit more expensive though)
when driven by stock firmware I would vote for Netgear WAX220 because of plenty configuration options; the Ubiquiti UniFi U6+ - in standalone mode - seems to be rather limited in this area
when driven by OpenWrt firmware I would choose the AP which looks nicest to you.
My personal preference goes to Netgear GS316EP (more- and higher rated reviews on Amazon)
Yes (2x) - I currently have a RPi 4B (same cpu as CM4) with 100 Mbit ISP connection, about 20 connected devices and the same Services as in recommendation and this is mostly idling in cpu.
The total, including shipping, was $394.98. That only includes one AP so the price could still go up, in increments of $129.99, up to $914.94 (in the unlikely case that I actually end up needing 5 APs).
I should have all the pieces by next week and I'll post a follow up when I start putting that all together.
This refers to some switches. PoE is working fine on a number of switches:
GS1900-8HP
GS1900-10HP
GS1900-24HP
D-Link DGS-1210-28MP
D-Link DGS-1210-10MP
TP-Link TL-SG2452P
just to name a few. IIRC PoE does not work on the GS1900-24EP.
Most of the switches can be found on the used market - sometimes for less than €50,-.
I have a GS1900-24HP as my main switch, along with a DGS-1210-28MP as backup and a GS1900-8HP for a separate WiFi AP.
The advantages sound nice but they pale a bit in the face of:
You can expect about 20Mbit/s routing performance with such a switch being used as a router. The CPU interface of the switch is really only meant for running the configuration web interface.
I was wondering if there were more specific advantages.
It sounds like the best us of OpenWRT is on the router itself.
This just means that a switch running OpenWrt is best used as a switch - and not as a replacement for the router. The reason is that quite some people tried to replace their router by a switch and were surprised by the bad routing performance.
Thanks for finding that.
It looks like the final answer (at least for the GS316EP) is, "It will probably work fine with the stock firmware so I don't need OpenWRT on it and, if I tried to install it anyway, it probably won't work."
I'm actually running OpenWRT on my GS316EP, complete with PoE, and it's mostly happy. I never got around to submitting the diffs upstream; firstly you end up needing a serial console to enable networking properly (bootcmd needs rtk network on or the switch is unreachable), secondly I failed to find the time to fight the image creation to put the checksum in the right place (though I figured out what's required).
BusyBox v1.36.0 (2023-04-28 13:29:38 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt SNAPSHOT, r22658+2-2c530fcb97
-----------------------------------------------------
root@study-sw:~# uptime
18:43:12 up 76 days, 10:49, load average: 0.02, 0.03, 0.00
