Refactoring home network

Hi,

I want to refactor my home network. The following reason is to improve wiFi range in the house and improve the managment of some hosts I have locally.

• About the WiFi I would like to improve the range and the roaming between APs. I have two APs: ISP Router and an AP sourced by the ISP. The problem is that there is no roaming between them so the clients only change between devices if the WiFi signal goes very low.
• About the network I would like to be able to set IPs for some devices (hosts and home automation devices). My current router doesn't support it. Right now I don't pretend to cretae VLANs.
• Improve the router firewall or at least have logs of incoming connections from unknow sources. Is it possible with OpenWrt, right?
• Move the reverse proxy from one of the Hosts to the router. I saw I can run docker containers on OpenWrt so it should be doable, right?

After some months reading about the topics I describe above I came up with the diagrams attached.

The main changes are to add a router after the ISP router with OpenWrt, add a switch and add two new APs.

I would prefer to use the same place for the APs since they are hidden.

Do you think that is possible to add better APs on the same place of the current ones and get better range? It is ok to use two APs with OpenWrt or should I go with something like omada or a mesh kit? I dislike the omada solution because I need to have an extra controller for the roaming features. I saw that OpenWrt supports 802.11k, 802.11r and 802.11v.

Thank you

homelad_current_setup827×575 45.4 KB

homelab_proposed_setup882×788 63.3 KB

tcp_download_Mbps1920×489 49.1 KB

Floorplan2200×2200 171 KB

Your second pic is more or less my setup. I assume the switch you have is a managed one, no? I am using VLANs and highly recommend that you do too. Multiple APs can be configured for 802.11r fast roaming easily. VLANs keep the PoE camera and IoT devices from connecting out to the WAN. Also keeps my main and guest WiFis segregated.

                                                   ---> PoE cameras
                                                   |
cable modem --> RPi4 (router/firewall) --> managed switch ---> AP1
                                              |    |
                                              |    ---> Wired clients
                                              |
                                              ---> AP2

The setup is pretty easy if you follow some good videos. See the dumb ap wiki page where I linked them.

I haven't buy any gear yet. This post is also to understand which hardware to buy.

I think I can assume RPi4 and NanoPi R4S are very similar. I need to buy a switch and two APs.

The current AP in the living room is the one on the picture:

image735×980 88.5 KB

Which switch do you have? Does the switch need to be flashed with OpenWrt?

I prefer RPi4 + USB3-NIC (TP-Link UE300 is a very popular and supported) but Nano Pi has 2 NICs so will work too. I have a Netgear GS316EP but that was driven on power budget assessment. It runs Netgear's firmware not OW. For APs you can't go wrong with the Belkin 3200RT. WiFi6 (802.11ax) and well supported by OW/rock solid, plus in the US, they are $72 brand new right now.

...are you sure you need 2 access points? I can honestly get away with 1. Might simplify the setup by removing the 2nd one. When I look at the associated stations for the 2nd one in my case, I rarely see devices joining it. I guess the signal strength from the centrally located AP is good enough.

I had two of the TL-SG108E, but I'm not very satisfied with them. They are cheap and somewhat managed, but crap. They don't reliably get an IP address via DHCP and if they do it's not clear which VLAN they use. I sold them and replaced them by OpenWrt-capable switches: Netgear GS108Tv3, Netgear GS308T and ZyXEL GS1900-8HP - at least I know now what's going on on the CPU. Sometimes you can find them used or as open box for little money.

PoE is nice for powering the APs, I have two TP-Link EAP225v1 that I power this way.

Proposed topology looks good. I just wanted to share that I had issues with the TL-1016DE switches a few years back. At some moment (1-5 days), it would no longer route VLAN traffic. Only power cycle fixed that (I had two units at different locations and both had the same issue. They were perfectly fine for non-VLAN use though). TL support was non-existent.

After drop-in replacement with Cisco SG switches all problems were gone. Having the SG VSI also got me to true Gb througput (which I couldn’t achieve with the TL’s).

Full disclaimer - I own the NanoPi R4S 4GB, so I'm biased, but I think it's a far better value than the Raspberry Pi 4B presently.

The Raspberry Pi 4B (not 4) is equivalent to the Nano Pi R4S 4GB - arguably a bit faster assuming you are running anything on it that can actually make use of its 4 A72 cores (versus 2 fast A72 cores plus 4 slower A53 cores on the NanoPi R4S). But the thing is, Raspberry Pi's have gotten a bit scarce and more than a bit expensive of late, plus they don't come with a case (much less the really nice machined metal case of the NanoPi R4S), plus they don't come with a second Ethernet port, plus I don't like the mess of a Ethernet dongle hanging off a USB port.

If the router, switch and first AP are to be co-located, do you need a switch? You could go straight from the ISP modem in bridge mode to the Pi router (an R4S of course ), then to the first AP configured as a dumb AP/managed switch. The router would still manage all your vlans, DHCP server, firewall, etc., not the first AP. Just a thought.

If you do need a manged switch, I too can recommend the Netgear GS308T with OpenWrt. It's worked great for me.

I've recently had the opportunity to compare my current ipq806x dumb AP's (a used Askey RT4320W and used Linksys EA8500, both picked up for less than $50 shipped) with an RT3200 I'm setting up for someone else's small apartment as their one and only all-in-one. Apples to apples with AP's and clients (ax capable) in the same locations, I found the RT3200 was OK, but not as good with ac clients as my used ipq806x ac AP's at medium to long distance, and only comparable at those distances (but less stable) if feeding an ax client. I set the RT3200 up in ac only mode for its new owner.

Would I still recommend the RT3200? Yeah, for the right price I would - for near to medium range ax clients, for medium distance ac coverage, for its decent CPU, for its hardware encryption, for its offloading capabilities, for being nice and compact without antennas hanging off of it everywhere. But especially used as just dumb AP's, if I had good used ipq806x options for less coin, I'd take them.

Thank you for the switches recommendation. I think I will not need PoE so Netgear GS108Tv3 looks great. Does the EAP225 have OpenWrt support?

https://openwrt.org/toh/start

Looks like it does. Ath79 hardware is a bit dated if you're starting fresh though.

My first option is to have all the 3 co-located. Usually Wi-Fi routers only have 5 ports and I would like to have some spare ports and this is the reason why I added a switch. Right now I'll not try to create an VLAN but maybe in the future to separe the home automation devices.

It is not easy to find any of these APs in europe Are you aware of any europe equivalent?

I found this one in sale Linksys MR8300 do you think it is a good option?

The MR8300 is not a bad option if it stays supported. It is supported now:
https://downloads.openwrt.org/releases/22.03.2/targets/ipq40xx/generic/

But, the ipq401x targets have recently been converted from swconfig to DSA, and some devices are running out of room for the larger 5.15 kernel. Not all devices have made it through to the other side yet. I personally wouldn't assume they all will until I see it - notably I don't see the Linksys EA6350v3 (an old 2x2 bargain favorite) or MR8300 in snapshot yet. The next stable release will start from whatever is supported in snapshot: https://downloads.openwrt.org/snapshots/targets/ipq40xx/generic/

I should probably add the EA8500 and EA7500v1 have also recently been dropped from snapshot if and until an issue with supporting their switch in the 5.15 kernel is worked out. I'm keeping my fingers crossed - I really like the EA8500.

Can you find a TP-Link C2600 or Zyxel NBG-6817 used on ebay? And the Belkin RT3200 is a decent choice too. I'm just suggesting ipq806x if you can find them used for less, and for their slight edge on 802.11ac range in my experience.

Edit: You might also consider MT7621AT ramips devices for an economical dumb AP option. The the MT7621 isn't the fastest CPU for concurrent routing and WiFi duty, but for a dumb AP that only needs to handle WiFi....and if you are selection and/or price limited an EAP225 at the right price will work too. You just need AP's after all.

No easy to find any of these devices around the 50/60eur price range :s

There is any reason to buy GS108Tv3 for almost 2x the price of GS308T?! After install OpenWRT can I use vlans on it GS308T?

image1316×300 56.2 KB

image1319×300 54.8 KB

GS108T has a PoE client port so it can be powered through an Ethernet port, but if cannot power other devices. The GS308T does not. If you need to power it without a wall wart, then the GS308T is not for you.

Edit: Thank you @andyboeh for correcting my earlier version of this post. I've corrected it accordingly.

It's a PoE client port (PD), it can be powered that way, but it can't power other devices (it's not a PSE).

Is the it a requirement to have the switch run OpenWrt?

No, for now the GS308T will be use as "dumb switch". In the future if I go with the vlan for iot devices I may flash openwrt.

I ask because I so rarely log into my managed switch. The vendor firmware is fine for my use case which is just assigning VLANs to different switch ports on occasion.

I think GS308T doesn't support vlan with the stock firmware. I have to read about VLANs.