Thank you for the switches recommendation. I think I will not need PoE so Netgear GS108Tv3 looks great. Does the EAP225 have OpenWrt support?
Looks like it does. Ath79 hardware is a bit dated if you're starting fresh though.
My first option is to have all the 3 co-located. Usually Wi-Fi routers only have 5 ports and I would like to have some spare ports and this is the reason why I added a switch. Right now I'll not try to create an VLAN but maybe in the future to separe the home automation devices.
It is not easy to find any of these APs in europe Are you aware of any europe equivalent?
I found this one in sale Linksys MR8300 do you think it is a good option?
The MR8300 is not a bad option if it stays supported. It is supported now:
But, the ipq401x targets have recently been converted from swconfig to DSA, and some devices are running out of room for the larger 5.15 kernel. Not all devices have made it through to the other side yet. I personally wouldn't assume they all will until I see it - notably I don't see the Linksys EA6350v3 (an old 2x2 bargain favorite) or MR8300 in snapshot yet. The next stable release will start from whatever is supported in snapshot: https://downloads.openwrt.org/snapshots/targets/ipq40xx/generic/
I should probably add the EA8500 and EA7500v1 have also recently been dropped from snapshot if and until an issue with supporting their switch in the 5.15 kernel is worked out. I'm keeping my fingers crossed - I really like the EA8500.
Can you find a TP-Link C2600 or Zyxel NBG-6817 used on ebay? And the Belkin RT3200 is a decent choice too. I'm just suggesting ipq806x if you can find them used for less, and for their slight edge on 802.11ac range in my experience.
Edit: You might also consider MT7621AT ramips devices for an economical dumb AP option. The the MT7621 isn't the fastest CPU for concurrent routing and WiFi duty, but for a dumb AP that only needs to handle WiFi....and if you are selection and/or price limited an EAP225 at the right price will work too. You just need AP's after all.
No easy to find any of these devices around the 50/60eur price range :s
There is any reason to buy GS108Tv3 for almost 2x the price of GS308T?! After install OpenWRT can I use vlans on it GS308T?
GS108T has a PoE client port so it can be powered through an Ethernet port, but if cannot power other devices. The GS308T does not. If you need to power it without a wall wart, then the GS308T is not for you.
Edit: Thank you @andyboeh for correcting my earlier version of this post. I've corrected it accordingly.
It's a PoE client port (PD), it can be powered that way, but it can't power other devices (it's not a PSE).
Is the it a requirement to have the switch run OpenWrt?
No, for now the GS308T will be use as "dumb switch". In the future if I go with the vlan for iot devices I may flash openwrt.
I ask because I so rarely log into my managed switch. The vendor firmware is fine for my use case which is just assigning VLANs to different switch ports on occasion.
I think GS308T doesn't support vlan with the stock firmware. I have to read about VLANs.
I think any managed switch supports VLANs. Not much to understand, really... if you want network segragation like a guest zone and lan zone and maybe even an IoT zone, you use VLANs.
This is not correct. The GS308T supports VLANs with both stock and OpenWrt. As darksky says, any managed switch will.
I like having the same interface and OS (OpenWrt) on all my home equipment. I am also paranoid and do not trust that stock firmware will not "phone home" with my usage statistics or automatically update itself to something that makes OpenWrt harder to install later. Sometimes there are options to opt-out of these stock firmware "services," but I would rather not count on finding them or noticing if their defaults change after the next automatic update. My favorite "opt-out" option is to install OpenWrt.
It is the case that a managed switch does not do a whole lot though. It is pretty much set it and forget it as darksky says.
Best opt out is a firewall rule on your OpenWrt router
config rule option src 'lan' option target 'REJECT' option name 'deny wan access to managed switch' option dest 'wan' list proto 'all' list src_ip '10.9.1.100'
That is an excellent idea. In fact, I think it was one of your similar posts, darksky, that set the light bulb off in my head regarding what to do about my Canon printer that I wanted to have on my trusted home lan WiFi, but did not trust its firmware. A belated thank you for that.
As I recall, I blocked it with its mac address instead of its IP, but it does have a static IP assigned on my network, so a rule for either or both would work.
Right now I think I have ordered all the devices
Thank you for all the advices.
I understand the concept but I had never implemented one.
Since I'm using two omada APs for wifi what do you think about get an omada switch like TL-SG2008? The reason to think on it is that with Omada app I can get a quickly overview about the devices on the network and where the devices are connected to. There is any app or service that can get these kind of data from openwrt?