Hi everybody, I would like to ask your help to refactor a small home/office network.
It's a three-story building, each store a rectangle measuring 60 square meters (approximativetly 8.8m x 6.8m), located in Italy.
ISP link: FTTC 100Mbps/10Mbps, in the hopefully not so distant future to be converted to FTTH nominally 1Gbps/1Gbps (let's expect 500Mbps/500Mbps at best); the link arrives in a ground floor corner.
ATM the router is an AVM Fritz!Box 7490 located in that ground floor corner. The WiFi signal covers the whole building, but distant areas on the second floor are very poorly served.
I plan to have the ISP router in bridge mode with an OpenWRT router in cascade. The router should have at least 1 USB 3.0 port and must do VPN, 802.1q VLANs, and SQM. A GPL bootloader would be appreciated. The router should run a RADIUS server doing 802.1x with dynamic VLAN assignment.
I plan to have a managed Gigabit Ethernet switch with at least 5 ports and at least 16 VLANs. A PoE/PoE+ capable (PSE) switch would be appreciated, but I could also use PoE injectors in its stead. By some 20m of CAT6 UTP cable running into the middle of the first floor, I plan to connect it to an 2.4GHz/5Ghz (WiFi 6 appreciated) PoE powered AP supporting multiple SSID, some of them with WPA-PSK and fixed VLAN, at least one of them with 802.1x with dynamic VLAN assignment. The AP should cater for some 20-30 concurrent devices (personal as well as smart / IoT devices). The
intended AP location should cover the whole building; however, the AP should do meshing, to allow for future expansions.
I would very much appreciate your thoughts about my plan and of course your recommendations about hardware: router, switch and AP. The budget figure should be within EUR 200-300 range.
P.S. Please, excuse my bad English, and do please ask if I missed some required detail.
However, your current needs of 100/10 MBit/s are much easier and cheaper to satisfy, so it might make sense to get something integrated (e.g. mt7622+mt7915 or ipq807x) now (up to around 100 EUR) or the aforementioned Tips for getting cheap used x86-based firewall with full Gbit NAT (a PC Engines APU) if you are in the US - and to defer the question of what might be needed for 1 GBit/s WAN speeds to the future (technology only gets better and cheaper in relation over time).
for 1/1Gbit symmetrical FTTH I would skip SQM, not worth the fuss unless you have hundreds of users streaming stuff.
Router: x86 fanless, at least 2 x Gbit
Switch: definitely PoE...you do not want to mess with injectors with many ports.
AP: I just started using Xiaomi X3600 as AP's and they work really nice on 5GHz 802.11ax and leave three extra ports (I use PoE ejector). Otherwise, any PoE AP will do.
While that is an approach I'd certainly test before buying new stuff, if you have to buy something new anyways (lantiq VRX288 as in the Fritz!Box 7490 won't even do 100 MBit/s properly, without offloading) 4-ethernet-port gemini-lake/ jasper-lake Atom systems aren't that far off either (they certainly won't to sqm/cake at 2.5GBASE-T, but they should be able to cover 1GBASE-T; extrapolating from the synthetic benchmark I've done on baytrail-d/ j1900 (~830 MBit/s with sqm/cake tops, the newer Atom chipsets should be able to offset that delta to 1 GBit/s (~930-940 MBit/s) wirespeed)).