Is this a good network setup?

I know that there is a WIP for a future article about router platforms, but from the little I’ve read on the Github issue page and a few videos I’ve watched I decided to make this plan right here:

Put my ISP router in AP only mode, connect it to a Protectli Vault as my firewall, get a managed switch that supports vland (still haven’t found a good one, if anyone can recommend one I’d appreciate it) and have a Turris Omnia as my wireless access point.

Is this a good secure network setup? (also once again, recs for a switch would be appreciated)

2xsaiko,
@2xsaiko@discuss.tchncs.de avatar

have a Turris Omnia as my wireless access point.

Why? Don’t get me wrong, I have an Omnia as well and think it’s awesome, but I use it as an all-in-one router, as a pure wireless access point I’m sure you could get something less expensive.

TufOnTwitter,
@TufOnTwitter@lemmy.dbzer0.com avatar

deleted_by_author

    •
    pipariturbiini,

    you okay?

    AlexSup21,

    Bro has a stroke

    red0888,
    @red0888@ohai.social avatar

    @TufOnTwitter @sewmopjr fair enough

    TWeaK,

    Sounds decent.

    Most routers can have VLAN functionality if you flash them with custom firmware. You get allllll the settings then. I have a netgear router that now has an FTP server and a bunch of other stuff. All you have to do is make sure the model you buy has a chipset supported by the firmware. Firmwares include:

    • DD-WRT
    • Tomato
    • AdvancedTomato
    • OpenWRT
    • Chilifire
    • Gargoyle

    I’m sure someone will come in and say that using a consumer grade router is naff, but in my (somewhat limited) experience working with managed switches in an industrial setting, a custom consumer router is much more feature-rich. Unless you need the IO of a managed switch (ie SFPs) I see no reason to go down that route.

    If you are using SFPs, be sure to get the knock off ones that can be programmed - there should be places that sell them and program them at no extra cost. They can literally be 1/10 of the cost of the manufacturer’s own modules.

    freeman,

    if the firewall can be updated regularly then sure.

    Mikrotik makes perfectly acceptable switches at a reasonable price with a variety of features, vlan compat is pretty common. A MikroTik CSS610-8P-2S+in will give you 2 10 Gb sfp , 8 x 1Gbe with PoE+ and vlans for under 300 bucks.

    walden,

    I’m not OP but that 'tik is almost perfect for me, going along with the RB5009 I already have. Is there something similar that can run RouterOS I wonder?

    freeman,

    There definately is something. They have a ton of products. I’d have to look through my list as well. The CSS runs switchos lite, but honestly its fine. I can do CLI configs (brocade, cisco, cisco smb etc) but its whatever.

    At my parents house i have been using a Mikrotik RB260GSP since about 2016 on their net. It also runs swos and im not doing anything crazy on it (in fact i never bothered with VLAN’s there though i probably should setup a guest vlan. But its been fine for years now.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacyguides@lemmy.one
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #