Hardware / logic of network layout

Hey

I’m building a home & home-office-soho network for my work from home.

In general this is the layout that I’d like to “achieve”:
pasteboard JAPZix1.png please add .co/ between board and img…

For the moment I’m trying to do it on a “Budged” with what I got if I can… but I’m not sure as I never did that “advanced” networking before.

I have 2 options :
1:

As my starter box I have wrt3200ACM, I had a quite bad experience with it 4 years ago using DDWRT, but I was younger and … not so smart, so maybe this time it will work better. I’m thinking of using openWRT this time. I’ve read some fixes for 5g network/etc/etc(reddit /r/openwrt/comments/enfsrm/openwrt_on_linksys_wrt3200acm_fyi_you_may_find) . The router will need to be able to handle quite few iot/smart wifi items + all the networks/etc. Hopefully it will be able to “run”.

In any case, it has 4 ports, so it should offer 4 “local” networks. (1 less than the diagram) so I thought that I could use 3 ports for direct connection to 3 local networks + 1 port and 3 switches to build up the 4th bigger network (5th on diagram).

Say I want to connect router > switch > switch > switch with poe. Do each of the 3 switches have to be managed? Or can they be unmanaged?

Option 2
2.
PfSense, grab the cheapest I can get my hands on… (any recommendations? ) then from that add a switch (unmanaged/managed/l2/l3?) and build up the networks from there. Seems “straightforward” with the same uncertainty as 1st point when it comes to daisy-chaining switches. The bigger problem is how do I handle wifi antena/access point? Do I just buy something like > UniFi 6 Lite Access Point
connect pfsense>Switch>accessPoint and then I can tell AP to have 4 wifi networks matching the subnets etc etc?

Switch wise with poe I’m cross between unmanaged > NETGEAR GS308PP 8-Port and managed > NETGEAR GS310TP 8 Port PoE+ Or maybe ot her one ?

I’ve got 4 cameras now, with the idea of adding 2 extra… so not sure if 55W is enough… and if I need it managed…

Thanks for any info/help :- )

Regards
Dariusz

You have a ton of isolated networks and isolated wifi… I’m reading that as VLANs… can you go into more detail.

How many wireless access points do you want?


Re pfsense, it’s just a bunch of scripts with a webui that turns freebsd into a router. There’s reasons why you may want to use an x86 / pc class hardware as a router, but pfsense doesn’t really offer anything special or unique you can’t do if you just installed regular Debian or Alpine if you want to go minimalist, or openwrt onto a pc with some network interfaces and configured it for routing or firewalling or what not.

Additionally, if I’m reading your diagram correctly, it sounds like hardware wise you’d want a couple of Ubiquiti Unifi UAP-IW-HD (4port gigabit switch + AP) , and also some of their switches to make VLAN and poe configuration easy, and then their router because “when in rome”…


Also, I’ve been using openwrt on wrt3200acm, just as a crappy access point kind of, feel free to ask questions if you have any.

Hey @risk thanks so much for helping out!

Yeah I think that you are right, lots of vlans + wifi to each VLAN.

Pfsense, I see, yeah I agree, for me it was just low power 5w router that could deal with all the vlans/wifi access etc/etc. If I can make my 3200acm do that then I’ll use that. I’ve been looking now at wifi 6 router/access point but I don’t know enough to make a decision. I take if I take wifi 6 access point, then I can use my acm3200 to control it and push my vlans on to it ? So I can get nice antena/range/performance and private lan from acm3200. If so thats great. But what make me wonder is… will I need 4 access points 1 for each network or just 1 ? Hmmm

As to your openwrt wrt3200acm, are you able to “stable-ish” run wifi5ghz ? any issues? My last experience with it was that 5ghz was dropping off/causing issues. I went back to my older gear after that, left the router in the bookshelf to dust-up.

I’ve looked at Unifi stuff, but it feels like I’d have to spend 1k or so on their gear… very nice n fancy but a bit too much for me atm. Maybe in future.

Looking at Unifi again… this could work for me quite nicely as start for my cameras poe stuff > UniFi Switch Lite 8 PoE As long as I don’t need more unify managment hardware to manage this one… I’ll start with this one o.O. And I just read up details… its 4poe + 4 normal. Bad option :- (

Regards
Dariusz

With the wrt3200acm, there’s no stability issues on mine. I have european hardware, meaning it’s efuses have been blown in factory to limit the supported channels, additionally DFS doesn’t work - to translate: it means I’m basically limited to channel 36 on it. These are limitations of hardware and latest version of firmware that Marvell released for wifi. They’re no longer developing the firmware (old product/abandoned).

Performance wise, it’s not good that good either, depending on the device that’s connecting. My pixel 4 phone doesn’t do more than 200mbps on it. If you put a macbook pro right next to, you may get around 600 (I’d expect my phone to get around 550 and my macbook pro around 800+ as it does on unifi). Range is not as good as on Ubiquiti either, but it’s not that bad, maybe a hair worse than old tp-link archer c7. 802.11r fast transition between it and some of my other APs is fine as well (it’s all in software so no issues there).

VLANs work fine, crypto acceleration works ok last i tried.

On any access point I know of (incl. wrt3200acm) you can get more than one SSID/network and you can control whether you want to forward frames between clients or move that function into the kernel on the device for filtering and what not. Typically you’d have one SSID per VLAN and forwarding enabled in hardware (devices on same ssid can talk to each other), but you can also do 802.1x or assign devices to VLANs based on their mac address and so on (more advanced setup than just ssid per VLAN). Usually you don’t really get the option to configure this on the factory firmware.

In general, the wrt3200acm is a pretty ok wired router with some wireless capability (internally it has a 7port switch with 5 external interfaces and 2 going to the cpu, and it’s got a decent amount of ram for different kinds of things - ironically you could even run a unifi controller on it to manage Ubiquiti access points assuming you plug in a flash drive to give openwrt more space)