This thread moves so fast, what is this? The lounge? I don’t have time to go through all the replies. I answered a similar question here:
I suggest you give a read of the entire comment though.
I wouldn’t recommend it yet. If I knew enough about it, I’d probably help you do it, but I can’t suggest this to someone if I didn’t do it myself yet. Stick to ipv4 or dual-stack at most.
You probably could, but some sites to this day may stop working.
I feel the bern. I think we talked about it previously, I’d do the Unifi one that can run OpenWRT. These days I seriously do not trust proprietary software on routers and APs. They get hacked so often, it’s not even funny, even pretty recent ones. I would take a beat and use something slower with lower range, maybe more of them, instead of something top of the line running proprietary software.
Screw Asus and Cisco and all the big guys, not to mention the small ones who can’t do security better than those anyway. Grab any router that you can flash OpenWRT on it. Or build your own, you have some SBCs laying around, buy some decent USB WiFi cards that can be used to broadcast signal. I bought 2 of these just for that to put on my RockPro64, but I never got around to do it. The reason I have 2 is because I want 1 to be a WAN, but I could buy a third one and run that in 2.4GHz mode.
For your use case Sarge, I’d go with those subnets:
- trusted / management
- wifi home
- wifi and wired IoT with network access
- wifi and wired IoT sandbox (no network access, for things like security cameras and door bells if you have any of those)
- wifi guests
- lab
- pseudo-DMZ (things that you may want to access from the internet and other subnets, like a VPN or a media server)
You can probably drop the wifi sandbox. In all fairness, wifi is pretty unsafe anyway, so if you can’t split it in multiple subnets, just combine them all and assume it’s compromised. Don’t allow wifi to access trusted / management and the lab and you’re good.