I’m looking to upgrade my router and properly subnet and lock down my network.

I’m getting conflicting information about this; some folks insist that you need a router and some switches to get it to work, others say just a nice router will do it. I’m really hoping the latter group is correct, and that something like a MikroTik hAP AC3 or AX3 will do the trick. I’m willing to submit to the learning curve, bring it! :)

The setup I’m trying to achieve (ideally with room to grow a bit):

  • Internet: Right now I’m on CenturyLink gigabit (working with current router with the “VLAN tag 201” setup).
  • Subnet/VLAN setup:
    • General Stuff that applies to all
      • All SSIDs are hidden; guests can ask.
      • All non-guest devices must be manually manged (MAC Address, static IP)
      • Unless otherwise specified, devices are siloed with only internet access.
    • VLAN1 - Core/Main: Couple of primary desktops (e.g. linux box + windows gaming rig)
      • wired only; VERY limited intra-VLAN communication (probably only ssh).
      • Allow inbound ssh from VLAN2 (e.g. rsync with laptop)
    • VLAN2 - Semi-Trusted: Personal phones/laptops that travel with me and connect to outside Wi-Fi (hotels, etc.)
    • VLAN3 - Services: Devices that serve inbound requests from VLAN1/2 (Google TV, Printer, etc.)
    • VLAN4 - Guest: Guests who want to get on my Wi-Fi (limit to 4 or 8 at a time)
      • Dynamically allocated IPs
    • VLAN5 - IoT Hellscape: Might subdivide this depending on need, but for now, all devices just talk to their respective cloud APIs.

Is this kind of thing achievable with just a single powerfully-configurable router? Any recommendations (or thoughts on the subnetting setup - is it over-engineered?)

Thanks!

  • AnonymousPerson-9@alien.top
    cake
    B
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Just get a pfsense firewall i use protectli and a seperate Wireless AP, and a smart switch then you can do all of this.

    Use your wan port on your firewall to connect to you isp. Then configure your vlans on your pfsense. Also configure your dhcp for your vlans on your pfsense. Connect your pfsense lan port to your switch. Make sure this switchport is setup as a trunk to support multiple vlans on the wire.

    Connect you wifi ap to your switch. Make sure this connection is also set to trunk mode on the switch. Also make sure your ap supports trunks and multiple vlan ids.