SageTV Community  

Go Back   SageTV Community > General Discussion > The SageTV Community

Notices

The SageTV Community Here's the place to discuss what's worth recording, HTPC deals at retail stores, events happening outside of your home theater, and pretty much anything else you'd like. (No For-Sale posts)

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 04-05-2022, 08:23 AM
stanger89's Avatar
stanger89 stanger89 is offline
SageTVaholic
 
Join Date: May 2003
Location: Marion, IA
Posts: 15,188
"High end" home router with VLANs

Hey all, been a while (Sage just works too well). Anyway I know there's a lot of networking smart people here so I'm looking for recommendations.



I'm looking for a new "router" with support for VLANs. I'm currently running an Asus running Merlin, and it seems like you can to VLANs if you're determined but requires editing config files, I'd rather something that officially supports them.


A little background, I've been working from home for a while, remoting into my work PC that lives on site, but the company is moving to giving people laptops that they'll take home. I'd rather not have that machine on the network with everything else. And of course I know I should probably do something similar with all the random network devices I have too, so I'm looking to upgrade my router.

I was pretty much set on a Unifi Dream Machine Pro which seems to have the features and performance, but in my reading, I have some concerns about their support and updates, so I'm wondering if there's something else I should be considering? Maybe I'm overthinking it? Maybe PFsense on my unraid server, though I'm not sure I trust my server enough for that?
Reply With Quote
  #2  
Old 04-05-2022, 08:45 AM
t4runnr t4runnr is offline
Sage Advanced User
 
Join Date: Mar 2011
Location: Ann Arbor, MI
Posts: 85
If I read your post correctly, you don't want the work laptop to see anything on your network or vice versa. I might be wrong but I think putting your work laptop in a DMZ on your router might do what you're looking for.

I've never used the DMZ setting on my router but I think its a matter of putting the IP or MAC address of the laptop in the DMZ. Settings will vary based on routers.

I think the risk is that DMZ has no firewall at all to the outside world (not sure if thats true), so proceed with caution.
Reply With Quote
  #3  
Old 04-05-2022, 09:20 AM
Zogg's Avatar
Zogg Zogg is offline
Sage Aficionado
 
Join Date: May 2011
Location: Frisco, TX
Posts: 426
I have worked from home for years, so one thing to keep in mind is that when you have the VPN activated then the laptop won't be able to "see" your other home devices, unless the VPN software allows for exclusions such as for a networked printer.

I don't usually have my VPN connected because I don't need it for just email, and also it degrades the performance of online meetings, so I would constantly be disconnecting and reconnecting. But for me there's no issue having it on my home network with no VLAN.

But if you really want to go that route, I think you can use a managed switch rather than replace the router, you just have to configure the switch to pass traffic over the same port to the router. But certainly fine and might be easier to replace it all.

Personally, I run a Unifi USG router and then unmanaged switches. I might eventually get a managed switch and put my cameras and such in a VLAN, but I really don't think it will make much difference.
__________________
-----
AMD Ryzen 5 3600, B450 m/b, 32Gig, lots of disks, Unraid, 2x HDPVR2 tuners, HDHomeRun Prime, HDHomeRun HDHR4 OTA, Windows Live Tuner, SageTV docker, OpenDCT docker, Win8.1 VM, EventGhost
Reply With Quote
  #4  
Old 04-05-2022, 02:38 PM
sic0048 sic0048 is offline
Sage Icon
 
Join Date: Nov 2007
Posts: 1,384
I went through the exact same process as you, just a few years ago. I also was using some older routers flashed with the Merlin firmware. I also decided that I needed to run some VLANs and VPNs and other more advanced features.

I decided on pfSense.. It is open source and free (the community addition) and there are a ton of guides and how to videos out there. I like that by default the firewall blocks everything. You then have to enter firewall rules to allow connections. It's not hard, but the fact that it starts out blocking everything means you aren't accidentally exposing your network to the whole world.

I set my house as well as my parent's house up on pfSense. I even have a full time VPN connection between the two locations so we can backup files offsite. They save files to a USB hard drive at my house and I save files to a USB hard drive at their house. It works great.

I have Ubiquity Wireless APs at my house and TP-Link Wireless APs at their house. Both work fine and allow me to run multiple wireless networks.

I have lots of VLANs - my main network, one for IOT devices that are blocked from the internet (lights automation, etc), another for IOT devices that need the internet (media streaming devices, personal mobile devices, etc), one for network printers, one for gaming systems (XBox, etc), one for CCTV, and finally one for my digital phone system (PBX in a Flash).

I run pfSense on some old HP t620 Plus thin clients that have a Intel 4 port network card installed in them (hence the need for the "plus" model). They work fine and are fast enough to support our 300/300 network speed as well as run pfBlockerNG and some other plugins. It may be economical to get newer thin clients like the 730 or 740 series. I've had mine for something like 4-5 years now.

To use VLANs, you'll really need to get an enterprise quality managed network switch. The good news is that there are plenty of used options on EBay, etc. I have some Aruba S2500 48 port POE switches, but if I was replacing them today I would get some Brocode ICX units (probably the 6450). They can be found for $100 or less on EBay. https://forums.servethehome.com/inde...itching.21107/

I'd be happy to answer any questions you might have.
__________________
i7-6700 server with about 10tb of space currently
SageTV v9 (64bit)
Ceton InfiniTV ETH 6 cable card tuner (Spectrum cable)
OpenDCT
HD-300 HD Extenders (hooked to my whole-house A/V system for synched playback on multiple TVs - great during a Superbowl party)
Amazon Firestick 4k and Nvidia Shield using the MiniClient
Using CQC to control it all

Last edited by sic0048; 04-05-2022 at 02:46 PM.
Reply With Quote
  #5  
Old 04-06-2022, 06:15 AM
stanger89's Avatar
stanger89 stanger89 is offline
SageTVaholic
 
Join Date: May 2003
Location: Marion, IA
Posts: 15,188
Quote:
Originally Posted by Zogg View Post
I have worked from home for years, so one thing to keep in mind is that when you have the VPN activated then the laptop won't be able to "see" your other home devices, unless the VPN software allows for exclusions such as for a networked printer.

Yeah, I don't know if they've got split tunneling enabled or not, I don't know anyone currently with a laptop that would care enough to know that. I hope they do so I can remote into the laptop and use my main machine with dual monitors rather than having to get a KVM.


Quote:
I don't usually have my VPN connected because I don't need it for just email, and also it degrades the performance of online meetings, so I would constantly be disconnecting and reconnecting. But for me there's no issue having it on my home network with no VLAN.

Unfortunately we need it for everything, can't even access email without being on the VPN. Not to mention all the apps/services/network shares we use.


Quote:
Originally Posted by sic0048 View Post
I decided on pfSense.. It is open source and free (the community addition) and there are a ton of guides and how to videos out there. I like that by default the firewall blocks everything. You then have to enter firewall rules to allow connections. It's not hard, but the fact that it starts out blocking everything means you aren't accidentally exposing your network to the whole world.

I was actually just looking at pfsense and kinda like that idea. Actually if Netgate wasn't out of stock, I might have ordered something yesterday. Not sure what I've got for spare hardware to build something out of. I do have a basically ready-to-go old Thin Mini-ITX machine that was an old HTPC, but it's missing a CPU and the case doesn't support a riser for a multi-port NIC.


Quote:
To use VLANs, you'll really need to get an enterprise quality managed network switch. The good news is that there are plenty of used options on EBay, etc.

After reading some more, not sure I really need VLANs, maybe I could just use separate switches run off different ports on the router....

I was looking at the brocade stuff, but I wonder, it is a bit cheaper, but the Unifi Switch Pro 24 is not a "ton" more, and from what I've read, makes it really easy to setup VLANs. That and I've already got some UniFi hardware so I'm already running the controller.

Last edited by stanger89; 04-06-2022 at 06:25 AM.
Reply With Quote
  #6  
Old 04-06-2022, 10:04 AM
trk2 trk2 is offline
Sage Aficionado
 
Join Date: Jan 2006
Location: Maine
Posts: 488
I run, and would recommend, OPNsense over pfsense. Netgate split development with an open and closed source version with the open source version being the lesser priority. Netgate also has had some disingenuous business practices that finally pushed me over to OPNsense. That being said, both pfsense and OPNsense are excellent choices for providing performance and features for a high end home router.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
RNG110-Comcast-Always one channel "high" when changing/Hauppage PVR pittguy578 Hardware Support 2 01-11-2011 06:43 PM
"Set defaults" for Series forgets "Keep"/"Auto-delete" setting maxpower SageMC Custom Interface 9 05-14-2008 09:44 PM
Dish Network 211/222 ethernet/internet "phone home"? stanger89 The SageTV Community 15 05-14-2008 02:49 PM
Do "minimum_video_memory_for_dx9" or other values need to change at very high res? mkanet SageTV Software 0 07-29-2005 08:01 AM
"High speed" wireless G hardware bhageman General Discussion 22 08-02-2004 06:46 PM


All times are GMT -6. The time now is 10:05 AM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2022, vBulletin Solutions Inc.
Copyright 2003-2005 SageTV, LLC. All rights reserved.