SageTV Community  

Go Back   SageTV Community > General Discussion > The SageTV Community

Notices

The SageTV Community Here's the place to discuss what's worth recording, HTPC deals at retail stores, events happening outside of your home theater, and pretty much anything else you'd like. (No For-Sale posts)

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 04-05-2022, 08:23 AM
stanger89's Avatar
stanger89 stanger89 is offline
SageTVaholic
 
Join Date: May 2003
Location: Marion, IA
Posts: 15,188
"High end" home router with VLANs

Hey all, been a while (Sage just works too well). Anyway I know there's a lot of networking smart people here so I'm looking for recommendations.



I'm looking for a new "router" with support for VLANs. I'm currently running an Asus running Merlin, and it seems like you can to VLANs if you're determined but requires editing config files, I'd rather something that officially supports them.


A little background, I've been working from home for a while, remoting into my work PC that lives on site, but the company is moving to giving people laptops that they'll take home. I'd rather not have that machine on the network with everything else. And of course I know I should probably do something similar with all the random network devices I have too, so I'm looking to upgrade my router.

I was pretty much set on a Unifi Dream Machine Pro which seems to have the features and performance, but in my reading, I have some concerns about their support and updates, so I'm wondering if there's something else I should be considering? Maybe I'm overthinking it? Maybe PFsense on my unraid server, though I'm not sure I trust my server enough for that?
Reply With Quote
  #2  
Old 04-05-2022, 08:45 AM
t4runnr t4runnr is offline
Sage Advanced User
 
Join Date: Mar 2011
Location: Ann Arbor, MI
Posts: 83
If I read your post correctly, you don't want the work laptop to see anything on your network or vice versa. I might be wrong but I think putting your work laptop in a DMZ on your router might do what you're looking for.

I've never used the DMZ setting on my router but I think its a matter of putting the IP or MAC address of the laptop in the DMZ. Settings will vary based on routers.

I think the risk is that DMZ has no firewall at all to the outside world (not sure if thats true), so proceed with caution.
Reply With Quote
  #3  
Old 04-05-2022, 09:20 AM
Zogg's Avatar
Zogg Zogg is offline
Sage Aficionado
 
Join Date: May 2011
Location: Frisco, TX
Posts: 398
I have worked from home for years, so one thing to keep in mind is that when you have the VPN activated then the laptop won't be able to "see" your other home devices, unless the VPN software allows for exclusions such as for a networked printer.

I don't usually have my VPN connected because I don't need it for just email, and also it degrades the performance of online meetings, so I would constantly be disconnecting and reconnecting. But for me there's no issue having it on my home network with no VLAN.

But if you really want to go that route, I think you can use a managed switch rather than replace the router, you just have to configure the switch to pass traffic over the same port to the router. But certainly fine and might be easier to replace it all.

Personally, I run a Unifi USG router and then unmanaged switches. I might eventually get a managed switch and put my cameras and such in a VLAN, but I really don't think it will make much difference.
__________________
-----
AMD Ryzen 5 3600, B450 m/b, 32Gig, lots of disks, Unraid, 2x HDPVR2 tuners, HDHomeRun Prime, HDHomeRun HDHR4 OTA, Windows Live Tuner, SageTV docker, OpenDCT docker, Win8.1 VM, EventGhost
Reply With Quote
  #4  
Old 04-05-2022, 02:38 PM
sic0048 sic0048 is offline
Sage Icon
 
Join Date: Nov 2007
Posts: 1,381
I went through the exact same process as you, just a few years ago. I also was using some older routers flashed with the Merlin firmware. I also decided that I needed to run some VLANs and VPNs and other more advanced features.

I decided on pfSense.. It is open source and free (the community addition) and there are a ton of guides and how to videos out there. I like that by default the firewall blocks everything. You then have to enter firewall rules to allow connections. It's not hard, but the fact that it starts out blocking everything means you aren't accidentally exposing your network to the whole world.

I set my house as well as my parent's house up on pfSense. I even have a full time VPN connection between the two locations so we can backup files offsite. They save files to a USB hard drive at my house and I save files to a USB hard drive at their house. It works great.

I have Ubiquity Wireless APs at my house and TP-Link Wireless APs at their house. Both work fine and allow me to run multiple wireless networks.

I have lots of VLANs - my main network, one for IOT devices that are blocked from the internet (lights automation, etc), another for IOT devices that need the internet (media streaming devices, personal mobile devices, etc), one for network printers, one for gaming systems (XBox, etc), one for CCTV, and finally one for my digital phone system (PBX in a Flash).

I run pfSense on some old HP t620 Plus thin clients that have a Intel 4 port network card installed in them (hence the need for the "plus" model). They work fine and are fast enough to support our 300/300 network speed as well as run pfBlockerNG and some other plugins. It may be economical to get newer thin clients like the 730 or 740 series. I've had mine for something like 4-5 years now.

To use VLANs, you'll really need to get an enterprise quality managed network switch. The good news is that there are plenty of used options on EBay, etc. I have some Aruba S2500 48 port POE switches, but if I was replacing them today I would get some Brocode ICX units (probably the 6450). They can be found for $100 or less on EBay. https://forums.servethehome.com/inde...itching.21107/

I'd be happy to answer any questions you might have.
__________________
i7-6700 server with about 10tb of space currently
SageTV v9 (64bit)
Ceton InfiniTV ETH 6 cable card tuner (Spectrum cable)
OpenDCT
HD-300 HD Extenders (hooked to my whole-house A/V system for synched playback on multiple TVs - great during a Superbowl party)
Amazon Firestick 4k and Nvidia Shield using the MiniClient
Using CQC to control it all

Last edited by sic0048; 04-05-2022 at 02:46 PM.
Reply With Quote
  #5  
Old 04-06-2022, 06:15 AM
stanger89's Avatar
stanger89 stanger89 is offline
SageTVaholic
 
Join Date: May 2003
Location: Marion, IA
Posts: 15,188
Quote:
Originally Posted by Zogg View Post
I have worked from home for years, so one thing to keep in mind is that when you have the VPN activated then the laptop won't be able to "see" your other home devices, unless the VPN software allows for exclusions such as for a networked printer.

Yeah, I don't know if they've got split tunneling enabled or not, I don't know anyone currently with a laptop that would care enough to know that. I hope they do so I can remote into the laptop and use my main machine with dual monitors rather than having to get a KVM.


Quote:
I don't usually have my VPN connected because I don't need it for just email, and also it degrades the performance of online meetings, so I would constantly be disconnecting and reconnecting. But for me there's no issue having it on my home network with no VLAN.

Unfortunately we need it for everything, can't even access email without being on the VPN. Not to mention all the apps/services/network shares we use.


Quote:
Originally Posted by sic0048 View Post
I decided on pfSense.. It is open source and free (the community addition) and there are a ton of guides and how to videos out there. I like that by default the firewall blocks everything. You then have to enter firewall rules to allow connections. It's not hard, but the fact that it starts out blocking everything means you aren't accidentally exposing your network to the whole world.

I was actually just looking at pfsense and kinda like that idea. Actually if Netgate wasn't out of stock, I might have ordered something yesterday. Not sure what I've got for spare hardware to build something out of. I do have a basically ready-to-go old Thin Mini-ITX machine that was an old HTPC, but it's missing a CPU and the case doesn't support a riser for a multi-port NIC.


Quote:
To use VLANs, you'll really need to get an enterprise quality managed network switch. The good news is that there are plenty of used options on EBay, etc.

After reading some more, not sure I really need VLANs, maybe I could just use separate switches run off different ports on the router....

I was looking at the brocade stuff, but I wonder, it is a bit cheaper, but the Unifi Switch Pro 24 is not a "ton" more, and from what I've read, makes it really easy to setup VLANs. That and I've already got some UniFi hardware so I'm already running the controller.

Last edited by stanger89; 04-06-2022 at 06:25 AM.
Reply With Quote
  #6  
Old 04-06-2022, 10:04 AM
trk2 trk2 is offline
Sage Aficionado
 
Join Date: Jan 2006
Location: Maine
Posts: 483
I run, and would recommend, OPNsense over pfsense. Netgate split development with an open and closed source version with the open source version being the lesser priority. Netgate also has had some disingenuous business practices that finally pushed me over to OPNsense. That being said, both pfsense and OPNsense are excellent choices for providing performance and features for a high end home router.
Reply With Quote
  #7  
Old 04-06-2022, 02:18 PM
wayner wayner is offline
SageTVaholic
 
Join Date: Jan 2008
Location: Toronto, ON
Posts: 7,401
I don't use VLANs but I have a Unifi USG router and a bunch of Unifi access points in my house. I haven't had any of the issues that you talk about and I have been happy with Unifi.
__________________
New Server - Sage9 on unRAID 2xHD-PVR, HDHR for OTA
Old Server - Sage7 on Win7Pro-i660CPU with 4.6TB, HD-PVR, HDHR OTA, HVR-1850 OTA
Clients - 2xHD-300, 8xHD-200 Extenders, Client+2xPlaceshifter and a WHS which acts as a backup Sage server
Reply With Quote
  #8  
Old 04-08-2022, 08:24 PM
Striker:WG Striker:WG is offline
Sage Aficionado
 
Join Date: Oct 2008
Posts: 447
I'll throw in another vote for pfsense. Been running it for years. I've got several managed HP switches (yea eBay!) and several vlans. Works well enough for my needs, and if you have spare hardware, pfsense is free!
Reply With Quote
  #9  
Old 04-09-2022, 12:26 AM
fidget's Avatar
fidget fidget is offline
Sage Icon
 
Join Date: Jun 2003
Location: Cedar Rapids, Iowa, USA
Posts: 1,185
I have an Eero and it has two wireless networks: one regular and one “guest.” Where possible, I have my consumer electronics (door bell, TVs) on the “guest” network. It doesn’t allow you to allocate bandwidth between them, though.
__________________
Server: i5-2405S (4 core @ 2.5 GHz), 8GB RAM, NORCO RPC-4220 4U case
Tuners: 2 SiliconDust HDHomeRun , 2 Hauppauge HD-PVR Connected to 1 Pace700X and 1 TiVo Series 4
DVD Storage: 24 TB
TV Storage: 11 TB (4x1.5TB for recording, 5TB for archive)
Clients: 3
SageTV Extenders:5
Reply With Quote
  #10  
Old 05-31-2022, 11:03 AM
something fishy something fishy is offline
Sage Advanced User
 
Join Date: Sep 2004
Posts: 240
At risk of resurrecting an old thread. I use a UDM (not the pro version) and its great. I've used unify access points for years and would strongly recommend them (even with a non-unifi wired network). I put the UDM and a Unifi managed switch in for my backhaul when my house internet was upgraded to fibre.

It makes setting up vlans very easy and made setting up bonded ethernet connections to my server a 2 minute job. If you are experienced in networking you can probably achieve the same results for less, but I'm not.

Doing it again I would probably use the UDM pro just because it seems a more mainstream product to Ubiquiti's developers and because the UDM occasionally whirrs its fan like a hairdryer. But the UDM is plenty fast enough for my 300Mbit connection with all of its DPI security features turned on (though I think that these are deeper on the UDM pro also).
Reply With Quote
  #11  
Old 06-30-2022, 05:31 PM
Galaxysurfer Galaxysurfer is offline
Sage Aficionado
 
Join Date: Jun 2009
Location: Calgary, AB CANADA
Posts: 383
Stanger,

Have you looked at the custom scripts available to Asuswrt-merlin users?

https://www.snbforums.com/forums/asu...lin-addons.60/

If you didn't already know about this forum it is worth giving a look. This is where I go when I need networking help.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
RNG110-Comcast-Always one channel "high" when changing/Hauppage PVR pittguy578 Hardware Support 2 01-11-2011 06:43 PM
"Set defaults" for Series forgets "Keep"/"Auto-delete" setting maxpower SageMC Custom Interface 9 05-14-2008 09:44 PM
Dish Network 211/222 ethernet/internet "phone home"? stanger89 The SageTV Community 15 05-14-2008 02:49 PM
Do "minimum_video_memory_for_dx9" or other values need to change at very high res? mkanet SageTV Software 0 07-29-2005 08:01 AM
"High speed" wireless G hardware bhageman General Discussion 22 08-02-2004 06:46 PM


All times are GMT -6. The time now is 03:04 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2022, vBulletin Solutions Inc.
Copyright 2003-2005 SageTV, LLC. All rights reserved.