|
The SageTV Community Here's the place to discuss what's worth recording, HTPC deals at retail stores, events happening outside of your home theater, and pretty much anything else you'd like. (No For-Sale posts) |
|
Thread Tools | Search this Thread | Display Modes |
#1
|
||||
|
||||
"High end" home router with VLANs
Hey all, been a while (Sage just works too well). Anyway I know there's a lot of networking smart people here so I'm looking for recommendations.
I'm looking for a new "router" with support for VLANs. I'm currently running an Asus running Merlin, and it seems like you can to VLANs if you're determined but requires editing config files, I'd rather something that officially supports them. A little background, I've been working from home for a while, remoting into my work PC that lives on site, but the company is moving to giving people laptops that they'll take home. I'd rather not have that machine on the network with everything else. And of course I know I should probably do something similar with all the random network devices I have too, so I'm looking to upgrade my router. I was pretty much set on a Unifi Dream Machine Pro which seems to have the features and performance, but in my reading, I have some concerns about their support and updates, so I'm wondering if there's something else I should be considering? Maybe I'm overthinking it? Maybe PFsense on my unraid server, though I'm not sure I trust my server enough for that? |
#2
|
|||
|
|||
If I read your post correctly, you don't want the work laptop to see anything on your network or vice versa. I might be wrong but I think putting your work laptop in a DMZ on your router might do what you're looking for.
I've never used the DMZ setting on my router but I think its a matter of putting the IP or MAC address of the laptop in the DMZ. Settings will vary based on routers. I think the risk is that DMZ has no firewall at all to the outside world (not sure if thats true), so proceed with caution. |
#3
|
||||
|
||||
I have worked from home for years, so one thing to keep in mind is that when you have the VPN activated then the laptop won't be able to "see" your other home devices, unless the VPN software allows for exclusions such as for a networked printer.
I don't usually have my VPN connected because I don't need it for just email, and also it degrades the performance of online meetings, so I would constantly be disconnecting and reconnecting. But for me there's no issue having it on my home network with no VLAN. But if you really want to go that route, I think you can use a managed switch rather than replace the router, you just have to configure the switch to pass traffic over the same port to the router. But certainly fine and might be easier to replace it all. Personally, I run a Unifi USG router and then unmanaged switches. I might eventually get a managed switch and put my cameras and such in a VLAN, but I really don't think it will make much difference.
__________________
----- AMD Ryzen 5 3600, B450 m/b, 32Gig, lots of disks, Unraid, 2x HDPVR2 tuners, HDHomeRun Prime, HDHomeRun HDHR4 OTA, Windows Live Tuner, SageTV docker, OpenDCT docker, Win8.1 VM, EventGhost |
#4
|
|||
|
|||
I went through the exact same process as you, just a few years ago. I also was using some older routers flashed with the Merlin firmware. I also decided that I needed to run some VLANs and VPNs and other more advanced features.
I decided on pfSense.. It is open source and free (the community addition) and there are a ton of guides and how to videos out there. I like that by default the firewall blocks everything. You then have to enter firewall rules to allow connections. It's not hard, but the fact that it starts out blocking everything means you aren't accidentally exposing your network to the whole world. I set my house as well as my parent's house up on pfSense. I even have a full time VPN connection between the two locations so we can backup files offsite. They save files to a USB hard drive at my house and I save files to a USB hard drive at their house. It works great. I have Ubiquity Wireless APs at my house and TP-Link Wireless APs at their house. Both work fine and allow me to run multiple wireless networks. I have lots of VLANs - my main network, one for IOT devices that are blocked from the internet (lights automation, etc), another for IOT devices that need the internet (media streaming devices, personal mobile devices, etc), one for network printers, one for gaming systems (XBox, etc), one for CCTV, and finally one for my digital phone system (PBX in a Flash). I run pfSense on some old HP t620 Plus thin clients that have a Intel 4 port network card installed in them (hence the need for the "plus" model). They work fine and are fast enough to support our 300/300 network speed as well as run pfBlockerNG and some other plugins. It may be economical to get newer thin clients like the 730 or 740 series. I've had mine for something like 4-5 years now. To use VLANs, you'll really need to get an enterprise quality managed network switch. The good news is that there are plenty of used options on EBay, etc. I have some Aruba S2500 48 port POE switches, but if I was replacing them today I would get some Brocode ICX units (probably the 6450). They can be found for $100 or less on EBay. https://forums.servethehome.com/inde...itching.21107/ I'd be happy to answer any questions you might have.
__________________
i7-6700 server with about 10tb of space currently SageTV v9 (64bit) Ceton InfiniTV ETH 6 cable card tuner (Spectrum cable) OpenDCT HD-300 HD Extenders (hooked to my whole-house A/V system for synched playback on multiple TVs - great during a Superbowl party) Amazon Firestick 4k and Nvidia Shield using the MiniClient Using CQC to control it all Last edited by sic0048; 04-05-2022 at 02:46 PM. |
#5
|
||||
|
||||
Quote:
Yeah, I don't know if they've got split tunneling enabled or not, I don't know anyone currently with a laptop that would care enough to know that. I hope they do so I can remote into the laptop and use my main machine with dual monitors rather than having to get a KVM. Quote:
Unfortunately we need it for everything, can't even access email without being on the VPN. Not to mention all the apps/services/network shares we use. Quote:
I was actually just looking at pfsense and kinda like that idea. Actually if Netgate wasn't out of stock, I might have ordered something yesterday. Not sure what I've got for spare hardware to build something out of. I do have a basically ready-to-go old Thin Mini-ITX machine that was an old HTPC, but it's missing a CPU and the case doesn't support a riser for a multi-port NIC. Quote:
After reading some more, not sure I really need VLANs, maybe I could just use separate switches run off different ports on the router.... I was looking at the brocade stuff, but I wonder, it is a bit cheaper, but the Unifi Switch Pro 24 is not a "ton" more, and from what I've read, makes it really easy to setup VLANs. That and I've already got some UniFi hardware so I'm already running the controller. Last edited by stanger89; 04-06-2022 at 06:25 AM. |
#6
|
|||
|
|||
I run, and would recommend, OPNsense over pfsense. Netgate split development with an open and closed source version with the open source version being the lesser priority. Netgate also has had some disingenuous business practices that finally pushed me over to OPNsense. That being said, both pfsense and OPNsense are excellent choices for providing performance and features for a high end home router.
|
#7
|
|||
|
|||
I don't use VLANs but I have a Unifi USG router and a bunch of Unifi access points in my house. I haven't had any of the issues that you talk about and I have been happy with Unifi.
__________________
New Server - Sage9 on unRAID 2xHD-PVR, HDHR for OTA Old Server - Sage7 on Win7Pro-i660CPU with 4.6TB, HD-PVR, HDHR OTA, HVR-1850 OTA Clients - 2xHD-300, 8xHD-200 Extenders, Client+2xPlaceshifter and a WHS which acts as a backup Sage server |
#8
|
|||
|
|||
I'll throw in another vote for pfsense. Been running it for years. I've got several managed HP switches (yea eBay!) and several vlans. Works well enough for my needs, and if you have spare hardware, pfsense is free!
|
#9
|
||||
|
||||
I have an Eero and it has two wireless networks: one regular and one “guest.” Where possible, I have my consumer electronics (door bell, TVs) on the “guest” network. It doesn’t allow you to allocate bandwidth between them, though.
__________________
Server: i5-2405S (4 core @ 2.5 GHz), 8GB RAM, NORCO RPC-4220 4U case Tuners: 2 SiliconDust HDHomeRun , 2 Hauppauge HD-PVR Connected to 1 Pace700X and 1 TiVo Series 4 DVD Storage: 24 TB TV Storage: 11 TB (4x1.5TB for recording, 5TB for archive) Clients: 3 SageTV Extenders:5 |
#10
|
|||
|
|||
At risk of resurrecting an old thread. I use a UDM (not the pro version) and its great. I've used unify access points for years and would strongly recommend them (even with a non-unifi wired network). I put the UDM and a Unifi managed switch in for my backhaul when my house internet was upgraded to fibre.
It makes setting up vlans very easy and made setting up bonded ethernet connections to my server a 2 minute job. If you are experienced in networking you can probably achieve the same results for less, but I'm not. Doing it again I would probably use the UDM pro just because it seems a more mainstream product to Ubiquiti's developers and because the UDM occasionally whirrs its fan like a hairdryer. But the UDM is plenty fast enough for my 300Mbit connection with all of its DPI security features turned on (though I think that these are deeper on the UDM pro also). |
#11
|
|||
|
|||
Stanger,
Have you looked at the custom scripts available to Asuswrt-merlin users? https://www.snbforums.com/forums/asu...lin-addons.60/ If you didn't already know about this forum it is worth giving a look. This is where I go when I need networking help. |
#12
|
||||
|
||||
I've been using a Cisco RV320 router for years. Easy setup for 4 VLANs right in the GUI. Its getting old now, and I am still looking for something as good or better. I believe I have gotten the last security update, so I really need to find something to upgrade too. -Bill
__________________
Home DVR: SageTV v9.2.6(64) i7-6700 3.4ghz, 8GB RAM, Win10 Pro, 1@ SSD +1@6TB WD Blue, 1 Quad HDHR, ( OTA Winegard HD8200U, CM4221HD), 1@ STP-HD200, 1@ Nvidia Shield , 1 @ Nvidia Shield new round version, 70" & 55" Sony's RV DVR: 2@SageTV v9.2.6, NUC8i5BEK 16GB, SS980Pro NVMe, 5TB Passport, 1@olderNUC, 2 Dual HDHR, , Winegard BatWing, 40", 32", 28" Sony's, Max Transit |
#13
|
||||
|
||||
I picked up an ER605 TP-Link router https://amzn.to/3VzXNvL. Amazing price $60 and sold my RV320 for $120 on eBay yesterday. And its got vlans! It also seems a lot faster than my Cisco was, especially noticeable since my Internet was upgraded to fiber 300/300 early last week.
It appears to have been released this year so should have a couple/few years of updates coming. Although TPL support has no clue when its EOL is... Apparently they only know that date when they decide its EOL. (What a joke, they seem to think businesses wouldn't care) -Bill
__________________
Home DVR: SageTV v9.2.6(64) i7-6700 3.4ghz, 8GB RAM, Win10 Pro, 1@ SSD +1@6TB WD Blue, 1 Quad HDHR, ( OTA Winegard HD8200U, CM4221HD), 1@ STP-HD200, 1@ Nvidia Shield , 1 @ Nvidia Shield new round version, 70" & 55" Sony's RV DVR: 2@SageTV v9.2.6, NUC8i5BEK 16GB, SS980Pro NVMe, 5TB Passport, 1@olderNUC, 2 Dual HDHR, , Winegard BatWing, 40", 32", 28" Sony's, Max Transit |
#14
|
|||
|
|||
I've been using a full Unifi setup (USG-3P/USW-24-POE/multiple APs) for over 8 years with zero issues other than user-related issues. The hardware has been sollid. There's been a lot of hate for the UI of the management software - it's an evolving platform so there's bound to be quirks, but overall I'm confident in the long term support outlook and regular security updates. VLANs are entirely possible as long as connected switches etc support them as well. There's a lot of features included for the price. The only issue I initially had was setting up Sonos which is common for this combined hardware setup, but a quick google search can resolve that. Recently I bought a UDM pro but haven't had time to commission it yet.
__________________
I used to have a handle on life, but it broke. Server: Win10Pro, GigaByte GA-MA78GPM-DS2H, AMD 64 x2 5600, 4GB Dual Channel RAM, 1-DCT-3416 / 2-DCX3400 via FireWire & Unisheen BM3000-HDMI Encoder, NMedia 200SA Case, Crystalfontz 632, USBUIRT, Client & Placeshifter license, 2x HD300 extenders, 2x HD200 extenders. |
#15
|
||||
|
||||
I'm in IT and my go-to home router is an Edgerouter X it is small powerful and inexpensive. Once set up they just run without intervention. For $59.00 you just can't get any better. You can set up VLANs easily and there is a lot of online info available to help new users.
https://store.ui.com/collections/ope...s/edgerouter-x |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
RNG110-Comcast-Always one channel "high" when changing/Hauppage PVR | pittguy578 | Hardware Support | 2 | 01-11-2011 06:43 PM |
"Set defaults" for Series forgets "Keep"/"Auto-delete" setting | maxpower | SageMC Custom Interface | 9 | 05-14-2008 09:44 PM |
Dish Network 211/222 ethernet/internet "phone home"? | stanger89 | The SageTV Community | 15 | 05-14-2008 02:49 PM |
Do "minimum_video_memory_for_dx9" or other values need to change at very high res? | mkanet | SageTV Software | 0 | 07-29-2005 08:01 AM |
"High speed" wireless G hardware | bhageman | General Discussion | 22 | 08-02-2004 06:46 PM |