Router recommendations
- Thread starter CJ133
- Start date
In that video, check the 7 minute mark for a really good summary of the SG-1100 ($179) or SG-2100 ($229). Recognize you are buying a lower power device at a premium, but officially supported and with the newest pfSense software. Also I don't believe either provide any wifi connectivity so plan accordingly.
Correct - costs are going to be a little higher than just building something yourself because it's an officially supported product. I considered one of their devices but the SG-2100 for example, I have no use for the SFP port and I didn't like the fact that unless I am wrong, the four ports are basically just a built in 'switch' but I think you can setup vlans for each of the ports. I wanted to go with physical subnets which is one of the main reasons for going with something like the Protectli.
And yes, router only. You could either repurpose your old router as an access point or buy a dedicated access point. Something like this would work (link below). I am actually using a 3 piece Orbi Mesh system for my main wifi and my old router as the unsecured wifi. A lot of people tout the Unifi Products. I purchased a UniFi NanoHD ($160) but my old router in AP mode provided a better signal. Also, you had to run their software on a computer or buy their cloud key to configure it. I found it very clumsy to use, it did not perform well and I returned it
And yes, router only. You could either repurpose your old router as an access point or buy a dedicated access point. Something like this would work (link below). I am actually using a 3 piece Orbi Mesh system for my main wifi and my old router as the unsecured wifi. A lot of people tout the Unifi Products. I purchased a UniFi NanoHD ($160) but my old router in AP mode provided a better signal. Also, you had to run their software on a computer or buy their cloud key to configure it. I found it very clumsy to use, it did not perform well and I returned it
I am new to all this networking gibberish.
Is a router more preffered than a switch when it comes to IPcams ?
Is it just personal preference. I understand they operate at different layers of the OSI model.
i bought a Cisco WS-C3560X-24P-L, should i have gone with a router instead ?
Is a router more preffered than a switch when it comes to IPcams ?
Is it just personal preference. I understand they operate at different layers of the OSI model.
i bought a Cisco WS-C3560X-24P-L, should i have gone with a router instead ?
sebastiantombs
Known around here
It's best to keep the cameras and PC on a switch and avoid running all the data through a router. Regular routers, like ISP supplied, just don't have the bandwidth capacity to handle many multiple, constant, video streams that IP cameras generate.
I started slowly with UniFi equipment and ended up going all in. Finished with a USG in late 2017 and have to say that we are very happy with their ecosystem. Everything just works.
We have a two story, 1800 sq ft house and have one AP mounted to the upstairs loft ceiling and the other to the garage ceiling where we also have a UniFi 8x150 switch. The garage gets hot in our high desert climate but it keeps on ticking.
We have a two story, 1800 sq ft house and have one AP mounted to the upstairs loft ceiling and the other to the garage ceiling where we also have a UniFi 8x150 switch. The garage gets hot in our high desert climate but it keeps on ticking.
They also put ads in their devices. Soemthing weird going on with that company. Just be careful.
Just another reason to 'stay away' from anything Cloud based. You put your security in some other person/companies hands. Learn to secure your own network to the best of your ability. I for one, will never have anything Cloud based.
Jessie.slimer
BIT Beta Team
What would you guys suggest for a relatively low cost router with built in VPN and VLAN support? As a non network guru with no programming ability, I'd like it to have a gui to set up the vpn and vlan to isolate my IoT devices.
I have an Asus 86u now, and I see that it will do VLAN if I use Merlin firmware, but from what I understand it won't have a gui.
I have an Asus 86u now, and I see that it will do VLAN if I use Merlin firmware, but from what I understand it won't have a gui.
I know you are asking for a recommendation for a different router, but I find the ASUS Routers to be a pretty good consumer solution. I definitely would recommend (and do use them) for VPN access via OpenVPN. I know it doesn't specifically tackle the VLAN feature you asked about but it might still be able to basically accomplish your goals.
I would configure each IOT client to block internet access by navigating to:
I tried this myself for IP cameras, but found while it blocked the cameras video going to the internet it also blocked video going over site-to-site VPN, which for my use case wasn't a good option. There was a workaround using iptables manual configs but I haven't figure it out just yet.
I would configure each IOT client to block internet access by navigating to:
- Network Map\Clients
- Client Status
- Select the client
- Toggle Block Internet Access
I tried this myself for IP cameras, but found while it blocked the cameras video going to the internet it also blocked video going over site-to-site VPN, which for my use case wasn't a good option. There was a workaround using iptables manual configs but I haven't figure it out just yet.
Jessie.slimer
BIT Beta Team
Yeah I really like this router and has worked really well on openvpn. My IoT and untrusted devices still need internet access to function though. I just don't want them to be able to access my computers or anything else with sensitive information on my network. I wonder if there is a way to use a second low end Netgear Nighthawk router I have laying around and put those devices on that router, and route all that traffic through the Asus directly to the internet.
Not a perfect solution, but putting all your untrusted devices and IoT on a guest network in the Asus router will keep them off your other network.
The problem with adding another router downstream of the Asus router is that everything connected to the downstream can access the upstream router. I thought that option first as well and read that this doesn't solve it, and sure enough I was able to access the Asus router settings through a device connected to the downstream router.
edit: I think "Guest Network" @wittaj recommended would be what I would try.
Play dumb and get lucky option: hook up a second distinct network router
Check if your ISP allows you to connect multiple devices to your single internet connection (i.e. thinking a switch in front of two routers to accomplish your separation goal). I have never personally encountered one that would allow it, but maybe you get lucky.
If your ISP provides your modem and it has multiple ports but your current internet only uses one of them, you could call them and "play dumb" asking them to turn on an inactive port to hook up "just one more device" (of course you will be hooking up a router with numerous IOT devices but they shouldn't need to know that).
Double NAT
Another possible option is double-NAT your entire home network behind two routers with NAT (beware double NAT can cause some hard to troubleshoot problems):
WAN--------Router 1 (IOT) ------- Router 2 (HOME LAN)
If you reversed the routers and put Router 1 behind Router 2 then you aren't actually isolating IOT from HOME networks like @wittaj mentioned above plus all the IOT devices would be double-NAT (depending on the device this could be a problem).
ASUS DMZ
I researched if ASUS DMZ might work, but everything I read is that if the DMZ hosts are on your primarily LAN subnet (IOT devices plugged into your network), then if they were compromised they could launch attacks against your regular devices. (so bad news).
The "Longshot" - Custom Firmware + special routing rule
I found an article that describes a simple way and a more complicated way (VLAN) to setup ASUS routers for LAN-side separation, which might prevent you from needing to buy additional equipment. Here: LAN port isolation (port-based VLAN) on ASUS RT-AX88U with Asuswrt-Merlin 384.16
Without a working ASUS router available to test, I don't know if Merlin firmware would be required or something. He supposedly does what you want with this command:
The best option if you can afford to do it
Probably a better option would be some different firewall device that supports exactly what you want (VLANs, OpenVPN etc), and then repurpose the ASUS router as just a wifi access point (not router mode). Depending when you bought it that's probably a sour pill to turn your high end ASUS router into a dumb AP.
Play dumb and get lucky option: hook up a second distinct network router
Check if your ISP allows you to connect multiple devices to your single internet connection (i.e. thinking a switch in front of two routers to accomplish your separation goal). I have never personally encountered one that would allow it, but maybe you get lucky.
If your ISP provides your modem and it has multiple ports but your current internet only uses one of them, you could call them and "play dumb" asking them to turn on an inactive port to hook up "just one more device" (of course you will be hooking up a router with numerous IOT devices but they shouldn't need to know that).
Double NAT
Another possible option is double-NAT your entire home network behind two routers with NAT (beware double NAT can cause some hard to troubleshoot problems):
WAN--------Router 1 (IOT) ------- Router 2 (HOME LAN)
If you reversed the routers and put Router 1 behind Router 2 then you aren't actually isolating IOT from HOME networks like @wittaj mentioned above plus all the IOT devices would be double-NAT (depending on the device this could be a problem).
ASUS DMZ
I researched if ASUS DMZ might work, but everything I read is that if the DMZ hosts are on your primarily LAN subnet (IOT devices plugged into your network), then if they were compromised they could launch attacks against your regular devices. (so bad news).
The "Longshot" - Custom Firmware + special routing rule
I found an article that describes a simple way and a more complicated way (VLAN) to setup ASUS routers for LAN-side separation, which might prevent you from needing to buy additional equipment. Here: LAN port isolation (port-based VLAN) on ASUS RT-AX88U with Asuswrt-Merlin 384.16
Without a working ASUS router available to test, I don't know if Merlin firmware would be required or something. He supposedly does what you want with this command:
Code:
# eth3 maps to LAN port 2 on AX88U
ebtables -A FORWARD -i eth3 -o br0 -j DROPThe best option if you can afford to do it
Probably a better option would be some different firewall device that supports exactly what you want (VLANs, OpenVPN etc), and then repurpose the ASUS router as just a wifi access point (not router mode). Depending when you bought it that's probably a sour pill to turn your high end ASUS router into a dumb AP.
Last edited:
I use Omada. I have four EAP245s and a cloud controller that gives me a mesh network all over my home. But I use an ASUS router. So far I love the Omada mesh, no issues for about a year. All three of my wifi cameras are connected through them.