Searching for a router that has a common DHCP and supports VLAN

[master_tinkerer]

Do all routers that handle VLAN, use a individual DHCP list /allocation process or subnet per port or do any have a DHCP Master for all ports (like the process of a router that does not handle VLANS)?
My ASUS is the latter ( one subnet- no VLAN) and Netgear PR60x has a list per port and if DHCP on, the a different subnet. With the PR60, if you switch jumpers between two ports, everything stops. Maybe this is just the way it has to be.

Or are there some that do it differently?

 

[elvisimprsntr]

Sounds like you need to dump the prosumer grade routers for open source enterprise class firewall software from pfSense - World's Most Trusted Open Source Firewall.

Runs on almost any x86_64 hardware (including virtualized, but not recommended) with Intel NICs. You can pick up a used Protectli: Trusted Firewall Appliances with Firmware Protection off evilBay for <$200

Takes less then 5 minutes to get it up and running using the setup wizard. Tom Lawrence (also from MI) has a bunch of YT videos for more advanced settings.

https://www.youtube.com/@LAWRENCESYSTEMS

 

[jmhmcse]

Protectli is only one ‘brand’ of mini fanless PCs. pfSense minimum requirements are

• 64-bit amd64 (x86-64) compatible CPU
• 1GB or more RAM
• 8 GB or larger disk drive (SSD, HDD, etc)
• One or more compatible network interface cards
• Bootable USB drive or high capacity optical drive (DVD or BD) for initial installation

Obviously, 8 GB of memory and 128 GB of disk would be a more reasonable minimum. The number of isolated VLANs (subnets) dictates the number of Intel, yes use only Intel, NICs; VLANs + 1. The additional one is the WAN port.

Use your favorite browser and search for “pfSense mini PC”. Most have four NICs, others have six.

Tom Lawrence has numerous videos on the installation and configuration of pfSense.

Any x86-64 PC meeting the requirements can run pfSense. Software is free and is maintained by NetGate. Mini PCs are popular as they consume much less electricity than desktop systems.

 

[Coltect]

I'm using a BananaPi R3, which has 5 gig ports and 2 x 2.5G SFP (which I am not using, yet) I have 3 of the 1G ports for different internal subnets and 2 for internet connections.

This is running OpenWRT, which is free and opensource.

Have a look at OpenWrt's Table Of Hardware supported to see if your current router can be flashed with it.
Many 5 port routers can be used to isolate each port to a different subnet.
Supports pretty much everything software wise that pfSense does, and probably many other weird and wonderful packages that have never made it to the BSD world, but with much cheaper hardware.
Openwrt is essentially embedded linux specifically built for your hardware, with thousands of packages available, same as pfSense which is BSD based but only usable on x86-64 hardware.

Currently I am running two OpenVPN net to net connections and a cloudflare tunnel to come in via my starlink connection.

Disclaimer: Moved from pfSense years ago and am an avid fan of OpenWRT, just not real sure how to captialise it properly these days

Edit: Should mention that on one of my internal LANs I have a Microsoft AD network with its DHCP and DNS etc, and the other two LANs have DHCP and DNS via the OpenWRT router.
So the purpose of this post was to illustrate multiple LANs each with their own DHCP specific pool and VLANs if needed and DNS that can cover them all.
OpenWrt's firewall, nftables, handles any inter-subnet routing if needed.

Edit 2: Happy Easter everyone

 

[bp2008]

@Coltect I'm curious about OpenWRT and how favorably it compares to pfsense.

How difficult is it to set up advanced things like the VPNs and VLANs and multiple DHCP servers? Do you need to use a command line interface for anything?

I've been a pfsense user for several years. I like that it has such an extensive feature set that is all GUI-exposed. But I have a few gripes:
1. Free Plus licenses for home use are no longer available, and the writing is on the wall, the free edition is not important to them anymore.
2. Loading the DHCP leases page is inexcusably slow (5 seconds on an Intel Pentium Silver N6005).
3. Installing a wireguard VPN server and making the routing all happen correctly was significantly more difficult than an openvpn server. I'd have expected it to be the other way around.

My next router is likely to be running something else, but whether it is OpnSense or OpenWRT, I haven't decided yet.

 

[Coltect]

@Coltect I'm curious about OpenWRT and how favorably it compares to pfsense.

How difficult is it to set up advanced things like the VPNs and VLANs and multiple DHCP servers? Do you need to use a command line interface for anything?

I've been a pfsense user for several years. I like that it has such an extensive feature set that is all GUI-exposed. But I have a few gripes:
1. Free Plus licenses for home use are no longer available, and the writing is on the wall, the free edition is not important to them anymore.
2. Loading the DHCP leases page is inexcusably slow (5 seconds on an Intel Pentium Silver N6005).
3. Installing a wireguard VPN server and making the routing all happen correctly was significantly more difficult than an openvpn server. I'd have expected it to be the other way around.

My next router is likely to be running something else, but whether it is OpnSense or OpenWRT, I haven't decided yet.

OK, I'll try to be as useful as possible. But this is a very wide situation.
I believe that OpenWRT will be opensource and free for the foreseeable future
OpenWRT has a GUI called LUCI. It is not part of their snapshot/master builds, but is in all release builds.
You can easily build / compile your own image for your own hardware too.

OpenWRT is pretty much a very clean open and minimalistic version of linux. On top of that there are Many packages you can add/apply to achieve all sorts of extra functionality.

You can install OpenWRT as an x86 variant in a virtual machine if you'd like to play with it first.

By default it uses DNSMASQ and can be configured to ignore specific interfaces, for DHCP and DNS.

I have multiple sites using OpenVPN with OpenWRT, and a couple with Wireguard, where the sites are Wireguard clients using OpenWRT on TP-Link routers and the server is a Hyper-V Win11 PC.

Without going into serious detail, yes OpenWRT has a GUI, but it is not as polished/clean as OPNsense/pfSense for VPN setup. You will probably have to use ssh/putty/winscp for some serious editing, but for most configuration Luci will be fine

I'd confidently advise a serious look into OpneWRT.

Also, Thank you for UI3 and if I can be of any help at all please let me know..

 

[ARAMP1]

If you really are a "master tinkerer", and don't mind some minor setup, pfSense is where it's at.

I have 9 VLANs running on a 10GbE backbone. I'll never use anything else.

 

[smiticans]

@Coltect I'm curious about OpenWRT and how favorably it compares to pfsense.

How difficult is it to set up advanced things like the VPNs and VLANs and multiple DHCP servers? Do you need to use a command line interface for anything?

I've been a pfsense user for several years. I like that it has such an extensive feature set that is all GUI-exposed. But I have a few gripes:
1. Free Plus licenses for home use are no longer available, and the writing is on the wall, the free edition is not important to them anymore.
2. Loading the DHCP leases page is inexcusably slow (5 seconds on an Intel Pentium Silver N6005).
3. Installing a wireguard VPN server and making the routing all happen correctly was significantly more difficult than an openvpn server. I'd have expected it to be the other way around.

My next router is likely to be running something else, but whether it is OpnSense or OpenWRT, I haven't decided yet.

I've also been using Pfsense for a few years and like any software, there's going to be something to gripe about. However, I disagree with you that Pfsense CE is not important to them anymore. Pfsense CE has received multiple updates within the past six months including updating OpenSSL to version 3 in November 2023 (Version 1.1.1 was end of life) . Both Pfsense CE and Plus received this update around the same time. OpnSense was slower to receive this security updates and it doesn't look like they updated to OpenSSL 3 until the end of January 2024. See this post for more info- OPNSense VS pfsense Security

So arguably it looks like Pfsense is more secure than OpnSense.

If Netgate decides to ditch Pfsense CE, than I'll consider purchasing a Netgate appliance which includes Pfsense Plus for free for the life of the appliance or consider switching to something else. But people have been saying Pfsense CE is going to be abandoned since the day I started using it a few years ago. So I'll believe it when I see it.

I've used Pfsense on a bunch of different hardware including an SBC and I've never experienced slow loading times when accessing the DHCP lease page. Maybe it's just your specific device? Have you tried reinstalling pfsense?

 

[eeeeesh]

Another pfSense fan. I have been running it on a Protectli 6 port for almost (4) years now and it's the best networking move I have made. I have (4) physical networks; a secure LAN and secure WiFi and then a dirty LAN (ip cams) and dirty Wifi for all those IOT devices. I actually am using ESXI so the Protectli runs pfsensense, a Windows VM for HomeSeer, and two linux VMs - one for pihole and one for adguard.