Router Advice

[Ottus]

I'm in the market for a new router or AP setup to complete my home lab, catering to three machines and some sensors that need to communicate to HomeAssistant. My key needs include:

• Minimum of 4 10/100/1000 LAN Outputs (but more is better)
• Wi-Fi Capability (to connect my sensors)
• VPN Creation Ability, preferably supporting Wireguard but I'm flexible
• Possibly low energy consumption
• I would like it to last even if my homelab grows (which I hope will happen soon)
• Under 150€ (If it's a little more is still good)

I've looked quite a little at different options and I found that these seem the best:

• Mikrotik hAP ax3
• Banana Pi R3 (with OpenWRT)
• MiniPC with N5100

I'd appreciate your insights, experiences, or recommendations regarding these options or any other suggestions.

I know that separate AP and router devices are often recommended for better performance, but I'm unsure if it's feasible within my budget to get two reasonable devices. If you have ideas on how to make this work or suggestions for a cost-effective setup, please share!

PS. My main goal here is not only to set up a functional network but also to delve deep into configuration and learning. Any advice that aligns with this goal would be incredibly helpful.

 

[louie1961]

If you really want to dive deep into home lab I think you might need a bigger budget. I started out with an old nighthawk router (R7800 IIRC) and I ran openWRT on it and set up up some VLANs. It was OK, but I quickly found myself wanting 2.5gbe networking, and more ports. If you are firm on your budget, I would would probably go with a banana pi or other mini-pc, a cheap switch and a separate access point. This switch is $26 and is managed so you can set up VLANs https://www.amazon.com/gp/product/B00N0OHEMA/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&th=1

I use this wireless access point, and it is pretty good. It can run up to 8 different SSIDs and can tag SSIDs to VLANs for $79 its not terrible but I wish it had more than a 1 gbe ethernet port on it. https://www.amazon.com/gp/product/B0BGJJWPWC/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

My current setup is a mini-pc (with 2.5gbe ports) running pfsense, an 8 port 2.5gbe switch, and the WAP I linked to above. My internet is old fashioned cable with 300mbps speeds, so internet traffic does not benefit from the 2.5gbe networking, but my two Proxmox hosts, and my two NAS devices do. I also have it set up so that traffic between the servers and the NAS devices are on the same VLANs so that traffic doesn't have to pass through the router.

Keeping your firewall/router, switch and wireless on separate devices is nice because you can upgrade one component at a time. I would probably put your money into a good firewall/router device first, buy the super cheap 4 port switch, and re-use whatever router you have now as an access point by putting it into bridge mode.

 

[NPS]

This switch is $26 and is managed so you can set up VLANs https://www.amazon.com/gp/product/B00N0OHEMA/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&th=1

This link leads to an unmanaged switch for 18$ for me.

 

[XeonLab]

A x86 Thin cliet (HP T620 Plus/Fujitsu S720/920) & quad NIC for 100 or less and a OpenWRT -supported AP for 50? The latter might need some dumpster diving and make sure the thin client comes with all the necessities for PCIe cards (riser etc.)

 

[louie1961]

This link leads to an unmanaged switch for 18$ for me.

Well, let me try again https://www.amazon.com/gp/product/B00N0OHEMA/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&th=1

The model is TL-SG105E, and I show Amazon having it for $26.99. The image might be wrong on the amazon page (shows an unmanaged switch??) but the description is correct.

 

[louie1961]

By the way, you could always run your firewall in a VM if you really wanted to experiment and save money. I did that for a while, using two extra old 1 gbe NICs that I had lying around and passing them through to the VM to make a dedicated WAN and LAN port. You could do it all through one NIC on your server, but that is not beginner level stuff.

I also really like pfSense for a couple of reasons: One, I use DHCP for all of my containers and VMs and set the IP address through static IP reservations in pfSense. Makes it easier than trying to configure static IPs manually in every VM. And if I blow something away and restore from backup I never have IP address conflicts/problems

I also really like the DNS and reverse proxy function of pfSense. I don't have to use nginx or other proxy software, pfSense handles it for me. Same with pfBlockerNG, which is a free plugin for pfsense. It does everything pi-hole does and more.

And speaking of VPNs I can configure that from pfSense as well.

I am sure there is a way to do these things with openWRT or opensense. But I haven't explored those personally.

 

[NPS]

Well, let me try again https://www.amazon.com/gp/product/B00N0OHEMA/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&th=1

The model is TL-SG105E, and I show Amazon having it for $26.99. The image might be wrong on the amazon page (shows an unmanaged switch??) but the description is correct.

The manufacturer claims it's unmanaged, so I am still puzzled.

5-Port-Gigabit-Unmanaged Pro Switch

5-Port-Gigabit-Unmanaged Pro Switch

www.tp-link.com

 

[Ottus]

If you really want to dive deep into home lab I think you might need a bigger budget. I started out with an old nighthawk router (R7800 IIRC) and I ran openWRT on it and set up up some VLANs. It was OK, but I quickly found myself wanting 2.5gbe networking, and more ports. If you are firm on your budget, I would would probably go with a banana pi or other mini-pc, a cheap switch and a separate access point. This switch is $26 and is managed so you can set up VLANs https://www.amazon.com/gp/product/B00N0OHEMA/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&th=1

I use this wireless access point, and it is pretty good. It can run up to 8 different SSIDs and can tag SSIDs to VLANs for $79 its not terrible but I wish it had more than a 1 gbe ethernet port on it. https://www.amazon.com/gp/product/B0BGJJWPWC/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

My current setup is a mini-pc (with 2.5gbe ports) running pfsense, an 8 port 2.5gbe switch, and the WAP I linked to above. My internet is old fashioned cable with 300mbps speeds, so internet traffic does not benefit from the 2.5gbe networking, but my two Proxmox hosts, and my two NAS devices do. I also have it set up so that traffic between the servers and the NAS devices are on the same VLANs so that traffic doesn't have to pass through the router.

Keeping your firewall/router, switch and wireless on separate devices is nice because you can upgrade one component at a time. I would probably put your money into a good firewall/router device first, buy the super cheap 4 port switch, and re-use whatever router you have now as an access point by putting it into bridge mode.

My budget got wiped out when I got my second machine and its storage, and now my current access point can't handle the extra load.

Thanks for the tips! I think I'll grab that switch you suggested and stick with my old access point. I'll repurpose my old RPI3 for Wireguard, piHole, and handling Wi-Fi for a few sensors. Hopefully, that'll do for now while I save up for a better mini PC.

I'm also planning to explore a little more pfSense as you in one of my VMs so when I'll buy my new mini PC I'll be ready

 

[sic0048]

I will say that you should really use separate devices for your router/firewall, network switch, and wireless APs.

Keep in mind that most multi-port router/firewall devices don't actually have those ports set up in a "switch" configuration. The are usually isolated from each other which might be useful, but it is not a substitute for an actual network switch. If plan on using VLANs or getting deeper into networking concepts, then I would highly suggest that you get a managed switch (instead of an unmanaged one). It sounds like complete overkill for your situation, but you can easily find used enterprise quality managed switches for being sold by high volume resellers on EBay for pennies on the dollar. Often times these are even less expensive than the higher port count "consumer grade" devices. There are a lot of threads on this forum that discuss various brands/models of enterprise switches. If this is a route you want to consider, be sure to check those threads out so you have some knowledge about what you might want or need to look out for.

By using separate wireless APs (even if you repurpose older "all in one" router devices set up in wireless AP mode), you gain the flexibility of placing them where they will work the best with their wireless antennas vs having to place them where they can connect to all the other devices.

 

[Ottus]

Thank you very much, now it is very likely that I will separate everything, I was just browsing through eBay to see if I can find any interesting offers which here in Europe are not so common but every now and then some good offers are found.

If plan on using VLANs or getting deeper into networking concepts, then I would highly suggest that you get a managed switch (instead of an unmanaged one).

I know practically 0 about networking, up until now I have always used containers just to stay as far away from it as possible but now I think the time has come for me to explore this world too so I'll try to get something that offers me a good starting point to learn

 

[sic0048]

I know practically 0 about networking, up until now I have always used containers just to stay as far away from it as possible but now I think the time has come for me to explore this world too so I'll try to get something that offers me a good starting point to learn

I was exactly in the same spot as you. I started learning pfSense based in large part because of the huge amount of videos and online resources available. I've also learned a lot from this site. If found with pfSense that getting a basic setup that matched what I had before really wasn't hard to set up. Honestly it pretty much is set like this by default when you install it. Then I could research and explore and learn about more advanced features when I had a need and the time to learn (like VPNs and VLANs, etc, etc). You don't have to go from "zero to expert" all at once.

I am still far from being an expert. But I certainly know a lot more than I use to and feel much more confident in my abilities and the system I have ended up with.