I know that there is a WIP for a future article about router platforms, but from the little I’ve read on the Github issue page and a few videos I’ve watched I decided to make this plan right here:

Put my ISP router in AP only mode, connect it to a Protectli Vault as my firewall, get a managed switch that supports vland (still haven’t found a good one, if anyone can recommend one I’d appreciate it) and have a Turris Omnia as my wireless access point.

Is this a good secure network setup? (also once again, recs for a switch would be appreciated)

  • TWeaK@lemm.ee
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Sounds decent.

    Most routers can have VLAN functionality if you flash them with custom firmware. You get allllll the settings then. I have a netgear router that now has an FTP server and a bunch of other stuff. All you have to do is make sure the model you buy has a chipset supported by the firmware. Firmwares include:

    • DD-WRT
    • Tomato
    • AdvancedTomato
    • OpenWRT
    • Chilifire
    • Gargoyle

    I’m sure someone will come in and say that using a consumer grade router is naff, but in my (somewhat limited) experience working with managed switches in an industrial setting, a custom consumer router is much more feature-rich. Unless you need the IO of a managed switch (ie SFPs) I see no reason to go down that route.

    If you are using SFPs, be sure to get the knock off ones that can be programmed - there should be places that sell them and program them at no extra cost. They can literally be 1/10 of the cost of the manufacturer’s own modules.