I know that there is a WIP for a future article about router platforms, but from the little I’ve read on the Github issue page and a few videos I’ve watched I decided to make this plan right here:
Put my ISP router in AP only mode, connect it to a Protectli Vault as my firewall, get a managed switch that supports vland (still haven’t found a good one, if anyone can recommend one I’d appreciate it) and have a Turris Omnia as my wireless access point.
Is this a good secure network setup? (also once again, recs for a switch would be appreciated)
Sounds decent.
Most routers can have VLAN functionality if you flash them with custom firmware. You get allllll the settings then. I have a netgear router that now has an FTP server and a bunch of other stuff. All you have to do is make sure the model you buy has a chipset supported by the firmware. Firmwares include:
I’m sure someone will come in and say that using a consumer grade router is naff, but in my (somewhat limited) experience working with managed switches in an industrial setting, a custom consumer router is much more feature-rich. Unless you need the IO of a managed switch (ie SFPs) I see no reason to go down that route.
If you are using SFPs, be sure to get the knock off ones that can be programmed - there should be places that sell them and program them at no extra cost. They can literally be 1/10 of the cost of the manufacturer’s own modules.