Hardware for home use
-
Hi,
i want to replace my current router (Asus rt n66u) with a pfsense box. The router will stay as AP until replaced by some AC-Wifi AP later.
I currently have the following devices on my network:-
Switch: Netgear gs108
-
2 PCs
-
2 Servers (NAS and an ARM board)
-
several Wifi devices (mostly smartphone/tablet or multimedia streamers)
I want to seperate the network with VLANs with the servers and PCs in one VLAN and separate VLANs for every Wifi SSID. I don't want to separate servers and PCs as I want to avoid having all the traffic from PC to NAS routed/filtered by the new pfsense box (which would require 1Gb throughput). I am a bit concerned about the connection between the streaming clients and the NAS as this should happen at max throughput (as high as the Wifi allows).
I have a 100/10Mb internet connection that should be saturated by the new box.I looked around here in the forums and I think about getting an apu2c4 as it seems to be able to handle this scenario easily and I want to have some performance left to play around with different packages like suricata and so on. Is there any alternative to this setup ?
Another problem is that my switch is currently full and does not seem to fully support VLANs (fixed membership to VLAN 1 etc.) so I think of getting a replacement here too. I look for a budget switch with at least 10 ports that is managed and does not have these curiosities mentioned before. Are there any goto models that meet these requirements ?
All in all i dont want to pay more than 300€ incl. the switch.
I hope you can help me, if anything is unclear I am happy to clarify or provide additional information as needed.
-
-
I've never used an APU2, they are great little boxes but pretty low performance. It should work just fine on 100/10 though. I don't know how well it will stand up to IDS/IPS as it will depend on your rule sets and if you want to inspect traffic on your LAN.
It should work fine for you though,a lot of people use them.I'd recommend checking out the gs1900 series of switches. I just switched to it from a TP-Link for the reasons you mentioned and it's great. I think the 16 port is ~70€ if you can find it over there?
https://smile.amazon.com/Zyxel-16-Gigabit-Managed-Rackmount-GS1900-16/dp/B00H1OM0BA/ref=sr_1_1?ie=UTF8&qid=1495579095&sr=8-1&keywords=gs1900-16
https://www.smallnetbuilder.com/lanwan/lanwan-reviews/32408-zyxel-gs1900-8hp-8-port-gbe-smart-managed-poe-switch-reviewed
https://www.youtube.com/watch?v=lVy1rHE3oxc -
I've never used an APU2, they are great little boxes but pretty low performance. It should work just fine on 100/10 though. I don't know how well it will stand up to IDS/IPS as it will depend on your rule sets and if you want to inspect traffic on your LAN.
If I enable suricata it would only be used for WAN traffic so I would need a throughput of 100Mb at max with rules from snort (I do not know which set is the best for home use, VRT or emerging threats). Unfortunately I was not able to find posts about the suricata performance of the apu2c4.
I'd recommend checking out the gs1900 series of switches. I just switched to it from a TP-Link for the reasons you mentioned and it's great. I think the 16 port is ~70€ if you can find it over there?
I cant seem to find a seller in my area for the 16 port variant but I could get the 24 port (without PoE) for about 90€ from Amazon which is OK for me.
-
100Mb should be no problem.
-
Thanks for your help!
I will get the apu2c4 with case and 32gb mSATA and the Zyxel switch. This totals at around 300€ for me which is fine.
I still have to wait for some parts to get back in stock so if anyone has other suggestions I will be happy to hear them.