Hi everyone :)

It’s time to switch and give my home network a proper minimal hardware upgrade. Right now everything is managed by my ISP’s AIO firewall/router combo. Which works okayish, but I’m already doing some firewall/dns/VPN stuff on my minimal spare laptop server to bypass most of my ISP’s restrictions. So it’s time to get a little bit “crazy” !

While I do have some “power user” knowledge regarding Linux/server/selfhosted services/networking, I’m a bit clueless hardware wise, specially regarding my ISP’s 2.5G ethernet port.

I do have a 5giga connection from my Internet provider (Obtic fiber) which is divided into 4 ethernet ports (Eth1 2.5G, Eth2 1G, Eth3 1G, Eth4 0,500G or something in that range). And right now the Eth1 port is connected through an old 1G switch.

  1. To take full advantage of my ISP’s 2.5G ethernet port do I need a router AND a switch capable of 2.5G througput ? Or only the router and the switch is going to divid it accordingly between all connected devices on a 1G switch?

I’m also looking for some recommendation/personal experience for a router and a switch with a budget of 250e.

First I was interested into a BananaPI as a router, to tinker a bit, but it seems a bit of a hassle to flash it with OpenWRT, then I found an interesting post on Lemmy talking about the Intel N100 Celeron N5105, which looks like more what I’m looking for but I’m not sure ?

  1. I have no idea what’s the best bet, a SBC (bananapi mini, orange pi, raspberry pi…) a fully fleged router (like TP-Link AX1800 and flash it with opensense/openwrt) or an Intel N100 Celeron N5105 Soft Router ?

The capabilities I’m looking for:

  • VLAN capable
  • AP VLAN capabable to segment wifi
  • Taking advantage of my ISP’s 2.5G ethernet port
  • Firewall customization capabilities

I have an eye on a managed switch I found on amazon (SODOLA 6 Port 2.5G Web Managed) but I have no idea how reliable they are, I have never heard of SODOLA.

  1. Any good recommendation I should look at for a managed switch that would work great with the same capabilities above?

  2. Probably last question, is regarding wifi APs. Is it possible to make an access point from my router even tough it hasn’t atennas? If I connect an access point directly to my router, will it be capable of giving away wifi connection?

Thanks for reading though, I’m a bit unsure how I should spend my money to have a minimal but reliable/capable homelab setup. Every advice is welcome. But keep in mind, I want to keep it minimal, a good enough routing capbability with intermediate firewall customisation. I’m already hosting a few containers with a spare laptop and the traffic isn’t going to be to crazy.

  • gravitas_deficiency@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    7 months ago

    Just get an old 1L class dell/hp/lenovo, a riser to adapt the proprietary expansion slot to standard PCIe, and an old x520DA2 nic. You can find all of this on eBay. Then, just slap pfSense or OPNSense or whatever you want on it.

    Source: running an old Lenovo m920q with that exact setup. 2.5G copper module to the modem, fiber to the SFP+ port on my switch. Works great.

    Edit: and the switch is the 9-port version of the one you posted.

  • ArbiterXero@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    7 months ago

    A banana pi is not going to have the processing power to properly route that much data.

    You’re looking at an Intel nuc at minimum.

    If your internet is 5gbps and the router only has 2.5 gbps ports, you’re going to be capped at 2.5gbps unless you start getting really over complicated because the router expects ONE incoming port. There ARE ways to support pairing two Ethernet ports together, but your ISP’s modem/router won’t support it because “fuck you for having your own hardware”

    Also because they’re cheap.

    If your switch is 1gbps, you’ll be limited to 1gbps.

  • Infinite@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    2
    ·
    7 months ago

    To add to other comments, consider a managed switch from MikroTik. Linux networking knowledge will come in handy, since their RouterOS is not especially simple but it is powerful.

    I believe most of their devices jump from Gigabit ethernet to 10Gbps SFP+ ports (which you should also consider). The SFP+ ports usually support 2.5Gbps negotiation, but check the documentation. You can also buy RJ-45 Copper transceivers for the SFP+ port, although they are not cheap. Nevertheless, even including a couple transceivers, you may find something within your budget.

    Using a router-on-a-stick configuration, consider a CRS305 (4x 10G ports and 1x Gigabit port) or a CRS309 (8x 10G ports and 1x Gigabit port) switch.

    As for their routers, multi-port-multi-gig options are expensive so building your own router might be a good idea rather than opting for something like an RB5009, if that is what you need. Although, in a router-on-a-stick configuration, an RB5009 would be great.

    Wi-Fi: yes, you can connect an access point to any ethernet port from a router or switch. They often come with PoE injectors.

    Consider TP-Link Omada access points. If you need multiple access points, they suggest running a controller, it can be installed as a docker container. MikroTik has access point options but my experience with their old wireless options left a bad taste in my mouth. I hear the new wifi-wave compatible hardware is good, though. Any device running RouterOS could act as the CAPsMAN (AP controller)

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    7 months ago

    before spending any money, just reuse old equipment you have around, even if it wont max out the speed. You can try out openwrt, opnsense, openbsd, linux, etc… deciding which ecosystem you like is very important before you buy hardware!!! Different devices have different hardware support, etc.

    Regarding hardware - Your fiber connection is 5GiB but your ISP cpe only has 2.5GbE ports, so you will need to bond two ports together to get your 5GiB throughput to your router. Once you select your routing environment, you can choose hardware that allows for multiple wan side ports that you can bond. (Perhaps your ISP has a CPE you can get 10GbE out of, or with a spf port, the same for your router)

    Regarding Switches - You don’t need a fancy managed switch, as long as you trust devices on your network to do peaceful vlaning on their own, you can just send vlan tagged traffic across a dumb switch no problem. Only when you start talking about doing default vlan tagging and enforcement on a per port basis do you need a fancier switch. So depending on what you want to do with vlans, you can save money here.

    Regarding Wifi - Depending on your routing solution, it could have wifi attached to it, or you can just get a specific access point on your network that only provides wifi and rely on your router/gateway setup to do all the configuration.

    FWIW - I just go full ubiquity, router, switches, ap. I used to fiddle around with openbsd routing, and it was really fun, but life got busy and ubiquiti fills the niche between just works, and letting me get really picky with settings.

    • litchralee@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      7 months ago

      just reuse old equipment you have around

      Fully agree. Sometimes the best equipment is that which is in-hand and thus free.

      you can just send vlan tagged traffic across a dumb switch no problem

      A small word of caution: some cheap unmanaged switches rigidly enforce 1500 Byte payload sizes, and if the switch has no clue that 802.1q VLAN tags even exist, will consider the extra 4 bytes as part of the payload. So your workable MTU for tagged traffic could now be 1496 Bytes.

      Most traffic will likely traverse that switch just fine, but max-sized 1500 Byte payload frames with a VLAN tag may be dropped or cause checksum errors. Large file transfers tend to use the full MTU, so be aware of this if you see strange issues specific to tagged traffic.

  • sabreW4K3@lazysoci.al
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    7 months ago

    I’m a newbie, so my answers may be wrong. Forgive me. Someone will correct me though 💪

    To take full advantage of my ISP’s 2.5G ethernet port do I need a router AND a switch capable of 2.5G througput ? Or only the router and the switch is going to divid it accordingly between all connected devices on a 1G switch?

    You need a switch capable of 2.5 too

    I have no idea what’s the best bet, a SBC (bananapi mini, orange pi, raspberry pi…) a fully fleged router (like TP-Link AX1800 and flash it with opensense/openwrt) or an Intel N100 Celeron N5105 Soft Router ?

    This one is 100% preference and it comes down to what you want to run. The Banana Pi RPi-R3 has good OpenWRT support. N100s have PfSense support out of the box.

    But given your requirements, you need OpenWRT/PfSense/OPNSense

    Any good recommendation I should look at for a managed switch that would work great with the same capabilities above?

    There’s some decent recent cheap ones from AliExpress, but if you can afford, grab yourself a UniFi 8 Lite POE. That said, the switch you linked seems a good purchase.

    Probably last question, is regarding wifi APs. Is it possible to make an access point from my router even tough it hasn’t atennas? If I connect an access point directly to my router, will it be capable of giving away wifi connection?

    Depends on the router, but some old routers you can stick in AP mode. Some you can flash OpenWRT and then make an access point. If it works, it’s usable.

    But again, take everything I said with a grain of salt. It just so happens I’ve been asking similar questions of late and am just telling you what stuck.