Hey guys,
I'm struggling to find the appropriate hardware for my makerspace setup where I need to separate staff & automation devices from guest/member devices. If this is the wrong place to post this, let me know.
Our needs aren't so high (and limited budget) to require enterprise hardware. Just hoping to get a second opinion whether this is even the right way to approach this, or potentially recommendations for hardware.
tl;dr: Should I try to find hardware that can separate networks with VLAN or can I do something like nested routers?
Setup:
- Staff devices include 3 LAN computers, and another 3 WIFI computers, all our phones and about 4 dozen WIFI IOT automation devices spread across a fairly large warehouse (70ft x 140ft).
- Guest/member devices are purely LAN connections to communal computers and a few extra wall ports. Ideally these should be on a separate network from the staff devices.
- Our internet provider gave us a Hitron CODA-4582 that is acting purely as a bridge. I don't seem to have the ability to get into to it to adjust any settings. Of it's four ports, 3 of them go to access points given to us by the provider which is doing a private and guest wifi. The remaining port goes into our router.
- Currently, we're using a second-hand Buffalo WZR-HP-AG300H running DDWRT which came out 10 years ago and is really struggling to provide adequate throughput/speeds on the staff computers. It doesn't help that it's a wifi router tucked away in a server closet.
- Everything is set up in a server closet where a patch panel and 24 port switch connects all the wall ports throughout the building.
Here's a map of our ideal setup, assuming the Hitron could be setup with some firewall or security settings to protect the guest computers.
Research:
- I originally thought I might do VLAN but apparently that's mainly an enterprise feature and is rare on consumer hardware
- I'm attempting to see if our provider will find a way to give us access to the hitron gateway but I'm not holding my breath.
- I was recommended a VPN setup by a friend but I don't think that's suitable with IOT devices. I don't really have that many device to device connections anyways, it's mostly just giving staff a connection to internet (most work is cloud based) and connecting to the odd printer or google cast device.
- I don't think I can use a single wifi router as without VLAN I'm not sure how to separate the public network. I could theoretically run a cable from the closet to where we want to mount the router, and then back to the closet to the patch panel. I might be have to find something with additional number of ports as I need 3 for the staff LAN and potentially one or more for a second access point expansion in the future if the coverage isn't good enough.
- My current thought is I might need a wired router at switch 1 before my wifi router. I feel like it should be possible to setup the secondary router as a private subnet or something separate from the connections to the primary router, I'm not entire sure how as it might depend a lot on the firmware.
Not having a clear understanding of the best way to map this has made it pretty difficult to choose hardware. At first I was ready to just grab some ubiquiti stuff for the VLAN features, but with such meager requirements I was wondering if one or two consumer routers would be adequate.
Thoughts?
No comments:
Post a Comment