I'll be moving to a joint property with relatives. Second floor for them, first floor for us. We'll be sharing one gigabit line since it's a better value. I'm in charge of setting up networking, segmenting it, etc. I only have a vague idea of what I'm doing. Anyone done a similar project and have any tips? I'll just leave what I did here as a log in case anyone finds this useful.

-The internet enters the property on the first floor
-We just ran Cat6A between the floors/rooms
-We also ran Cat6A for POE cameras since we had a lot. I ran all of those cables to the first floor because I couldn't think of a good solution that didn't make my head hurt.
[Cameras -> Dumb POE Switch -> Shinobi NVR -> edge router] -> UPS

Current inventory:
-3x ASUS RT-AC68Us on Merlin-WRT currently in use
-Dumb POE switch
-Handful of 1GbE dumb switches
-Leftover Cat6A
-Cameras + old PC for it + UPS
-WIP OPNSense box (see below)

Will put at least one 68U on each floor as a dumb AP/switch. The 68Us might support port-based VLAN but it's not officially supported.

We'd love to have separate LANs for each floor + a LAN/VLAN to dump the camera equipment, maybe QoS the gigabit line so each LAN gets half when loaded (doubt it). The Asus routers are great but I honestly don't think they can route at gigabit speeds. I know they can't QoS that well. Basically I needed something to go between the modem and all of our existing networking stuff, I think you call this an edge router.

Bought an AMD GX-424CC thin client for $55 and an Intel I350-T4 for $50. Installed OPNSense. It definitely routes gigabit out of the box with minimal configuration. The box has a total of 4+1 interfaces, this should be enough hopefully.

If you don't see yourself doing virtualization ever an I340-T4 is $35 instead.

Caveats with solution:
-Can't enable Intrusion Prevention or it's too slow for gigabit but I already knew this
-Not sure how to set up QoS yet, can't test it

How would you share something across LANs like a wireless HP printer if you really had to? Can the routing be done with just IP addresses?
