What's new

Home network setup

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Faerwald

New Around Here
I am planning to upgrade my home network in preparation for me buying a NAS and some security cameras. I have tried to research my hardware option as much as possible but not sure I am going the right way so I am asking some feedback.
Sorry for the long post, lots of info to digest.

Layout:
Modem --> ISP Router(1,2) --> OPNSense Firewall --> L2 web managed switch --> WLAN router, NAS, PoE switch for cameras (1GBPs), Home Theater, 2 PC's.

(1): I plan to keep using my ISP provided router in between the modem and OPNSense. Mostly because I do not trust myself and I don't want to mistakenly allow unfiltered WAN traffic in.
(2): Currently my internet service is terrible. Maximum I can get is 30 down / 1 up.... (for the crazy price of 80 AUD per month). However my ISP sold the network and the new owner is planning a network upgrade (Jan 2023 is a loooong wait) which should allow plans up to 1 Gbps down.

For a L2 web managed switch I am considering a QNAP QSW-M804-4C for a total of 8 10Gpbs RJ45 ports (4 of which are SFP+ combo ports)

The current plan to build a OPNSense firewall. The OPNSense build is based on a Ryzen 5000G CPU (cheapest available, but if possible a 5000GE 35 watt TDP version) + B550 mobo + Intel X540-T2 nic. I wanted to get the Ryzen 5000 in order to get PCIe 4.0. I know this is overkill but I did want 10gbps ports and a decent chance of routing that between VLANs. I think that it should be able to handle the 1Gbps out to the WAN + some minor routing between VLANs (perhaps traffic from Security Camera VM to NAS) + maybe a VPN connection into a VLAN if I want to access some things remotely.
Not sure if there is any benefit to going for a Intel X710-4T nic? The X540 already offers 2 10Gbps ports: 1 for WAN, 1 for LAN and I can always buy a second NIC later. Would it be safer to have the WAN and LAN on separate NICs? I didnt think that would make much difference.

I did investigate a L3 switch/router. However I can build my own firewall + buy an L2 switch for the same price as getting something like an Ubiquiti Edgerouter ER-8-XG while not be beholden to any company trying to change their licensing arrangement to a subscription in the future. And the custom build likely having more "toy" power than the L3 switch.

I was planning on build 1 OPNSense firewall server + 1 NAS Server which will also host some VMs (including security camera VM). The rational was twofold: I could build a simpler lower TDP OPNSense firewall, and I was under the impression it would be more secure. The security issue might not be true? Either way the NAS server would run a ZFS filesystem and run some other VMs including maybe a virtualized desktop for light load, media server, security camera server. Not sure I want all that on the same machine that will have the WAN port and there may not be enough PCIe lanes (x16 for GPU, x8 for HBA, x8 for NIC) on X570 which only has 20 lanes connected to the CPU and 4 to the chipset.

I want to get a WLAN router capable of multiple SSIDs for VLAN separation of my WIFI. I want to wait for a Wifi 6E capable WLAN router but if I would get it now I would get a QNAP QHora-301W. Trusted devices on VLAN A, Guests on VLAN B, Work laptops VLAN C, Wireless controller for A/C on VLAN D (it runs android 4 and no updates are available, all I want it is let it access NTP servers so the clock resets properly on a network outage).
 
What is the intended purpose of the managed switch between the OpenSense box and the wireless router?

EDIT - Perhaps the diagram is ambiguous and each of the router, NAS, cameras, etc. are hard-wired to the switch?
 
You are correct my diagram is very confusing. Yes NAS, Wlan, camera switch, etc are all hard wired to the l2 managed switch.
 
Mostly because I do not trust myself and I don't want to mistakenly allow unfiltered WAN traffic in.
It's trivial to test if you've done such a thing. I wouldn't limit myself to the performance of the ISPs shoddy equipment.

I wanted to get the Ryzen 5000 in order to get PCIe 4.0. I know this is overkill but I did want 10gbps ports and a decent chance of routing that between VLANs.
Why the managed switch if you're going to use OPNSense to manage the VLANs?

Sorry for all the questions. I'm trying to understand your intentions before I comment.
 
I would rather answer a heap of questions rather than people assuming things I poorly explained in the first place.

Perhaps "managed" switch is the wrong terminology. QNAP advertises the QSW-M804-4C as a level 2 "managed" switch. I can do VLANs and ACLs but I didn't think that level 2 switch could so inter VLAN routing hence the OPNsense build to do it.

Full level 3 switches are rather expensive from what I can see.

I could just buy 2 intel X710-4t NICs to get the total of 8 10Gbps ports and omit the switch altogether but I don't think it's great practice to get the OPNsense box to do all the switching work within a VLAN hence the need for a switch
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top