SOHO requires a solution that is affordable yet effective

peispud
peispud used Ask the Experts™
on
Hi.

I am setting up a SOHO.
Equipment is as follows.
1)  4 security cameras that record to the cloud through a Northern system
2)  Home wireless system mesh network
3)  Usual computers,  printers, etc
4)  Other "internet of things devices"  such as thermostats, lights.
5)  I have a total of 10 Ethernet jacks in our home, but only 6 in current use.

I will be installing a 19 inch 6U Wall Mount Patch Panel Bracket - 13.75 inch deep (also 24 port Cat 5E patch panel etc)
Gigabit internet.


I have concerns about putting all these things on one switch.  I like the idea of segmenting my network.  
I have heard good things about the Ubiquiti.  I am not an expert on routers, but I not a unfamiliar either.  
I am thinking about a router/switch capable of VLANS and POE for the cameras.  If I am misguided, then new insights are welcome.

With that in mind,  I would appreciate any help in selecting  a router / switch that would be appropriate but not more expensive than I need.

Thank you for your help.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Computer Service Technician
Commented:
Yes a POE switch would be best for the security cameras. Since this is a SOHO or a home setup you definitely do not want to pay thousands of dollars for a enterprize switch. I think your best options would be to buy two 8- port switches. One a 8 port managed switch for the vlan and a 8 port unmanaged switch with POE for the security cameras. Your ISP probably provided you with a modem that has wifi and built in 4 port switch, as most of them do now a days. This has a built in router, with a four port switch, with wifi. If you did not receive a modem from your ISP with these capabilities you can buy a wifi router that has a built in switch that can connect to two switches.

I am assuming you have a modem that came with your internet service provider that can connect via wifi and has a built in switch. If so you can buy both switches from Amazon quite cheaply.
an 8-port  POE unmanaged switch  sells for $67 cnd https://www.amazon.ca/NETGEAR-8-Port-Gigabit-Ethernet-GS308P-100NAS/dp/B016XIU1HE/ref=sr_1_3?keywords=netgear+8-port+poe+gigabit+switch&qid=1575864586&sr=8-3
An 8-port managed switch sells for $45 cnd. https://www.amazon.ca/Netgear-GS308E-100NAS-Gigabit-Ethernet-Managed/dp/B07PLFCQVK/ref=sr_1_3?keywords=managed+switch+8+port&qid=1575864430&smid=A3DWYIK6Y9EEQB&sr=8-3

Connect both devices to an empty port on your wifi modem from your ISP.
If you need a router with built in switch with wifi there are lots of options available.
POE seems a good idea for cameras but only makes a difference in terms of security if you have a battery backed power supply. less cables the better. nevertheless, POE switches are more expensive than others. any enterprise grade switch will easily power a dozen cameras. small home switches may or may not. check the specs first.

VLANs and segmentation are a good idea. but unless you have a firewall or possibly an L3 switch ( actually that is a router ) with ACLs, or your home router has said capabilities, there is little to no point in bothering.

many home ISP-provided routers have options to isolate wifi hosts from one another. many also have way to isolate the 2.4GHz network from the 5GHz, isolate the wifi from the ethernet lan, or have an isolated "guest" network that can be configured with the same security level as the regular one. it might be feasible to stick your cameras in one such segment and use the existing isolation provided by your existing router.

if the above seems unfeasible, a small router, possibly a very old WRT-based router, older ISP modem, or a raspberry should provide decent network isolation and probably a wealth of extra features you do not need yet. 100Mb should be enough for your cameras so you can currently find those in the trash if you get lucky and for very few $$ otherwise.

for such use cases, i'd probably either try to find a 4 ports mini router or raspberry and use unmanaged switches for each LANs, or stick with a 1/2 ports mini-computer and buy or trash-pick an old managed switch. also note that an old vastly underclocked athlon and motherboard directly screwed on the wall with no fan would easily power your network as well.

another reasonably nice solution would be to use an old mobile phone's wifi for the cameras. use the share wifi functionality. as an extra benefit, you can throw in a 3G card and failover on the mobile network when needed, and/or configure a bunch of additional wifis from your neighbors
peispudTech

Author

Commented:
Thank you for your responses.  Each is well informed, but I think that I will go with Robert's solution.

But I would like some clarification please.

As I said,  I have wireless mesh network  (Lynksys Velop),  so I have shut off the WIfi from the telecom router.  So, I presume that the Lynksys Velop should be on a VLAN?

Also,  I would like to do my own routing.  This way,   if for any reason a Bell tech comes out and replaces / resets their router,   then nothing would change on my network.  Ie.  firewall, DNS setting, port forwarding etc.
I would appreciate a comment on this as well please.
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

if you really want to setup vlans, you need an actual manageable router/firewall. it is pointless to setup vlans if you're going to hook them to a non managed router without firewall capabilities. do you own such a piece of equipment ?

you either need to buy one, or first take a look at the capabilities of your existing equipment. maybe the velop comes with limited but sufficient firewall capabilities. maybe your home router does. one vlan for the velop, and another for the cameras seem reasonable, but not your only option.
peispudTech

Author

Commented:
ok,  so  I would like to buy a non expensive manageable router / firewall.   Could you recommend one?
i cannot really recommend a commercial minirouter i have actual recent hands-on experience with. note that most said routers have VERY LIMITED firewall capabilities.

an alix box running pfsense would do the trick quite nicely
http://www.mini-box.com/ALIX-boards

or possibly have a look at the hardware list of openwrt
https://openwrt.org/supported_devices

or maybe a small ubiquity/zyxel/...

 or possibly an actual commercial old firewall. i have seen a fortinet60 for sale for 20€ recently. that would be more than enough for your needs.

my personal choice would be a small box such as soekris, alix, or maybe a raspberry PI running pfsense/opensense
peispudTech

Author

Commented:
Thank you both for your help.
I bought a Ubiquiti EdgerRouter X and a  NetGear 16 port managed plus POI  (JGS516PE)  switch.
I considered buying 2  * 8 port switches (1 managed & 1 unmanaged) per Robert, but needed to wife-proof this. (Needed to look professional).

I will start with this setup.
skullnobrains ---  I will be looking into your suggestions more as well.  You showed me a whole new area that I knew nothing about.

Thank you.
that should do the trick : the ubiquity supports VLANs and has the required firewall capabilities. and many others

the managed switch should allow you to setup different vlans. you'll probably throw in a third one for administration of all the network equipments, possibly on a dedicated port so all admin tasks require physical access to the ubiquity router.

feel free to ask in this thread if you run in any trouble setting the whole thing up.
peispudTech

Author

Commented:
That is very generous of you.  

Thank you.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial