Switch with QOS for home network

[PanchoVilla]

I want to replace my home network (VirginMedia 100) with the following:

MODEM -> 8-port Switch -> WIFI AP

I'm thinking that DHCP will be on the switch side, and I want to be able to setup CAKE QoS on the switch.

Also, I hope to be able to update the hosts file on the Switch for adblocking across the network.

Is this possible, and are there any switch recommendations?

 

[ChrisD.]

Are you sure it's not a router/firewall that you're after?

 

[PanchoVilla]

Are you sure it's not a router/firewall that you're after?

Sorry, yes, getting confused as most routers have wifi also. My current setup is as follows:

MODEM -> Edgerouter X -> Asus router/AP

My wifi on the ASUS is being flaky and thought I would upgrade. I have a Uqbuiti Amplifi Instant mesh ap sitting around, but I need 5 lan ports so the ER-X won't work.

I have QoS setup on the Edgerouter, and I manually update the ASUS hosts file periodically with an adblocking host file. So all devices connected to the ASUS have some adblocking.

 

[Steveocee]

A MikroTik will do what you want. They’re about to launch a new hex model which will do everything you need and more.
In a recent version they’ve brought in adlists as part of dns package as well.

 

[PanchoVilla]

A MikroTik will do what you want. They’re about to launch a new hex model which will do everything you need and more.
In a recent version they’ve brought in adlists as part of dns package as well.

Thanks. If it is the HEX Refresh, then it only has 5 ports resulting in 4 available lan ports. I need minimum of 5 lan ports (4 for pc's, 1 for AP) and possibly 1 more for a network printer.

 

[ChrisD.]

Thanks. If it is the HEX Refresh, then it only has 5 ports resulting in 4 available lan ports. I need minimum of 5 lan ports (4 for pc's, 1 for AP) and possibly 1 more for a network printer.

You could just get an unmanaged switch if you need more LAN ports.

 

[PanchoVilla]

You could just get an unmanaged switch if you need more LAN ports.

Then then setup would be better:
MODEM -> AP -> Switch

But I'm not sure if the that would work - AP's don't have CAKE QoS etc.

 

[ChrisD.]

Then then setup would be better:
MODEM -> AP -> Switch

But I'm not sure if the that would work - AP's don't have CAKE QoS etc.

Modem > Router/Firewall > Switch > AP.

 

[Ad_Augendae]

A MikroTik will do what you want. They’re about to launch a new hex model which will do everything you need and more.
In a recent version they’ve brought in adlists as part of dns package as well.

My hAP ax2 gets hammered by the Kids and we hardly notice with FQ_Codel 250/25 hAP ax has 5 ports, but as said, put the switch after the router.

Edit: Also using DoH with add blocking!

 

[Steveocee]

Thanks. If it is the HEX Refresh, then it only has 5 ports resulting in 4 available lan ports. I need minimum of 5 lan ports (4 for pc's, 1 for AP) and possibly 1 more for a network printer.

Rb4011?
Rb5009?
Either of those fit the bill?

 

[SpellowHouse]

I didn't read much of the thread, so forgive me if I am way off here, but if you upgrade the ASUS router with Merlin, it has an implementation of Cake. I know, I run it myself. Works extremely well.

 

[Avalon]

I didn't read much of the thread, so forgive me if I am way off here, but if you upgrade the ASUS router with Merlin, it has an implementation of Cake. I know, I run it myself. Works extremely well.

Depends on the ASUS router, only the non modem versions have any chance of support for 3rd party firmware, and need to be in support with ASUS for Merlin to continue to support them, which leads us back to running actual *WRT.

Op, the only thing thats clear from your posts is that you don’t know what you want, let alone how to achieve it. Give us actual useful details like what the routers in play are, nobody buys a router for more ports, they buy a switch, you run QoS on the router, filtering is more at home on the router or something like pihole (can always docker it if you have a suitable host), but if the actual issue you want to deal with is better wifi, then look at AP’s or hard wired MESH.

 

[PanchoVilla]

Thanks Avalon/all for reading.

This is what I want to connect to a router:

4 wired PC's (2 cables are separately connected to a switch for a PC and XBOX)
1 AP (I have a Ubitquiti Amplifi mesh AP, so the second AP will be downstairs)
1 LAN connected printer (can be USB connected to the router as it is currently)
12 Wireless devices (phones/tablets/laptops)

I currently have a Ubiquiti ER-X coming off the Virgin Media Modem, and an ASUS WIFI router coming off the ER-X. There is QoS enabled on the ER-X, so all devices are under QoS. I am using the LAN ports on both the ER-X and ASUS.

I have 100Mb/20/Mb Virgin Media.

Because QoS on the ER-X only works up to about 100Mb, it is almost sufficient for my current service.

Because my ASUS wifi is flaky, I wanted to use my Ubiquiti Amplifi, but I would need to get an extra switch as the ER-X does not have enough LAN ports. My thinking was that I could replace both my ER-X and the ASUS with a better router (8 lan port) and connect the Ubiquiti AP on to that.

If I add an extra swith to my ER-X and add the AP on to that, I will end up with 3 devices - and I am already using 11 power sockets near my desk.

 

[SpellowHouse]

What is the ASUS? What model?

 

[PanchoVilla]

What is the ASUS? What model?

It's very old, RTN66U - has Merlin OS on it (no longer supported). I kept it going, tried newer routers from NETGEAR, but coverage was not as good.

 

[Avalon]

Lets deal with this logically. Your router and Asus AP are relatively ancient, the N66U is something like 12 years old at this point and it’s no surprise the wifi is flakey, its very surprising it still works at all tbh. Consumer routers with 8 ports are just not a thing, the reason for that is it’s about a tenner to buy a switch, and people who want more ports do that rather than everyone paying for extra ports they don’t need.

How much do you want to spend? Amplifi is essentially a dead end at this point, but still has a resale value for those invested in it/in denial. VM also over provision connections by roughly 6%, I can’t remember what the ERX tapped out at, but if you are OK with whatever it’s doing, then who am I to argue?

Flint2 (£120) - OpenWRT based (like the ASUS) but with massively more CPU/RAM/better wifi and the option of running a vanilla OpenWRT build, so not tied into a commercial lifespan, it will be supported for as long as it can be.

Unifi Express (£120) - It’s Unifi, but without IDS/IPS, includes a Wifi6 AP, 1 port LAN though, so needs a switch.

The UCG Ultra is cheaper (£90), has IDS, 2.5Gb WAN and 4x1Gb LAN ports, but no AP, this would be my preference, wifi probably being as many cheap NanoHD’s (£40-50) as you like. You could also go with a Mesh option, but make sure you hard wire the nodes.

Switch wise, TP Link metal enclosure units tend to be my default, they are inexpensive, work well and last longer than Netgear etc.

All of those are based on what you have said you are used to rather than the steep learning curve of trying to manage a Mikrotik (though that has got a lot better in recent years), other options are also equally valid, but its up to you how much you want to re-learn.

 

[PanchoVilla]

Thanks Avalon. I think I will try the Flint2 and use my ER-X as a switch for the other LAN ports. If the WIFI is not as good as my current ASUS then I'll try my Amplifi or sell it and get some better AP's.

Please excuse my ignorance, but should I be worried about custom firmware on the Flint2 with regards to sensitive data on my local PC's? Banking connections are SSH so that should be ok, but what about sensitive unprotected document files on the lan?

Cheers again for your detailed reply. Has helped me a lot.

 

[Steveocee]

Thanks Avalon. I think I will try the Flint2 and use my ER-X as a switch for the other LAN ports. If the WIFI is not as good as my current ASUS then I'll try my Amplifi or sell it and get some better AP's.

Please excuse my ignorance, but should I be worried about custom firmware on the Flint2 with regards to sensitive data on my local PC's? Banking connections are SSH so that should be ok, but what about sensitive unprotected document files on the lan?

Cheers again for your detailed reply. Has helped me a lot.

Don’t use the ERX as a switch! I think the ports are individually connected so all traffic goes through the CPU which drops performance massively.

 

[PanchoVilla]

Don’t use the ERX as a switch! I think the ports are individually connected so all traffic goes through the CPU which drops performance massively.

Thanks - I've bookmarked a TP Link SG108 Steel Case switch currently on pre-order here.

 

[Avalon]

Thanks Avalon. I think I will try the Flint2 and use my ER-X as a switch for the other LAN ports. If the WIFI is not as good as my current ASUS then I'll try my Amplifi or sell it and get some better AP's.

Please excuse my ignorance, but should I be worried about custom firmware on the Flint2 with regards to sensitive data on my local PC's? Banking connections are SSH so that should be ok, but what about sensitive unprotected document files on the lan?

Cheers again for your detailed reply. Has helped me a lot.

Not really, it’s basically OpenWRT with a few minor tweaks, and the company behind if has been known/loved by the WRT community for a long time. If anything, I would be more worried about the ASUS, they have a quite unfortunate history when it comes to security.

Oh, and Steveocee is correct, you basically have 1Gb of bandwidth in each direction on the ERX as it insists on doing everything in software, a reasonable TP Link can be delivered same day/next day for very little.