IoT Router
October 18, 2017 8:41 PM
We are beginning a new home remodel. This will result in installation of a lot of IoT things. Our router is an OLD Mac Airport Extreme from the Cretaceous. It only does 802.11 a, b, and 5GHz bands.
It will not be able to handle the # of simultaneous users. Also, because IoT devices are notoriously insecure I'd like a way to protect them, or segregate them into their own zone, so that any malware in them can't see our laptops, etc. (We both work from home a fair bit).
I'm looking at things like the Norton Core. Range of the wifi from the router is the least of our considerations because we have 3 POE access points strategically placed for coverage.
It will not be able to handle the # of simultaneous users. Also, because IoT devices are notoriously insecure I'd like a way to protect them, or segregate them into their own zone, so that any malware in them can't see our laptops, etc. (We both work from home a fair bit).
I'm looking at things like the Norton Core. Range of the wifi from the router is the least of our considerations because we have 3 POE access points strategically placed for coverage.
How technical are you, and how comfortable are you with detailed configuration? I've never even heard of the Norton Core, so I can't speak to that. But I have all Ubiquiti network gear in my large house with gobs of IoT, and I am very happy with it. You can put the IoT stuff on a separate VLAN if you want. Within Ubiquiti's lineup, that will be easier if you stick with all Unifi (access points, switches, and router).
Also, if you're going to have multiple access points, you really should go all the way and have a non-wireless router. Separate the concerns. Routers do routing, access points provide wifi.
FWIW, I personally don't bother keeping my IoT stuff on a separate VLAN. I have considered it at times, but it adds some substantial complexity, and some things make assumptions about all being on the same subnet. I'm sure it can be worked out (people do it), but I decided that the risk profile didn't make it worth the hassle for me.
posted by primethyme at 9:16 PM on October 18, 2017
Also, if you're going to have multiple access points, you really should go all the way and have a non-wireless router. Separate the concerns. Routers do routing, access points provide wifi.
FWIW, I personally don't bother keeping my IoT stuff on a separate VLAN. I have considered it at times, but it adds some substantial complexity, and some things make assumptions about all being on the same subnet. I'm sure it can be worked out (people do it), but I decided that the risk profile didn't make it worth the hassle for me.
posted by primethyme at 9:16 PM on October 18, 2017
Also, I guess I don't know what specific IoT devices you have, but unless they're a bunch of cameras sending video to a cloud service, I think you may be dramatically overestimating how much traffic they generate. I do not think that bandwidth or router processing power will be your biggest concern.
posted by primethyme at 9:18 PM on October 18, 2017
posted by primethyme at 9:18 PM on October 18, 2017
Ubiquiti Security Gateway, AC PRO access points, Cloud key, 4 or 8 port switch. All managed, regular updates, single user interface - segregate as needed.
posted by iamabot at 9:27 PM on October 18, 2017
posted by iamabot at 9:27 PM on October 18, 2017
Should have added. I'm very comfortable managing tech. Our current APs are enterprise class and not consumer-friendly. I handle them no problem. I have done IT work in the past.
So far 2 votes for Ubiquiti gear. Thanks!
posted by BrooksCooper at 9:38 PM on October 18, 2017
So far 2 votes for Ubiquiti gear. Thanks!
posted by BrooksCooper at 9:38 PM on October 18, 2017
Really hard to beat Ubiquiti on price/performance, and their gear is also technically solid and well supported; there's very little not to like.
About the only other vendor of proper wireless routers that people who do this for a living get really attached to is MikroTik. Personally I have not used them because I am allergic to licence management; Ubiquiti's rules are simpler.
posted by flabdablet at 9:49 PM on October 18, 2017
About the only other vendor of proper wireless routers that people who do this for a living get really attached to is MikroTik. Personally I have not used them because I am allergic to licence management; Ubiquiti's rules are simpler.
posted by flabdablet at 9:49 PM on October 18, 2017
Sorry for so many posts here, but my only other suggestion is that if your budget is high enough, you might consider Meraki. It is MUCH more expensive than Ubiquiti, which is why I don't use it in my house. But I have used it in business settings, and it's extremely nice. The management software is a lot slicker than UniFi. But on top of the hardware cost, you have to pay ongoing license fees for the software, so be aware of what you're getting into if you go down that path.
I also concur with iamabot that if you choose Ubiquiti, get the Cloud Key. It's tempting to run the controller on a spare computer, or in AWS or something, but the Cloud Key is cheap and I found that it substantially simplified my setup (e.g. upgrades are much easier than when I was running it on my own computer).
posted by primethyme at 9:56 PM on October 18, 2017
I also concur with iamabot that if you choose Ubiquiti, get the Cloud Key. It's tempting to run the controller on a spare computer, or in AWS or something, but the Cloud Key is cheap and I found that it substantially simplified my setup (e.g. upgrades are much easier than when I was running it on my own computer).
posted by primethyme at 9:56 PM on October 18, 2017
if you're going to have multiple access points, you really should go all the way and have a non-wireless router. Separate the concerns. Routers do routing, access points provide wifi.
Also this.
My own house runs on cheap D-Link managed switches that understand 802.1Q VLAN, with all routing, firewalling, DNS, DHCP and whatnot done by an ODROID-XU4 running a stock Debian Testing userland on an Armbian kernel. I haven't used a specialist router OS on the ODROID because I'm unaware of one that suits my purposes better than a general purpose Linux command line environment.
As home router hardware goes, the XU4 is almost comically overcompetent and still manages to consume well under 5 watts most of the time.
posted by flabdablet at 10:10 PM on October 18, 2017
Also this.
My own house runs on cheap D-Link managed switches that understand 802.1Q VLAN, with all routing, firewalling, DNS, DHCP and whatnot done by an ODROID-XU4 running a stock Debian Testing userland on an Armbian kernel. I haven't used a specialist router OS on the ODROID because I'm unaware of one that suits my purposes better than a general purpose Linux command line environment.
As home router hardware goes, the XU4 is almost comically overcompetent and still manages to consume well under 5 watts most of the time.
posted by flabdablet at 10:10 PM on October 18, 2017
Another vote for Ubiquiti gear. I run an EdgeRouterX and a Unifi Pro AP. Zero complaints, though I'm not doing anything too complex. I know it could if I needed it to, though!
posted by Alterscape at 6:02 AM on October 19, 2017
posted by Alterscape at 6:02 AM on October 19, 2017
Personally I have not used them because I am allergic to licence management
FWIW, that only comes into play if you're building your own equipment, otherwise "RouterBOARD devices come preinstalled with a RouterOS license, if you have purchased a RouterBOARD device, nothing must be done regarding the license."
posted by Nonsteroidal Anti-Inflammatory Drug at 7:34 AM on October 19, 2017
FWIW, that only comes into play if you're building your own equipment, otherwise "RouterBOARD devices come preinstalled with a RouterOS license, if you have purchased a RouterBOARD device, nothing must be done regarding the license."
posted by Nonsteroidal Anti-Inflammatory Drug at 7:34 AM on October 19, 2017
If, as you say, your current APs are enterprise-class, why not complete the picture by getting an enterprise-class router to go with them such as a Cisco 3825 or 3925?
posted by Juffo-Wup at 10:05 PM on October 19, 2017
posted by Juffo-Wup at 10:05 PM on October 19, 2017
This thread is closed to new comments.
posted by BrooksCooper at 9:15 PM on October 18, 2017