Peplink Router Selection for a Home LAN and IoT Devices

A retired buddy and I are researching networking hardware for personal use. I don’t have an IT background, but as an aerospace professional, I’ve worked with PC’s since 1983, when an IBM PC XT was placed on my desk. Lacking a clue what to do with the XT’s blinking cursor, out came the DOS book. I have also spec’d and built PC’s from the ground up. On the other hand, my buddy is a retired IT professional in the programming and project management realm, as opposed to networking.

So, between us, we are trying to learn enough to select a router and AP’s for my new home’s LAN; learning enough to be able to create a DMZ for IoT devices. Thus, a router with multiple SSID/VLAN capabilities was our primary requisite. As such, Ubiquiti and Peplink routers both came to occupy the number 1 position on our priority list.

After VLAN capability, our 2nd. priority was ease of setup. For techy, but networking neophytes, it appears that either the Ubiquiti or Peplink may be similar in their levels of difficulty. However, Peplink appears to win out; because if we get in a bind, reviews suggest Peplink’s access to support is better.

With the information found, I believe we can get either of the two company’s routers up and running. The question then becomes one of security and the “walling-off” of IoT devices. Is there a primer available for residential consumers wanting to do as we? If we provide a sketch of our proposed network topography, is this a place to obtain a critique of same and to obtain some specific recommendations and perhaps UI/programming instructions?

Obviously, I’m looking for your thoughts on our endeavor.

If we go with Peplink, the Surf SoHo and Balance One are contenders. RouterSecurity.org contains a substantial amount of networking security data; with Peplink being the router of choice. Because the Balance One is twice as costly as the Surf, the Balance One is only being considered for future proofing, from a speed perspective. I believe I will start off with a 150Mbps connection. Does spending the extra solely for the Balance One’s speed (vs the Surf), make sense?

We intend to incorporate AP’s in our install. Because of this, would a Wi-Fi radio in the router, be an advantage, disadvantage or a neutral? That is, will the Wi-Fi play nicely with the planned ceiling-mounted AP’s, if they are Peplink ones? How about if they’re from a different manufacturer? In this case, or even in the case of Peplink’s AP’s, might transitions between ranges not “hand off” as smoothly as if a router lacked a Wi-Fi radio?

The router will reside in the structured wiring area in the basement finished area. So I assume Wi-Fi could be dished by the router for the partially finished walk-out basement. Thus, the AP (or AP’s) will be above the basement, on the main floor (2,700 sq.ft.). Fiscally, it would make sense to use the router’s Wi-Fi radio. Is there any reason why we shouldn’t get a router with Wi-Fi, or turn it off, if it has Wi-Fi? Might it perform its routing duties better, more expeditiously without a radio, or with it turned off?

If we go with a Peplink router, Peplink’s AP’s (One AC Mini) would seem to make sense as they would appear to be easily managed by the Balance AP controller. Other than speed, would that be a reason to choose the Balance One over the Surf SoHo?

Again, any pre-purchase recommendations or suggestions would be more than helpful.

Good Afternoon
You have definitely had a good think about this and are on the right track.

My suggestion would be;
Peplink Balance ONE Core (no wifi)
Pepwave AP ONE Mini (or Enterprise)

You number of wifi access points will depend on many factors like wall thickness, material and speeds required in each room. For 2,700 sq.ft, I would be recommending 2-4 APs per floor

The Pepwave APs would be controlled by the AP controller in the Balance ONE Core which supports “Fast Transition”

One big advantage of using the Pepwave APs controlled by the Balance is that you have one management interface for your router and wifi which makes things nice and simple.

Peplinks routers are secure if you have them configured correctly.
If you are really concerned about security, you might want to consider an active/dynamic firewall like the one offered by Untangle which would sit transparently on your LAN between you Peplink router and all other devices on your network. They offer a “Home Edition” for a very reasonable price.

Hello @Audiophile,
In addition to @SamuelNorris comments we have some additional thoughts for you.

Peplink/Pepwave equipment can be managed at both the local device level and just as well via Pelink’s InControl2 cloud platform. There are mixed views here in the forum on using cloud management so at the end of the day you can make your own informed decision based on what you find here. For our business and customer support the InControl2 platform alongside the Peplink/Pepwave range has hugely simplified our support and improved the support we can offer to clients so we lean towards InConrol2 with every system we deploy/supply.

To help you with your research have a look at this guide in the forum on how to setup InControl2

You can also do a search in the forum for “InControl2 Setup Guide”.

In terms of the security side of InControl2, if you setup InControl2 with enforce 2FA (2nd Factor Authentication), use InControl2 to randomise all admin device passwords and switch off the WAN management of the devices, then your systems will be very secure and easy for you to monitor remotely should you desire.

You are most welcome to share a network topology of your planed network here, if you are using IoT devices in your network you way wish to consider using VLANs, setting up VLANs with InControl2 using the guides here in the forum will get you well beyond the basic of VLANs without needing a networking degree.

Finally I recommend reaching out to your local Authorised Peplink Partner for specialised assistance.

Your local Certified Peplink Partner can help you with all sort of good quality information and support, as a bonus you will find they have a diverse background so will have differing ideas that my also help you along the way. For myself I am part of the team of Peplink Partners looking after Australia & New Zealand, we all know each other and with Peplink’s support work to support the region, your local Peplink Partners will be doing the same in your region.

Like you have already discovered, the Peplink Forum is here also for questions for when you have them.
Happy to Help,
Marcus

A lot going on here

I am not a fan of creating a DMZ for IoT devices. I think its safer to keep IoT devices behind the router firewall but isolate them in a VLAN. This can not only isolated them from trusted devices but also from each other and from the router interface too. See this page for more

I have no experience with business class Ubiquiti hardware but I have used their consumer AmpliFi mesh system. I was not impressed.

Nothing anywhere that I have seen, discusses using a Surf SOHO with an AP, so the Balance One seems a better fit.

APs require Ethernet connections to the router and you didn’t say if that was available. If not, then you need a mesh system where each mesh point can talk to another mesh point to extend the WiFi from the basement to 2nd or 3rd floor. The higher floors would be slower.

To use APs rather than a consumer mesh system you might use Ethernet over coaxial cables (MOCA) which is said to be very fast (no personal experience). Or, Ethernet over powerlines.

Thanks Michael234. Actually, the new house has approximately 30 CAT 6 and 7 drops. So, we have plenty of Ethernet locations for AP’s, including a ceiling position on the main floor. I probably overdid Ethernet drops, but why not, while the walls are open.

Thanks for the IoT device isolation information. Obviously, after seeking routers with VLAN capabilities, I was led from consumer hardware to SOHO and found Peplink etc. And yeah, an audio related forum poster directed me the RouterSecurity website several months ago. It as you suggested, is a very good read. I learned a “ton”, but I have many more tons to actually digest and comprehend. As with most things to the uninitiated and inexperienced as I, networking is a dark, but challenging art. So, I appreciate your input as well as everyone else’s.