Okay, I’ll warn you up front, this is going to get a bit convoluted.
I currently have an older router (running Tomato) with 4 LAN ports that are separated into two separate VLANs, both of which can hit the internet (get out on the WAN), but cannot see each other (no cross traffic). And that’s the idea. One VLAN is considered trusted and the other is untrusted.
Most of my home’s wired network jacks are on the trusted VLAN, along with two APs (for whole house coverage). The untrusted network is for guests and for devices that need access to the internet but have no business on my primary VLAN with my file servers (e.g., Amazon Echos, FIOS STBs). That untrusted VLAN has a third AP just for untrusted wireless clients.
I want to upgrade to a more modern set of network devices (my router and APs are all 10+ years old) and simplify it if I can. I like the idea of a Peplink router that can control separate Peplink APs from the same dashboard. That said, I don’t need dual WANs. The Surf SOHO Mk3 looks good, but it’s not clear to me if it can control remote APs (like the AP One AC Mini) as seemlessly as the Balance routers can. If it can’t, I’d be tempted to get the non-wifi Balance router and just get separate APs to keep life simple. If it can, then I might need one fewer AP.
So I suppose that’s my first question - can the Surf SOHO Mk3 control remote APs the same as the Balance routers?
Either way, I also need to figure out how many APs I need. Right now I have 3:
- Trusted in basement
- Trusted two floors up at bedroom level
- Untrusted also two floors up on bedroom level
If I buy something like the AP One AC Mini for my top floor, can it accept traffic for two separate (and isolated) VLANs…and can those VLANs also have wired assets on them?
To clarify, what I want:
- Define two VLANs on the router and assign specific router LAN ports to them (e.g., eth1 & 2 are trusted VLAN; eth 3 & 4 are untrusted VLAN)
- Have one or more APs somehow on the same wired network, where each AP supports two SSIDs, where one SSID is tied to the trusted VLAN and the other SSID is tied to the untrusted VLAN
If so, what LAN ports would those APs be connected to? One of the VLANs defined above or a third VLAN?
Or would I need to do what I am doing now - drop one AP on the wired network for the trusted VLAN and drop another AP on the wired network for the untrusted VLAN.
And if any or all of this is possible, does it drive me toward the Balance instead of the Surf SOHO?
And if you got this far, I owe you a beer.