Greater seperation between wired and wireless networks

[off wave surfer]

I have a pretty generic home network, coaxial modem to WiFi router with 2 wired devices, I've been thinking of getting some new networking hardware and I was wondering is there a particularly feasible and efficient way of separating the wireless and wired networks into two completely different networks or subnets? Although I'm unsure if such an arrangement would provide either network type with any benefit, my main issue is whenever the rest of my family are all using the WiFi my wired speeds slow down, sometimes to a halt for downloads and sometimes just a few Mb/s. If this isn't really feasible would prioritisation like QoS give a similar result?

 

Thanks in advance for any help and advice

[mattk]

QoS would be your best bet, if you have the option to do it by VLAN that would be the easiest to manage imo.

[off wave surfer]

2 minutes ago, mattk said:

QoS would be your best bet, if you have the option to do it by VLAN that would be the easiest to manage imo.

Thanks, I've been considering both but wasn't sure, any recommendations on QoS and VLAN capable routers?

[Bittenfleax]

Have a look at pfSense. It is an open source router/firewall software. The only thing you have to do is supply the hardware - any x86/x64 processor based system! You do not need a lot, for example 4GB of memory, 1GHz CPU. The only expensive part is the network card. In your case you would need a 4-port Gigabit PCI-e network card. Because 1 port is the WAN (Outside connection), other is LAN and the other is the WLAN (Wireless LAN separate to the normal LAN).

 

I find it really fun trying to deploy it. And the learning curve and knowledge you gain is great. It has so many different features that you can try and learn about.

[off wave surfer]

1 minute ago, Bittenfleax said:

Have a look at pfSense. It is an open source router/firewall software. The only thing you have to do is supply the hardware - any x86/x64 processor based system! You do not need a lot, for example 4GB of memory, 1GHz CPU. The only expensive part is the network card. In your case you would need a 4-port Gigabit PCI-e network card. Because 1 port is the WAN (Outside connection), other is LAN and the other is the WLAN (Wireless LAN separate to the normal LAN).

I have been looking into pfSense but to my dismay I'm very limited in terms of space and I've found small enough systems, probably ITX, are out of my price range. I will definitely experiment with pfSense one day though!

[Bittenfleax]

Just now, off wave surfer said:

I have been looking into pfSense but to my dismay I'm very limited in terms of space and I've found small enough systems, probably ITX, are out of my price range. I will definitely experiment with pfSense one day though!

Ah, fair enough. I managed to make a really small ITX (size of 2 PS4 slims on top of each other) build for £150. You could do it for £100 with second hand parts.

 

But if that is too much, then yeah fair enough. You can always install it as a VM on your computer if it is powerful enough to have a go at it - but obviously not possible for the real thing, just for testing. It is great to learn with.

[off wave surfer]

2 minutes ago, Bittenfleax said:

Ah, fair enough. I managed to make a really small ITX (size of 2 PS4 slims on top of each other) build for £150. You could do it for £100 with second hand parts.

 

But if that is too much, then yeah fair enough. You can always install it as a VM on your computer if it is powerful enough to have a go at it - but obviously not possible for the real thing, just for testing. It is great to learn with.

That sounds like a pretty cool build, don't suppose you have a parts list? I might see if I can find used parts to get it cheaper or just save up a bit more.

[Bittenfleax]

19 minutes ago, off wave surfer said:

That sounds like a pretty cool build, don't suppose you have a parts list? I might see if I can find used parts to get it cheaper or just save up a bit more.

I don't have a parts list sorry. I cannot check right now as I am at work however I just bought the cheapest AMD processor + CPU, 4GB memory and a 120GB SSD (because I had it lying around). You can get away with 32GB.

 

However, I got my Gigabit (mine was 2 port, not 4 port like yours would be) network card from eBay. They are cheap and work brilliant. Just make sure it is the right chip, e.g Intel, Realtek as pfSense only supports some. There is a page on there website that says what is supported for network cards.

[off wave surfer]

4 minutes ago, Bittenfleax said:

I don't have a parts list sorry. I cannot check right now as I am at work however I just bought the cheapest AMD processor + CPU, 4GB memory and a 120GB SSD (because I had it lying around). You can get away with 32GB.

 

However, I got my Gigabit (mine was 2 port, not 4 port like yours would be) network card from eBay. They are cheap and work brilliant. Just make sure it is the right chip, e.g Intel, Realtek as pfSense only supports some. There is a page on there website that says what is supported for network cards.

No problem just wondered if you had any specific parts that were particularly cheap and or good for a pfSense box. How does pfSense do with networked printers and the like?

[Bittenfleax]

1 minute ago, off wave surfer said:

No problem just wondered if you had any specific parts that were particularly cheap and or good for a pfSense box. How does pfSense do with networked printers and the like?

What do you mean sorry?

[off wave surfer]

1 minute ago, Bittenfleax said:

What do you mean sorry?

The parts I was just wondering if pfSense runs better on a specific brand or generation of hardware and how well if at all it deals with network connected printers and storage etc? Sorry that was pretty unclear!

[Bittenfleax]

6 minutes ago, off wave surfer said:

The parts I was just wondering if pfSense runs better on a specific brand or generation of hardware and how well if at all it deals with network connected printers and storage etc? Sorry that was pretty unclear!

Haha no problem. For a home network, the different hardware types do not matter at all. Apart from the chip of the network card - like I said before about the drivers. If it is for an enterprise application, then I would be more conscious of what hardware I use, for example dedicated chips for handing encryption on certain motherboards. If you have 100 users or so, it would be good to offload that encryption/decryption onto the chip instead of the CPU. That is mainly for VPN applications however. 

 

NAS and printer wise, it is fine. You can do all the usual good stuff like setting static IP's to them. Giving them aliases etc. 

 

So overall for a home network, all you need to do is build a functioning PC with a network card.

[off wave surfer]

2 minutes ago, Bittenfleax said:

Haha no problem. For a home network, the different hardware types do not matter at all. Apart from the chip of the network card - like I said before about the drivers. If it is for an enterprise application, then I would be more conscious of what hardware I use, for example dedicated chips for handing encryption on certain motherboards. If you have 100 users or so, it would be good to offload that encryption/decryption onto the chip instead of the CPU. That is mainly for VPN applications however. 

 

NAS and printer wise, it is fine. You can do all the usual good stuff like setting static IP's to them. Giving them aliases etc. 

 

So overall for a home network, all you need to do is build a functioning PC with a network card.

Ah yeah I was thinking a bit over the top having ideas about some crazy home VPN and unneeded levels of encryption! Thanks for all the advice though been meaning to at least try pfSense for a while now!