Also, I want to split off all the IoT stuff (smart plugs, Echos etc) onto a VLAN because it makes me nervous having them on my LAN. I could do with another WiFi AP too (needs to support VLANs and multiple SSIDs) although I might get away with using what I already have.
So, I'm looking at the routers in the title. Any comments on which would be most suitable, if any are overkill or whatever would be appreciated. Budget is of course small, as always, but I can just about afford the RB850Gx4 if that was 'needed'. The hAP AC2 is looking the best bet to me so far though as it also ticks the AP box (assuming it can do multiple VLANs/SSIDs - surely it can but I'm off to read the manual now.)
This is what I do/have/want to achieve:
- Home user, heavy use, frequently saturate my internet connection. A bit of a networking geek and occasionally run external services, but only occasionally.
- Have two storage NASs; three HiDef IP security cameras on constant record to a third NAS; occasional Netflix; many PCs and other devices but there's only my wife and me live here so most are not on all the time; occasional offsite connection in via VPN to access my NASs and virtualized HP server.
- 80Mbps/20Mbps internet connection (FTTC, modem in bridge mode; the 850 does the PPPoE etc.)
- /29 routed IPv4 subnet. The 850 firewalls/routes some of that off into a DMZ, static NAT for a PC and a server and PAT for the rest.
- HE IPv6 tunnel terminating at the 850 (my ISP is not IPv6 yet).
- Cisco L3 gigabit main switch.
- Three VLANs: Main LAN (wired and WiFi), DMZ, IoT WiFi LAN (to be added, replacing my Cisco lab VLAN which is going).
- Firewall to route/allow connections from Main VLAN to IoT but not allow initiating a connection from IoT to Main.
- The VLANs are currently done on the Cisco switch; the 850 is not VLAN aware but simply connects each subnet with one socket to the switch.
- Two Wifi VLANs/SSIDs on each band (Main Lan and IoT).
- I would like a switch chip in the router capable of hardware VLAN offload, in case I want to configure my VLANs on the router itself with both access and trunk ports.
- Currently I have one port on the router (in a bridge with the Main LAN port to the Cisco switch) wired to my 'main' PC, the intention being that everything else on the LAN can fail but as long as my modem and router are working, I still have a working PC. That PC is often involved in large file transfers so must have wire Gb speed through the router to the rest of the LAN.