HI all,
Compliments of the season & a happy new years to all!
I'll be traveling soon and I'd like to have my own portable "router swiss arm knife" of sorts. One that is hopefully cheap (<$200) and in stock at reasonable pricing, if I do need to replace it.
Here are my thoughts so far, any suggestions in terms of router / anything I've missed / features to add / security to add, would be greatly appreciated!
Ideal Router:
1) A single router (HAP AC2/AX2/AC3/5xxx). Currently I have a HAP AC2 and AC3.
2) Ideally small and light.
3) Can be powered over PoE / standard 5-12V DC barrel jack via a wall plug or mains.
4) Can be powered using a power-bank (Romoss 30k mAh) + USB B 5V to 12V .
5) Can be powered using a laptop + USB-B 5V to 12V converter.
6) WAN - Eth1, WLAN client, USB (Android LTE phone).
6.1) 4 LAN ports minimum. Ideally 5.
7) VPN Client / Server.
Wireguard / ZeroTier / Talescale support.
9) QoS
9.1) Main LAN - 1.VoIP ; 2. HTTPS/HTTP/SSL/browsing ; 3. Streaming (YT,NF,Spotify etc).
9.2) Guest LAN - 1. " " 2. " ". 9. Streaming " " .
Basic Setup: - I'm assuming I'll get atleast 10/10Mbps internet connection in most locations, anything more is a bonus. I'll just have to adjust my QoS Egress/Ingress limits accordingly.
1) WLAN1 2.4 SSID-001 = Station/Client mode, so it can connect to an Access Point, get a IP & pass internet through to the clients (my phone, laptop).
1.1) WLAN1 2.4 SSID-002 = IoT / Guest SSID (Pi etc) = ACL for my devices.
1.1.1) Bandwidth limit = 2Mbps
2) WLAN2 5.0 SSID-001 = My Wifi = ACL for my devices.
2.1) WLAN2 5.0 SSID-002 = Backup Wifi = ACL for my devices.
3) ETH1 = WAN
3.1) ETH2 = Direct to internet?
3.2) ETH3-4 = Bridged ; Main Bridge incl WLAN2 5.0 SSID-002 & 003.
3.2.1) ETH5 = PoE out to VoIP phone ; Isolate port/DHCP ; Bandwidth limit = 2/2Mbps
3.2.1.1) ETH5 QoS = 1. VoIP ; 2. HTTPS/HTTP/SSL/browsing
4) Limit access by MAC address / IP / both ?
5) Firewall rules to protect from Bridge-hopping/visibility? Layer with MAC access lists?
Bonus:
1) PoE Out - could always get a PoE injector /
2) Can be powered using a power-bank and a USB-C / PD port + cable/adapter to 12V DC.
3) No additional Natting / Double Natting.
4) Minimize Buffer-bloat ? Relevant if not core site router?
5) Containers for PiHole / Adguard ; Uptime Kuma ; CloudFlare Tunnel ;
6) Some basic IDS/ISP - How would this impact performance vs relying on the ACL lists? Might be overkill....