[tonymet]

Thanks this is a great idea.

One compromise would be to add an extra hop (like a raspberry pi ) to the IOT vlan, and install snort there. That way I could retain my primary router (currently Ubnt ERX).

Great tip!

[Elora]

Are you running stock firmware on the ERX and are you happy with it? Looking into potentially setting one up as well, any resources you could recommend for making best use of one?

[tonymet]

Yep I use the stock /latest 2.x firmware. It includes a wizard to set up the lans, nat and firewall .

I recommend the 2 vlan setup and disable switch0 for the best performance .

It's a step up from consumer routers with more powerful firewall, qos, and configuration .

Ubiquitis docs are great

https://help.ui.com/hc/en-us/articles/115002531728-EdgeRoute...

[Elora]

Thanks for this! What came out of that major breach they had earlier this year? Since I wasn't part of their ecosystem I never followed up.

[teitoklien]

Yush, that works great too :D,

Happy tinkering ^^ and merry christmas