Separate names with a comma.
Discussion in 'Networking & Security' started by Jim Kim, Jul 5, 2018.
I've never seen them as enterprise, more like prosumer/smb gear.
Interesting article though, mirrors some of my own experiences over the years and why I try to keep it simple these days. I'd rather spend my weekends doing other stuff than working on my home network.
As someone how is about to move from a condo to a 2000sqft house I’ve really been thinking about this stuff. I already have a erl, es16, 2 ap ac pros. With the pool I am expecting a lot of guest. Plus I think it’s time to put all the iot devices on their own VLAN. I feel like buying a er4 so I can set things up on that ahead of time.
At the same time I like the keep it simple approach.
Do you want to hang out with your guests at the pool or work on your network lol
To be honest it's not that hard. Go with a unifi security gateway and switch with there APs. Set and forget. MY unifi AP gear just works no questions asked. They regularly have 6 plus months of up time till I reboot them to install software
Sure, lacking imagination ( and a healthy sense of sanity preservation ) , it's not that hard.
However...there are so many neat little buttons and features to play with....radius, vlans, guest portals, bandwidth throttling...I've done what the author of that article has done, but the difference is that I know that's the goal; it's not to have a functioning network, it's to play with my toys. A functional network is periphery to the experience, in much the same way a completed lego set was only part of the process of getting a new kit as a kid.
He even over-complicates his article.
Unifi can be set it and forget it, if you go with the KISS rule.
I tried to use an AP-AC-Pro for almost a year, and it was not so “set-and-forget”. The default settings don’t even work properly with iOS devices (something to do with DTIM https://community.ubnt.com/t5/UniFi...onnectivity-loss-with-UAP-AC-PRO/td-p/1431847) and I experienced all sorts of other flakiness, especially around firmware updates and resetting the device. I ended up ditching the Unifi and going back to my cheap TP-Link AP.
Based on my experience with the UAP, I will never purchase another Uniquiti AP. I’m happy with my E-RX though.
setup my home and brothers using unifi gear. sure you can do all the adavnce settings but you can also keep it simple. the key for me it was reliability. once you have invested the initial time to set it up properly you really dont need to do anything else. i have mine running on a ups back up and its been solid. have setup with multiple AP and wired and wireless clients. not to mention their cusomter support is top notch
nothing is perfect for sure. I have heard of the iOS issue. I have about 15 wireless devices from a wife range of manufacturers and everything is bullet proof for me. My 2 in wall ac units work great and because my house was wired only with 2 drops (for phones) this was the best I could do. I get full coverage in my 2500 sqft house
+1 It actually solved issues with my wife's older 6s switching from a Asus AC87 to the AC-HD, I haven't had any issues with any of the iOS devices I own/use or my guests that join up.
Just to be clear, he ran into issues because he overcomplicated the shit out of his network and messed with things he didn’t understand.
The AP-HD is a completely different model, but just out of interest, did you use separate SSIDs for the 2.4 and 5GHz radios?
Of course, I wanted the 4x4 radios and wave 2 because....definitely needed that .
I left them combined, its centrally located in a 2k sq ft two story house though, unless I go outside nothing has to drop to 2.4.
And the fact that having multiple AP’s with decent coverage from 2 AP’s without seamless roaming just plain doesn’t work.
The lack of real seamless roaming on UniFi is the #1 reason I installed 10 unifi wifi networks and then replaced them with open-mesh or mikrotik setups.
wierd have never had any issues with roaming in my 2 unifi APs. Single set of 5ghz and 2.4ghz ssids. Granted you are not alone in this. Unfi gear can be very hit and miss for some people.
I would never use UniFi in a production environment - too many times have I run into functionality breaking bugs when it comes to firmware or even doing simple things like using 40 mhz channels instead of 20.
There's a reason why they are so cheap...
For now, I'm good with a "stable" unifi setup that I never want to touch again, pfsense, and proxmox running all of my VM's. I have plenty of things I can play around with at work.
It's because no one that works with enterprise gear considers UniFi 'enterprise' grade. Prosumer at best
it's more smb gear. I use it at my work because my boss needed affordable wireless with a single way manage everything, radius support, vlan support and guest wifi portal. For it fit bill for way cheaper then anything else and it just works.
I run 3 mesh APs in wired setup and absolutely love them. Have a USG pro as well but it's off as I'm testing PFsense right now.
So glad I live in a small apartment and the 5g wi-fi in the router does the whole apartment and then some. No need for mesh here!
I'm considering testing PFSense...
What gets me is that I'm not up for putting a desktop box 'on the edge'; I have it running in a VM right now to play with it, and that's how I'd want to use it, but I'm not sure how I could do that while running the WAN through the Edgerouter still and not bork things up on the network proper.
What you have are neighbors that aren't crowding your spectrum
Pick up a dual gigabit network card for whatever you have your VM running on.
The current port becomes management, then the add-on card becomes dedicated extranet and intranet connection for the VM, just make sure you run it in a bridge and dont block anything essentially.
Oh, the physical layout is not what bothers me- it's the security side .
Putting all that stuff 'on the edge' logically increases your attack surface, and well, I know just enough to know that I don't know jack shit about securing all of that!
Well a router is just software ultimately. Even expensive ass Chisco crap is just overpriced hardware with software doing all the work. A desktop PC with PFsense is probably and surprisingly more secure than Cisco or juniper etc...better at spam than Barricuda and the list goes on. In fact after using PFsense dir litearally like 2 weeks now I am so in love with the control I have over every literal aspect of my setup that I am about to drop 600 on a Xeon E3 Skylake and ECC eam and a supermicro 1u case and mobo. I have my whole home 100% on express VPN at the router level. All my Rokus are going out my comcast and everything else desktop servers and phones thru expressVPNs openVpn connection 24/7. Sorry for typos.
Just to correct you, one of the MAIN reasons to use Cisco routers is for their HARDWARE ASICS. To be able to support full line speed L3 across all of it's interfaces while supporting all the major peering protocols is no small feet... especially when you are talking about high throughput. The bulk of prosumer grade hardware is all oversubscribed.. even some Cisco hardware is oversubscribed, so you need to know your ASICs and backplanes and how much data throughput you are expecting across.
That said, yes, Cisco definitely charges a premium, and I would agree they overcharge as well, but there are legitimate reasons many many many companies stick with them.
In my defense my reply had nada to do with the pfsense vs. enterprise in the enterprise and you are not wrong for assuming it should but you are not on target with what I had in mind with this forum response especially considering the OP was talking about HOME and hell I was even replying to someone else just reminding them that there is no need in the home to purchase huge license based equipment when PFsense can do the same damn thing.
A great number of power home users would think that Cisco can deliver better security or Juniper can deliver better throughput or any combination of brand and purpose but they can't in the homeowner price range. Heck years ago I thought the same thing, but PfSense wasn't out, and Cisco and other's in fact did offer better security than the average Linksys of the time.
I have a Cisco 1921 ISR G2 with an 8 port EHWIC switch that cost me over $1400 brand new back in the day, not even including the TAC contracts, but I ran a small business too and used its features accordingly and it'can't route more than 120 mbps with all services off, maybe 15 with everything turning at once. There is no homeowner that even has the budget or an ISP that would give the necessary access to protocols that a $35000 Cisco router is built for. Well I do have a 4948 10 GE which can easily route 10gbps over any protocol it's version 15 IOS supports or all at once and still have GOBS and GOBS of bandwidth left over but when I installed the thing it was a $37,500 or some egregious amount as such, distro switch and I got to keep it when it was upgraded to a nexus distro switch years later. But the average joe schmoe on hardforums doesn't have one of these.
As an old CCNA, as in I no longer do IT work, I am more than aware of the ASIC capabilities but in the price range and needs department of the OPs original "Home" discussion I was creating a blanket statement centered on comparing PFsense to the homeowner that thinks enterprise is better when it is not.
I just moved from a R7800 to USG and have been quite happy. Mainly did it because I got IPTV and ran into all sorts of issues with Netgear, Linksys, and Synology but was too stubborn to stick with the actiontec router my ISP provided. The USG gave me the ability to customize the multicast and setup a igmp proxy which was needed, although it was a bitch browsing forums to find exactly what needed to be done. Lots of complaining from wife about how the TV stopped working until I finally figured it out.
Same here. Those UAPs are garbage. Had 2 setup at my old work, and even being 20' away from a properly mounted UAP, the connection strength would jump all over the place and eventually stop routing traffic. Nothing but complaints from anyone using wireless, and made my life hell. Tore that shit out and replaced with a single Asus AP and never had issues again....
I spent weeks with support trying to fix the issue. Beta firmware/server software, replacement hardware etc. Nothing fixed the issues with them.
my experience with ap-ac-pros had been nothing be great and i have 3 ios devices.
I have had great luck with a single saucer but it doesn't play nicely with multiple AP's. I'm presently using google wifi with 2 AP's and probably going with something else. I think my issue is with the routing. I have random dead/stalls even while plugged in. I have 5 kids so the number of devices I have online are usually 40+ since I also mine but those devices are hard wired. I think the google wifi has issues routing with a lot of devices on the network.
I feel like mesh is nice due to the roaming nature of kids/devices but I think i need to bump up to a real router and maybe go back to saucers.
When using these 'enterprise' devices, and you may very well already be aware of this, you do have to play with transmit strength; it's simply not 'fire and forget', and generally cannot be, because every installation is unique.
If you haven't looked into it already, I'll add that as a suggestion with the saucers; once you keep them from transmitting further than clients can transmit back service tends to stabilize.
I didn't play with it at all honestly I became intrigued by "mesh" when in reality my previous setup was probably better if I'd have just tinkered with it a bit.
I like the simplicity of mesh; it really is a 'fire-and-forget' solution to extending coverage, but it also comes with limitations. Mainly those surround its method of operation, and that is to use extra wifi channels as uplinks. This works pretty well for getting connectivity, but when the broadcast domain gets crowded and demand for bandwidth per-client increases, you're going to see the stress realized as reduced performance.
If that's where you're at, running PoE cables to a few saucers can quickly clear things up supposing you take the time to get their configurations situated. You lose the extra spectrum crowding from the mesh links so you gain some spectrum back, and you can play with channels and such on each so that they don't crowd on their perimeters (if they were).
I'm presently on google wifi for the mesh with both units hard wired. I'm probably going to have to run more cables. This weekend I ran a cable to my TV to get the stuff around that wired. Next big one is the kids desk which has 3 desktops.
If you're running wired, then you're not (necessarily) running the mesh; if the mesh product is still problematic when the access points are hardwired, then it's more likely that the issues are related to the hardware/firmware/configuration rather than deployment environment. Recommend digging in and not letting them get off easy!
Question to you guys that have issues with WiFi: is it just the number of clients that require WiFi mesh/prosumer gear that causes it?
I have a ~2700 sqft. Home on .25 acres in a subdivision and can get a signal anywhere on my property. Basement, backyard, front yard, garage, master bathroom... Everywhere. Have a Buffalo N600 router that came with (branded) DD-WRT. I like it, but it's nothing special. But, it's just me and my wife in the house.
I always feel like I'm missing something when this topic comes up. Sure, it'd be nice to have more consistent bandwidth I guess but that's why I'll be running ethernet through the house. Never had so little bandwidth that I couldn't watch movies or something over WiFi...
Single SSID for 5 and 2.4Ghz, or separate SSIDs?
Seperate ssids for the 2.4 and 5 bands.