Router for Ruckus R720 + Brocade ICX 6450-48P, and other questions

[custom90gt]

So I probably should have posted here asking for advice before plunking down some money on components when I really don't have much networking knowledge, that's my bad. Some advice would be appreciated.

Long story short: I've been running my home wifi on an Asus Mesh network (AX11000 + AX88U) over a Ethernet backhaul and it's been less than stellar. Handoffs are terrible, laptops and phones show being connected but can't access the internet so you need to disable and re-enable wifi, when you get around 40 devices (lots of "smart" light switches, laptops, phones, and amazon devices) some start falling off, etc. I've finally had enough and decided to ditch the Asus setup. I was initially looking at Unifi devices but then I stumbled on Ruckus (after a LTT video). Impulsively I found reasonable deals on the Ruckus and Brocade so i picked them up. I don't have many wired devices, but the 48p was cheap, and I can't run ethernet through my house without having to replace lots of drywall.

Current (or on it's way) hardware:
Xfinity internet (1.2Gbs) with ARRIS SURFboard SB8200 modem
Ruckus R720
Brocade ICX 6450-48P
Mikrotik RB260GS
Server (really a desktop in a SM486)
Raspbery pi 4 running Home Assistant

My cable modem is in my office and my server is in the utility room. There is a 50 foot CAT7 cable between them. My plan was to have the modem in the office, and the Brocade in the utility room as well as the R720 since that's more centrally located. I was also going to use the Mikrotik in the office since my desktop is in there and potentially add another Ruckus in the future if needed.

Now for the questions:
1. I have an old Asus AC66U that I can use as a router/firewall instead of having the Brocade provide DHCP, is that a reasonable option for the next couple of months?
2. I thought about seeing if Santa will bring me a pfsense appliance for Christmas, unless someone thinks there is a better router option? Do I need it sooner than that if I want to get this setup running?
3. Any thoughts or suggestions for this network? I don't want to spend a ton of money on it, but I want to have something that is reliable. So far I've spent $300 on it, I'm sure I can sell the Asus routers to make that up.

I'm sure I'll have more questions later on, thanks for reading through all of this stuff. I know right now I'm in over my head, but I'm stoked to learn.

 

[EngChiSTH]

how important (put a dollar amount on it) it is for you to route at the maximum (1.2Gb) ISP bandwidth speed vs routing at 1Gb ? $5 worth of importance, $50 worth of importance, $350 worth of importance ,etc.

router - Asus AC66U will do the job at 1Gbs if you want it to . You can also get any device that routes , does not have to be fancy - i personally use Mikrotik router for ~$60 ( RB750Gr3 MikroTik RouterBOARD 750Gr3 hEX 5-Port Router (balticnetworks.com) as one of the vendors) and am happy with it.

DHCP - irrelevant, anything could be a DHCP server on your network. cheap NAS would run DHCP for you, your rPi would run one, etc. just pick something.

Pfsense - your call, some people love them, some don't . I run it years ago when it was cool (for myself) to learn to set up and run an appliance with geo filtering, etc. Now I want simplicity of setting up my firewall config once, export it, throw it to off the shelf device like Miktotik and forget about it. should it byte the dust, I take spare out of the box, load config and move on with my life without waiting to screw around with installs, configurations, etc while listening to family whining. however, if you want to learn pfsense or its variants it is not a bad software.

suggestions - focus on what you want. wifi speeds? coverage? running 'value add' services on your network (pihole + recursive DNS), etc ?
identify your needs, set a budget, and go from there. equipment is a means to achieve ends , not the goal itself.

 

[custom90gt]

I appreciate the input. I would be happy with 1Gb down, the reason I pay for the 1.2Gb package is the faster upload speeds for plex (still slow though). If the AC66U will work, I'd be happy to run that for a couple of months.

I looked at the MikroTik router as well, that was also on my list, and for simplicity is still a consideration. Had I known I was going this path, I would have ordered one instead of the switch...

I was thinking about pfsense because it would be something new to learn, but I'm not attached to it by any means.

My focus was wireless reliability and speed. My server is for plex mostly and it really irritates me when my wife and I actually have time to watch a movie and it starts to buffer, or the device simply doesn't connect to the network. Other than that I just want something that's expandable and fun to mess around with. No real attachments to any components outside of running ruckus.

While I'm not a network guy, I love to tinker with hardware.

 

[EngChiSTH]

in my setup the Miktorik router works for two ISPs I use (500/50 primary and 100/10 secondary), it failovers to secondary if primary is down. very stable in 3+ years I used it.

for plex/no buffering - it may not be what you want to hear, I believe that there is no substitute to running the wires... i wired my playback devices (nvidia shield tv) by cat5e and never had buffering since running it. Wifi, no matter how good and fast is shared bandwidth technology - ok, for on the run type of check or for devices that are inherently very portable and meant to be moved, bad for everything else. I would wire your house before I invest anything in wifi coverage, especially fancy wifi. Not that expensive to do yourself and you will also learn

i dont use plex outside of home (and generally severely limit anything that could come into my network or what my network talks to), so could not offer much on that point.

for Wifi, you already have a good AC, install in proper location connected by wire and enjoy. if you find coverage low spots, consider whether second one makes sense. single pane of glass - optional. I personally use Unifi ACs but I do not use any other Unifi tech (their router/'dream machine'). I had their switch but donated it to a friend because it did not had enough 10G ports..

again, personal preference, I dont like multi use/mixed use devices , 'all in one' types. the router/switch/access point/share your files over USB thing. it does nothing well and if it breaks/go down/has issues _everything_ has issues. I prefer just enough solutions of dedicated hardware for specific needs. router is a router , i dont want it to be a wifi access point -> run firewall rules and perform NAT (route). a switch is a switch, associate MACs with addresses and send those packages, apply VLANs (if you go that way). Wifi is wifi , it just does that. if any single piece goes down I swap it out until repair/replace and rest of the system continues to run vs having all eggs in one basket. two is one, one is none type of attitude towards minimizing downtime.

 

[custom90gt]

Glad the MikroTik has been good for you, the Hex seems to be a great value for the hardware.

I would absolutely love to run some CAT6 through my house to all of the TVs, but I simply don't see a way to do so without tearing out drywall. I was fortunate enough to be able to run my cable from my office to the utility room since there is a I-beam there. I've even thought about paying someone to do it, but I dunno if the wife would support that option, lol. I can tell you that my next house will have ethernet available everywhere...

And the wireless provided by the Asus routers sucks. I've spent hours trying to figure out why it won't keep devices on the network. The handoffs between the two access points is so terrible that walking with a phone through the house causes more issues than just having weak wifi on the ends of the house.

We are in agreement with the mixed use device thing. I've realized that having these asus routers means they do nothing well. They suck at wireless to be certain.

 

[newabc]

SB8200 needs link aggregation to process 1.2gig.
If you need more processing power and stick with Mikrotik, RB3011 and RB4011 are considerable.
I have RB750gr3 and RB4011. I think RB750gr3 is capable for 300-400Mbps up and down on cat5e wired network.

If upgrading to 2.5gig-port cable modem in the future, RB5009 has a 2.5gig port.

If you consider pfsense, I will recommend 2nd-hand Wyse5070 extended(the big one, not the thin one) with an additional quad-port intel NIC this year. Or HP T730, but with an older style.

Note: Actually the Comcast traffic cap is limiting the willing on super speed. If paying extra money to remove the cap, 1.2gig will show the benefit.

 

[custom90gt]

I appreciate the heads up, I will look into the different MT routers out there. Sadly I know the SB8200 needs link aggregation for 1.2gig, I have my Asus setup to do it right now. I got the router because it was cheap and it had good reliability ratings, lol. Sadly I only went with 1.2gig package for the upload speed, since xfinity likes to keep you from doing anything fun unless you pay for it. I had thought about removing the cap but I only occasionally come within 80% of the cap even when I'm say downloading lots of xbox games.

That Wyse 5070 isn't too badly priced at all considering what it is. I suppose the real dilemma for me now is pfsense vs Mikrotik. I really have no stake in that game. Just want something that is fast, reliable, and fun (well also something I won't have to struggle for because of my lack of networking experience). I love to learn stuff, but as a resident physician with a 10 month old, time isn't the most readily available thing...

 

[ms264556]

I ran a Ruckus AP connected to an Asus router (AC68U) for a few months.
I ran Merlin firmware, with Diversion installed for ad-blocking, and it was absolutely fine. I only swapped it for a pfsense box so I could get faster VPN throughput (and because I like tinkering, obviously).
With ad blocking enabled the AC68U did just over 700Mbps - not the full 1Gbps I was paying for, but close enough so I didn't notice any improvement when I got a faster router.

 

[EngChiSTH]

I have RB750gr3 and RB4011. I think RB750gr3 is capable for 300-400Mbps up and down on cat5e wired network.

I believe it does full 1Gb just fine - here is the review from smallnetbuilder where he measures it MicroTik RB750GR3 hEX Router Reviewed - SmallNetBuilder - Results from #1 . I my own experience of two IPs of 500/50 and 100/10 , I have zero issues of sustained 500 download when pulling down large game after buying it. In short, if you already have RB750GR3 , it would cover the 1Gb IPS connectivity..

 

[custom90gt]

I ran a Ruckus AP connected to an Asus router (AC68U) for a few months.
I ran Merlin firmware, with Diversion installed for ad-blocking, and it was absolutely fine. I only swapped it for a pfsense box so I could get faster VPN throughput (and because I like tinkering, obviously).
With ad blocking enabled the AC68U did just over 700Mbps - not the full 1Gbps I was paying for, but close enough so I didn't notice any improvement when I got a faster router.

Good call on Merlin, I haven't ran that for a long time. I'll give it a shot and maybe christmas will bring something fun to add to the network. What do you think of Ruckus? What about pfsense?

I appreciate all of the input so far from everyone!

 

[ms264556]

I

Good call on Merlin, I haven't ran that for a long time. I'll give it a shot and maybe christmas will bring something fun to add to the network. What do you think of Ruckus? What about pfsense?

I appreciate all of the input so far from everyone!

I think used Ruckus are the best kept secret in home networking. I see so many people paying hundreds for mesh systems or for unifi fit-outs, when they'd get far better performance by poking a $50 Ruckus AP into their router. I have a cupboard full of R600s which I donate whenever friends/family talk about buying a WiFi extender or a new WiFi router to fix dead-spots.

Pfsense is pretty ok. It was far easier to setup than I was expecting. There's a distinct lack of 'wizards' to step you through setting up new functionality, but enough people use it so I've had no trouble googling walkthroughs for anything I've wanted to setup.

 

[newabc]

I appreciate the heads up, I will look into the different MT routers out there. Sadly I know the SB8200 needs link aggregation for 1.2gig, I have my Asus setup to do it right now. I got the router because it was cheap and it had good reliability ratings, lol. Sadly I only went with 1.2gig package for the upload speed, since xfinity likes to keep you from doing anything fun unless you pay for it. I had thought about removing the cap but I only occasionally come within 80% of the cap even when I'm say downloading lots of xbox games.

That Wyse 5070 isn't too badly priced at all considering what it is. I suppose the real dilemma for me now is pfsense vs Mikrotik. I really have no stake in that game. Just want something that is fast, reliable, and fun (well also something I won't have to struggle for because of my lack of networking experience). I love to learn stuff, but as a resident physician with a 10 month old, time isn't the most readily available thing...

I think, anyone toke a Comcast's 400Mbps or above package with a traffic cap like us, will experience that only downloading in weekends will easily close to the cap and get the notice email from Comcast.

What I appreciate pfSense is that it comes with pretty good GUIs for FreeRADIUS and suricata/snort. But if you don't know what they are, just go with Mikrotik or Unifi Dream Machine Pro. Both brands are easier to learn than pfSense. Just choose one you already have lots of knowledge on.

(FreeRADIUS works as the AAA server of access points, Suricata and Snort are IDS/IPS. Unifi Dream Machine Pro has GUIs for FreeRADIUS and suricata, but its CPU is weaker for Suricata than the Pentium J5005 in wyse5070 extended(the big/fat one, not the thin one).)

Another thing I want to mention is if the electric power system is new or the coaxial cables are new, as residential solutions, the powerline ethernet adapters (example link) and MoCA ethernet adapters (example link) can be used on the situation where the Ethernet cables are hard to reach but the electric power cables or coaxial cables are already in the wall. But they are always considered as not reliable, but a little bit better than home WiFi routers since they are wired solutions.

 

[custom90gt]

I think, anyone toke a Comcast's 400Mbps or above package with a traffic cap like us, will experience that only downloading in weekends will easily close to the cap and get the notice email from Comcast.

What I appreciate pfSense is that it comes with pretty good GUIs for FreeRADIUS and suricata/snort. But if you don't know what they are, just go with Mikrotik or Unifi Dream Machine Pro. Both brands are easier to learn than pfSense. Just choose one you already have lots of knowledge on.

(FreeRADIUS works as the AAA server of access points, Suricata and Snort are IDS/IPS. Unifi Dream Machine Pro has GUIs for FreeRADIUS and suricata, but its CPU is weaker for Suricata than the Pentium J5005 in wyse5070 extended(the big/fat one, not the thin one).)

Another thing I want to mention is if the electric power system is new or the coaxial cables are new, as residential solutions, the powerline ethernet adapters (example link) and MoCA ethernet adapters (example link) can be used on the situation where the Ethernet cables are hard to reach but the electric power cables or coaxial cables are already in the wall. But they are always considered as not reliable, but a little bit better than home WiFi routers since they are wired solutions.

You can check your internet use on xfinity at: XFINITY | My Account | EcoBill® Online Bill Pay, my current use for October is 340GB, lol. They don't count upload in that mix which is awesome.

I had thought about suricata/snort in the past, but only really after reading about some setups. I looked into the Unifi Dream Machine Pro but all of those thoughts went away after reading many threads comparing unifi vs ruckus. Since I won't have any unifi devicies, I'd probably stick with building a pfsense router instead (faster/cheaper).

I don't know anything about the setup of pfsense or MikroTik, so either will be a learning process. But that's okay by me since I enjoy learning about stuff. I'm still on the fence about either.

I had tried the powerline adapters about 4 years ago but they were less reliable than my wifi, lol. I'm not sure if it's the wiring in my 20 year old house or just the adapters themselves, but that was not a success. I hadn't considered MoCA, that would be preferable since there is coax to the TVs, that's a good suggestion. If wireless still doesn't work after this transition, I'll give that a go.

 

[EngChiSTH]

You can check your internet use on xfinity at: XFINITY | My Account | EcoBill® Online Bill Pay, my current use for October is 340GB, lol. They don't count upload in that mix which is awesome.

I had thought about suricata/snort in the past, but only really after reading about some setups. I looked into the Unifi Dream Machine Pro but all of those thoughts went away after reading many threads comparing unifi vs ruckus. Since I won't have any unifi devicies, I'd probably stick with building a pfsense router instead (faster/cheaper).

I don't know anything about the setup of pfsense or MikroTik, so either will be a learning process. But that's okay by me since I enjoy learning about stuff. I'm still on the fence about either.

I had tried the powerline adapters about 4 years ago but they were less reliable than my wifi, lol. I'm not sure if it's the wiring in my 20 year old house or just the adapters themselves, but that was not a success. I hadn't considered MoCA, that would be preferable since there is coax to the TVs, that's a good suggestion. If wireless still doesn't work after this transition, I'll give that a go.

How important is internet availability for you and yours? if it is down during the work week because router issue/failure, how much does it matter?
i.e. if you and your spouse work outside of the house, it may be irrelevant/low priority
if you and/or spouse work from home, different important.

if you go pfsense route and build it on stand alone hardware, how long can you afford to be down if that hardware fails?

 

[unmesh]

I think used Ruckus are the best kept secret in home networking. I see so many people paying hundreds for mesh systems or for unifi fit-outs, when they'd get far better performance by poking a $50 Ruckus AP into their router. I have a cupboard full of R600s which I donate whenever friends/family talk about buying a WiFi extender or a new WiFi router to fix dead-spots.

I think it is time I started playing with Ruckus APs. Where are you finding R600s for fifty bucks though?

 

[ms264556]

Facebook marketplace / Craigslist type sites have them around $50 reasonably frequently.

I'm living in New Zealand at the moment, and prices here on TradeMe (NZ's eBay equivalent) are stupidly low.

So even if they're expensive where you live, I can send you some for a sane price. If you're willing to have slightly ugly ones (yellowed from sun exposure) then I could get them to you almost anywhere in the world for <$60 including my courier costs.

 

[unmesh]

@ms264556

I'm in the US and might take you up on your offer but let me look at some of the online marketplaces other than Ebay first

Added: Someone just listed one for $60 on Ebay and I ordered it so that I could have one quickly. Is there a quickstart somewhere on getting one of these up and running with Unleashed? I've used Unifi and TP-Link Omada so am generally familiar with APs but need to run with SSIDs on different wired VLANs.

I also need to find a ceiling mount but that can wait

 

[custom90gt]

How important is internet availability for you and yours? if it is down during the work week because router issue/failure, how much does it matter?
i.e. if you and your spouse work outside of the house, it may be irrelevant/low priority
if you and/or spouse work from home, different important.

if you go pfsense route and build it on stand alone hardware, how long can you afford to be down if that hardware fails?

Internet availability isn't a massive concern since it's going to be more reliable than the internet provided by these asus routers. We are both in healthcare so there is no teleworking for us sadly. I have a couple of extra dirt cheap Asus AC66Us that I could get the internet back up and running if the pfsense router hardware died. I'm a hardware guy so that aspect doesn't bother me too much. Again the MikroTik routers look like a good bargain and I'd be happy to run a more plug and play setup as well. All and all, I'm just hoping that this Ruckus is more reliable than what I have now, lol.

 

[custom90gt]

Well I've got everything running on the Asus AC68U router (I guess they are 68 and not 66 lol), except my Ruckus. For whatever reason my Ruckus R730 will only run at 802.3af mode even though it's assigned to 802.3at mode, which means it's running in low power mode. Unfortunate because some spots in my house are not covered very well. I've tried enabling LLDP, forcing 802.3at mode via ssh, and a few other things but to no avail. So frustrating.

 

[ms264556]

It's pretty common for ruckus APs to need manually setting to 802.3at in Unleashed/ZoneDirector: they insist on full LLDP negotiation which most injectors and cheaper switches don't do well.

Do you have the 720 or 730? The R720 won't be full power even with 802.3at. You need a UPOE injector.

If you haven't got the AP screwed in permanently yet, it can make a huge difference where you have the AP. Trying a few different locations is worth the effort.