Simple Home Network Advice

joshuass1467

New Member
Feb 10, 2020
8
1
3
Hey all, I am looking for some guidance on my home network rebuild. Here are some details:
  • I have a 400/20 mbit cable connection to the house
  • My house is a ~1600sqft (i think) ranch with drywall and unfinished full basement
  • All rooms are wired with cat5/6
  • I use a WNDR3700 with openwrt on it right now for routing and wireless.
  • Equipment list
    • 2 machines wired
    • NAS with dual GbE capabilities (Synology DS916+)
    • 1 printer wired (can be wireless)
    • 1 HT AV receiver (wired or wireless)
    • 2 laptops
    • Several phones
    • Guests with laptops/phones/cameras
My WNDR is not cutting it for the speed I have now. So I figured I would replace it with something more secure. It can also serve to scratch that never ending itch to tinker.

My goals are:
  • Provide wired access to house (not all ports need be used, i have waaaay to much copper run, my friend went nuts when we installed it years ago, less than 16 ports)
  • Use 1 to 2 more APs for better coverage through the house (current WNDR is in the basement nestled below lots of HVAC venting)
  • Provide future expandability to install cameras or other IoT type things ( I have none of this right now)
  • Would like to split guest from main wireless
  • Provide some VPN capability in the future
  • $500 limit (with some wiggle room if what I want isnt possible or advisable)
I think I visited at the last 30 pages of this forum scouring for information. Here's what I've decided so far:
  1. An HP T620+ or T730 thin client with dual/quad intel GbE NIC for routing (either PFSense/OpnSense or Untangle--I've run them all but not probably in the last 5 years at least)
  2. 1 or 2 switches--Not sure what type/level or size really.
  3. At least 1 AP (probably 2) I was looking at TPLink Omadas EAP225 v3 for this duty because of their reviews and pricepoints. Also considering Unify APs too.
As far as I understand I have a few topology options for handling all of this:
  • With a dual NIC--I would connect everything to a single switch and use either the switch or router to handle VLAN duties. I can also load whatever controller software I would need with the APs on the thinclient router.
  • With a quad NIC--I can split my network by major usage (though utilizing APs for guest and non-guest access could get goofy). Use multiple switches. Or do the above and leave the other ports unused.
I just not sure what way to go with switches. It would be much easier to use a non-smart switch and handle routing/tagging with the router. It would also reduce cost.

Does anyone have any recommendations on switches and APs? Also I am interested in opinions on the general topology of what I want to do.

Thanks
 

Mithril

Member
Sep 13, 2019
99
22
8
For the switch what is your priority for: Power/noise, cost, ease of use, features/expandability?

IMHO we are past the point of purely 1G switches making sense once you reach "rackmount size", and there are just TONS of options for 1G+10G under 200 (some even under 100) depending on what aspects are important to you.
 

Rand__

Well-Known Member
Mar 6, 2014
4,558
909
113
Looks like you need a switch + a router/firewall + some APs

T620/730 sounds good; then some of the Ruckus Switches with POE (seen 7450-48P's going for $100-150) and maybe some of the Ruckus 500 APs on the great deal section just now

The router/fw can handle L3 Vlan handling but the switch needs to support Vlans too o/c to properly segregate the traffic. Or you get an L3 swithc then the vlan routing can be done by it and the FW can be left doing its primary job.
 

joshuass1467

New Member
Feb 10, 2020
8
1
3
Awesome. Thanks for the input. I saw in another post (might have been reddit) that a poster liked having a single glass pane into the workings of the his network by doing the vlan in the router and using L2 switches. For the little traffic my network will see (I dont have a "lab" just a network) I figured I might save some money.
 

joshuass1467

New Member
Feb 10, 2020
8
1
3
For the switch what is your priority for: Power/noise, cost, ease of use, features/expandability?

IMHO we are past the point of purely 1G switches making sense once you reach "rackmount size", and there are just TONS of options for 1G+10G under 200 (some even under 100) depending on what aspects are important to you.
What sort of options are you thinking of? I don't mind reading about particular product lines if I can be pointed in the right direction for reputable vendors. Cost is an important factor here, I was hoping to be perhaps 150$ or so.

This might show my ineptitude in this arena, but it would be neat to have 10GbE LAN on the router to a 10GbE switch for future proofing the trunk of the network. Then APs and equipment can use 1G, and I have an upgrade path to better performing NAS boxes.

It would not have to be 10G on the WAN side obviously.
 

Spartacus

Active Member
May 27, 2019
642
244
43
Austin, TX
Awesome. Thanks for the input. I saw in another post (might have been reddit) that a poster liked having a single glass pane into the workings of the his network by doing the vlan in the router and using L2 switches. For the little traffic my network will see (I dont have a "lab" just a network) I figured I might save some money.
If you like to have the single pane, Ubiquiti's unifi line would work well for you ~ it will likely cost more though.
Are you wanting/needing IPS/IDS for the firewall? ~ the regular USG only does up to 100/100 (it'll do full gig without it though) you'd need the pro version if you want that feature on the USG-Pro
Do you need quality wifi in the basement? ~If not you could get away with a dedicated AP on the main floor for 1600 sq ft if centrally located.
My single AP works great in 1900 sqft.

upload_2020-2-10_16-40-8.png
 

kapone

Well-Known Member
May 23, 2015
784
384
63
I'm confused...How did we go from a typical router with a few gig ports to a DIY router + 1 to 2 switches + an access point or two + "a single plane of glass"??

If the N600 based router aint cutting it, get a better router. Used/Refurbished Asus AC68U type of routers (which will easily handle your WAN speed) can be had for peanuts. We're talking < $50. Combine that with an el cheapo 8/16 port layer 2 dumb switch (again < $50) and it solves everything you've mentioned.
 

joshuass1467

New Member
Feb 10, 2020
8
1
3
I'm confused...How did we go from a typical router with a few gig ports to a DIY router + 1 to 2 switches + an access point or two + "a single plane of glass"??

If the N600 based router aint cutting it, get a better router. Used/Refurbished Asus AC68U type of routers (which will easily handle your WAN speed) can be had for peanuts. We're talking < $50. Combine that with an el cheapo 8/16 port layer 2 dumb switch (again < $50) and it solves everything you've mentioned.
I believe I started the discussion with the assumption a typical consumer router may not have been enough. I forgot about the Asus router line.

I have a patch panel in the basement where all the network drops terminate. I wanted to keep the equipment downstairs and use a line to connect the ap upstairs to the network.

I was also thinking about security. My wife has mentioned cameras once before so I was looking to provide some growth in the network to handle that at some point. My NAS would be the storage for video.

As for the single spot to manage the network, I was just mentioning what I thought was an interesting setup.
 

Spartacus

Active Member
May 27, 2019
642
244
43
Austin, TX
Is there a semi central room with two runs?
If so then with a $150 budget what kapone noted is the best bet with a older but solid ASUS.
Have the modem come in the basement -> patch -> router in main area -> patch -> basic switch (maybe POE/POE+ if your cameras need it) in the basement to feed the rest of the patches. You'll have a couple of ports on the back of the router if you need/want to hardwire stuff nearby.
Otherwise the house patches or a direct switch connection for your server/NAS will cover it.
 

kapone

Well-Known Member
May 23, 2015
784
384
63
I believe I started the discussion with the assumption a typical consumer router may not have been enough. I forgot about the Asus router line.

I have a patch panel in the basement where all the network drops terminate. I wanted to keep the equipment downstairs and use a line to connect the ap upstairs to the network.

I was also thinking about security. My wife has mentioned cameras once before so I was looking to provide some growth in the network to handle that at some point. My NAS would be the storage for video.

As for the single spot to manage the network, I was just mentioning what I thought was an interesting setup.
An AC68 (or better) type of router will still address all of your concerns. Of course, if you want to tinker...:)

Don't want cameras to have internet access? Create a FW rule in the Asus. Done.

AP placement and running a backhaul is always tricky. You just have to find a happy medium.
 

joshuass1467

New Member
Feb 10, 2020
8
1
3
Is there a semi central room with two runs?
If so then with a $150 budget what kapone noted is the best bet with a older but solid ASUS.
Have the modem come in the basement -> patch -> router in main area -> patch -> basic switch (maybe POE/POE+ if your cameras need it) in the basement to feed the rest of the patches. You'll have a couple of ports on the back of the router if you need/want to hardwire stuff nearby.
Otherwise the house patches or a direct switch connection for your server/NAS will cover it.
When I purchased the home, my friend ran a ton of cable as a gift (too much). Each room in the house has at least 2 lines for internet 1 line for cable and 1 line for voice/tele. Main living areas actually have 2 sets of these drops each. So the above would work well.

The $150 budget was actually for the the switch. I mentioned in the OP a budget of around $500 for the build, with some wiggle room for if there's stuff I really wanted.

Here's my attempt at consolidating the advice:
  • Cheapest:
    • Single AC68 Router (or newer)
      • Add unmanaged switches for more connectivity if needed.
      • Place in area with 2 lines so that wireless is on the main floor, and patch panel can be fed by line back to basement.
  • Not as cheap:
    • Separate components
      • Router (pfsense/opnsense/untangle)
      • Managed L2 switch for VLAN (POE preferred)
      • AP on main floor (or more if needed)
      • Use dual nic on router to connect to switch
      • Use switch and router to vlan
      • Use APs to setup multiple SSIDs if needed
The question now is one of cost and how much tinkering can I get away with between doing husband/father dutiies and work haha.
 
  • Like
Reactions: Bert

Bert

Active Member
Mar 31, 2018
161
71
28
41
It is funny I have exactly same network topology at home and it is even funnier, I am using Asus AC68U and unmanaged switches as recommended here. It really works well for the basic scenario and very easy to maintain.

If you want to use your router as VPN client, I can easily say that AC68U will not cut it for 200MBit since AC68u couldn't handle my 50MBit connection. I was able to boost the router with flimsy overclocking but there are issues with that approach such as overclocking being lost during restart. I read there are optimal VPN Client settings which can curtail this problem but I gave up with tinkering on that.

I am piggybacking on this conversation since I have exactly the same question which I posted in this forum. I want to go with PFSense because I want to have a beefy VPN client and I also want to set up a VPN server for remote access. I am also planning to use a beefy rack mount switch since I have bunch of servers but I am not planning to use it as dump switch. I think PFSense can also create VLANs and I prefer to learn configuring only one device.
 

Thomas H

Member
Dec 2, 2017
61
21
8
49
When I purchased the home, my friend ran a ton of cable as a gift (too much). Each room in the house has at least 2 lines for internet 1 line for cable and 1 line for voice/tele. Main living areas actually have 2 sets of these drops each. So the above would work well.

The $150 budget was actually for the the switch. I mentioned in the OP a budget of around $500 for the build, with some wiggle room for if there's stuff I really wanted.

Here's my attempt at consolidating the advice:
  • Cheapest:
    • Single AC68 Router (or newer)
      • Add unmanaged switches for more connectivity if needed.
      • Place in area with 2 lines so that wireless is on the main floor, and patch panel can be fed by line back to basement.
  • Not as cheap:
    • Separate components
      • Router (pfsense/opnsense/untangle)
      • Managed L2 switch for VLAN (POE preferred)
      • AP on main floor (or more if needed)
      • Use dual nic on router to connect to switch
      • Use switch and router to vlan
      • Use APs to setup multiple SSIDs if needed
The question now is one of cost and how much tinkering can I get away with between doing husband/father dutiies and work haha.
You friend did it right by running 2 network/2 video to every room. Like your electrical outlets, there is not "too much". You will thank him later. This will be more apparent later as we have more uses (ip cameras, video conferencing, wireless access points, iot, etc.) and as the home gets smarter.

Not sure if it fits your budget but my votes goes to:
  • pfsense
    • on a PC: cost of computer, maintenance, higher power usage (remember this gotta be 24/7), I would virtualize this to take advantage of host PC
    • embedded: dedicated plug and play (and forget), low power usage
  • Brocade ICX6450:
    • get PoE if you plan on IP cameras, phones, WAPs
    • get as much ports as you can afford. 24 ports works for you now but future proof with 48 ports. As an example, I started with 4 cameras PoE and up to 10 cameras now.
  • 2X Ruckus R500 (or UniFi AC Lite/Pro)
 

csementuh

Member
Oct 7, 2019
30
8
8
Pittsburgh, PA
As said, you can do your setup with basic wifi router and maybe spend $100 or so. I like overkill and playing with things, and maybe you do also, so here's my suggestion!

- Basic Intel Atom based server with Untangle. If you don't want an actual server a Unifi EdgeRouter or similar will work well
- Brocade switch with 10G/POE
- Unifi AP AC Pro wifi 1 or 2

That setup will provide way more than you need and not be crazy expensive.
 

gregsachs

Active Member
Aug 14, 2018
309
83
28
Aruba S2500 or S3500 is another option for switch, a 6450 is going to be at least $150, while an aruba is ~50-75 or at least has been.
Still gives you 10g, and POE.
 

fohdeesha

Kaini Industries
Nov 20, 2016
1,909
1,722
113
29
fohdeesha.com
Aruba S2500 or S3500 is another option for switch, a 6450 is going to be at least $150, while an aruba is ~50-75 or at least has been.
Still gives you 10g, and POE.
the arubas have no IPv6 support, which for me atleast makes them a nonstarter in 2020. If OP ever wants to move to routed/isolated VLANs and such for IoT isolation etc, IPv6 will be out of the question with the arubas
 
  • Like
Reactions: lambda

gregsachs

Active Member
Aug 14, 2018
309
83
28
the arubas have no IPv6 support, which for me atleast makes them a nonstarter in 2020. If OP ever wants to move to routed/isolated VLANs and such for IoT isolation etc, IPv6 will be out of the question with the arubas
Totally reasonable, I haven't worried about ipv6 at home so not an issue for me.
 
  • Like
Reactions: fohdeesha

Bert

Active Member
Mar 31, 2018
161
71
28
41
Why do we even need for enterprise class managed switches in this case? All OP needs a pfsense box and dump switches.
 

joshuass1467

New Member
Feb 10, 2020
8
1
3
the arubas have no IPv6 support, which for me atleast makes them a nonstarter in 2020. If OP ever wants to move to routed/isolated VLANs and such for IoT isolation etc, IPv6 will be out of the question with the arubas
Good to know. I'm not doing anything with ipv6 just yet but i appreciate the info nonetheless.

I spent some time looking through ebay for brocade gear. And in doing so realized I have to think carefully about what does what on the network.

I've been used to having a single box do L3 activities. With switches, theres an opportunity to have L3 done at the switch level, leaving pfsense to handle firewall duties exclusively. If I use a L2 managed switch pfsense will handle inter-vlan routing (if vlans are used), which can saturate the link between that box and the switch. I dont think this will be an issue for me since i would most likely do just 2 vlans (guest, and everything else, 3 if i include IoT in the mix).

I think going with a component-based setup, and l2 switches for some vlan isolation will be a good compromise between jumping off the deep end and staying in the kiddie pool with consumer products. If I can get good deals on a 10G nic for my router and a good 10g switch with POE that would be awesome. If not, I believe I can use multiple 1G ports on like a quad nic to connect to a switch that way, reducing any bottleneck that probably will not happen.

This can set me up for future expansion. I can look at virtualization on the router box, I can upgrade to an L3 swtich to do more complex topologies.

So for now my revised goal equipment would be:
  • T620/T730 thin client for router duties (perhaps virtualized) and any controller needs for APs--$180
  • 24P POE L2 Smart switch (possibly with 10G)--$150?
  • 1 POE AP capable of multiple SSID/vlan support (omada, r500, unifi series)--$100?
  • Either
    • intel 4 port 1G pcie card
    • compatible 10G dual nic (copper?)
This keeps me close to my $500 budget and gives me some tinkering and performance and some expandability without going overboard meeting my current modest needs.

Thoughts?

EDIT: I want to clarify: I'm not opposed to picking up a fully managed switch if the price is within budget. I'm just saying I believe I can make do with only a smart L2 switch.
 
Last edited: