Simple Home Network Advice

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

kapone

Well-Known Member
May 23, 2015
1,095
642
113
I don't wanna sound like a broken record, so please take this as constructive criticism.

I'm still not getting why you need to add complexity to your network. You have a very simple, flat network. There doesn't seem to be any logical reason to add complexity.

- You want to separate guests and give them internet access only? A consumer router does that with a separate guest wifi
- I'm not seeing the need for VLANs anywhere.
- routing at the switch level...this is a can of worms. Unless you really need VLANs (which it seem you don't) a dumb L2 switch will still route at the switch level based on the Mac address.
- Where did 10g come from? You don't seem to have 10g equipment right now.
- If you need POE, sure go ahead and get a POE switch, but there's still no logical reason to go down the L3/managed switch rabbit hole.

That all being said, don't get me wrong, if you just wanna do it, do it. But do it for the right reasons.
 
  • Like
Reactions: Bert and fohdeesha

joshuass1467

New Member
Feb 10, 2020
8
1
3
- routing at the switch level...this is a can of worms. Unless you really need VLANs (which it seem you don't) a dumb L2 switch will still route at the switch level based on the Mac address.
Agreed. I don't really want to route at the switch level. I was assuming that if pricing was right, I was not opposed to picking one up if it gave me the other features such as POE and port count. I can ignore the L3 capabilities entirely. Though, I doubt such a switch would be cheaper than simpler switch, rendering all of this kinda moot.

- Where did 10g come from? You don't seem to have 10g equipment right now.
At this point, we can just set aside the idea of 10G from this build. I postulating I could use it to link router to switch to avoid bottlenecks, but its not worth the cost or effort in finding hardware and such.

- If you need POE, sure go ahead and get a POE switch, but there's still no logical reason to go down the L3/managed switch rabbit hole.
POE would be nice to power APs and maybe a camera in the future.

- I'm not seeing the need for VLANs anywhere.
I was thinking that in order to have an AP do separate SSIDs, you needed a VLAN to help segregate that traffic when it reaches the router. Therefore, wouldn't I need a switch capable of sending inter-vlan traffic up to the router?

- You want to separate guests and give them internet access only? A consumer router does that with a separate guest wifi
So all of my equipment is currently downstairs. I have a NAS, patch panel, modem, current dumb 10/100 switch, UPS, and my old desktop. All of the low voltage stuff is situated in a box next to the rack. My goal is to keep as much of that down there as possible because, being an unfinished basement, it offers really nice stable thermals and sound is not much of an issue.

I appreciate all the input and criticism. I value the questioning because it makes me reevaluate if the added complexity is worth it.
 

kapone

Well-Known Member
May 23, 2015
1,095
642
113
No No, you do want to route at the switch level for your internal network. But that doesn't mean you have to jump straight to a L3 switch and/or a managed switch. A dumb L2 switch will still do it for your internal network as long as it is a flat network.

And that's the key. Flat network. I don't see a need for VLANs in your situation, but maybe you do.

POE is irrelevant to the design. A dumb switch can be a POE switch.

You're still thinking "AP". Something like an AC68U IS your AP (and router), don't need a separate one. And that router (and anything newer than that) can do a dedicated guest wifi, which has no access to your internal network, just internet, without VLANs. (it uses networks internal to the router which I can explain in excruciating detail if you ever want to know :))

So, now to the backhaul and router/AP placement.

- All your equipment in the basement plugs into your switch.
- Your patch panel connections plug into your switch.
- If your patch panel is connected to your switch, you can place the router/AP anywhere in your house where you have a network port and close to your incoming WAN connection. The benefit of a flat network. :)
 
  • Like
Reactions: Bert

sashk

New Member
Mar 31, 2019
4
0
1
  • T620/T730 thin client for router duties (perhaps virtualized) and any controller needs for APs--$180
  • 24P POE L2 Smart switch (possibly with 10G)--$150?
  • 1 POE AP capable of multiple SSID/vlan support (omada, r500, unifi series)--$100?

I recently went through router/switch upgrade (consolidation of two 24 port switches) and came up with the following:
  1. For router I picked up HP 290 from eBay for $120 (HP 290-p0043w Slim Celeron G4900 3.1GHz 4GB RAM 500GB HDD Win 10 Home Black 193015195745 | eBay) it is decent system to run pfsense (add two or four ports intel nic for extra $20-30 from eBay) and small ssd like Intel Optane m.2 PCIe NVMe (Intel Optane Memory M10 16GB M.2 PCIe-NVMe 2280 MEMPEK1J016GAL | eBay).
  2. For switch I selected 48-port Aruba S2500-48P, and paid for it about $100 shipped. Quiet, low power consumption. You can pickup Aruba S2500-24P model cheaper on eBay (Aruba S2500-24P PoE 24-Port Mobility Access Switch S2500-24P-4x10G SFP+ | eBay, $85).
  3. For wifi I picked up Unifi in wall access points (non-pro was enough). I think I paid about $80 or 85 for each.

Why I chose HP 290 instead of T730 thin client? Well, I picked up T730 which is very nice system, but external power adapter kills all the fun. HP 290 has internal power supply, so it's much nicer sits in the rack (it's about 2U high). With the switch -- I was looking for something quiet, managed, PoE and cheap. Turns out Aruba fit into all of this. Configuration is slightly different than cisco, but if you configured Cisco switch -- it wouldn't be a huge deal to figure out Aruba. Unifi -- is nice, but requires controller. For controller you can use Raspberry Pi or VM if you don't want to spend on CloudKey.

Hope this helps.
 

ReturnedSword

Active Member
Jun 15, 2018
526
235
43
Santa Monica, CA
I used to run 3 x RT-AC68U nodes I picked up from T-Mobile's TM-AC1900 sale when T-Mobile offloaded them for cheap. The first two were $80, the third was $60 brand new. I set up the same for my parents' house. Nowadays you can no longer get them NIB, however refurbished TM-AC1900 regularly sell for $40 or less. You'd have to convert them back to stock RT-AC68U firmware if you want the full capabilities, which is a bit involved, but not hard.

My network is a bit more involved, so I moved on on the AP side, but my parents' house still runs this setup. It's more than adequate for their gigabit fiber, even if some VPN is thrown in the mix. The last time I checked the RT-AC68U is capable of about 100 Mbps OpenVPN. With ASUS AiMesh, whether running on stock firmware or merlin's firmware, management is done through the master router and the settings propagate down to the nodes.

If you need some advanced features that pfSense may offer, such as ad block lists, you can run that on PiHole on a RPi and set up the RT-AC68U's DNS to go through PiHole first.

I've always run pfSense as my router for years now, but I also have many devices (50+, plus transient physical boxes and VMs) that need a lot of FW rules. If you run a dedicated router, such as pfSense, my suggestion is to run it on a physical box. Some have success with virtualization for their router, but IMHO that introduces additional headaches if the power goes out and you need to restart services/resources in some specific order. It's much simpler to have it on a dedicated box with its own UPS. If you want a router that is low power, be prepared to spend $200 for a HP T620 Plus/T730, up to $500 for an industrial networking PC based on an embedded CPU. If you take the miniITX route due to need for faster CPUs for higher VPN performance, be prepared to spend even more.

Admittedly my network is a bit overkill, and at times it seems like more money was invested in it that necessary but I've kept a happy medium. For the use case you've shared, my suggestion is the same as @kapone, keep it simple. The RT-AC68U should be more than enough. If you need more WiFi coverage, get more RT-AC68U set up as nodes and plug them into the wired backhauls you already have in the walls.
 
  • Like
Reactions: Markess

Bert

Well-Known Member
Mar 31, 2018
823
383
63
45
I was also questioning the value of wasting money and time on managed switches. I am using a managed switch but just because I need a high port count rack mountable switch to handle the servers on the rack. Yet I don't use any of its managed features. I think you can create VLans at the router level and even basic commodity routers would let you do that but management of that could be painful.

For Poe, it will be quieter and perhaps cheaper to get a consumer oriented poe as you will be saving on the power bill. For security cameras, I am using cheap Zmodo solution and they come with their own fake poe solution in any case. Perhaps you wouldn't even need a poe solution after all.

I think enterprise class Wi-Fi APs would provide more reliable access with support for more clients but I assume they will suck more power. It would be good to learn their value from the experts.

I was not able to get high bandwidth vpn client from AC68u and pfsense or a commercial firewall/router solution seems to be useful. I think pfsense will give enough opportunity for tinkering. For example, I am still trying to figure out how to put the host on the same network defined by VM based pfsense.
 

joshuass1467

New Member
Feb 10, 2020
8
1
3
I recently went through router/switch upgrade (consolidation of two 24 port switches) and came up with the following:
  1. For router I picked up HP 290 from eBay for $120 (HP 290-p0043w Slim Celeron G4900 3.1GHz 4GB RAM 500GB HDD Win 10 Home Black 193015195745 | eBay) it is decent system to run pfsense (add two or four ports intel nic for extra $20-30 from eBay) and small ssd like Intel Optane m.2 PCIe NVMe (Intel Optane Memory M10 16GB M.2 PCIe-NVMe 2280 MEMPEK1J016GAL | eBay).
I wish I saw that before I bought the T730 lol. Looks like a nice capable device. I also looked at older optiplex sff pcs too.

Here's what I ultimately ended up with:
  1. T730 ($160 on ebay)
  2. i340 intel quad port nic ($29 on ebay)
  3. T1600G-28TS TP-Link JetStream switch 24Port ($119 new on amazon)
  4. TP-Link Omada AC1750 AP ($90 new on amazon)
The Omada comes with a POE injector and as the only item needing it on the network, I could take the savings from not using a POE switch and invest elsewhere (better AP, bigger switch). I was able to stay under budget.

Appreciate all the input. I had a good time diving back into the networking world. This should be a big upgrade from what i have now.

Thanks again.