Thoughts on complete home network revamp Firewall/Switch/WiFi

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
Nov 13, 2022
41
11
8
I am moving into a newer / larger home shortly that already has network cabling to most rooms.
I currently have 1Gig/1Gig Fibre to the home and services up to 3Gbit are available but not planning to go that high unless there is a promo.

FW: NEW R8S-N series (pending availability / reviews)
I specifically want SFP+ capability and throughput that could in theory match a 3Gbit fibre connection in the future. The ONT / Hand off from the ISP will likely be a 10Gbit interface from their equipment.

Switch: USW-Enterprise-8-PoE
Has both 10Gbit and 2.5Gbit, supports PoE+

WiFi: U6-Enterprise-IW
I am thinking two of these maybe three.. 1 because I already have prewired jacks all over the house, 2 they support 6E, 3 they act as a local switch which would work well near my primary TV setup and in my home office. (I am aware that PoE pass through requires PoE++ and is not a requirement)



I am looking at this as a complete green field setup that will last many years and be modular / supported a long time.. I currently run OPNSense on a spare PC, Have a D-Link 1Gbit Managed switch and 3 UAP-AC-PRO APs in my old house that I have had for close to 7 years.

Thoughts? Alternatives?
 

hmw

Active Member
Apr 29, 2019
576
229
43
Do yourself a favor and avoid the Ubiquiti network shite.

Get a small rack and grab a 1U supermicro chassis + any of the Xeon motherboards. Many have SFP and the idle power will surprise you (pleasantly). Get a X520 SFP card and use that

Get a Netgear MS510TXUP - or a refurb Ruckus 7250-24P if you want to future proof. And get refurb/used Ruckus AP (H350/R650/R750). . Having 3-4 H350s is better than having 1 R750. That way you dont need a separate SDN controller for your switch and APs.

If you're looking for 6E, there's often Aruba 6E APs on sale - Ruckus x60 APs are still too expensive

I once thought like you did and invested in Ubiquiti. I had their APs (U6/UAP), their enterprise switches (XG24/POE) and their cameras. I have since ripped out everything except the cameras.

Just keep in mind that if you wish to do VLANs on the switch and *not* on OPNsense, it is possible but much more work since OPNsense (or even PFsense) does not have a way to do DHCP for multiple subnets if those subnets don't exist on the OPNsense box.
 
  • Like
Reactions: Catlike
Nov 13, 2022
41
11
8
Well I appreciate the suggestions but I think you have more than doubled the cost of every component making it completely impractical.

Just keep in mind that if you wish to do VLANs on the switch and *not* on OPNsense, it is possible but much more work since OPNsense (or even PFsense) does not have a way to do DHCP for multiple subnets if those subnets don't exist on the OPNsense box.
Creating sub interfaces and tagging them to vLANs really isn't hard in OPNSense... I already do this, really no change in this proposed setup other than both the switches and the APs would be configured in one place vs how I do it now.
 

hmw

Active Member
Apr 29, 2019
576
229
43
I think you have more than doubled the cost of every component
That's strange. Looking at something like

$240 - Supermicro X11 - 1U 20" Short Depth Server Firewall PFSense X11SSH-F Xeon 3.5Ghz 32GB RAM NVME | eBay
$250 - Ruckus H550 - NEW Commscope RUCKUS H550 Series WiFi 6 Indoor Access Point | 901-H550-US02 | eBay
$200 - Ruckus H350 - Ruckus Wireless Access Point - Bluetooth - Zigbee - 2.4 GHz, 5 901-H350-US00 | eBay
$499 - Netgear MS510TXPP - Netgear MS510TXPP Ethernet Switch (MS510TXPP100NAS) 606449120974 | eBay
$20 - Intel x520-DA2 - Oracle Intel X520-DA2 Dual Port 10GB PCIe HBA 7051223 Low Profile | eBay

And comparing that with prices for

$479 - USW-Enterprise-8-PoE
$299 - U6-Enterprise-IW
$300? - R86S

I'd say you're getting better hardware with the former. Even a HP DL20 Gen 10 would come in at $400 on eBay and those have Xeon E22xx CPUs

But if you want to stick with Ubiquiti, you should invest in a CloudKey or another Unifi Console to run the Unifi SDN on full time so that you can manage your Ubiquiti gear - ideally you can get their Gateway Pro that has the 10G WAN so you can take advantage of your ISP's 3Gbit connection
 
Nov 13, 2022
41
11
8
I should note that I am located in Canada not the US, so most of those EBAY options are much more costly to ship to Canada IF they ship to Canada.

Supermicro X11 - I didn't explicitly say it but SPACE / HEAT / POWER matter, not interested in running a big 1U server.

Ruckus H550 / Ruckus H350 nether are 6E, this is a future proofing feature I want if I am going to replace my existing UAP-AC-PROs

Netgear MS510TXPP probably not a bad option but I am unlikely to get it that cheap SHIPPED or local but I will look into it further.

But if you want to stick with Ubiquiti, you should invest in a CloudKey or another Unifi Console to run the Unifi SDN on full time so that you can manage your Ubiquiti gear - ideally you can get their Gateway Pro that has the 10G WAN so you can take advantage of your ISP's 3Gbit connection
Already run UAP-AC-PROs and have run the controller 7 year so you don't have to tell me anything about the unifi controller, the unifi layer 3 devices ARE very limiting (VPN setups, and various filtering options), will stay with OPNsense which I am already running. I used to run an Edge Router which was not bad and more flexible than the unifi line before switching to OPNSense so I could do some more complicated wireguard configs and DNS filtering.
 

nexox

Well-Known Member
May 3, 2023
652
257
63
I don't know about the shipping to Canada, but you can get a Supermicro X9SPV with a mobile i7 and 16GB DDR3 ECC for $170 on US ebay right now, has a pci-e 3.0 x16 slot which I believe supports bifurcation, I forget the exact CPU I have vs the ebay one, but mine will route near 10G as long as the packets aren't very small (edit: that's running a light iptables config on bare metal, I hear the various packaged up routing options are a bit slower.)
 
Nov 13, 2022
41
11
8
You infra looks good. But also, forget about sub-gig speeds for now.
Don't you mean greater than gigabit?

Main reason for the complete upgrade is really the desire to support 6E, and as nearly all 6E APs can support throughput of greater than 1Gbit they tend to be 2.5Gbit, which then requires a 2.5Gbit or greater switch etc, etc.

ISP wise I am already at 1Gbit, and it seem like they keep moving up each year. I also run Plex and a few other NAS services locally, would be nice for moving backups across the LAN to have greater than 1Gbit speeds.
 

zer0sum

Well-Known Member
Mar 8, 2013
849
474
63
Ubiquiti is hot trash!

You can run a Lenovo Tiny as a firewall. M720/920/90q series works perfectly and take a PCIe card so you can have 2 x SFP+
I prefer to run Proxmox on them, and then virtualize the firewall so I can have other edge hosts.

Unless all the devices you have also support 6E, then getting a 6E AP is pretty much pointless.
I don't think 6E is really going to be a thing for years, or by that time wifi 7 will just take over
 
Nov 13, 2022
41
11
8
Ubiquiti is hot trash!

You can run a Lenovo Tiny as a firewall. M720/920/90q series works perfectly and take a PCIe card so you can have 2 x SFP+
I prefer to run Proxmox on them, and then virtualize the firewall so I can have other edge hosts.

Unless all the devices you have also support 6E, then getting a 6E AP is pretty much pointless.
I don't think 6E is really going to be a thing for years, or by that time wifi 7 will just take over
I already run a few mini PCs for things like Frigate and HomeAssistant.. Going up to a more modern one that can fit a PCIe card pushes the cost WAY up locally, typically more than the R8S devices at that is without also counting the SFP+ card. I do keep an eye out on eBAY but selection in Canada is less and shipping from the US ads cost. This is an option I have already considered, I just have not found one that made sense cost wise. The older ones I have found area typically not fast enough to route at greater than 1Gbit.

Samsung, Google, Motorola already have phones out that support 6E, WiFi 7 builds on top of 6E so 7 devices will likely be compatible with 6E APs for using 6Ghz.. There are also a good number of consumer APs with 6E out already, mostly MESH systems.
I am fairly confident we may only have a generation of devices to roll over to 6E at least on the flagship side.

Again If I don't add 6Ghz I will probably just not bother upgrading the APs from what I have, but I appreciate the feedback.
 

nexox

Well-Known Member
May 3, 2023
652
257
63
I thought 6E was pretty common on devices by now. I bought a mid-range android phone a year ago and it's got 6E, then spent $25 on a new wifi card for my laptop to get it up to 6E, my wife's work laptop is over a year old and came with 6E. The better argument against 6E is that the 6GHz band doesn't have much range, especially through walls and such, so it won't be very effective in some environments.

Still, the 6E adoption rate seems more or less similar to what I remember from wifi 4 and 5, and there's no reason to expect 7 to be much different, by the point people are shopping for 7 APs 8 will be around the corner and then you might as well wait for that one.

I haven't gotten enough of them deployed and tested to give a totally positive review, but I have been buying Netgear enterprise 6E APs when I can find them for a decent price, wired, of course, wireless mesh is not my idea of fun. So far so good, and they include a feature to turn off the wifi radios when they lose contact with the default route host, something I used to have to write a script to achieve on my Mikrotik hardware.
 
Nov 13, 2022
41
11
8
Going back to my original post I have been running UAP-AC-PROs for close to 7 years, this revamp should be the basis for another 5+ years baring some massive tech breakthrough. This is also why I want to have the 6Ghz channel and not just go with WiFi 6 on 2.4/5Ghz as there are already problems and from my point of view 6Ghz is likely to see fairly high adoption due to all the problems we have on 2.4/5Ghz. Key indicator being how many consumer AP / Mesh systems already have 6E.

Also as noted my new home is pre-wired in nearly every room, RANGE should not be a problem if I need to add another IN wall AP as per the original plan. 6Es limited range is actually a blessing if you have many APs to get good coverage as it means you should not have interference from outside your home.

Everyone has raised some good points however ether do to availability, space, or costs I am not seeing strong reasons not to go down the current path
 
  • Like
Reactions: nexox

Jabes

New Member
Feb 17, 2019
5
1
3
I built out a large home network (multiple buildings with fibre between them, plus at least half a dozen access points) in the UAP-AC-Pro era (around 5 years ago I guess).
When I moved house (a year ago), I built out an equivalent sized TP-Link Omada network

Why did I swap? Ubiquiti quality control on firmware has been terrible, plus TP Link Omada has a lifetime warranty with advanced shipping of replacement parts.
Having owned both, I'd certainly go Omada again.
 

nexox

Well-Known Member
May 3, 2023
652
257
63
I also had good experiences with TP Link Omada for some of my Wifi5 gear, but they took forever to get their 6E APs released and by then I had already picked up a Netgear and liked it. I personally can't stand the required Ubiquiti configuration software, so after the one AP I had from them died I moved on. TP Link and Netgear both offer cloud whatever, but they will happily let you disable that and just do the standard browser configuration, much better than running a VM to get some half-broken java GUI to sometimes work (that was a long time ago, the Ubiquity software may have gotten better.)

6Es limited range is actually a blessing if you have many APs to get good coverage as it means you should not have interference from outside your home.
Very true, it works reasonably well in my house, since I have just enough wire runs to get a couple APs in good locations, but if I was going to upgrade my parents' AP I don't think I'd bother, because it's in a corner and they'd get 6GHz coverage in pretty much exactly one room.
 
Nov 13, 2022
41
11
8
TP Link Omada has a lifetime warranty with advanced shipping of replacement parts
I had been looking at Omada but their forums have almost as many issues as the Unifi ones, maybe I will take a second look but they don't have a 6E in wall equivalent at the moment. Their software is also a clone of unifi for the most part.

Reading the fine print the lifetime warranty applies to specific devices and 5 years after EOL. Which is still really good but from what I understand they EOL stuff very quickly... still much longer than Ubiquity.

I will take a look at their product line again.

We can add the iPhone 15 Pro to the list of devices with 6E as of this morning so I am fairly confident that 6Ghz will be relevant to me during the lifespan of my network replacment.
 

986box

Active Member
Oct 14, 2017
233
42
28
44
You can run a Lenovo Tiny as a firewall. M720/920/90q series works perfectly and take a PCIe card so you can have 2 x SFP+
I prefer to run Proxmox on them, and then virtualize the firewall so I can have other edge hosts.
For a second there, I thought Supermicro could replace m920q with i5-9600T until I compared passmarks.

I’ll stick with my tiny micro with AOC-STGN-i2S.
 
Nov 13, 2022
41
11
8
For a second there, I thought Supermicro could replace m920q with i5-9600T until I compared passmarks.
The new R8S-N will have an Intel Core i3-N305 so it should be very comparable at least based on expected passmarks.
 

MrGuvernment

Member
Nov 16, 2020
39
7
8
I run PfSense in an HP SFF desktop with an intel x520 card in it, it has an i5-6500 and 8GB of ram with a 1TB SSD, and handles my 1Gb/1Gb fiber fine. That is an option for you. I did mount an 60mm fan on the X520 though to be sure it has air flow.

I then got a Brocade ICX6450-24p for my network. I run vlans, but do have it going via pfsense for now, as i dont do much cross vlan data movement. Now have a 6610-24p to move over to though and may do vlan routing on the switch, once i toy with some idea's

I also just got a Ubiquiti U6 in wall and it covers my house well 1568sqft. I run 3 SSID's off it on their own VLAN's as well. I know some people hate Ubiquiti, and they have gone downhill in terms of general quality of software, but they do still work at a basic level. Knock on wood, no issues with my IW yet, but only had it 2 months...