Could use a little guidance on multi-node home network

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Avery

Occasional Visitor
First off, this has always been a great site... have come here over the years for a lot of knowledge, whereas the rest of the internet is a roll of the dice - thanks to all who maintain it!

I am remodeling my home, and am going to move to a multi-node network, and could use some guidance.

I currently have a single RT-AC68U that covers the majority of the 'main' section of the home (2 stories, about 25' x 70'), though a bit weak at the end furthest from the device. Continuing along the length of the home there is a multi-use room on the first floor that connects to the 2-story garage (about 30x30), where the lower level is garage and the upper level is a studio I rent out. I also live in a neighborhood with homes spaced a little bit - 1 acre lots.

I notice that there was not much current SNB information on the current Wi-Fi Mesh networks or AP's. It probably moves too fast to practically keep up. And, of course, it's difficult to interpret the rest of the internet.

As part of the remodel, I will pull cat 6/6a between possible locations for nodes/AP's, so anything I put in will be wired/ethernet back-hauled. I also want to have decent coverage in the front and back yard, and I do not know if it matters... but the roof will be metal.

I work in IT for enterprise systems, and get networking basics, but am not a networking guy. I do like the OpenVPN support the ASUS has, and sometime use it to access files at home. It would be good to have some VPN solution that doesn't have a fee, and is very simple. It would also be good to have a system that doesn't require a lot of my time to maintain, patch, or excessive configuration. Not that I can't figure it out, but I have different priorities and not enough time outside of work.

My questions are:
- With the current products available, is there a compelling reason to run a mesh with wire backhaul, versus Ethernet connected APs? POE would have some advantages, especially for outside AP mounting locations, and will use POE for some Ring cameras.
- Are there particular products in each of these systems that stand out for not being high maintenance, supporting roaming features well, security, and well-performing network?
- For outdoor coverage, I'd want an AP outside in the front, and likely in the back. How does one manage this without 'overcrowding' AP's or nodes (which as I understand from the excellent 'how to fix wi-fi roaming' article can lead to more issues)?
- Since I will be adding some PoE cameras and AP's/Nodes outside my house, I would like a way to isolate these cameras from the rest of the network, as there is no physical security on the cable. VLAN?

Thanks!
 
Last edited:

Trip

Very Senior Member
First off, congrats for laying the bedrock of a solid network with high-end density of quality cabling, terminations and patch-panel work; the battle is 60% won right there.

To answer your questions first:
- Mesh vs. APs: No compelling reason for consumer mesh, primarily because you'll have all-wired backhaul, and all consumer mesh systems force all nodes into using the same fronthaul channel in each band, which caps wifi capacity to a single channel's worth at any given moment (regardless of how many nodes you have). Additionally, the lack of a unique fronthaul channel per node/AP often makes for less-optimal roaming behavior as well. Purpose-built, wire-first APs don't have this limitation, and with an all-wired backbone, you might as well go straight to them. You also get a higher-reliability system, VLAN awareness and a true centralized control plane (ie. controller, either discrete or embedded).
- Set-and-forget factor: among purpose-built AP products, you want something that's been under development for a while and is more or less "field-proven". Ubiquiti UniFi and TP-Link Omada, although not without their faults, generally fit this description. Cisco CBW should as well; even though it's newly-released (to replace the WAP series), Cisco usually gets a version 1.0 product out the door with core functionality that's at least production-ready. Once properly configured, any one of those products should be pretty much be set-and-forget.
- Outdoor coverage: For a solution that doesn't over-crowd the spectrum or broadcast space, you might want to look at directional APs, ie. one that would broadcast a sub-180 degree "cone" out into the yard, but leave the rest of the space behind it (ie. the inside of the house) uncovered. Ubiquiti UniFi has a couple models, like the UAP-AC-M-PRO, that do this pretty well (neither Omada nor CBW have anything in that department yet, but I'm sure they're coming at some point).
- Network segmentation: VLANs, definitely. All the more reason to go with SMB-grade, wired APs (which all come VLAN-aware), plus VLAN-capable managed switching and wired router.

Happy to help guide further where requested.
 
Last edited:

Avery

Occasional Visitor
Thanks for your insight and thoughts, Trip. And I appreciate your offer for further, help, as well. I would usually dig in deeply, and currently I am burning the candle at both ends between work and 2 remodels on the house, where I'm deeply involved.

I've attached a few images to help understand they layout of the house.

A few quick comments and questions:
  • I like the idea of the directional outdoor access points, and looked up the UAP-AC-M-PRO, though didn't readily find the full manual. Can you broadcast around 180 degrees? As you can see, I would likely need two routers broadcasting at 180 degrees.
  • I would like to keep the network architecture relatively simple, with as few devices as reasonable to do so
  • Between UniFi, Omada, and CBW, which one has the edge in 1) security/maintenance/patching 2) value 3) network reliability/robustness 4) device options 5) least-fuss factor/simplicity 6) least # of AP's required 6) support (and without fees; I once had a netgear UTM and they wanted to charge you for updates after year an support was horrible)
  • Should I be considering running AP's directly off the wired router, to increase the resiliancy of the system, or does that complicate things from a VLAN perspective? I do have a netgear 24 port managed switch, though it likely needs to be replace for a PoE switch.
  • Would one Roughy how many access points do you think may be required for this home, and does it vary by vendor? Any stab at locations? Some additional information is below.
    • As a reference point, currently the RT-AC68W is located about 8' high in the pantry and serves the west end of the house well. Signal is OK in the east end of the living room, and by the time you get downstairs to the breezeway joining the house and garage, signal is lost. There is also no drywall downstairs currently. Initially I was thinking one AP in the pantry, and one in the breezeway (the gable end of the roof sits about 4' high in the living room), but it sounds like I will need more, esp. now that I'm thinking about the warmboard (see below).
    • Closet downstairs labeled 'Storage' (next to the Rec Room) will be the media/network/storage closet. A satellite media location will be in the pantry, where there is already some cabling for audio/ethernet/cable.
    • Area above the garage should be considered separate as an in-law quarters, and might be run as a separate SSID. I'd like to also have Wi-Fi in the garage, in case I'm working out there.
    • Construction details:
      • Downstairs, I am putting warmboard radiant heating panels on the ceiling, behind the drywall. These are essentially 3/4" particle board with a thin layer of aluminum on the surface. How do you think this might affect AP coverage?
      • Roof is steel
      • Lower level is 40" below grade (concrete stem wall) for most of it, but walk-out at garage/breezeway end on the N side
      • Walls are conventional residential construction, with brick cladding in some exterior locations shown as gray on the drawing; other locations wood exterior
      • Upstairs no ceilings are flat, except kitchen/dining (not sure if mounting an AP on a sloping ceiling is problematic)
  • Now that you have seen the layout, do you have any additional thoughts on the exterior coverage? S. yard only extends about 25', N. Yard extends 150', but the closest 60' is the most important.
  • Any other thoughts?
Thanks so much!

house_front.jpg

upper_level_house_plan.jpg

lower_level_house_plan.jpg
 
Last edited:

coxhaus

Part of the Furniture
The Cisco APs can be run off any switch in the network. I don't run big POE+ switches because they are too loud at home so I run a small POE+ switch just to run the wireless APs and maybe cameras connected to my Cisco L3 switch which is connected to my Cisco RV340 router.

I would think Cisco and UniFi will offer longer support for their hardware vs TP-Link.

I would think the CBW240ac would be the choice since they are cheap and the new hardware but if you are going to jump on the 2.5gig band wagon anytime soon then don't rule out the Cisco WAP581 wireless APs. The Cisco WAP581 APs cost more because they have a 2.5 gig port built-in. The CBW240ac has 2 1 gig ports which can be used.
 
Last edited:

Avery

Occasional Visitor
I don't run big POE+ switches because they are too loud at home...
Is this because of internal fans, due to the power supply? I noticed some of the 24-28 switches have a 'low power' option, such as < 200 watts, and I wonder if those might be more quiet. I can relate to the noise consideration, because I had a fan bearing go out in a netgear 24-port switch and it was noisy for the longest time until I got a replacement fan and installed it. Made me think about going fanless, and I think I saw a few POE ones that could do that.

Edit: Looks like Cisco goes up to a 10-port POE that is fanless. Noise is a consideration, as the network closet is right next to the media room.
 
Last edited:

coxhaus

Part of the Furniture
Edit: Looks like Cisco goes up to a 10-port POE that is fanless. Noise is a consideration, as the network closet is right next to the media room.
If you have a network closet then you are better off than most. Fans may not be as big of an issue with you. Cisco does publish noise figures.

Also make sure you are buying POE+ not POE. Most new hardware requires more power than POE. I would not buy POE. I think POE+ is twice the power of POE.
 

Trip

Very Senior Member
@Avery - Lots to cover, apologies if I'm too brief. Bulleted answers:
  • For 180+, omni APs may be best (explanation later).
  • Understood on simplest setup with least amount of gear as is reasonable.
  • Pro's/Con's of Wifi systems:
    • Security/Patching - Cisco #1, UI #2, TP distant #3
    • Value - Depends on priorities
    • Reliability/Robustness - Cisco #1, UI & TP #2
    • Device Options - UI (overview link), several unique-in-class
    • Least Fuss - Cisco #1, TP #2, UI #3
    • # of APs - Less brand-dependent vs. layout strategy/budget (explanation later)
    • Support - Cisco #1, UI #2, TP #3 - No additional cost for any just to use the product and get firmware updates
  • Switch: I prefer discrete, for robustness and one less compounded point of failure, but Cisco RV260P or RV345P are possible, most attractive if you're leaning Cisco for everything.
  • Topology Strategy: APs and demarc are outlined below. You'd pick a blue -OR- green layout (not both), then optionally add the purple outdoor APs. Blue = more, lower-power APs for better 5Ghz. Green = fewer, higher-power APs if lower overall throughput and/or more 2.4Ghz reliance is OK. Outdoor AP(s) installed if signal doesn't cover the yard(s) enough:

SNB_Avery - 1.png


SNB_Avery - 2.png

I threw in the network rack diagram from a plan I did for work. You don't need a rack, but they're nice. The mockup uses a 12U telco/wall-mount size. You could omit the UPS if you don't care about power backup.

Wifi - Blue layout lower-power AP examples: UniFi AC-LITE, NanoHD or In-Wall, Cisco CBW140/145AC, TP-Link EAP225v3. Green layout would be 33% lower install overhead, in exchange for lower-performance 5Ghz in places, more 2.4Ghz use and lower total capacity. Higher-power, longer-reach APs for that approach: UniFi UAP-AC-LR, Cisco CBW240AC, TP-Link EAP245. UniFi or Omada would need a discrete controller, installed bare-metal/VM/Docker on your own hardware, or as a ready-to-go appliance (CloudKey Gen2 / OM200). Cisco CBW is controller-less, with multi-master fail-over. If UniFi looks promising, you might consider a UniFi Dream Machine (UDM) or UDM Pro, which comes with the controller built-in, but cost is moderate and they've had stability issues up to now. Maybe also look at Ruckus for APs; link-layer quality and interference mitigation blows the others out of the water, plus it offers an embedded enterprise controller with Unleashed, but it's much more expensive, and working-pull/used off eBay to bring the price down is not for everyone. No extra licensing required for any of the above.

Switches - UI and TP are good enough for home, although they're not as proven as Cisco SG (and I'd expect CBS), nor do they have Layer 3 (less relevant at home, but still worth mentioning). UniFi only if doing their APs, optionally a USG/UDM, as their single interface over everything is the primary selling point. TP lacks AP/switch integration, but switches are decent and cheap. Cisco only has single-point setup for an "ecosystem", so you still need to locally admin into separate APs and switches for the most granular settings, but their actual hardware and switches are historically the best-built and supported.

PoE+ Switch Noise - Cisco's CBS series have 16 and 24 port silent/fanless models, as do UniFi, albeit not all ports powered, so a bit more port inventory tip-toe'ing to do with UniFi. Zyxel also has full-power 24 and 48 port GS1920v2 models with 26dB fans (whisper-quiet). So options are there for higher-density PoE+ in a single backplane, if you want them.

Routing/Gateway - Choices are most varied here. Simplest/lowest power would be an ARM/MIPS embedded box: Mikrotik HeX, Cisco RV, Ubiquiti EdgeRouter/USG. I'd probably go Cisco RV if you choose Cisco switching and wifi, or EdgeRouter X or 4, or UniFi USG/UDM, if doing UniFi wifi, or EdgeRouter + Cisco switching/wifi for a mixed stack if you have lower-bandwidth internet want better SQM QoS than what the RV can offer (to help defeat bufferbloat).

Budget - Cheapest you're looking at would be ~$400 all-in (example: $60 Ubiquiti ER-X, your Netgear switch for free, $240 for four TP-Link Omada EAP225v3's, which include PoE injectors so a managed PoE+ switch wouldn't necessarily be needed (although I'd highly recommended one), plus the $90 OC200 Omada controller, and no outdoor APs for starters). All-new gear would be $700+; all-Cisco or UniFi would be probably $1000+. Ruckus wifi would add $2500 new, $500-1000 used.

Overall, an all-Cisco stack may be the best "easy button" solution here. They don't have UniFi's hardware diversity (FlexHD, UAP-AC-M and UAP-M-PRO come to mind), nor TP-Link's cheap cost, nor Ruckus's antenna tech, but they cover every layer competently enough and are usually the best-supported in the segment. If a single-vendor solution is appealing, I'd give Cisco the slight edge over Ubiquiti for your use-case.

Hope that helps narrow down. Happy to help more if needed.
 
Last edited:

Avery

Occasional Visitor
Wow - That was really awesome, Trip! Thank you so much for your time!! Even a layout diagram!

You mentioned lower-bandwidth internet. How do you classify that? I can remember the days of the 1200 baud modem :) Comcast cable is my only option, and fiber isn't likely soon. I think I'm on a cheaper plan around 100 Mbps... can upgrade to 1 Gb as needed. More cabling for more APs is not a problem, provided it gives a better experience (though of course more device mgmt and cost).

This has really been very enlightening, and after a few hours of digging in, a few other comments/questions. I mainly made it through switches and started to look at AP's. POE switch for sure, since I'll be having 10-15 POE devices. I think I will go either Ubiquity or Cisco, and forego TP-link. The only exception is that the Zyxel GS-1920 v2 switch looks pretty nice (lots of power, and not much more to go to 48 port), though I really like the flexibility of the handful POE++ ports and overall package on a SG350-28P.

Regarding POE and POE devices - the main devices I would have at this point are AP's & ring cameras, each being 10-17w.
-Do these devices tend to consume full rated power the whole time?
I ask, as if I have 8 UAP-AC-HD's, that is 136w, alone. Then add 5 cameras for 75w, and I've already blown the SG350-28P's capacity.

Overall, power consumption is a significant consideration... cost, and heat in the media closet.
-Is it fair to assume all these switches are very good at scaling power consumption, according to actual POE device consumption?

Regarding access points, it looks like the Cisco's don't support 802.11k & v, whereas Ubiquity does. Overall client experience going from one AP to another is key, esp, when using wi-fi for cellular.
- Does Cisco encourage handoffs and as good of a client experience as Ubiquity?
- When running cabling for AP's, is daisy chaining possible (esp. with POE, even if you have POE++ switch), or home run to each AP? I'm thinking about # of ports consumed
- With both Cisco and Ubiquity, can you patch multiple APs centrally, or you have to login to each one (thinking about the 6-8 AP's to manage)?
- AX seems to be available at the consumer level, but not yet for SMB. Is that coming soon, and is there a practical benefit? With construction now, I only need maybe 2 APs for the next 6 months.
- You mention the CBW140/145 vs the CBW240 as a higher power AP. Can power be scaled down, if I want to get 2-3 of these at the start, and go for the lower power layout?

Regarding switches,
- Do the switches also tend to scale power consumption well, according to actual POE draw? (i.e. going to a 48 port switch doesn't consume much more energy than the 24 port for same connected devices)
- If I go with a 24 port, I will likely run out of ports sooner than later, due to AP's & cameras. Going to a 48 port in some MFG's more than doubles cost (e.g. Cisco). From a network architecture perspective, how would you scale ports with another non-POE switch, or is there a different recommendation to get an additional 5-10 ports?
- Is there any practical use for POE++ today?
- With 1 Gb ports is that not a throughput issue? It seems there isn't much at 10Gb today, save some SFP+'s. I'm a little surprised.

Pricing...
- With Amazon Prime day coming up, as well as the Thanksgiving timeframe sales, does anyone know if Cisco, Ubiquity or Zyxel (or vendors) tend ot offer any deep discounts?

Thanks, again!
 

degrub

Very Senior Member
remember that you can use individual POE power injectors for some nodes to make up for the lack of power available in a switch. about 40$ per power+ injector.

Don't compromise on your power budget to the POE APs. Weird communication issues can start occurring if the AP starts overloading the power budget for its ethernet connection or the total budget for the switch.

ProVantage usually has good prices on Cisco and other gear.
 

Trip

Very Senior Member
Very welcome. Further answers below:

Wifi:
- PoE Consumption: Wattages on spec sheets are usually maximums; I find it's often safe to estimate real-life consumption at 1/2 to 2/3 of that.
- PoE Power Scaling: Yes, anything certified for active PoE (802.3af/at/bt/bz), which are basically all APs today, will request only as much as they need at a given moment, no more.
- Roaming Support: On the contrary, Cisco WAPs (and I expect CBW) should support 802.11/r/k/v in-full; it was UniFi that lacked proper support for a while, but as of the last couple years should be there. TP-Link Omada has had support since inception, albeit certain nuances not perfectly implemented initially, but now fixed (supposedly). This area is a good example of something that usually just works when you move up-market to actual enterprise APs (Cisco Catalyst, Aruba, Ruckus, etc.). Cost multiplies, but you get rock-solid functionality and wifi standards that just work. Personally, I run Ruckus at home, because it is enterprise-grade and provides the best link-layer quality of anything I've ever seen (and I've seen basically everything), so I'm willing to pay for that. *SIDE NOTE* It's important to remember that roaming amendments need to be supported by the client as well, and it's the client, and its ability (or lack thereof) to know how to roam intelligently, or at all, that ultimately makes the decision on where and when to roam and the quality of that roam. Many of the top smartphones, tablets, laptops and purpose-built mobile voice or video products have 802.11r/k/v support now in 2020, but you have to search this carefully for your collection of clients, as especially if they were made a few years ago (or older), they may not have the level of support to take advantage of the fancy wifi system you're about to put in place. So be mindful of that as well.
- Handoff and VoWifi: Truly seamless roams requires not only that the device(s) and AP(s) have proper support for 802.11r/k/v, but in many instances that you're using RADIUS so full EAP re-auths don't have to occur when you jump from AP to AP, and RADIUS is something most SOHO setups lack, so one can only expect so much seamless behavior from a typical SOHO setup. That said, there is plenty of anecdotal evidence here and elsewhere to confirm you can still get practically seamless roaming behavior and VoWifi calls that don't drop when roaming on Cisco WAP/CBW, newest UniFi versions, Omada and all enterprise products. It does tend to be the enterprise products, though, that deliver the most extensively coordinated packet flow and truly seamless behavior (as they should, for the price). Also, again, you need clients that are compatible/capable, or this entire conversation stops before it starts.
- Centralized AP Patching: Yes for both UniFi and Cisco CBW.
- PoE PD daisy-chaining: Possible if the AP(s) in question have PoE pass-through ports, but it's rare in ceiling models, and not best-practice, nor encouraged. Daisy-chaining introduces unwanted cascading points of failure and potential bandwidth/power bottlenecks. No bueno.
- 802.11ax ("Wifi 6"): Only noticeable benefit is for AX clients only, ~2x throughput in 2.4Ghz, and up to 2x in 5Ghz in the most optimal conditions, and/or if using 160Mhz channels, which is often a stretch; everything else (OFDMA, TWT, BSS coloring) is effectively vaporware and will remain so for the foreseeable future. Biz-grade APs tend to lag half a gen behind for stability and cost savings. Wifi 6 is coming out in certain SMB lines now (EnGenius has a good one in the EWS377AP, UniFi has a few in the Early Access store), or if you want to pay a premium for it from the enterprise vendors. On that note, it may be worth also looking into EnGenius and Aruba Instant On as possible vendors, both of which have Wifi 6 options out right now.
- Transmit Power: Yes, on most of the "higher-power" APs, power can be scaled or turned down, to mimic lower-power APs, then turned up later, or vice-versa. On more advanced systems, such as Ruckus, the entire topology can automatically adjust the power output of all APs based on real-time RF co-interference analysis.

Switching:
- PoE Power Scaling: Yes, same as for APs, anything certified for active PoE (802.3af/at/bt/bz), will monitor and deliver just as much power as is needed by the PD, no more than that.
- Port Planning/Scaling: At the SOHO level, this really comes down to bandwidth. The simplest expansion is wiring in an additional switch via however many 1Gb RJ45 ports you need to prevent bottlenecking; this may be a single 1Gb port, or a few in LAG for redundancy and additive throughput (ex: 3 ports in LAG for 3Gb/s duplex interconnect with 3x redudancy). The next level up from that would be front-of-plane stacking of two or more switches using 10Gb SFP+ fiber ports and copper DAC cables. This would give you a 10x capacity bump between switches, plus a single virtual management plane if they supported stacking. Using gear we're looking at as an example, any Cisco CBS350 model with an "-X" suffix supports stacking of up to 4 switches over the included 10Gb SFP+ copper interfances.
- PoE++ (802.3bt): Yes, it's starting to gain more traction and come down-market as we get more things are moving beyond the 30W limit of 802.3at (PoE+), but higher port count switches with 802.3bt are still mostly enterprise-grade, expensive, noisy, and/or hot; PoE+ for 16-48 ports is the better buy currently. If you did want 802.3bt for a few ports, you could always wire in a lower-density switch. Also, there's a reverse effect going on as we pursue more "green" energy consumption, where devices are being made to use less power for equivalent performance, so PoE+ should still be relevant for some time to come.
- Port Speed: 1Gb access ports are still the standard by vast majority. You can scale bandwidth on pre-existing copper ports in primarily two ways: LAG/LACP and multi-gig; the former with things that have multiple ports like NASes, servers or other switches. Multi-gig allows for 2.5Gb or 5Gb on the same wire/port you already have in place (provided it's quality Cat5e/6), and is gaining support in switches and higher-density APs. Beyond that, 10Gb is used mostly for uplink (SFP+), often for stacking (as mentioned above), building/floor interconnect, giving way to 40Gb/100Gb fiber in the data center.

Pricing:
- While you might be able to find some deals at certain times of the year, networking gear, especially business-grade stuff, is usually much less apt to be effected by consumer retail enticement, and honestly, maybe that's a good thing, as this is infrastructure that is going to be sitting in your house for years to support a part of your life that some would call crucial (I would agree), so I would focus more on long-term value of the right solution than any particular savings in the moment. But I do understand the want to not overspend, if you can help it.
 
Last edited:

coxhaus

Part of the Furniture
If you don't have AC in your switch closet then you need to counts watts. You can over heat your closet. When I ran my server farm, I could not close the closet door as it would get too hot. Actually, the room would get very hot in July and August in Texas even with central AC. I ended up adding a window AC unit to cool everything in the summer.

I would recommend not adding too big of switches unless you really need it. Do some hard planning before you over buy and generate too much heat.
 

Avery

Occasional Visitor
Thanks, Trip - for all the input. Again, very enlightening.

It sounds like for 8 AP's and 6 wireless cameras I may be OK with 195 watts for POE (such as Cisco SG350-28P), and if needed, use a couple of POE adapters? I imagine the switch will tell me POE Power utilization, so I don't oversubscribe.

> On the contrary, Cisco WAPs (and I expect CBW) should support 802.11/r/k/v in-full;
I felt like I was heading down the Cisco path yesterday, provided I could verify the 240AP, 140AP supported 802.11/r/k/v. From your prior descriptions, of support/effort/reliability, it sounded like the best aligned product line.

In the technical specs, they only have 802.11r listed for the 240AP, and not the other protocols for any. So, I spent an hour and a half getting sent to 6 different people in Cisco (chat -> sales -> for home use of CBW, you have to contact linksys -> technical support, you don't have a serial number -> webex tech support # (?) -> small business sales again, to no meaningful answer there. It was a pretty bad support experience, to be honest, just trying to get confirmation on a single question. </end rant>. Based on other spec sheets showing it, I actually believe these APs don't support that standard, though base on your comment, that may be odd. While I'm confident my phone is old enough not to support those features, phones, tablets, etc are due for replacement at some point, so it seems there is value.

Assuming Cisco APs don't support 802.11/r/k/v, is this a deal breaker?

Anyhow, based on that less than good experience, I am a bit turned off from Cisco, and started digging into Ubiquity, and became a little concerned about how much tweaking and twiddling may be needed to get the system functioning reasonably well.

Any direct experience with the ZyXel switches and interface? Is this a worthy product? I read one poor review, but it's the internet. Another one mentioned the PoE only operates at 48 volts, but I haven't had a chance to dig into that. I'm probably most attracted due to acoustics and price/power/ports, and it doesn't hurt they are 15% off at Amazon today, but that's not a reason to buy, unless I'm going down the path anyhow. Also, it seems they don't have any phone support, as they only direct you to a form, which is also not that encouraging. I did submit a question to get a sense of power consumption, as I'm just not very clear if these switches have much overhead power (beyond what the POE consumes), and if the power levels are stepped, or fully scalable. At 470w max power consumption, I'd want to understand that clearly.

Just to confirm, for my purposes, I should be fine (feature wise and ease of manageability) with either a Smart Managed or Fully managed Switch?

As to the router/gateway... I had the Netgear security appliance and didn't want to pay $100/yr for the updates... and it added a layer of complexity/management. If going down the Ubiquity path, is this something I should practically be reviewing? I won't be running any SMTP servers or anything like that (and assume all other SMTP traffic is SSL encrypted), so I'm thinking no benefit there. I guess the area I start to get a little uncomfortable is on the IoT side, and I'm not clear how much benefit this provides for how much management overhead.

Lastly, I will definitely want a VPN remote access option. I'm assuming Cisco in the RV series is good to go in this category, and without any licensing fees. On the ER-4, I see one comment about OpenVPN for remote access... any knowledge on the security or reliability/use of that feature?


coxhaus - understood about heat, and it is a good point about switch sizing. I think 77deg is where cisco starts to kick into a louder fan mode, and I'm sure that is the temp inside the case. There is other AV gear, and possibly a freezer will be in the closet, too. The closet is about 45 sq ft, in the basement, and about 4' below grade. I may leave the floor unfinished, just for the 55 degree slab cooling. In a worst case, can do a setup like I had in my prior small closet, by which I put a bath fan to pull air from a cooler area, and connected it to a digital swamp cooler thermostat (goes on as it gets hotter). On your point, I do have concerns about having 12-16 PoE devices running, and the heat/noise generated in the closet, though I'm not sure what to do about that without increasing costs by multiple small switches or an acoustic cabinet.
 
Last edited:

Trip

Very Senior Member
Regarding PoE budget, yes, especially if you go with lower-power APs, I don't see you using much more than 100W or so on an average basis, so a 195W 24-port model ought to be good enough. One option to think about might be the fanless+silent Cisco CBS350-24P, or CBS350-24P-4X for four ports of 10Gb stacking capability (should you ever need to expand, you can keep one virtual backplane). That said, and especially for the price, a Zyxel GS1920-48HPv2 would give you plenty of ports, power and fairly low noise, and if you look at the changelog history on them, they seem to have worked out most of the kinks (plus they offer lifetime NBD replacement on the hardware just like Cisco does).

Understood on support. Unfortunately, end-user support these days is usually not going to be a routinely positive experience unless you actually pay for it with a services contract. That's not to excuse Cisco's incompetence at simply answering a question, but if you think that experience was poor, try calling Ubiquiti as an end-user, if you can get anyone to pickup at all. Zyxel may actually be the most welcoming of the three (last I used them on a couple USG20 firewall RMAs, they did offer lifetime phone support for free), but still, the point stands, front-line support is not what is once was, at almost any vendor. So for pro-sumer end users, the burden is mostly on us, to do as much due-diligence beforehand as possible, draw what we can from docs and community-sourced support, or simply pay extra for better support and/or to have someone else deal with all of it for you. Sucks, but it is what it is. I personally wouldn't let that experience dissuade me from considering Cisco altogether, or any other vendor for that matter.

As for CBW actually having or not having .11k or .11v, I may stand corrected. Short of confirming with Cisco themselves, it may take an actual owner (like @coxhaus or @Quantum`) to fire up wireshark and sniff the management frames to see whether or not that info is there. Regardless, I'm not sure I'd call the supposed absence of those a deal-breaker until you can confirm either way.

Ubiquiti is worth looking into, albeit they tend to release products with more beta (even alpha) quality code onboard, so that may or may not fit your use-case if you truly just to want to get something nailed up and not have to monkey with it.

You may also want to look into both Zyxel and EnGenius as well. Zyxel has their Nebula control platform, which is similar to cloud-based UniFi, and they have all three layers: gateway, switching and wireless. The GS1920v2's can be controlled by it as well. EnGenius brands theirs "EnSky" and integrates their wifi controller into their switches (and offers a cloud version) and supports all three roaming amendments on their EWS series APs (EWS377AP datasheet). They don't have a gateway/firewall solution, though. Another option for wireless that would just work would be used Ruckus off eBay, running Unleashed (embedded controller with multi-master fail-over), which will support all amendments, have the best RF quality and be rock-solid, set-and-forget (I've deployed it at multiple commercial sites and never a phone call).

I would call Zyxel switching good, sometimes mediocre (right around Netgear ProSafe/Insight or UniFi territory, perhaps a hair better). Not quite as polished as Cisco SG when it comes to core standards just working (historically, anyways). Another option to assure yourself of rock-solid switching would be to look at used enterprise kit, either refurb or working-pull off eBay. You just have to be careful of noise level and heat. But stuff like HPE ProCurve/Aruba (2520 series and up) or certain 1-gen old Catalyst switches might be worth looking into. If you stick with SMB-grade stuff, you should be fine with a smart-managed, web-based switch for config, as the amount of it that you'll have to do will probably be minimal; although true CLI-based control is very nice to have for more sweeping/faster config changes. Many of the higher-end web-managed models provide a full-feature parity CLI to match the web GUI, including Cisco SG/CBS and I believe some level of Zyxel.

For a router/gateway, it sounds like ease-of-use but depth-of-features is what you're looking for. A Cisco RV may suffice, but do know they do charge a yearly subscription fee per AnyConnect client connection. On that note, you might want to look at Untangle, which offer pre-built appliances ($299 and either free for a basic network or $50/year for advanced filtering and apps), or a product like Firewalla Gold ($480, no subscription fees, very easy UI).

As you can see, this is somewhat tough territory to find a single brand that offers best-in-class at each layer. Often, I find a mixed-vendor stack with consistent support of open networking standards to be the best approach, if you're truly looking for best-in-class at each layer. Otherwise, if going single-vendor, you may have to be willing to compromise on something at some layer (roaming amendment support, gateway functionality, etc.).

Hope that helps again.
 
Last edited:

coxhaus

Part of the Furniture
I am not sure it is a good idea to share a 120v circuit with a freezer. Freezers can pull lots of watts. You might want a separate dedicated circuit for your networking equipment or a least a good UPS to act as a buffer when the freezer lots of power. Is the freezer circuit going to be shared anywhere else?
 

Avery

Occasional Visitor
Thanks, Trip.

If it is confirmed that the 140AP/240AP don't have 802.11k/v, would you recommend choosing another product?

100w/195w sounds good in your book. Now if we assume adding 6 POE ring cameras (15w ea)... too tight for comfort? I know they say that they don't use data if they don't detect motion, though sometimes the wind blows a lot, and maybe they would all be on.

One other thought that crossed my mind was using 2x the UniFi S‑16‑150W. They run around 38 dBA at full speed fan, which shouldn't make noise outside the closet, and I do like the idea of some fan, just not roaring fans. It would also give me 300W and 32 ports to work with (probably closer to what I actually need).

I had forgotten about the CBS350-24P, and will review that one.

I didn't know how Zyxel's wifi fared, though they do have AX released. It sounds like you feel like they could work sufficiently. I heard back from their support, who basically said they only know what is in the spec sheets (ugh), in terms of power consumption and acoustics, and that they are built for a noisy data center.

I'm not against the Rukus via eBay, though if you can suggest a model or two, that would be helpful? One model I looked at used on ebay was still very spendy.

coxhaus - it's gutted and I'll be running 2 separate dedicated 20A circuits for the network and media gear. The freezer circuit won't have too many outlets on it. I've done the isolated ground for AV previously, though may not go to that extent this time. Surprisingly, they don't pull much while running... just a little more on start-up. I have an old smart-ups 1000 that still works fine and would plan to use that as a power backup for the network gear.
 

Trip

Very Senior Member
If looking at used Ruckus, best value on eBay is definitely the R510; it's AC Wave 2, still supported and phenomenal for a mid-range design; I dare say you could probably cover your entire place with four of them (per something similar to the green approach in my marked-up floorplan above). If you're really savvy, you can score them for around or under $100 each. Current best price I'm seeing is $179 each with potential discount on multiple, which still isn't too bad.

On PoE budget, I was thinking 100w total for APs and cameras (each device at 2/3 max on average), but if that seems a little too optimistic or you have plans to expand and wanted more PoE, you could go the Zyxel 48-port 1920v2. If you wanted to stay with Cisco, you could do a CBS350-48P-4G, or if you wanted to keep everything silent/lower-heat, I would do a CBS350-24P-4G as your core and wire your APs to that, then wired in a CBS350-8P-2G (with 120W PoE+) on which to connect the cameras. A moderately spendy option, but the CBS switches will be rock solid tanks that will just run for the entire length of support (usually 5 to 10+ years with Cisco).

I would only look at UniFi switches if you commit to using their APs, optionally a USG or UDM (of the forthcoming UXG) as a gateway.

One last comment on brands and models at each of these layers. Almost everything (worth it's weight in salt, at least) inter-operates on open network standards these days, so having a mixed-vendor stack is very doable, especially if you don't mind multiple control points and a lack of pre-fab "control everything from here!" dashboards. I personally do a ton of Ruckus for wifi, Cisco for switching and whiteboxes or third-party firewalls for WAN (EdgeRouter, Fortinet, Untangle) because I'm interested in the most rock-solid solution at each layer, as opposed to a single brand's take on everything, which inevitably (usually anyways) comes up short in some measurable, non-trivial way. Take that as you will. ;)
 
Last edited:

Avery

Occasional Visitor
At 2/3, I think we'd be higher, but your point is well made and it still fits on the 195w unit. If going cisco for switching, the CBS350-24P-4G is probably my preferred path, adding another switch as needs arise (and maybe finding a deal on Craigslist at some point, or after prices drop further). I don't think I'd need more switching out of the gates, unless I find find I'm getting close on watts. Maybe I can use the old netgear GS724Tv3, if just more ports are needed (likely)

I guess I'm not clear on the cisco APs, if I should continue to look there, given less hand-off protocols are supported.

Are the Ruckus that much better, or are you just more partial to them? I see some other models out there like the R610 for a bit less, but don't know if that unit is as desirable. How long do you think these products will continue to be supported with patches? To me, that is a big determining factor... if patching is EOL in 3 years, that might be a bit soon for me to have to replace everything. for the next 6 months, I only need 2 APs, since most of the house is or will be gutted. Are you thinking possibly 4 APs, plus the exterior (I assume)?

I did think to take a look at Craigslist today, and saw the following switches pretty inexpensive, but assume that 3750 is pretty loud (and 10 years old), and that the Meraki requires some sort of fee based subscription.
C3750G-24PS-E
Meraki MS320-24
 

coxhaus

Part of the Furniture
My old experience with Cisco enterprise networking gear is it is designed for a wiring closet. It is loud, power hungry and gives off heat. Being that said it is better than the Cisco small business networking gear when it comes to large networks. As you load it down it shows it's stuff. More than likely you will never tap the potential of Cisco enterprise gear at home.

I have Cisco WAP581 wireless APs and the roaming is great. Cisco writes good code. The controller software is built-in and self-healing.
I have not run Ruckus as I am an old Cisco guy but I have heard good things. I am a little confused on what Ruckus can do with a controller and without a controller. I came across this and I still don't understand how Ruckus works with roaming and no controller using unleashed. Is Ruckus wireless better run with a controller?
 

Attachments

Last edited:

Trip

Very Senior Member
I still don't understand how Ruckus works with roaming and no controller using unleashed. Is Ruckus wireless better run with a controller?
On the contrary cox. Ruckus APs running Unleashed very much have a controller -- it's embedded into each AP's firmware (much the same way Cisco Mobility Express is on their APs). This works as a replacement for the ZoneFlex discrete controller, in the same way that Mobility Express does as a substitute for a discrete Cisco Wireless LAN Controller (WLC). In both cases, full 802.11r/k/v support is there (in both formats, for both Ruckus and Cisco).

The part you're getting confused is due to referencing a Standalone Ruckus AP, which is a separate firmware image built to run the AP as a lone unit, akin to running a Cisco Aironet/Catalyst AP in Autonomous mode. With Standalone firmware, roaming is not present (nor required for the use-case). Hope that helps to clarify the confusion.
 
Last edited:

Avery

Occasional Visitor
Trip, any idea how long those R510's are still to be supported for patching, and are there other Ruckus models that could work equally well, if found at a good deal?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top