Desperately need advice on upgrading my slow mixed network (SRP541W)

walkabout

Occasional Visitor
Let me first start off that I'm not a network professional, so I may not understand some terminology. I only know what I researched over a decade ago, and was pretty limited to mostly consumer-grade products. That said, I need to upgrade my aged network. Below is what I have, and what I *think* I'm looking for. Your advice is much appreciated.

So, for current hardware/etc:

* COMCAST 1200 Mbps connection
* Motorola MB8600 DOCSIS 3.1 cable modem (1Gbps ethernet port - Motorola says "Downstream speeds up to 3.8 Gbps" - not sure how that's possible with only 1Gbps port)
* Cisco SRP541W (Four 1Gbps LAN ports, Two 1Gbps WAN ports, 802.11n)
* For my apartment/floor: 4-5 devices are wireless, 3 devices are wired. My tenant has their own number of devices.
* 3 wireless networks (mine, guest, one tenant apartment). Each floor/apartment (2, mine included) are plaster walls and 1300sqft.
* I use Macs and Linux machines. No Windows. I do have a HTPC, but all my media is local on that machine because I just can't stream anything on my network. I don't really stream video (Hulu/Netflix), but my tenant does!
* I use a couple outgoing VPNs (IPSEC) for both work and personal usage.

What I need... Yikes, let me see if I can lay it out clear. The reason I love the SRP541W is because I could have up to four wireless networks and VLANs. This was useful because I could have my main network for personal/work, a guest network, and a third network for my tenant. It has a built-in firewall, incoming VPN support (never used it, but I like to have that option "in case" I travel this year), ethernet port assignment to VLANs, DHCP, etc.

What I think I want, and why I want it:

* Separate router and AP hardware. This way I can upgrade my APs independent of the router.
* The router should have four or more ethernet ports. With my 3 wires computers, that only leaves one port available for attaching an AP, right?. Perhaps 8 ports are needed.
* Router should be able to support incoming VPN (in case I set that up), and have a firewall, and allow for setting up VLANs with any number of AP/Ehternet assignments.
* Wifi 6+ is a must, and I'll upgrade all devices possible, phones and tables being the except. If I'm going to spend the money, I at least want them to last.
* A DCHP server that can also issue static/assigned IPs based on MAC address.
* An internal DNS if possible, so I don't have to update all machines hosts files. That would be great, but I've never done it.
* Absolutely NO cloud accounts. That eliminates Ubiquiti, Aruba (I believe), and anything else that can't be manage 100% local. I just don't trust that stuff.
* Price: I'd like to keep everything under $1500-2000US. I was not expecting the prices to be so high. When I bought the 541W it was only $350, and that was a lot for me then!! haha
* I'm thinking of adding cameras, so PoE somehow would be nice.

I was thinking NetGate 6100, and a couple APs, and something in the future to handle PoE cameras (a switch?). My connection to work is very important, so I'd like to have more professional hardware instead of standard consumer products.

I hope I gave enough information. Let me know if you need more.

My speed test from my WiFi desktop:

1642722745482.png
 
Last edited:

walkabout

Occasional Visitor
Sorry, you have Gigabit ISP line and your desktop is getting under 10Mbps? Something it totally wrong here.



It's a very capable appliance, but you need to learn pfSense. Only then it can do everything you want it to do.

I can learn as long as it is capable. I'm really interested in what APs I should get. Will probably need two.
 

coxhaus

Part of the Furniture
I can't believe you are using a Cisco SRP541W as that hardware has been obsolete for 10 years.
 

walkabout

Occasional Visitor
@coxhaus

I know. Now you understand my desperation to upgrade. :) I just haven't kept track of the technology, and there are so many new products on the market. This seems like the best place to get input.
 

degrub

Very Senior Member
if you don't need the telephony connections, you might consider a cisco rv340 box as a replacement.
Upgrading the APs can be later or at same time. i use cisco wap371s, but there are newer available.
Both of the above support vlans and will be faster than what you have. i get 940 Mbit/s on my ATT Gbit connection. My mobile devices are happy with the AC wireless. i used to have 3 college age kids, one a gamer, plus two adults working remote on this system without issues.
Specialized tasks that require more CPU - DPI and VPN hosting can be done on separate devices if you want/need if the RV gets bogged down. The RV supports, but a faster cpu box would help if it is needed. Depends on the use case.

Some of the newer ASUS gear with/without Merlin firmware can do most of what you want as well. Check out the threads with LL&D, Trip, Coxhaus, and others here that discuss the different options extensively. The ASUS software can be a little quirky, but once you get used to it, it works. i have my mother setup with a couple AC-68U boxes (router + AP mode), but her use case is light.
 

walkabout

Occasional Visitor
@degrub My fear with Cisco is that they drop support for the product you're out of luck for security fixes. The last update I had on the 541W was in 2012, another reason I'm eagar to replace it. Also, Cisco VPN software seems to require some sort of paid support, at least when I tried to grab myself a copy. Such a pain.
 

walkabout

Occasional Visitor
No. EOS 10/2022.



I don't know what we are talking about here. New hardware for $1500-$2000... what for?
Desktops (wireless & wired), Raspberry Pis (wireless), Nintendo console (wireless), laptops (wireless & wired), tablets, network printer (wired), phones, voodoo dolls and séance crystal balls. I will want to add PoE cameras in the future.
 

Tech9

Part of the Furniture
Netgate 6100 is a 10Gbps firewall. You need multi-port PoE switch, if you plan cameras. Good Wi-Fi 6 AP's start at $200 to over $1000 a piece. You have to be more realistic in requirements, because I see two possible scenarios already - 1) $2000 hardware used under 10% capacity; 2) $2000 is not enough.
 

walkabout

Occasional Visitor
@Tech9 Fair enough. So, let's say a ng2100. Two LANS for APs, one LAN for a PoE switch for cameras, and the other for a switch for computers/printers. The 2100 is $350. If I went with one AP for now (which ones do you recommend?), skip the cameras for now, and buy a switch for LAN machines/printers (which one do you recommend?), shouldn't that keep me under $2000? I mean, how expensive can a switch be?
 

coxhaus

Part of the Furniture
POE+ for APs and cameras is going to be a lot of watts so it will take a full-size switch with noisy fans. You can start with a smaller switch and wait for security cameras.

Since you have been using Cisco for 10 years you may want to stay with a Cisco small business solution so it works the same.

I would never run a router 10 years out of date. I guess you were lucky. Running Cisco probably helped.
 

walkabout

Occasional Visitor
POE+ for APs and cameras is going to be a lot of watts so it will take a full-size switch with noisy fans. You can start with a smaller switch and wait for security cameras.

Since you have been using Cisco for 10 years you may want to stay with a Cisco small business solution so it works the same.

I would never run a router 10 years out of date. I guess you were lucky. Running Cisco probably helped.

Right. So, here is where we're at. NetGate 2100, a standard non-PoE switch, and one AP. I guess I just need recommendation on a switch and WiFi 6 AP.

My only question is, can I create different SSIDs and somehow add at least one of them to the same VLAN as the switched devices? What would it take to do that? On the 541 it manages everything, so I can assign anything anywhere. How would the NetGate manage to segregate traffic coming from the AP to group with VLANs?

Any suggestions?
 

walkabout

Occasional Visitor
This is my understanding. LAN3 is something special I'd like, allowing LAN1 devices access to the cameras/recorder, but not the other way around.

network layout.png
 

Tech9

Part of the Furniture
It can be done, but there are a lot of settings and if you've never seen pfSense it will take some time. pfSense dashboard has hundreds settings divided in sections. The deeper you go, more settings show up. It's an entire router/firewall OS, not like router UI. You need to know a bit more advanced networking to understand the logic behind it. What I would do is connect everything in a simple setup and make sure all the hardware works as expected, then deal with network separation one requirement at a time. I would get 16-24 port PoE+ smart switch, connect everything there and VLAN the entire network. Good guides about pfSense are available at Lawrence Systems YouTube channel:


No one can really help you in a forum with this setup. It's similar to explaining Linux to a Windows guy by exchanging text messages. I can eventually make some screen shots for you, but it has to be very specific page and for specific goal. This is why Lawrence Systems have video guides. No way to describe with words a page with 50 settings on it. You'll need more than one AP to cover 2 x 1300sqf area. Business AP's are made to work in a cluster and most are slightly directional (wall/ceiling mount). One single AP won't reach too far. Central AP's management is good to have.
 

walkabout

Occasional Visitor
I would get 16-24 port PoE+ smart switch, connect everything there and VLAN the entire network....

Thanks for the suggestion. What do you recommend for APs and a smart switch, assuming I already plan on getting the ng2100? What companies make APs, that don't require cloud accounts to manage? Same with smart switches. Ubiq is a hard no. I think Aruba might force cloud account to use/setup/manage, right? I don't really know any others except the consumer stuff, like Netgear and Asus.
 

Tech9

Part of the Furniture
I don't have any Wi-Fi 6 AP's in use at the moment. None in upgrade plans either. For business I use Cisco WAP571, for home Ruckus R610. I had Ubiquiti UAP-AC-PRO before, tested some TP-Link EAP245V3, etc. They all work well, but the bigger the name is the higher the price. New Cisco/Ruckus Wi-Fi 6 AP's are $1000 and up. I also use some Cisco RV345P routers, Netgate 5100 firewall, Netgear GS724TP, a few TP-Link TL-SG1016PE. There are options available, but you need to decide for yourself what do you really need and what budget you have to fit in. I don't work in IT anymore. The professional around is @Trip. He can recommend newer/better equipment on acceptable price.

I would perhaps build a TP-Link Omada Wi-Fi system with 4x newer EAP620HD AP's, JetStream switch to match your needs, OC200 controller. It's a good price/performance system and may fit in $1000 total - the price of a single big name AP. You don't need $1000 AP's at home.
 

coxhaus

Part of the Furniture
I would control all the local access in my network with a Cisco L3 switch. I only use my router to control the front door, internet. It works much better for me. Probably harder to setup but not for me. I did this for a living in the past.

I like the Cisco small business wireless APs. They are fairly cheap and don't require a controller. No Wi-Fi 6 support yet. I think it is still early for Wi-Fi 6. Too many changes coming in the future. I am going to wait for the Enterprise guys to define how to use it.

Cisco works pretty well with Apple.

 
Last edited:

Trip

Very Senior Member
@walkabout - You're on the right track. Considering your goals, budget and the current supply chain constraints, I'd recommend a full TP-Link Omada stack of managed components (ie. all VLAN-capable, which is what you need for proper network segregation), including an Omada router/firewall, which may likely give you enough feature that you may not need a pfSense box, while giving you a single, centralize control plane over all component layers (WAN, LAN and WLAN).

After setup, I would test firewall functionality inside of your return window, and if it falls short, simply return and swap in whatever firewall solution floats your boat (Firewalla Gold, NetGate SG series, Untangle Z series, a Protectli/Qotom do-it-yourself box, etc.).

If the above sounds agreeable, then here's your materials list (I'm making an educated guess on switch sizing):
  • Router/Firewall: TL-ER605 ($60) for desktop or TL-ER7206 ($150) for rack-mount
  • Core Managed PoE Switch: TL-SG2428P ($500)
  • X# of Managed Access Switches: TL-SG2008/2008P ($67 ea / $90 ea) -- Example: (2) 2008's = $134
  • 2+ Wifi 6 APs (one on each floor, minimum): TL-EAP660HD ($180 ea) -- x2 = $360
  • OC200 Omada Controller ($90)
So, for about $1100 or so, you can have a fully VLAN-aware, SMB-grade network with Wifi 6, all controllable from a single, local (non-cloud) interface. It may not be supported quite as long or as thoroughly as a full Cisco stack, but it will be close, and certainly viable enough for almost any home need, IMHO.

Here's a pretty thorough Omada setup video. Note: the ability to opt out of cloud connectivity completely (shown at about the 3:45 mark).

If you have any further questions or want more guidance, feel free.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top