router advice with Ruckus R500 APs (Unleashed)

[rsilk]

I am moving to a new home and want to upgrade my network hardware to better work over three floors (and approx 4,000 sq ft). I will have gigabit service through Xfinity/Comcast. I am tentatively planning to pick up three Ruckus R500s (Unleashed) and a POE switch (maybe a Juniper EX2200-C-12P). I'm not sure what to do with respect to a router, though. I was considering the Netgate SG-3100 as well as the Firewalla Gold but then saw a recommendation for the EdgeRouter 4 on another thread ([Advice for Brand New Fully Wired Home](https://www.snbforums.com/threads/advice-for-brand-new-fully-wired-home.64397/#post-589860)), which looks like it might cover my needs for half the price.

I don't know much about networks, but I think my needs are basic:

• Reliability;
• Security;
• Speed;
• and, for WiFi, good coverage (with decent roaming).

I have never set up my router for VPN, as I only tend to use VPN while on public wifi, and I don't care about parental controls or limiting bandwidth by device (unless it will help me cheat while gaming against my kids). Much of the discussion on this forum goes right over my head, so I don't even know what features I should be seeking aside from what I've mentioned. That said, I do prefer to avoid installing equipment that will require subscriptions, online services/registration, paid updates, etc. (which I gather might be an issue if running entirely within the Cisco or Ubiquity ecosystems). Is the ER-4 likely to meet my needs (including avoiding paid upgrades, etc.)? Should I be rethinking everything from scratch? Any advice would be much appreciated. Thanks!

 

[coxhaus]

The Cisco small business networking equipment will work fine. I have a 3200 sq ft home and I use Cisco small business networking equipment and it works great. I use a Cisco RV340 router, Cisco SG350-10P and a couple of Cisco WAP581 wireless APs. This would work for 4000 sq ft. If you want better 5 GHz signal then you could add 1 more wireless AP.

I think you will end up with a better wireless system than the lower end Ruckus units.

The Cisco small business networking gear does not require a license as you get free firmware updates for the life of the networking equipment which is usually longer than consumer gear.

 

[Tech9]

I'm a Netgate + Ruckus user at home, but Cisco + Cisco user in my office space. Without too many requirements and basic networking knowledge Cisco is going to be much easier setup for you. The switch you're planning is a 12-port unit. Is it enough? You can go straight to RV345P router with 14 LAN ports, 2 WAN ports and built-in PoE for your APs. This is what I'm using and the reason is simplicity. I don't need to be there to fix it, if something goes wrong. Anyone can do it with simple over the phone instructions. This is not the case with Netgate/pfSense or any other firewall OS appliances. My friend @coxhaus thinks I'm a fan of specific brands and/or software. No, in this particular case I also recommend Cisco.

 

[Tech9]

Read this post for alternative lower cost option:

Is Ubiquiti Unifi an upgrade from Asus Aimesh?

I've been using multiple Asus routers with AIMesh. I like it when it works, but lately problems develop where I have to reset the main router and set up everything again. The latest problem was constant disconnects from my Verizon ONT so no internet connection. Rebooting brings back the...

www.snbforums.com

Thanks to @Trip.

 

[Trip]

@rsilk - Welcome. Business/community-grade gear will definitely give you a network that runs more like an appliance and less like a toy.

First, a cabling question: you didn't actually say it, but I presume the house is fully-wired with ethernet? I'll proceed under that assumption in this post.

Next, the overall picture. Since you're a self-proclaimed novice (nothing wrong with that, by the way), you may find it advantageous to look at something like Ubiquiti UniFi, whose primary value is allowing you to setup and administer the router, switch(es) and wifi APs via a single software control panel, instead of two or more separate control planes. This drastically simplifies configuration and increases the chance of network-wide items just working (for example: making separate sub-networks for private/guest/IoT). UniFi may not be as performant or as absolutely stable as certain standalone alternative pieces (pfSense, Juniper and Ruckus included), but as a whole system, the ease-of-admin may represent enough of a value to make it a better overall choice, at least for your first foray into this type of gear. You'll have to do your research there, and determine. If it did look like a fit, an example stack would be the following: USG or Dream Machine (if it's stable enough by now), US-8-60W switch, CloudKey Gen2 controller (if you went USG instead of Dream Machine), and however many AC LITE, NanoHD or FlexHD APs. There's also TP-Link Omada, which is like a "poor man's UniFi", giving roughly the same quality experience for your endpoints (better in some cases), albeit with less hardware diversity and potentially shorter software support.

If for whatever reason you were interested in separately-controlled components, I have some guidance there, as well:

Router/Firewall - Any of what you mentioned will work, although I would probably err on the side of simplicity this time around -- the likes of a Cisco RV340 or Firewalla Gold -- as opposed to a Ubiquiti EdgeRouter (which is also being phased out soon in favor of the UISP series), or even pfSense, and definitely not Mikrotik. For just the basics, an RV340 will work well. If you did ever want to run processor-heavy things like VPN, QoS, security filtering, etc, and do so at close-to gigabit speed or beyond, the Firewalla Gold would be the better choice (underneath, it's x86, or PC-class, hardware). Firewalla is subscription-less, and Cisco RV out-of-the-box is as well, although it does have optional premium licensing, but you likely wouldn't need it (it gives you more advanced VPN and more simultaneous VPN tunnels).

Switching - As awesome as Juniper is (it happens to be my favorite), I would probably steer you away. Although JunOS has a basic web GUI, it's really meant to be configured via command line interface (CLI) by someone with at least intermediate-level knowledge (else a pro), so unless you wanted to invest the time and/or trial-and-error into learning, I would suggest a simpler, more GUI-based managed PoE switch, such as a Cisco SG/CBS or HPE OfficeConnect series, or TP-Link or Netgear if you have to go cheaper. Also, you may hear others mention Layer 3 versus Layer 2 switch capabilities, but if you ended up with an L2 switch, no big deal, as the differences between the two likely won't ever be significant enough to require that you buy an L3 switch right now.

Wifi - Ruckus is absolutely solid, and Unleashed makes it easy to administrate and even more reliable. R500's are cheap on eBay, but being end-of-support, you won't get any more security or feature updates on them, so if that's a sensitive point, it may be better to pay the premium for R510's or 610's (or even newer series), off eBay or otherwise. Also, to correct @coxhaus and others, the R5-series is more their mid-tier AP; the R3-series is the entry level. Versus end-of-sale Cisco WAP, Ruckus offers a fully-comprehensive control plane and better link-layer quality, especially in high-interference and/or client density. But that said, WAP has been replaced by Cisco CBW, which from a software standpoint is a much more modern, solid product, and a better direct equivalent to Ruckus Unleashed. CBW is actually Aironet 1800 series hardware running a stripped-down version of Mobility Express, Cisco's embedded enterprise wifi controller, and although current CBW models lacks a few premium items (namely multi-gig ports), it's a better product overall than WAP, even at first release. So unless you have WAP-series stuff already deployed, I would avoid it in favor of CBW. As for other options, there's also Aruba Instant On (both APs and switches), or UniFi or Omada again for just wifi and switches. I like Aruba, Ruckus or Cisco CBW, though, because, among other reasons, they have embedded controllers (built into the AP firmware), so need to setup and depend on yet another single point of failure in the external controller, and either product can be directly web-controlled or run standalone, if desired.

TL;DR - If you do have ethernet throughout the house and really wanted to keep things simple hardware-wise, you could go with a Cisco RV345P router+PoE-switch and either Ruckus or Cisco CBW APs -- that's it, just two hardware layers for a rock-solid network.

I hope some of that helps to guide you. Happy to expand more if needed.

 

[rsilk]

Thank you, all, for your input. Wow! I was just about to post some follow-up questions, but the latest post answers some of those and raises others. Before this thread I had been shying away from Cisco products, because I was under the impression that there were additional costs (subscriptions, additional licenses, etc.), so I appreciate being set straight on that.

With respect to routers, I see both the RV345P and the RV340 recommended. Aside from switching, is there any difference between the two performance-wise? Tech9 brings up the number of ports needed, which I hadn't considered very carefully. I will be pulling cables (which I hate), so I don't plan on running any more cables than I have to (it will be a balance between effort vs the level of griping from family members). Anyway, I was thinking three ports for the APs (maybe a fourth for a possible future AP). I thought I would run three (maybe four) cables for desktop connections. I have an atom-based FreeNAS that I don't think would benefit from more than one given lite usage. Am I overlooking connections that I should be making?

Okay, so if I do a separate switch (either for cost savings or to preserve the ability to upgrade components separately), does this increase complexity of set-up much or the likelihood of problems occurring? What about mixing brands? As for JunOS, is the caution because of the command line or the necessity to be much more knowledgeable about networks. I'm not tech illiterate, but it's been a long time since I spent my days working from the command line. I know only the most basic ip commands off the top of my head, and my wife would not be amused if I were pouring through man pages trying to deal with a network problem during the workday. Avoiding that would be worth paying a premium for simplicity.

Finally, would the lack of multi-gig ports on the CBW APs be noticeable right now, or is that more for future-proofing?

Thanks!

 

[Tech9]

What about mixing brands?

You can, but you need to configure things separately. RV3xx routers are pretty old now. The only reason I have recommended RV345P is convenience - one router/switch/PoE + a few PoE APs and you have it up and running. It does basic things only, but it never fails. Otherwise this router is easily beaten in both performance and features by modern home routers. If you can deal with UniFi equipment and the price is right for you - better go with UniFi. One central management UI for your entire network. It's pricey, but many people like it because of Apple-like experience.

 

[Trip]

Very welcome @rsilk.

Re- Cisco, there are really two "tiers" of product as far as licensing goes -- their small-business/business gear (RV/CBS/CBW), which gives you firmware updates and all but the highest seat-counts of certain features for free, and the true enterprise-grade services routers (ISR/ASR), Firepower firewalls, Catalyst switching and Catalyst wifi, and software, all of which starts off pretty spendy and can get eye-bleedingly expensive for certain features and/or software. Then again, it's really meant for a different market (enterprises with a lot of capital riding on the performance of their network gear). So, all things considered, Cisco is still a very solid choice in a lot of ways.

Re- the RV routers, specifically the RV345P and RV340, apart from switch port count and onboard PoE, the routing and internal architecture is near-identical. Per the SNB RV345P review, they'll both NAT 2Gb/s aggregate (ie. symmetric gigabit) and they both have the same CPU, a dual-core 900Mhz NXP QorIQ LS1024A chip, which does a decent amount of VPN or filtering throughput (usually in the low-mid hundreds of Mb/s. Decently capable boxes, albeit slightly aged (2017 release), they've still got probably 3-5 years before they go end-of-sale, and 5-7 years before they go end-of-support. Plenty of value left. If you're doing 3-4 ports for APs and that many for endpoints and still want to do the single RV, I'd probably go RV345P, as you'll be nearly maxed out on the RV340 right away.

As far as a separate switch goes, it would give you cheaper, easier modularity of port count, PoE budget, and/or features. In terms of setup, though, it would make things a bit more complex, as it's yet another discretely-controlled piece you'll have to configure, such as for a VLAN or similar element that needed to configured on every piece of gear between endpoint and internet. So, yes, more potential for mis-configuration in your network, which could cause things to break/not work, and then need to be tracked down and fixed. This could be partially alleviated with a converged router/switch and/or a single control panel product such as UniFi, and is why many a "pro-sumer" type enjoys the UniFi ecosystem/software.

In terms of difficulty level of an enterprise-type switch like Juniper (or Cisco Catalyst, or HPE/Aruba, etc.) it is perceived as (and is in practice) more difficult because, apart from a factory-default "boilerplate" config, they often tend to ship as "blank slates", requiring a full, from-the-ground-up configuration, by either CLI or config file import (often a combo of both), versus the point-and-click nature of GUI-first switches, most of which tend to default to a baseline "working" state that will at least pass traffic, so they can just be dropped into an online network, then tailored into a given state/config from that point onward. Thus, handling a enterprise/CLI type switch often requires a more solid grounding in network concepts and the CLI syntax, enabling the admin to apply the required command structure to build the equivalent config of what you'd get with a GUI switch, with less (or no) CLI work and just a few clicks, or perhaps no more than a few dozen clicks. Make more sense now?

And lastly, IMHO, the lack of multi-gig ports on the CBW APs is not crucial, as typically, especially with AC-class wifi, you're going to reach radio capacity before you routinely saturate a 1Gb symmetric uplink, especially in lower-density home/small-office type environments, and since most internet these days is <=1Gb, it's really not that much of a bottleneck that you'll see that often, if ever, and a multi-gig port would be more of a future-friendly item. Plus, remember, if you did want to utilize it, you'd need a multi-gig switch and uplink to a multi-gig or 10Gb router. At this point, that would be a fair amount of additional expense for little benefit (unless you're aiming on routinely transferring massive traffic loads to/from a NAS or server, but then I would argue you should probably find a different way to get that workflow accomplished). If it's sheer aggregate wifi capacity, chances are you could scale that more effectively by adding APs (and lowering power per AP if necessary), which would increase both fronthaul (AP-to-endpoint) and backhaul (AP to switching backplane) capacity, all while using common (ie. cheap) 1Gb ports.

Hope that helps again!

 

[coxhaus]

UniFi is kind of a crap shoot with their software nowadays. I almost bought one years ago but UniFi could not get their UDP packet sequencing correct. It got fixed then they broke it again in version 2.

 

[Trip]

UniFi is kind of a crap shoot with their software nowadays. I almost bought one years ago but UniFi could not get their UDP packet sequencing correct. It got fixed then they broke it again in version 2.

That's the kind of stuff that is frustrating, for sure (Dream Machine anyone?) To give Ubiquiti credit, though, they have tried to forge ahead in certain areas; it just the pulling-it-off piece that has eluded them in a few areas.

(Not to derail the thread, but I'm interested to see if/when their UniFi Enterprise layer 3 switches can get to minimum viability -- as you've said, @coxhaus, what's there now may not be all that complete, or working if it is. I'd love to be surprised at some point, though.)

 

[rsilk]

If you can deal with UniFi equipment and the price is right for you - better go with UniFi. One central management UI for your entire network. It's pricey, but many people like it because of Apple-like experience.

Well, I was looking at UniFi pretty hard for a while but became uneasy for a variety of reasons: First, I got the impression that--while promising--in its current state it was less reliable than Cisco/pfSense/Ruckus, etc. Second, I recall reading that certain features were not activated without paying additional fees. Third, I thought that network administration was performed through UniFi's cloud service (which makes me uneasy). Finally, I thought that some of the older, smb-focused networking products were capable of providing equal or better levels of performance with much better reliability. The "Apple-like" experience is kind of a mixed blessing in my experience. While I think Apple makes an excellent product I tend to get frustrated by how hard it can be to do certain things on a Mac that are trivial in linux. I think the open source aspects of pfSense/Firewalla/Unleashed gave me a little bias in that direction.

I've been wrong about almost all of my conclusions/assumptions so far, though, so I expect to be re-evaluating my assumptions shortly.

 

[rsilk]

In terms of difficulty level of an enterprise-type switch like Juniper (or Cisco Catalyst, or HPE/Aruba, etc.) it is perceived as (and is in practice) more difficult because, apart from a factory-default "boilerplate" config, they often tend to ship as "blank slates", requiring a full, from-the-ground-up configuration, by either CLI or config file import (often a combo of both), versus the point-and-click nature of GUI-first switches, most of which tend to default to a baseline "working" state that will at least pass traffic, so they can just be dropped into an online network, then tailored into a given state/config from that point onward. Thus, handling a enterprise/CLI type switch often requires a more solid grounding in network concepts and the CLI syntax, enabling the admin to apply the required command structure to build the equivalent config of what you'd get with a GUI switch, with less (or no) CLI work and just a few clicks, or perhaps no more than a few dozen clicks. Make more sense now?

In general I tend to prefer config files to lengthy GUI input but that presumes a default config file (or one that can be copied and pasted) for basic functionality. This, however, sounds like it could be a can of worms for a novice.

 

[Tech9]

Well, I was looking at UniFi pretty hard

It works, but I removed recently one UniFi setup. The reason was endless updates and because this system was different than what I already have in other places. Now I have exactly the same setup in 4 different offices and it makes the support much easier. My system at home doesn't matter, because I'm there. pfSense/OPNSense is going to be challenging for you, Untangle is more user friendly. Untangle is not free, $50/y for home license. There are many options available, but you have to decide which way to go according to your comfort level. You are going to install, update and troubleshoot your system.

 

[magic]

Hi:

Will Cisco or Rukus support seamless roaming if you have more than 1 AP? Also, how's the penetrating power on these access points?

I have a Asus RT-AC68U and tried the Omada, the power on the Omada power cannot come close to what the Asus puts out.

 

[Trip]

@magic - Both support the full 802.11r, k and v spec. Hardware-wise:

Cisco CBW is actually Aironet 1800-series hardware. 140AC is the 1815I; 240AC is the 1840I. Per FCC filings, CBW140AC power output is 70-100mW. CBW240AC is 100-220mW. Do note CBW APs are power-sippers by design: 140AC drawing only 8.3W and 240AC 13.2W, both on 802.3af. Antennas arrays are commodity sheet metal designs, similar to UniFi, Omada, Aruba, etc. (1815I photos, 1840I photos).

Ruckus has more hardware classes and generally higher power output per class. For equivalents to CBW100/200 that can run under 15W on 802.3af, I'll only look at the R320 and R510 (the 600/700/800 series require more power and it's not apples-to-apples at that point). The R320, at 12.2W, yields 200-250mW output; R510 at 12.6W is 329mW in 2.4Ghz, 100-250 in 5Ghz. The antenna tech is all (or mostly) multi-axis proprietary (FCC R510 photos).

Overall, CBW is a good basic design with solid software; my go-to when customers don't want to spend more for Ruckus Unleashed. That said, Ruckus will have better RF interference mitigation, physical interference punch-through, polarity adjustment for mobiles and legacy 2.4Ghz performance for higher client densities. But the price difference reflects that. Again, the better comparison from Cisco (licensing costs aside) would be higher-end Aironet or Catalyst.

Hope that helps.

 

[magic]

Thank you so much. Now you've made me really interested in R510.

 

[coxhaus]

When you are comparing Ruckus to Cisco small business, APs remember you are comparing old technology, Ruckus to current technology, Cisco. If you buy current Ruckus technology it cost a lot more.

 

[Trip]

@coxhaus - "Current" Cisco CBW is actually somewhat old itself -- it's just late 2010's era Aironet 1800 series hardware running stripped-down Mobility Express. A nice value and proven-stable code, for sure, but nothing really novel. Comparable AC Wave 2 Ruckus (R510, R610, etc.) can be had for not that much more, and you're getting noticeably better interference mitigation, density handling, link-layer quality and a deeper overall feature set. FWIW, I've run and installed both CBW and Ruckus multiple times now at customer sites, so I think I'm qualified enough to make an objective comparison. Perhaps you should try Ruckus for yourself. You may actually like it.

 

[coxhaus]

I did that when I was younger, I ended up regretting it every time I went away from Cisco except for Untangle.

I am still running Cisco WAP581 APs. They work well enough. I still need a Cisco 2.5 gig L3 switch for the WAP581 APs.