Small Business Stack Cisco VS Ubiquiti

[RacerX330]

Hi All! I've always gotten great advice here, so let me pose another question.

I have finally convinced the bosses that having business grade routers, switches and wifi aps is worth the expense. At the moment we just use the ATT fiber gateway, however we will be opening another office at some point in the near future so we will need the ability to subnet and vpn between locations, and the increasing need for secure VPN access to the internal network has become much more important. We also need the ability to fine-tune firewalls, etc.

I've been looking at the Cisco RV series of routers. I'm familiar with Cisco's small business switches as I have one already in my home. The throughput numbers on the RV series (NAT and VPN) seem a bit low. We have a gigabit fiber connection. Is the RV series just old and in need of a silicon refresh?

Also looked at the Ubiquiti Dream Machine Pro, seems like a nice integrated piece of hardware, but I don't know anyone that has any experience with them. I've heard rumors that Ubiquiti's management platform has a tendency to shirt itself and dump configs leaving one to have to start over.

Thanks for any feedback/suggestions.

 

[Christos]

Have you considered a pfSense appliance as a router?
I would avoid Ubiquiti Dream Machine Pro and Cisco RVs will enter "End of Life" state next Ocrober.

 

[RacerX330]

Yeah I read some of the other threads on here and looked into the pfsense hardware (netgate) but it looks honestly quite expensive.

 

[follower]

Hi All! I've always gotten great advice here, so let me pose another question.

I have finally convinced the bosses that having business grade routers, switches and wifi aps is worth the expense. At the moment we just use the ATT fiber gateway, however we will be opening another office at some point in the near future so we will need the ability to subnet and vpn between locations, and the increasing need for secure VPN access to the internal network has become much more important. We also need the ability to fine-tune firewalls, etc.

I've been looking at the Cisco RV series of routers. I'm familiar with Cisco's small business switches as I have one already in my home. The throughput numbers on the RV series (NAT and VPN) seem a bit low. We have a gigabit fiber connection. Is the RV series just old and in need of a silicon refresh?

Also looked at the Ubiquiti Dream Machine Pro, seems like a nice integrated piece of hardware, but I don't know anyone that has any experience with them. I've heard rumors that Ubiquiti's management platform has a tendency to shirt itself and dump configs leaving one to have to start over.

Thanks for any feedback/suggestions.

I have enough money: CISCO
I have nothing: other vendors
No doubt.

 

[Christos]

Yeah I read some of the other threads on here and looked into the pfsense hardware (netgate) but it looks honestly quite expensive.

You can find a tiny pc with atom or celeron processor and 2 network cards, at the same price as the Cisco RV340. Then install PfSense or Opnsense on it.

 

[RacerX330]

Yes, I decided to build a white box solution for the router. I had an old machine sitting around with an i5-3450, 8gig of ram and a small SSD, I purchased a dual 2.5gb NIC for it and put pfsense on it, and it has run flawlessly, except that the power supply barfed on tuesday night, but I just fixed that this afternoon LOL. Good thing I kept the old ASUS router around just in case.

I also grabbed a trendnet 5-port 2.5gb POE+ switch and two Zyxel NWA210AX WAPs (the house was built with mounting locations (ceiling) in the proper locations on both floors pre-wired with CAT-5E cable (if i remember right), and there is another 8-port gigabit switch in there as well. I mounted a rack above the telecom in the laundry room, and a patch panel. I also had some additional cable drops run on the 2nd floor. The network is ridiculously fast and reliable.

The switches, cable, and cable modem are all on separate APC UPSes. They have never gone down except when I've changed something or f-ed something up.

The pfsense box does some traffic shaping routing certain clients through the VPN and managing all DNS through the pihole, all the Apple TVs are hardwired, it's just fantastic. I've resolved several issues through help on this forum and everyone has been exceptionally helpful.

 

[RacerX330]

At some point in the future I will upgrade the switches to Zyxel smart switches and manage everything through Nebula, at the moment all the switches are unmanaged, and I will want to subnet somethings out as more hardware from the office comes to the house.

 

[sfx2000]

Have you considered a pfSense appliance as a router?
I would avoid Ubiquiti Dream Machine Pro and Cisco RVs will enter "End of Life" state next Ocrober.

I would not bet my job on pfSense or Netgate...

Seriously. Been there...

Small Biz - Meraki (by Cisco) is a strong contender...

Also look at TP-Link's Omada lineup

 

[coxhaus]

I would not bet my job on pfSense or Netgate...

Seriously. Been there...

Small Biz - Meraki (by Cisco) is a strong contender...

Also look at TP-Link's Omada lineup

So, who is backing pfSense with all the money? Is it a US company?

The Meraki really makes sense with multiple locations. It seems a little pricy for a single location to me.

Cisco will not sell me support for a baby Cisco Firepower. I tried. I can buy the Cisco Firepower but I cannot get updates.

I would not buy anything TP-Link related, bad software programming. I would run pfSense any day over TP-Link. Neither is enterprise level.

 

[sfx2000]

So, who is backing pfSense with all the money? Is it a US company?

Netgate is the primary backer for pfSense - don't get me wrong, they've done interesting things, for example, funding ARM development over in BSD land - but at the same time, they've done some pretty sh*tty things like the wireguard port mess...

The Netgate HW is all OEM/ODM gear, and can be found off the shelf for a significant discount over in x86 land...

If one is looking for an engineered solution - pfSense/Netgate isn't the place.

IIRC - you did pfSense a long time back, and walked away because of poor L3 support for VLAN, etc...

 

[coxhaus]

Netgate is the primary backer for pfSense - don't get me wrong, they've done interesting things, for example, funding ARM development over in BSD land - but at the same time, they've done some pretty sh*tty things like the wireguard port mess...

The Netgate HW is all OEM/ODM gear, and can be found off the shelf for a significant discount over in x86 land...

If one is looking for an engineered solution - pfSense/Netgate isn't the place.

IIRC - you did pfSense a long time back, and walked away because of poor L3 support for VLAN, etc...

I know. There is no Cisco solution right now for small business that I like for a single location like a small business one location.

pfsense only intrigued me because they have jumped to FreeBSD14 which seems better than Opensense which is on FreeBSD13.

Cisco small business switches are still the best for small scale.

 

[RacerX330]

This for my house not my office. And meraki hardware is frankly far too expensive for even a small business. Ciscos small business offerings are virtually nonexistent right now.

 

[Tech9]

Seriously. Been there...

I upgraded recently 3 business locations with pfSense/Netgate. If they bring my business down to the point I need a job... I'll let you know.

 

[Christos]

I have also noticed the gap in router offerings for the small business market.

Meraki GO is expensive and garbage in features and performance.
Aruba IntantOn doesn't include any router in their product line.
Unifi gateways? I haven't tried them but they are famous only for their wifi products and switches.

Opensource (pfsense/opnsense) with custom hardware seem to win the router SMB market for now.
Also, Tailscale (that works perfectly with pfsense) is becoming a strong competitor in the SMB SD-WAN market, that was dominated by Meraki.

 

[ddaenen1]

Also, Tailscale (that works perfectly with pfsense) is becoming a strong competitor in the SMB SD-WAN market, that was dominated by Meraki.

Up until today, i still haven't figured if i need VPN or not. I don't require remote access to my router or LAN nor to my fileserver. I run Nextcloud which i can access externally through https with letsencrypt certs and an FQDN. Plex takes care of its own once configured correctly in pfSense. My files are backed up to onedrive daily which i can access from everywhere so what else is left? I cannot be bothered about surfing the web anonymously as by now, gazillions of cookies have captured any interesting surfing habit i may have - people that think this doesn't count for them, are simply naive.

 

[avtella]

Netgate is the primary backer for pfSense - don't get me wrong, they've done interesting things, for example, funding ARM development over in BSD land - but at the same time, they've done some pretty sh*tty things like the wireguard port mess...

The Netgate HW is all OEM/ODM gear, and can be found off the shelf for a significant discount over in x86 land...

If one is looking for an engineered solution - pfSense/Netgate isn't the place.

IIRC - you did pfSense a long time back, and walked away because of poor L3 support for VLAN, etc...

It's a US company @coxhaus.

Their highest end Intel Xeon D1537/1541 (XG1537/1541) models for example are direct SuperMicro rebrands (one of the 5018D models if I recall), can get them for significantly cheaper. Some of the lower end models like the ARM units are more custom though. OpnSense (Deciso) was better in picking the AMD Epyc Embedded series for their high end, much more efficient and powerful for the price, from experience with the Epyc 3251.

 

[sfx2000]

Opensource (pfsense/opnsense) with custom hardware seem to win the router SMB market for now.

No, not really...

There are many small businesses out there that have regulatory restrictions - e.g. PCI, HIPAA, etc - and there, providers will usually dictate what equipment is to be used.

Used to be heavily biased towards the Cisco (Linksys) RV series, but recently most have moved over to Cisco-Meraki stacks with Cradlepoint LTE/5G prem equipment for backup.

I have a good friend that just upgraded his gas station pumps and points of sale for Apple and Google Pay, along with NFC card access - Valero, his payment card processor installed Meraki (on his dime) for the LAN side - VLAN's out to PoS terminals on the pumps and registers, separate VLAN for back of house for LAN/WLAN for general purpose stuff (and a guess VLAN/WLAN for customers, sales reps, etc)

It's all managed remote from the Valero network ops center - SSL-VPN on the backhaul from his station to their edge security gateways.

He's completely hands off - but also protected from liability against card fraud - if he didn't do the upgrades, he would have been on the hook, not the PCI providers or the card issuers.

Food for thought.

 

[Tech9]

providers will usually dictate what equipment is to be used

True and valid for almost all franchise type businesses. I worked on a project like this years ago with head office equipment as only choice. It was extremely expensive for what it is, but IBM as solution provider and 5-year support and replacement warranty. The locations owners paid like 10x the cost of what was installed and it was a weird mix of different brands and even different compatible models.