|
Rexxed posted:I replaced my original UniFi with the AC-Lite and it's been really solid. Yeah, I had a couple of the LR 2.4GHz N models and replaced one with an AC-Lite with great results so far. The old ones still work great in bridge/WDS mode for connecting things like my HTPC and printer. Another interesting recent project has been following Ars Technica's recent guide to building a home router/gateway using Linux and iptables. The author used an embedded Celeron mini-PC from AliExpress but I decided to try with my old i7-920 gaming desktop and a PCIe 2-port gigabit card. After getting iptables working by basically just following the guide, this allowed me to pop in some spare hard drives as well and get the same box handling NAS/torrent box functionality on top of routing. Unsurprisingly the processing power of an i7, even an old one, is massive overkill for this kind of thing. Even with my 70/7 connection maxed out across multiple downloads, the system only uses around 1% of one core and under 500MB of memory. This motivated me to check on eBay and find a slower Xeon L5520 (only $9!) with ECC support and a much lower TDP to replace the i7. The L5520 will run stable at stock speed with 0.9V vCore, which has HWMonitor reporting the full chip's power consumption at under 20W under load and around 2-3W idling. I'm a bit skeptical of such low numbers but I'm sure it makes a difference. At this point it's been stable for a couple weeks and the only thing left on the list is to set up IPv6 through a tunnel since my ISP is v4 only for now. I kind of wish there were more for it to do so all that power wasn't going to waste, but it's been a fun and productive project so I'd recommend anyone else who's curious and has a spare PC to check it out. Eletriarnation fucked around with this message at 19:40 on May 17, 2016 |
#
?
May 17, 2016 19:37
|
|
|
|
| # ? Apr 24, 2024 12:24 |
|
|
Looking at recomendations in the OP, I'm thinking of getting the TP-LINK TL-WDR3500 and putting it in AP mode. I should be able to program the same network names and keys, just on different channel, and my clients will be able to roam between the two wireless networks?
|
|
#
?
May 17, 2016 19:40
|
|
|
FISHMANPET posted:Looking at recomendations in the OP, I'm thinking of getting the TP-LINK TL-WDR3500 and putting it in AP mode. I should be able to program the same network names and keys, just on different channel, and my clients will be able to roam between the two wireless networks? It will be tricky due to power levels from both the APs. Generally speaking, devices don't like letting go of something even when the signal is garbage (see Wifi assist on iPhones), companies have worked on this feature but I've not seen them used too widely in consumer based gear. The Unifi APs do this and are cheap enough and hide well .. If handoff is what you're concerned with I would look at those.
|
|
#
?
May 17, 2016 20:11
|
|
|
mAlfunkti0n posted:It will be tricky due to power levels from both the APs. Generally speaking, devices don't like letting go of something even when the signal is garbage (see Wifi assist on iPhones), companies have worked on this feature but I've not seen them used too widely in consumer based gear. The Unifi APs do this and are cheap enough and hide well .. If handoff is what you're concerned with I would look at those. From the previous page: Antillie posted:There are many good reasons to go with Unifi APs. Zero handoff is generally not one of them.
|
|
#
?
May 17, 2016 20:19
|
|
|
Eletriarnation posted:From the previous page: That's fine, perhaps they could elaborate on the negatives they have seen. I've seen the opposite having run two APs in my home for quite some time .. client devices did not want to connect to the closer device until I was so far out of range that it wasn't working to begin with (but still had a connection).
|
|
#
?
May 17, 2016 20:31
|
|
|
Just to add... Some routers have a option to help boot low signal clients. The Asus RT series routers gain this option if the Merlin-AsusRT alternate firmware is installed. You can configure the AP to boot clients when their RSSI drops below a certain level. This has the effect of forcing a "sticky" client to connect to a stronger AP. Unifi APs have this as well if you are on the latest controller software. It is a option in the GUI now called Minimum RSSI. I use it at one of our locations at work and it works quite well. We have several Motorola andoird tablets for scanning inventory and they are notoriously "sticky" devices; once the min RSSI function boots them, they will connect to the better AP nearly instantly.
|
|
#
?
May 17, 2016 21:56
|
|
|
mAlfunkti0n posted:That's fine, perhaps they could elaborate on the negatives they have seen. I've seen the opposite having run two APs in my home for quite some time .. client devices did not want to connect to the closer device until I was so far out of range that it wasn't working to begin with (but still had a connection). Antillie posted:Zero handoff places all of the APs on the same channel and presents them as a single virtual AP to wifi clients. This crowds one channel with all of the APs and whatever wifi clients are on the network. So the usual capacity benefits of having more than one AP (each on its own channel) vanish. In exchange roaming between APs is controlled by the APs themselves instead of each individual client making its own roaming decisions. This can make roaming faster and/or more intelligent with wifi clients that otherwise don't roam very well. But for most wifi client devices (which roam in a sane manner) AP controlled roaming provides no real benefit. As long as all of your APs are using the same SSID and encryption settings things should roam between them just fine. Its when the SSIDs are different that things usually get stupid. Even when running a dual band network both the 2.4ghz and 5ghz bands should be on the same SSID. But some client devices just behave badly and zero handoff addresses that issue. You just need to be aware of the trade offs that come with zero handoff. It used to be that only Apple devices handled dual band roaming very well (roaming between 2.4ghz and 5ghz networks with the same SSID in an intelligent manner) but this generally is no longer the case. But if you have some really old laptop or whatever this can be something to keep in mind as zero handoff is not an option when dealing with roaming between 2.4ghz and 5ghz networks. Antillie fucked around with this message at 14:28 on May 18, 2016 |
|
#
?
May 18, 2016 14:24
|
|
|
Antillie posted:As long as all of your APs are using the same SSID and encryption settings things should roam between them just fine. Its when the SSIDs are different that things usually get stupid. Even when running a dual band network both the 2.4ghz and 5ghz bands should be on the same SSID. But some client devices just behave badly and zero handoff addresses that issue. You just need to be aware of the trade offs that come with zero handoff. Good info, it is greatly appreciated!
|
|
#
?
May 18, 2016 14:41
|
|
|
Any recommendations for a small business router? Can't find any thread for small business networking. Just bought a new building. We only have 6 workstations and a bunch of drops for printers and whatnot. I've got a 24port rackmount switch for that and just need something to tie it all together. Security features would be nice, with all of the crypto malware out there these days I worry quite a bit about our DBs. The EdgeRouter I'm a bit weary of because I'm not familiar with Unifi stuff at all and the lack of integrated AP, is it easy to get up and running?
|
|
#
?
May 18, 2016 15:11
|
|
|
The Gunslinger posted:Any recommendations for a small business router? Can't find any thread for small business networking. Just bought a new building. We only have 6 workstations and a bunch of drops for printers and whatnot. I've got a 24port rackmount switch for that and just need something to tie it all together. Security features would be nice, with all of the crypto malware out there these days I worry quite a bit about our DBs. I have the ER Lite and it's easy depending on what you want to do with it. The WebUI allows basic setup and you can do stuff like simple QoS, vLANs, etc. It's dirt cheap, which is hard to come by for the features it does offer. The lack of integrated AP is a non issue for most who want this level of control though, you could pick up a cheap Unifi AP to mate with it .. or any old AP that gives you what you want.
|
|
#
?
May 18, 2016 15:17
|
|
|
mAlfunkti0n posted:That's fine, perhaps they could elaborate on the negatives they have seen. I've seen the opposite having run two APs in my home for quite some time .. client devices did not want to connect to the closer device until I was so far out of range that it wasn't working to begin with (but still had a connection). Device AP roaming is governed by the device's received radio strength. So if you turn all your APs to max TX power then of course your devices will never let go because they think they're connecting fine. Of course from the AP's point of view it's not going to match up because the mobile device won't be able to TX back to the AP at the same strength so you're going to get a weak RX on the AP, with a lovely SNR and have a horrible time transferring anything. Ideally you want APs that transmit only as loud as they can hear the return signal from its clients.
|
|
#
?
May 18, 2016 17:49
|
|
|
The Gunslinger posted:Any recommendations for a small business router? Can't find any thread for small business networking. Just bought a new building. We only have 6 workstations and a bunch of drops for printers and whatnot. I've got a 24port rackmount switch for that and just need something to tie it all together. Security features would be nice, with all of the crypto malware out there these days I worry quite a bit about our DBs. Not really "home networking" heh. You're probably not going to find a great solution for network-level anti-malware cryptolocker etc, unless you're willing to throw money at the problem. Most network level hardware uses signature matching, and it's far too easy for malware writers to create a million new signatures faster than any vendor can detect and blacklist. This is also true for Anti-Virus software. But if you're doing this for a business and it's written down somewhere that you need to CYA with a hardware firewall, then you should start looking into enterprisey boxes that have software and definition update subscriptions. Cisco has their ASA with "FIREPOWER" services. Sophos has their UTM line of firewalls. Sonicwall ummm well...
|
|
#
?
May 18, 2016 18:04
|
|
|
Yeah sorry I couldn't find a business networking thread, I seem to remember we had one but I must be blind or it got archived. Ok I guess I'll drop the security stuff and just do it manually through firewall rules as much as possible and GPO for the rest. I'll take a look at the Edge Router Lite unless anyone has other ideas.
|
|
#
?
May 18, 2016 18:07
|
|
|
The Gunslinger posted:Yeah sorry I couldn't find a business networking thread, I seem to remember we had one but I must be blind or it got archived. "The Cisco" thread kinda fills in for that niche. But for an office of <20 people, and edgerouter lite with savvy users is more than capable. You'll only start itching to upgrade if you want fancy features like SSL VPN, network policy enforcement, paid 24/7 tech support or the anti-virus stuff mentioned above.
|
|
#
?
May 18, 2016 18:30
|
|
|
We use some mikrotik routerboards at my office of like 15 people. I don't do anything fancy either, the business thread scares me with vlan/vpn stuff. But using the interface is really nice, a huge step-up from awful netgear trash, and I can use ssh, browser, or winbox to configure it. That ubiquiti stuff looks pretty similar in functionality and good as well! Even DD-WRT stuff has kicked new life into a bunch of seemingling trash gear, and haven't had a problem with them since. darkhand fucked around with this message at 21:31 on May 18, 2016 |
|
#
?
May 18, 2016 21:23
|
|
|
I have 2x asus rt ac68u routers with one acting as an actual router and another acting as an ap. I am trying to cover some dead spots in the house and I am trying to add a 2nd ap but the array of a/c devices is dizzying. I was looking through the dd wrt database since that's what I'd like to have all the devices running on but if there's a cheaper a/c ddwrt ready option other than the overpriced ac68u I'd like to pick it up. Any suggestions? Edit: I realize the archer c5 will probably be ideal but if anyone has another suggestion I will leave this lazy post up 
Marzzle fucked around with this message at 22:19 on May 18, 2016 |
|
#
?
May 18, 2016 22:16
|
|
|
I almost made this post a XY Problem on accident, so let me just describe what I'm trying to do and then hit me with some recommendations. Would like a wireless device that can: * Connect to an existing WiFi network as the WAN * Support 2-3 Chromecast 2s in a small room for media streaming * 802.11ac would be nice I guess since Chromecast 2s apparently support this * (Bonus) can run with either an Ethernet cable as WAN (testing setup at home), or WiFi (actual usage). Double-bonus if it can have multiple WiFi networks stored as the WAN networks and pick whichever one is around Basically, I host an event every month in a bar in town that has a projector and several bar TVs. Right now, the laptop mates directly to the projector via VGA, and then I've recently started using AirParrot 2 to screencast presentations to the bar TVs via Chromecast. The bar has existing WiFi that is mostly for their staff, and they share the password with us, but it's 2.4GHz and I'd feel better trusting my own hardware. The idea is that I'll purposefully double-NAT myself, and just use the router/AP to pass through Internet access (so the laptop can get to Dropbox, etc.), and then provide a closed WiFi network for the laptop to stream to the ChromeCasts in a relatively well-known wireless environment (at least, I'll have no one to blame but myself). Price range -- $100 or under would be nice, but I can go slightly over.
|
|
#
?
May 19, 2016 04:21
|
|
|
Tplink travel routers can use wifi as wan while also serving wifi clients but it is fiddly as hell.
|
|
#
?
May 19, 2016 04:31
|
|
|
Well, I took the plunge and ordered the setup below for the new house. If the thread is interested I'll try to make a few effortposts on my trials and tribulations getting the home network setup. I'm probably into Dunning-Kruger territory ("I led of team who managed networks 13 years ago. It looked easy!"), so there's at least a chance others in this thread will get to laugh at my feeble attempts at security and stability.
|
|
#
?
May 19, 2016 15:55
|
|
|
movax posted:I almost made this post a XY Problem on accident, so let me just describe what I'm trying to do and then hit me with some recommendations. According to their user manuals the EX6200 and EX6100 both tick pretty much all of your boxes. Although it looks like NAT is optional and while they can do NAT when using wifi as their WAN connection I am not sure if they can do NAT when using a wired WAN connection (and thus act as a slightly more expensive wifi router). It looks like they even remember the different wifi networks they have previously connected to in the WAN settings. Antillie fucked around with this message at 16:02 on May 19, 2016 |
|
#
?
May 19, 2016 15:57
|
|
|
Ynglaur posted:Well, I took the plunge and ordered the setup below for the new house. It looks like you are well on your way to having a home network that is fast, reliable, extensible, and easy to configure. And with minimalist Swedish styling to boot. Antillie fucked around with this message at 16:11 on May 19, 2016 |
|
#
?
May 19, 2016 16:05
|
|
|
I doubt many here are running any of the following gear from Ubiquiti, but if you are, update your poo poo: airMAX v5.6.2 airMAX AC v7.1.3 TOUGHSwitch v1.3.2 airGateway v1.1.5 http://arstechnica.com/security/2016/05/foul-mouthed-worm-takes-control-of-wireless-isps-around-the-globe/
|
|
#
?
May 19, 2016 21:28
|
|
|
quote:Simply having a radio on outdated firmware and having its http/https interface exposed to the Internet is enough to get infected. If you are allowing the general internet to connect to your gear's management interface you already have some pretty serious problems to begin with. But yeah, this is what I like about Ubiquiti and other business grade stuff. Patches get issued for stuff like this. In this case the patch came out last July. Antillie fucked around with this message at 13:37 on May 20, 2016 |
|
#
?
May 20, 2016 13:34
|
|
|
What question one asks isn't the real problem when 99% of Internet answers are... YX Answers? ("Q: Hey guys how do I do [simple thing not mentioned in the manual] on an Amiga 500? A: Buy an Amiga 3000" was my first taste of this.) Certain threads on this forum seem to be the exception that makes the rule.
|
|
#
?
May 20, 2016 13:50
|
|
|
Antillie posted:If you are allowing the general internet to connect to your gear's management interface you already have some pretty serious problems to begin with. But yeah, this is what I like about Ubiquiti and other business grade stuff. Patches get issued for stuff like this. In this case the patch came out last July. I was thinking the same thing, WHY .. oh WHY are people exposing that to the internet?
|
|
#
?
May 20, 2016 15:29
|
|
|
Finally got around to updating pfsense after someone posted about it a few pages back. New interface is really nice, especially the real-time monitoring and reports. Other than triggering a full backup and removing bandwidthd I didn't do anything before the upgrade and it was done and booted before I remembered to check. I had to reenable Squid after but it was a nice surprise seeing clamav scanning integrated now.  Since the e4300 isn't doing much else I guess I'll throw that on too. PfblockerNG even started up without needing to touch it and that was the main package I was concerned about.All pfsense updates have been easy for me so far, but it's still crazy to me how flawless and easily-extensible it is. This is coming from IPCop and smoothwall where just getting a working base configuration was an achievement and God help you if you want to update or maybe you're running a separate package. I've had Snort rules pulling down as scheduled from day one, where I think Smoothwall managed it twice before the updater broke irreparably. Pfsense has been set and forget other than updates and package installs. future ghost fucked around with this message at 06:05 on May 21, 2016 |
|
#
?
May 21, 2016 06:00
|
|
|
Dumb question: My network is going to go router > switch > WAPs. Will devices connected via Ethernet to the switch (e.g. a printer) be on the same network as a wireless device connecting via a WAP (e.g. a tablet)? Clients will need a password to connect to the WLAN; is there some way to require a password to connect to the LAN?
|
|
#
?
May 21, 2016 13:39
|
|
|
Ynglaur posted:Will devices connected via Ethernet to the switch (e.g. a printer) be on the same network as a wireless device connecting via a WAP (e.g. a tablet)? Yes. They will. Ynglaur posted:Clients will need a password to connect to the WLAN; is there some way to require a password to connect to the LAN? I'm not sure why you'd want to do this, but if you're just trying to restrict who can access the network by plugging in, I'd use something like MAC filtering/ a MAC whitelist. It'd be a hell of a lot easier to manage.
|
|
#
?
May 21, 2016 18:35
|
|
|
Ynglaur posted:Clients will need a password to connect to the WLAN; is there some way to require a password to connect to the LAN? Viper_3000 posted:I'm not sure why you'd want to do this, but if you're just trying to restrict who can access the network by plugging in, I'd use something like MAC filtering/ a MAC whitelist. It'd be a hell of a lot easier to manage. Mac filtering/whitelisting won't stop anyone from joining your network since if somebody's captured & decrypted enough wireless data they already know MAC addresses of devices on the whitelist. Just stick with a WPA2 password to make it computationally unfeasible to crack WiFi connectivity. For a LAN password you would need to sequester the wifi segment of your network off to a second LAN and use a router/firewall to create a "jailed garden" or guest access like you see on public WiFi hotspots. I'm not sure why you would want BOTH a WiFi password AND a LAN password, but there's plenty of ways to do it. Most implementations will require enterprisey hardware that supports authentication protocols on the network level like 802.1x, but that's never stopped people from hacking together kludge to accomplish the same end goal.
|
|
#
?
May 21, 2016 19:25
|
|
|
I'm going to be picking up a managed 24 port switch soon and a few offerings have SFP ports on them. From what I've read, these are basically just for fiber connections if I needed to connect them to something father than CAT cables can run, right?
|
|
#
?
May 21, 2016 20:26
|
|
|
Mostly I'm just trying to keep random kids' friends off of my home network. I don't run my wireless network in the clear, why would I run my wired network any differently? I may just use a MAC address whitelist for my family's clients, and setup a guest wireless network with tight bandwidth limits in case a friend wants to connect quickly for something.
|
|
#
?
May 21, 2016 21:10
|
|
|
Ynglaur posted:Mostly I'm just trying to keep random kids' friends off of my home network. I don't run my wireless network in the clear, why would I run my wired network any differently? Don't worry, kids don't know what wired networks are
|
|
#
?
May 21, 2016 21:31
|
|
|
Ynglaur posted:Mostly I'm just trying to keep random kids' friends off of my home network. I don't run my wireless network in the clear, why would I run my wired network any differently? If all you're worried about is neighborhood kids connecting to your network, I think simply paying attention to who's in your house should be fine. Any <18 year old is not gonna show up to your house with a cat5 cable, or even know what a cat5 cable is. Hide your SSID, use WPA2, set up a guest network for friends and you'll be fine. I can promise you that nobody is going to show up to your house and ask to plug in to get on the internet.
|
|
#
?
May 21, 2016 21:31
|
|
|
I never thought about the security through obscurity aspects of hard-wiring. That's pretty funny the more I think about it.
|
|
#
?
May 21, 2016 23:09
|
|
|
Dogen posted:Don't worry, kids don't know what wired networks are Apparently neither do millenials
|
|
#
?
May 22, 2016 01:27
|
|
|
CrazyLittle posted:Apparently neither do millenials nor adults...
|
|
#
?
May 22, 2016 01:27
|
|
|
GobiasIndustries posted:I'm going to be picking up a managed 24 port switch soon and a few offerings have SFP ports on them. From what I've read, these are basically just for fiber connections if I needed to connect them to something father than CAT cables can run, right? Maybe. If it's SFP+ then it will run at 10Gbps, but if it's just regular SFP then all you get by running fiber (assuming the rest of the switch is gigabit) is that you can connect at longer distances than copper cable will reliably work at. Unless it specifically says "SFP+" or "10GBase-*" somewhere then it's probably the latter.
|
|
#
?
May 22, 2016 01:45
|
|
|
CrazyLittle posted:nor adults... In my day we trained our homing pigeons to deliver CD-Rs and that's the way we liked it
|
|
#
?
May 22, 2016 03:39
|
|
|
Since this thread is slowly turning me into the network guru of my extended family, I have been asked to solve an issue for my brother's apt. He is currently running a Surfboard modem/router/wifi combo unit, setup where the cable line comes into the house in his basement. This gives him predictably lovely connectivity on his first floor, and pretty much no connectivity on the 2nd floor of his townhouse over wifi. He does have 3 Ethernet connections in the house, one on the first floor and two on the second, which are currently being used for two Roku's, and a VOIP product. They are cash strapped due to the birth of their first child, so I'm trying to figure a way to get them better wifi around the house without having to spend any money. My main question was; Is there a way to take a Belkin N600 wireless router that I have laying around, and use it both as a wired switch utilizing its network connections, and as a WAP simultaneously? I've been messing with it a bit, but haven't had any luck so far. If I could get this to work I'm assuming I could plug it into his 1st floor ethernet connection and then let the Roku plug into it while it also acting as the WAP for the house in the better location. Also, if there is no way to do this, I think I would just need to get a dumb switch and use the belkin simply as the WAP?
|
|
#
?
May 22, 2016 15:50
|
|
|
|
| # ? Apr 24, 2024 12:24 |
|
|
Yeah, that's easy to do. You just plug your incoming connection into one of the LAN ports instead of the WAN port and then you can use the other LAN ports for switching. Some devices have an option to use the WAN port in bridged mode with the rest which will give you +1 ports total, but if not just don't use it. Make sure that your N600 doesn't have a DHCP server running unless you want it to be the DHCP server (and in that case disable DHCP on whatever is doing the routing) and make sure that it's not trying to use the same IP as the router if you tend to use .1 or whatever. You can set it to get any other IP that's excluded from the DHCP-served range, or DHCP client if it supports that on the LAN interface - most consumer routers don't.
Eletriarnation fucked around with this message at 16:00 on May 22, 2016 |
|
#
?
May 22, 2016 15:57
|
|