|
You can just make 3 networks. 1 for your network, 1 for his network with no guest portal, and 1 for a guest network with a portal.
|
#
?
Aug 30, 2016 05:32
|
|
|
|
| # ? Apr 19, 2024 09:03 |
|
|
So recently we moved to a new place, and the wiring already in place is weird and old and the most complicated i have ever worked with. the one circled in green is the one hooked up, the only one that actually works. the router is connected at the other side, which leads to a relatively central location and works well enough, but there are plenty of rooms where the wifi is crappy and i would love to use a direct line. is there a way to actually use all these ports without rewiring the entire house?
|
|
#
?
Aug 30, 2016 14:24
|
|
|
Your only chance is getting the twists in the pairs RIGHT up to the punch place. Even then good luck, that has a low chance of doing gigabit properly.
|
|
#
?
Aug 30, 2016 15:21
|
|
|
Thermopyle posted:Maybe you can answer these questions: Hilariously, haven't tried vouchers so I am useless. I would assume around 5 minutes though. I don't know about the splash page, sorry.
|
|
#
?
Aug 30, 2016 15:29
|
|
|
Internet Explorer posted:You can just make 3 networks. 1 for your network, 1 for his network with no guest portal, and 1 for a guest network with a portal. I assume you're talking about 3 VLAN's, correct? I'm just getting started with this stuff, so please bear with me.
|
|
#
?
Aug 30, 2016 15:45
|
|
|
Internet Explorer posted:You can just make 3 networks. 1 for your network, 1 for his network with no guest portal, and 1 for a guest network with a portal. Why not just two SSIDs on two VLANs? One for his stuff and one for guest/xbox? Don't use the guest portal and just firewall off the guest VLAN from his.
|
|
#
?
Aug 30, 2016 15:52
|
|
|
Moey posted:Why not just two SSIDs on two VLANs? One for his stuff and one for guest/xbox? Don't use the guest portal and just firewall off the guest VLAN from his. I want to retain the full guest network (for all the tenant's/visitors/family), plus my wifi, plus his XBox. I'm not sure if that'd require 3 VLANs, but it seems so. 1. My network, both Wifi and wired 2. Guest network, with guest portal 3. His snowflake XBox I'm running an EdgeRouter Lite, managed 8 port switch (TPLink TL-SG108E, although it's currently running unmanaged), and a Unifi AP-Pro AC. ::Edit:: All taken care of. Added 2 VLANs, added another SSID for the XBox on WPA2, and had LaF help with setup and firewall rules. sharkytm fucked around with this message at 20:41 on Aug 30, 2016 |
|
#
?
Aug 30, 2016 16:01
|
|
|
Moey posted:Why not just two SSIDs on two VLANs? One for his stuff and one for guest/xbox? Don't use the guest portal and just firewall off the guest VLAN from his. Because if there's two networks available, one with nag screen and one without, everyone's just gonna connect to the other.
|
|
#
?
Aug 30, 2016 18:18
|
|
|
tinaun posted:So recently we moved to a new place, and the wiring already in place is weird and old and the most complicated i have ever worked with. the one circled in green is the one hooked up, the only one that actually works. the router is connected at the other side, which leads to a relatively central location and works well enough, but there are plenty of rooms where the wifi is crappy and i would love to use a direct line. Well, that cable connection is screwed by putting 2 connections down a single wire. (blue pair is put to a different jack for telco use). Unhook that and punch it back (with the brown) to the main connection and fix the other side (in your room). The rest of the panel looks generally okay for 100mbps (gig will be sketchy since it's cat5, not cat5e). Just put a small switch beside your panel there and patch the various rooms into that.
|
|
#
?
Aug 30, 2016 18:44
|
|
|
I'm so glad they wired all the phone jacks in my house with cat5e, gonna make it nice for putting in wifi extenders and drop points and putting the main gear anywhere I want. 
|
|
#
?
Aug 30, 2016 18:45
|
|
|
Go whole hog and get the wallplate wifi AP/switch combos and power with a small poe switch. No cables to be seen anywhere and powered from a single UPS!
|
|
#
?
Aug 30, 2016 18:59
|
|
|
There was a link shared in this thread I think where someone somewhere bought their own roll of fiber off of ebay or something and installed it on poles to get connectivity some matter of miles... I can't seem to find this post anywhere. Does anyone recall what this was?
|
|
#
?
Aug 30, 2016 22:31
|
|
|
Thermopyle posted:There was a link shared in this thread I think where someone somewhere bought their own roll of fiber off of ebay or something and installed it on poles to get connectivity some matter of miles... I don't think the poster in question got that far, they were considering replacing ubiquiti bullets with buried fiber, but CrazyLittle had info on that as a response. There may have been another post I didn't see looking back, though: CrazyLittle posted:That's kind of "not a thing." Typically if you're buying pre-terminated fiber, it's for patch cords or patch assemblies. If you want anything outside the normal range past 100ft then you're looking at custom assemblies. But since you're looking for direct burial you should probably just run the cable, and have it hand-terminated into a splicing box. Either way you're looking at maybe $3000? for the whole run. I bought fiber from http://www.discount-low-voltage.com/ for the last long run I did, and they're good about answering questions. They're selling 6-strand single-mode direct burial for $0.48/ft, which means a 1km run would be ~$1580 not including termination.
|
|
#
?
Aug 30, 2016 23:30
|
|
|
Rexxed posted:I don't think the poster in question got that far, they were considering replacing ubiquiti bullets with buried fiber, but CrazyLittle had info on that as a response. There may have been another post I didn't see looking back, though: Hah! What I was thinking about was linked to in the very next post after your quoted one. Thanks for getting me to what I was looking for.
|
|
#
?
Aug 30, 2016 23:51
|
|
|
It's also worth noting that you'd need the permits and/or leases for your area if you want to bury or use a pole. I have no clue what the buried permit costs would be, but several municipal PDFs I've seen of people renting city-owned poles for low voltage or fiber lines run in the area of $3000/year with 20 year commitments
|
|
#
?
Aug 31, 2016 00:27
|
|
|
Hello, What do you guys think of this diagram for a power user? Hi guys, I lurk here and and help from time to time. Awesome thread! So I'm trying to be a Power user and used to play around with the previous generation of UBNT switches. I'm getting a new home soon and want to go crazy with my networking. Hardware side I thinking about getting a pair of USG but from reading here and other areas it seems like I'm better off with another Edge router lite? (I already have a Edge POE) The USG seems to be really tempting but I wonder how is the VPN performance? Should I build another PFsense box if I truly want an amazing~~ VPN when I go to China? The reason why I am setting up a network server and roaming profiles is that I can store people's login and configuration whenever anyone in the family buys a new computer - have all the files like /documents and configuration files stored And when it comes to switches, what is the difference between the edge Unifi Switch 16-150W / ES-16-150W ? And is it only with the 24 ports that I can get managed? And if I do use a VPN server, it's better off I should set up VLAN with the switches and not the router to avoid performance pit falls? sorry about all these weird questions. This is more of the software side but what kind of home server do you guys use? I'm planning on FreeNAS for home server with separate Windows server 2012 on the side. Or looking into something called owncloud caberham fucked around with this message at 06:51 on Sep 1, 2016 |
|
#
?
Sep 1, 2016 06:49
|
|
|
caberham posted:Hello, What do you guys think of this diagram for a power user? Well the ERL and USG are the exact same hardware. The difference is that the USG is managed via the Unifi controller like the APs while the ERL is a standalone unit and slightly cheaper. Additionally not all of the features of the ERL are available on the USG. So the ERL is the usual recommendation around here as central management isn't generally a big deal for a home user. According to this post, the ERL can do ~150mbps of IPSec VPN throughput, which is pretty good for an entry level device. For comparison the (more expensive) Cisco ASA 5506 and (much more expensive) 5508 can do 100mbps and 175mbps of IPSec throughput respectively. pfSense can easily beat this if you build a box with the right hardware, specifically, a CPU that supports Intel's AES-NI instruction set. If you have some money to spend, a pfSense box built on an Atom C2758 (needs registered RAM btw) will scream. But Core i3/i5/i7 CPUs work great as well. It really comes down your budget, performance needs, and how much power you want the box to draw. (Which translates to thermal output and thus the amount of cooling needed and noise generated by said cooling.) As for using a VPN in China, the great firewall is fond of loving around with VPN sessions. So having more than one type of VPN available (IPSec, TLS, SSH, ect...) might be helpful. The ERL only hardware accelerates IPSec but pfSense can hardware accelerate both IPSec and TLS (ie: OpenVPN). I am not sure if pfSense hardware accelerates SSH and PPTP is terrible to the point that pfSense has long since dropped support for it. (Seriously, nobody should ever use PPTP.) I am not sure about the differences between the different Unifi switches but unless you have a reason to run more than on VLAN I would just stick with one VLAN. You don't have 100+ boxes on your network so there is no performance reason to break up the network into different layer 2 broadcast domains. The only real reason for a home user to bother with a second VLAN is for a guest/tenant/person you don't trust network. When setting up an IPSec site to site VPN the two IPSec termination devices in question do not need to be from the same vendor, but configuring the tunnel is often easier if they are. As for settings, IKEv1 and IKEv2 are both fine as long as you don't use IKEv1's "aggressive/quick mode". AES128, 192, and 256 are functionally the same, GCM mode is the best AES mode but CBC is acceptable, 3DES and Blowfish now suck, SHA1 should be avoided if possible (its not terrible in all cases, yet, but its moving in that direction and is already terrible in some cases), SHA256, 384 and 512 are all fine and functionally equivalent but SHA256 is a bit faster. PFS is always a good idea. DH groups 19-21 are ideal but baring that DH groups 14-16 are acceptable (but slow), the truly paranoid can use groups 28-30 if they give absolutely no fucks about performance. Personally, I have a Server 2008 R2 box that I use for file sharing, DNS, AD, and RADIUS. Both the ERL and pfSense will happily let you use a RADIUS server to define your remote access VPN users. Just keep in mind that roaming profiles can get large. So loading them over a VPN link on top of a residential internet connection may not work out all that well. Even on a gigabit LAN roaming profiles don't always work out very well if the users like to store lots of stuff on their desktop and in their documents folder. The profile has to be downloaded in its entirety on each logon and then uploaded in its entirety on each logout. This can be very annoying to users if it makes the logon/logoff process take a while. Also, since you are talking about a home user situation they might not log out at all. In which case the profile wouldn't get uploaded to the server which can cause sync issues if they also login somewhere else. Antillie fucked around with this message at 23:56 on Sep 1, 2016 |
|
#
?
Sep 1, 2016 16:36
|
|
|
So, my parents are willing to spend a few grand for me to get them internet to their rural-ish location. They're about 5 miles (as the crow flies) from some property they own that does have access to broadband. I'm going to have to do a wireless point to point link for them and it's not something I've done before. There's not direct line of sight from the highest point at the two locations, so I'm going to have to do at least one tower, maybe two. I'll find some topgraphical maps and look into that in more detail, but I see 65 foot self-supporting towers for around a grand online. Anyway, I see Ubiquiti has multiple products for this sort of thing, but I don't really know which to choose. There's the airMax line and the airFiber line... Anyone have any suggestions about products for this application? Doesn't have to be Ubiquiti, I've just had success with them this year when I upgraded my home network equipment so I checked them out first.
|
|
#
?
Sep 1, 2016 17:03
|
|
|
Maybe some Litebeams? I aimed a pair of Nanostation Loco M5s at each other but it was a few hundred feet, not miles. If you need a tower (or two) in the middle, how are you going to power the gear there?
|
|
#
?
Sep 1, 2016 17:21
|
|
|
IOwnCalculus posted:Maybe some Litebeams? I aimed a pair of Nanostation Loco M5s at each other but it was a few hundred feet, not miles. I'm not thinking about putting them in the middle, I'm thinking about putting one (or two) at the ends to get up above tree lines and whatnot. There's power available there.
|
|
#
?
Sep 1, 2016 17:32
|
|
|
caberham posted:Hello, What do you guys think of this diagram for a power user? I don't have a ton of time right now to go through all of this, but this seems super complicated. Do you do this for a living? Have you administered Roaming Profiles before? Do you need AD and a Radius server? I just... why not use Crashplan and a VPN service like everyone else does for home use? If you like tinkering and do this poo poo for a living, then I get it, carry on. I just read through this and can't imagine wanting to deal with any of that poo poo being down when I get home from work.
|
|
#
?
Sep 1, 2016 17:36
|
|
|
Thermopyle posted:I'm not thinking about putting them in the middle, I'm thinking about putting one (or two) at the ends to get up above tree lines and whatnot. There's power available there. Durf, I misread  I thought you were going to have to put a tower in the middle and have to set up two wireless links.I'd be sorely tempted to try these, the price is certainly right.
|
|
#
?
Sep 1, 2016 18:27
|
|
|
Thermopyle posted:So, my parents are willing to spend a few grand for me to get them internet to their rural-ish location. They're about 5 miles (as the crow flies) from some property they own that does have access to broadband. If you're in the US, note that structures over a certain height must be registered with the FAA, in addition to whatever other zoning your local state and municipality may impose. The FAA registration threshold is quite low (or was, 11 years ago): something like 18 or 24 feet.
|
|
#
?
Sep 1, 2016 18:31
|
|
|
That's weird. I spent the first half of my adult life building homes and multi family units and 50% of them were at least 30' tall without needing FAA to get involved.
|
|
#
?
Sep 1, 2016 19:23
|
|
|
Thermopyle posted:That's weird. I spent the first half of my adult life building homes and multi family units and 50% of them were at least 30' tall without needing FAA to get involved. Local zoning authorities trickle that stuff up, I believe. Now that I think of it, it may only apply near airports. We had erected a temporary radio tower just a few hundred meters from a small airstrip.
|
|
#
?
Sep 1, 2016 19:28
|
|
|
Well, I found this and it says 200 feet is the maximum unless you're with 20,000 feet of an airstrip and then there's a formula you use to calc height depending on distance from airstrip.
|
|
#
?
Sep 1, 2016 19:56
|
|
|
Thermopyle posted:I'm going to have to do a wireless point to point link for them and it's not something I've done before. Ynglaur posted:If you're in the US, note that structures over a certain height must be registered with the FAA, in addition to whatever other zoning your local state and municipality may impose. The FAA registration threshold is quite low (or was, 11 years ago): something like 18 or 24 feet. like my dilz Thermopyle posted:That's weird. I spent the first half of my adult life building homes and multi family units and 50% of them were at least 30' tall without needing FAA to get involved. like my dilz
|
|
#
?
Sep 1, 2016 20:10
|
|
|
Thermopyle posted:Well, I found this and it says 200 feet is the maximum unless you're with 20,000 feet of an airstrip and then there's a formula you use to calc height depending on distance from airstrip. Thanks for the correction.
|
|
#
?
Sep 1, 2016 21:47
|
|
|
CrazyLittle posted:like my dilz Erect in the middle of nowhere with nothing but a wifi antenna on the end?
|
|
#
?
Sep 1, 2016 21:55
|
|
|
IOwnCalculus posted:Erect in the middle of nowhere with nothing but a wifi antenna on the end? that's how i roll
|
|
#
?
Sep 1, 2016 22:14
|
|
|
Thermopyle posted:Well, I found this and it says 200 feet is the maximum unless you're with 20,000 feet of an airstrip and then there's a formula you use to calc height depending on distance from airstrip. BTW, don't forget to check city and county as well, since my city has height limits on structures.
|
|
#
?
Sep 1, 2016 22:19
|
|
|
cool, cool, cool, thanks for the advice. I found while googling for tower erection that SwiftKey on my phone doesn't autocorrect anything to erection. I fixed that posthaste.
|
|
#
?
Sep 1, 2016 23:16
|
|
|
Internet Explorer posted:I don't have a ton of time right now to go through all of this, but this seems super complicated. Do you do this for a living? Have you administered Roaming Profiles before? Do you need AD and a Radius server? This man is right. I do this stuff for a living and enjoy it. So I have all sorts of stuff like this setup at home. I geek out over crypto and network protocols. I am not most people. Most people would consider this sort of stuff to not be worth the effort. A bit like having a project car, fun for those that like it, but most people just want to drive their car, not tinker around with the engine every other weekend.
|
|
#
?
Sep 2, 2016 00:04
|
|
|
Is there any sort of affordable 10GigE yet? My cable runs are CAT-6A (I was ordering premade cables and it was basically the same price).
|
|
#
?
Sep 2, 2016 01:19
|
|
|
Paul MaudDib posted:Is there any sort of affordable 10GigE yet? My cable runs are CAT-6A (I was ordering premade cables and it was basically the same price). Define affordable. The lowest price you'll find right now is either Ubiquiti's ES-16-XG or Netgear's XS708E. Ubiquiti's is a bit more flexible with it's SFP+ ports instead of all RJ45 like Netgear's, but then you'll have to buy modules for whatever you'll want to connect.
|
|
#
?
Sep 2, 2016 02:28
|
|
|
Rukus posted:Define affordable. The lowest price you'll find right now is either Ubiquiti's ES-16-XG or Netgear's XS708E. Ubiquiti's is a bit more flexible with it's SFP+ ports instead of all RJ45 like Netgear's, but then you'll have to buy modules for whatever you'll want to connect. Reminder that SFP+ ports are incompatible with 10gig BASE-T copper ports since 10gig on copper requires more power than the SFP+ spec allows. So if you get the Ubiquiti switch you're limited to only 4 copper 10gig devices. Then again, 10G BASE-T is horrible anyways because the max distance over CAT6a is something stupid like 120ft.
|
|
#
?
Sep 2, 2016 05:02
|
|
|
Thanks everyone for the feedback!Antillie posted:Well the ERL and USG are the exact same hardware. The difference is that the USG is managed via the Unifi controller like the APs while the ERL is a standalone unit and slightly cheaper. Additionally not all of the features of the ERL are available on the USG. So the ERL is the usual recommendation around here as central management isn't generally a big deal for a home user. Thanks for the clarification Antillie posted:VPN hard ware and OpenVPN got hosed and a lot of the big name ones like Astrill and StrongVPN aren't as great as before. The lesser known ones seem to work for now but who knows how long that will last. Antillie posted:I am not sure about the differences between the different Unifi switches but unless you have a reason to run more than on VLAN I would just stick with one VLAN. You don't have 100+ boxes on your network so there is no performance reason to break up the network into different layer 2 broadcast domains. The only real reason for a home user to bother with a second VLAN is for a guest/tenant/person you don't trust network. I see, but I will stick with 3 VLAN - Own portal, Guest portal, and one more to firewall in my ipcams + internet of things. I did some research and hikvision provides great hardware at a low price but its security and software is still abysmal. Antillie posted:] I think Edward snowden and recent events highlighted that SHA256 should be the standard for now and other protocols have been phased out. Antillie posted:Personally, I have a Server 2008 R2 box that I use for file sharing, DNS, AD, and RADIUS. Both the ERL and pfSense will happily let you use a RADIUS server to define your remote access VPN users. Too bad about roaming profiles, would the process be easier if I set up folder redirection instead with 2 users at different sites sharing the same documents folder? Internet Explorer posted:I don't have a ton of time right now to go through all of this, but this seems super complicated. Do you do this for a living? Have you administered Roaming Profiles before? Do you need AD and a Radius server? It's way cheaper than building cars! At least if the software messes up I can just reinstall things  As for backups, you can never go wrong with more sources, some freak accident might happen with crash plan like that one dude who lost all his files.I dont do this as a living at all. And you are right that nowadays we can pay for services. There's spotify, netflix, google drive + crash plan, and a whole other bunch of paid services which I love to use. But everything is still very fragmented and everything is still very fragmented in their own eco system. I won't set everything up in one day smoothly but it's a hobby which I get to accomplish over time. I actually don't mind paying a free lancing sysadmin to set everything up but I don't know where and how to find one I can trust. It's a very daunting and ambitious set up but it allows scaling once down the line. I'm not die hard on having X service but what I want is similar to icloud family sharing, but for the extended family:
|
|
#
?
Sep 2, 2016 07:42
|
|
|
Sigh, why is 5GHz so much worse than 2.4GHz? Obviously, for wavelength reasons and whatnot. But if the new tech moving forward is going to be 5GHz, it feels like a step backwards. Wasn't stuff like beamforming supposed to increase it's range/penetration to 2.4GHz levels? At this point, 5GHz basically requires line of sight and short distance to maintain a connection that is better than a regular 2.4GHz N network. 2.4GHz just works, 5GHz is always spotty. For the record, I'm using AC Lites. A year ago, I was using 3x Netgear WNDR3700 with similar results. Going to disable the 5GHz radios now.
|
|
#
?
Sep 2, 2016 14:36
|
|
|
caberham posted:I think Edward snowden and recent events highlighted that SHA256 should be the standard for now and other protocols have been phased out. I don't recall anything about SHA1 collisions being in what Snowden released. I do remember the Snowden docs making it pretty clear that the NSA has probably pre-computed the discrete logarithms of several 1024 bit DH groups. This makes DH group 2 categorically unsafe and makes DH group 5 look pretty shaky. Collisions in SHA1 are easy enough to find that it really can't be used for straight up signing anymore, like TLS certificate signatures for example. But for something like IPSec where you are taking the hash of the encrypted payload SHA1 is still basically OK as long as you don't truncate the result. But as these guys showed, we really need to start moving away from SHA1 in general. caberham posted:Too bad about roaming profiles, would the process be easier if I set up folder redirection instead with 2 users at different sites sharing the same documents folder? I am not sure. I am more of a network guy by trade. You would need to ask an actual Windows sysadmin. caberham posted:I actually don't mind paying a free lancing sysadmin to set everything up but I don't know where and how to find one I can trust. Just keep in mind that it won't be cheap. I charge $85/hr for freelance networking services. Highly experienced windows guys probably charge similar rates. caberham posted:
1. This can be done with a network share. I have an "S:\" drive on each of the machines on my LAN that is mapped to the same network share for this purpose. I just keep everything in the S drive instead of bothering with the My Documents or Desktop folders. 2. The users bit can be done with AD. This will work fine over a VPN. Just keep in mind that you will need the "Pro" version of Windows on all of the client PCs and you will need to run your own internal DNS as part of AD. For the backup part, see point 1. 3. A VPN is the perfect solution here. Stick the guest wifi on its own VLAN and you are all set. 4. See point 1. 5. There are like a million places on the internet that will let you do this for free. Antillie fucked around with this message at 16:05 on Sep 2, 2016 |
|
#
?
Sep 2, 2016 16:02
|
|
|
|
| # ? Apr 19, 2024 09:03 |
|
|
Lolcano Eruption posted:Sigh, why is 5GHz so much worse than 2.4GHz? Obviously, for wavelength reasons and whatnot. But if the new tech moving forward is going to be 5GHz, it feels like a step backwards. Wasn't stuff like beamforming supposed to increase it's range/penetration to 2.4GHz levels? At this point, 5GHz basically requires line of sight and short distance to maintain a connection that is better than a regular 2.4GHz N network. 2.4GHz just works, 5GHz is always spotty. Physics and FCC regulations are cruel mistresses. Beamforming helps to make the most of the transmit power you have but it can't overcome the simple math of (basically) "range = transmit power / wavelength". It really depends on your specific use case, the physical layout of your location, and what else is on the spectrum in the area. Sometimes 5ghz is better, sometimes 2.4ghz is better. Sometimes which one is better changes as you walk around the area. Ideally your 2.4ghz and 5ghz radios will be set with the same SSID and encryption settings your wifi client devices can roam between them as needed based on which band happens to be performing the best at any given moment.
|
|
#
?
Sep 2, 2016 16:11
|
|