Help with Network Layout for 2-story home

[Trip]

My needs are pretty simple, reliability and performance . [...]Really just want to make sure there is minimal lag in my own internal network between machines while streaming internal UHD 4K at full bit rate, and that I’m effectively utilizing the bandwidth of my service for gaming/streaming across 4-6 clients.

Certainly doable.

First, a note on wiring your APs. Long story short, you want to dedicate whole Cat6 runs just for your remote wireless APs (ie. no APs being run off of your 8-port access switches). That will ensure as little link saturation on the LAN as possible during LAN and internet streaming.

Then, at a minimum, you want to make sure your "core" switch has enough ports and is proven to never be a source of flakiness (baring physical failure). Again, I'd go Cisco SG or HPE OfficeConnect. You can keep your unmanaged 8-port Netgear access switches in play for now.

For the router, again, regardless of whether it's wireless or wired, you want it to be able to NAT at least 1.5Gb/s and handle all the concurrent sessions for ~70 clients, which, if each had an average of 100 sessions to be safe, would be about 7,000 sessions or so. Most any well-reviewed wired router will handle that; example: EdgeRouter 4 (not that impossible to setup, tons of materials online). Or, you could run a pair of high-end all-in-ones, RT-AC86U's or even the R7800's (albeit they have the in-tandem shortcomings that I explained above). Either approach should allow you to meet your goals.

For wifi, if you did two all-in-ones, one as a router, one as an AP, it would be taken care of, built-in. If you do APs, the best bang for the buck might be a pair of $90 TP-Link EAP245 APs, optionally with the OC200 controller for seamless roaming for your wifi phone calling. Other options, per my guide, would be Cisco WAP571's or 581's, which can be run clustered, no extra controller necessary, but they are a fair bit pricier. There's also UniFi, but they can't be run as standalone APs and setup may be a bit complex for your liking.

Again, tons of options, but as long as you follow the above approach, even roughly, you'll have the network performance you need.

 

[trpltongue]

Thanks for the detailed breakdown and suggestions on hardware setup. Let me try to followup with individual sections.

Got it. Thanks for the additional info.

Let's start from the fiber drop and work downstream.

Router - Since you more or less have a perfect setup to run your network core in the closet, I would run a solid wired router there. Considering your traffic and requirements, you definitely have enough download and probably enough upload bandwidth where explicit QoS shouldn't really be required, which means most any box capable of 2Gb/s aggregate NAT will work, like Cisco's RV series or a UBNT EdgeRouter 4. Either will be a solid pick, and they each have their strengths (although I prefer Ubiquiti's Debian-based EdgeOS much more, but to each their own). If you do want to run any services or packages like VPN, QoS or anything that causes routing to have to be done in-software (via CPU), and want to do so at even close to your internet's max rate, you'll need to step up to higher-clock x86 (desktop/laptop) class hardware. I presume you're not interested in that stuff for now, so I won't suggest anything there unless I hear otherwise.

Comparing the Cisco RV340 and the ER-4, I'm seeing nearly the same hardware specs between the 2 and price nearly the same. I definitely don't have any near term need for QOS, VPN, etc. Any reason to prefer one over the other?

Switching - For your L2+ managed core switch, Cisco SG250/350 or HPE 1800/1900 series; UniFi Switch only if you're considering them for wifi and like the appeal of the control and dashboard you'd get in the controller. You want enough ports to connect all your Cat6 runs, optionally a PoE model with enough power to drive 2 or more access points, if you choose to run them. Avoid: Ubiquiti EdgeSwitch, Mikrotik CRS, TP-Link, D-Link, TrendNet, Buffalo and, yes, I'm going to say it, even Netgear. Cisco and HPE (or UniFi with caveats) are where you want to be.

I do think I'd like to have P0E to run up to 6 cameras and 2 AP's. I'm seeing the HPE 2920-24G-PoE+ used on ebay for a lower price than a new Cisco SG250 and it seems to have a lot more performance. Thoughts?
If I end up with Unifi AP's would I be better served with the less powerful Unifi 24-250W Switch?

For wifi, if you did two all-in-ones, one as a router, one as an AP, it would be taken care of, built-in. If you do APs, the best bang for the buck might be a pair of $90 TP-Link EAP245 APs, optionally with the OC200 controller for seamless roaming for your wifi phone calling. Other options, per my guide, would be Cisco WAP571's or 581's, which can be run clustered, no extra controller necessary, but they are a fair bit pricier. There's also UniFi, but they can't be run as standalone APs and setup may be a bit complex for your liking.

So there's your high-performance network, with a few different choices of gear to pick from.

I like the setup of having separate Router, Core Switch, AP, so would prefer to go with 2 AP's. Looking for stability here and coverage. Does 4x4 make a difference here, as the Unifi is the only product listed that offers 4x4. How about wifi phone roaming with the Unifi/Cisco vs the TP link? I don't mind spending the extra money if it buys me reliability / practical speed, but don't want to spend money for nothing

Soooo many thanks for everyone's support so far.

 

[degrub]

be sure and check the power budget provided by the switch on a total basis and per port basis. :Look at the device peak power requirement and voltage.
You can always use separate power injectors if you need them and don't require a POE providing switch. just eliminates a wall wart and wires.

not many 4x4 devices out there yet.

 

[Trip]

The ER-4 and RV340 are actually fairly different in underlying hardware and software. The ER-4 has a 1Ghz MIPS chip, which is faster at most kinds of routing-related math than the 1.2Ghz ARM-based chip in the RV340. You need not really care about that, though, because as long you just setup each router as a plain-Jane NAT router, with no special in-software services or packages running, then all traffic will remain hardware-offloaded (to a special NAT-acceleration chip) and you should see full throughput from both products. That said, they are based on two completely different Linux development firmwares, which again, you don't need to care about so much as understand that the RV is much more locked down and feature-limited, but it's also a bit more approachable and easy to use, being all Web-based, versus the ER-4, which allows for a lot more customization, as well as even installing custom Debian packages, but whose Web interface has only perhaps 80% feature-parity with the command line interface (CLI), which is still required for certain feature access, though you generally don't need to touch the CLI just to get a basic config up and running or make basic changes. I do prefer the ER's over the RV stuff, but if simplicity and/or end-user support direct from the vendor are two things you care about more than superfluous features you likely may never use, I'd go for the Cisco. Just make sure you update to the latest firmware, reset to factory default (twice for good measure), then configure away.

Regarding refurb or working-pull enterprise switches, yeah that's a total possibility and you can get some really serious firepower on the cheap. That 2920 is real HPE ProCurve (now HPE Aruba), which is much more robust and mission-critical stable than even their OfficeConnect stuff, and has a true CLI beneath it. On that note, though, it is best setup and managed via CLI, although there is web GUI, but I would say it's mostly secondary in nature. If a CLI doesn't phase you, and/or you're willing to learn, I'd say, yeah, the whole world of refurb'd enterprise switches has just opened up to you, and not just HPE. Cisco Catalyst (of course), Juniper EX (my favorite), Brocade, Extreme, Allied Telesis, Adtran -- there's a ton of solid stuff for dirt cheap on eBay. Just be aware, though, since many are meant to run in datacenter type environments, they can often be power-hungry, very warm and/or have noisy fans. If you go that route, pay special attention to that stuff to make sure you don't end up with too much of a Harrier jet, pancake griddle or electricity-hog for your home environment.

If you do end up with UniFi APs, I would say, yes, it's probably worth running a UniFi switch, as truth be told, they're decent L2+ managed switches, have a fairly friendly interface and, most importantly, integrate with the UniFi controller for single-pane-of-glass management of your entire access layer from one control panel. If running other APs, though, I would say you can do better with Cisco SG, HPE OfficeConnect or a true enterprise switch on the cheap.

4x4 (and 3x3 for that matter) only make a difference on your APs if you have corresponding 3x3 and/or 4x4 client radios to match. Most typical endpoints are either 1x1 (IoT, tiny embedded stuff, and the cheapest of phones, tablets and PCs) or 2x2 (mid to higher end mobiles, tablets, PCs, etc.). Since there isn't a ton of 3x3 stuff out there, and hardly any 4x4 as @degrub said, I wouldn't place too big a deal on it, unless you know you already have or are planning on getting 3x3 and/or 4x4 radio clients and really want the extra wifi bandwidth.

Hope that helps again!

 

[trpltongue]

You guys/gals are awesome!

The only work I do on the router side now is to setup static IP’s for all my hard wired gear.

I prefer not to have to go into CLI, but I can if necessary. Having said that, I can’t imagine there’s much I would need to configure in a switch?

Part of me wants to just go with the Cisco for the simplicity, but the other part of me is tempted to go the unify route, as the costs are basically the same for the equipment and I get a bit of future proofing on the AP’s.

Having said that, the HPE 2920 is just so damn sexy and sporting 2.5x the switching performance and throughput vs the unifi (128Gbs vs 52Gbs switching and 95Mpps vs 39Mpps throughput), even though I’ll likely never come close to saturating the unifi.

 

[Trip]

I prefer not to have to go into CLI, but I can if necessary. Having said that, I can’t imagine there’s much I would need to configure in a switch?

Oh, potentially, quite to the contrary. Even with the most basic of networks, especially with a freshly reset enterprise switch, the canvas is very much a blank slate, for which you have to create line by line via the CLI, or copy/pasting a boilerplate base config template, involving at least 25-75 commands, often double to triple that. So I would recommend probably staying away from the CLI-first product, if that makes you feel uncomfortable. That's why I do recommend Cisco SG switches, particularly the SG350 series, as they have an almost Catalyst/real iOS like CLI, from which you can learn quite a few commands and really get your feet wet, but yet still actually configure things in the Web GUI when it matters and/or when you just need to get something configured and move on. Kind of the best of both worlds for a beginner/learner.

Part of me wants to just go with the Cisco for the simplicity, but the other part of me is tempted to go the unify route, as the costs are basically the same for the equipment and I get a bit of future proofing on the AP’s.

You'll probably have to do more of your own due-diligence on comparing the two ecosystems. I'll ping @coxhaus so he can add some finals thoughts on Cisco small biz stuff, if it's of any value to you.

Having said that, the HPE 2920 is just so damn sexy and sporting 2.5x the switching performance and throughput vs the unifi (128Gbs vs 52Gbs switching and 95Mpps vs 39Mpps throughput), even though I’ll likely never come close to saturating the unifi.

Haha, you know you're on your way to becoming a true network nerd when you call a switch "sexy". Honestly, for your purposes, either one will likely be fine. The one nice addition about the HPE, is the 2920 was still from the age where, regardless of owner, they will honor you with lifetime replacement (as in your lifetime), if it breaks. They've since amended that on the 2930F's and 2930M's, and all other switches made since about 2017/2018, but there's still a lot of previous gen stuff out there which has been grandfathered in, the 2920 being one of them (95% sure, anyways).

 

[Trip]

@trpltongue - I replied to you but it got flagged for moderator approval, I presume for repeating the word you used, which rhymes with "mexi". I'm sure it'll show up soon enough.

 

[coxhaus]

Thanks for the detailed breakdown and suggestions on hardware setup. Let me try to followup with individual sections.



Comparing the Cisco RV340 and the ER-4, I'm seeing nearly the same hardware specs between the 2 and price nearly the same. I definitely don't have any near term need for QOS, VPN, etc. Any reason to prefer one over the other?



I do think I'd like to have P0E to run up to 6 cameras and 2 AP's. I'm seeing the HPE 2920-24G-PoE+ used on ebay for a lower price than a new Cisco SG250 and it seems to have a lot more performance. Thoughts?
If I end up with Unifi AP's would I be better served with the less powerful Unifi 24-250W Switch?



I like the setup of having separate Router, Core Switch, AP, so would prefer to go with 2 AP's. Looking for stability here and coverage. Does 4x4 make a difference here, as the Unifi is the only product listed that offers 4x4. How about wifi phone roaming with the Unifi/Cisco vs the TP link? I don't mind spending the extra money if it buys me reliability / practical speed, but don't want to spend money for nothing

Soooo many thanks for everyone's support so far.

I would look at the Cisco SG350 switches over the SG250 switches. There are plenty SG350 switches on eBay
at good prices. The benefit is the SG350 switches will do layer 3 on the switch which none of the other switches will do. It is really nice and fast to have local routing done on a L3 switch. But you don't have to use it.

I believe the Cisco WAP581 wireless APs are 4x4. I bought 2 and I am in the process of setting them up. They are young hardware so I expect a few bugs but Cisco will fix them.

The RV340 router has a wizard which will take you through a simple setup. I always use the wizard and then make changes from there. It makes it a fast setup without missing anything.

 

[trpltongue]

Trip,

Thanks for the reply and good heads up on configuring the HPE switch. That’s definitely way more complexity than I have time to learn at this point in time.

I find it all very interesting and would love to be able to learn more about it, but 2 kids in sports and theater means I just don’t have the time

Coxhaus, thanks as well for the good rundown and heads up on the 581 AP’s.

Moving to a Cisco based approach with a 350 based switch and 581 AP’s looks to be about 40% more expensive than Unify, but perhaps a simpler setup process? I’ll need to check for full prices of each piece but I don’t seem to be able to find any used SG350 POE switches on eBay at the moment, which means a pretty steep price for the switch

I’m not finding a whole lot of info out there regarding WiFi handoff for either the Unify AP’s or the Cisco 581 AP’s?

At the end of the day I just want a rock solid setup that reacts quickly and isn’t constantly hopping around slowing things down.

 

[trpltongue]

So, silly question, does Cisco have a unified management console for their hardware (router, switch, AP)?

If so, would it be crazy to mix and match equipment?

Everything I’m reading points to the ubiquity ER-4 router being favored over the Cisco RV340. However, even though people love the Unify HD AP’s, there are quite a few comments about occasional reboots being necessary, whereas the Cisco AP’s are quoted as being “bulletproof”.

The Cisco switch gear seems to be a bit more powerful than the unify, but with somewhat less POE power (190W vs 250W). I’ll need to double check, but I would expect that 190W would be plenty for 2 AP’s and 4-6 4K cameras.

I’m wondering if it makes sense to do:

Ubiquiti ER-4 Router
Cisco Sg350-28p Switch
Cisco WAP581 x2 with LAG

It’s definitely more expensive, but seems to be the most stable. I would also expect LAG to be painless to set up with the Cisco switch and AP setup.

I’d also probably go ahead and setup L3 routing on the switch for local traffic (need to learn more about that). I don’t think the unifi US-24-250w is a layer 3 switch, so wouldn’t be able to do local routing, and it appears to have less switching capability and throughput.

Pricing is more or less the same on the router and switch, but the AP’s are where there is a huge price difference. I suppose I could use the unifi AP and router, but Cisco for the switch? I know I wouldn’t have a “single pane of glass” interface but how big of a deal is that really?

Sorry for all the late questions, but not having any experience with this stuff I’m not really sure what I’m missing or underestimating

Lots of tutorials on setting up ubiquiti gear, but not much out there for Cisco that isn’t targeted for professionals and uber complicated

 

[Trip]

So, lots of good observations and most of your inclinations are correct. Here's a run-down on Cisco's small biz management software, their wireless APs, and my overall assessment vs. UniFi:

---------------------------------------------------------
Regarding the "single-pane-of-glass" concept, Cisco has what I would call a "baby" variant to UniFi's controller, called FindIT, which is actually not a true "controller", but rather a network discovery tool that uses a combination of CDP (Cisco Dicovery Protocol), LLDP (Link Layer Discovery Protocol) and mDNS (multicast DNS) to identify all Cisco small business gear on any linked subnets, building a topology map and allowing single-point of configuration for some basic layer-2 items (PoE, port-based VLANS, etc.). As I said, though, it only allows for very basic configuration, probably <20% of what could actually be configured if you logged into the device itself. So it's much less a "control everything from here" solution than UniFi's controller is.

It comes as a two-part piece of software: Probe and Manager. The Manager you can essentially ignore and leave out for your use-case, which is nice because then FindIT remains free. The Probe is the network-local install that can be run on a PC, VM, Raspberry Pi or, but best of all, it's also embedded and already running on most of the newer SG250 and higher switches and WAP300 and 500 series APs. That's something that so far Ubiquiti has not been able to (or chosen) to offer.

With wireless APs, they can be setup and run as a "cluster" (of up to 8 or 16 units, model-depending) and when all APs are wired-in (and WDS is turned off), can be setup and managed via Single Point Setup (SPS) from a central "master" AP, which propagates the config to the "slaves" on the same subnet. That said, it does have limitations on which properties can be centrally managed and/or handled by the cluster -- no real-time automatic power and channel adjustment, no real-time client packet analysis for per-client roaming optimization. Then again, no other SMB-grade wifi has stuff like that, UniFi included; you'd have to go to a true enterprise controller-based product like Ruckus or Aruba for that level of optimization. Short of that stuff, it does do the basics very well (ex: standards-based 802.11r/k/v for roaming) and the firmware seems to self-heal and stay "bulletproof", as you noted.

All-in-all, the Cisco small biz gear has a few advantages over Ubiquiti is that the functionality that they do offer typically comes out of the oven more fully-baked (ie. not as broken in places), plus all of the gear comes with 1 year of phone support and lifetime NBD replacement included, versus UniFi where you have to purchase "Elite" support extra, just to approach the same level of coverage, and even with that, in general, UI is still lagging on the support front compared to the likes of more pedigreed companies like Cisco and HPE.
---------------------------------------------------------

Moving on to your setup, the biggest advantage of going with a single vendor, especially Cisco, is the support you get all from one source, and that there's as high likelihood that the full stack of gear will all "just work". That said, I see nothing wrong with a mixed vendor stack, especially since that a elusive "single pane of glass" is, as I've demonstrated, a less fully-encompassing in real life (much the marketing department's chagrin) and matters a heck of a lot less for a single SOHO network than it does at the enterprise level. I've run the ER-4 + SG350 + Ruckus in my office installs and they work great together, as should most any router/switch/APs that properly adhere to networking standards. Short of running Ruckus (which is probably too pricey to be worth it in your scenario), either UniFi or Cisco WAP should work just fine. Since you're running the Cisco SG, though, I'd probably leans towards the WAP571s or 581s, as you won't need a discrete controller solution like you would with UniFi (installed on a PC for setup, or on a PC/VM/CloudKey for continued use) and on standalone merit I'd say WAPs and UniFi are much more even.

One note: that the "SG350-24P" doesn't exist; it's actually the "SG350-28P" (due to 4 total uplink ports + 24 access ports).

 

[trpltongue]

Thanks again Trip for taking the time to provide such a thoughtful response.

So FindIT identifies all devices and allows me to access them for limited basic setup as long as I have a device with the Probe embedded. Once I have the IP address of each device I can then log on to individual devices to execute more detailed setup.

Additionally, one of the WAPs can be setup as a master to propagate basic confit settings to the other WAP.

Not as convenient as the Unifi setup which is a bit more of a true controller, but still doesn’t give you 100% control of all the unify equipment.

I’ve been reading through the setup guides and user manuals for the Cisco AP’s and it looks pretty straightforward for initial setup.

Similarly I’ve been checking out the UniFi controller demo and it looks pretty powerful, but *seems* like there’s a good bit of setup/config parameters missing. I likely just don’t know how to use it. I couldn’t see a way to easily add firewall rules like port forwarding for example, or defining static IP based on MAC address.

Cisco offers better support than Unifi , even if I spring for the extra “elite” support from Unifi.

If I go with Cisco router/Switch and then run the Unifi AP’s I would need to run a discrete controller software to access the AP’s versus being able to directly connect to Cisco AP’s. Not a problem, as I run a full time server, but just something to consider.

After assessing the gear we currently own and expect to purchase in the next 5 years, if I go with Cisco AP’s, I likely will move down from the 581’s as we won’t have any 4x4 equipment anytime soon . That will also bring the price differential much closer to 0 as I can leverage used AP’s, or even new lower tier AP’s.

 

[Trip]

Indeed, I think you've got a good grasp on all the options. Now just have to weight them all out on your own and make your decision.

 

[trpltongue]

Indeed, I think you've got a good grasp on all the options. Now just have to weight them all out on your own and make your decision.

Yup!

Off to do a bunch of reading on AP's, L3 routing, and VLAN....then to make a decision

 

[trpltongue]

Any issue buying new Cisco gear on eBay in terms of warranty / support?


https://www.ebay.com/itm/NEW-SEALED...AOSwrR5bibfj:sc:FedExHomeDelivery!77433!US!-1

 

[coxhaus]

Theoretically you need to buy from a Cisco partner. Some advertise they are partner some do not. You might want to ask. I only had 1 Cisco device replaced many years ago. I had bought it from Frys and I had to give Cisco a receipt. They replaced it right away. I can't remember if it was before or after Linksys.

I buy some used and there is no support only warranty. I mean no personal support but they have web support. I think when you first buy new Cisco gear you can call them for 6 months and have personal support. I may be wrong as I don't work for Cisco.

Cisco gear does not die or break, it usually goes EOL with no support. And people quit using it.

 

[trpltongue]

Thanks for the insight! I also meant to ask you, earlier you recommended the SG350 series over the SG250 series switch, but I’m not seeing much different between the 2 other than MAC address entries, max Vlans, and 4 SFP vs 2?

Just curious what I’m missing as I did find a used 250 for a good price, but can only seem to find new 350’s

 

[coxhaus]

Thanks for the insight! I also meant to ask you, earlier you recommended the SG350 series over the SG250 series switch, but I’m not seeing much different between the 2 other than MAC address entries, max Vlans, and 4 SFP vs 2?

Just curious what I’m missing as I did find a used 250 for a good price, but can only seem to find new 350’s

I have not used a SG250 switch. I am sure it is fine. My guess is more people buy SG350 switches.

I have a SG500x-24 which is a 10gig switch which I like a lot. The fans are quiet but not quiet enough for me. I used it at my daughter's small business. The SG550 switches replaced the SG500 switches.

 

[trpltongue]

Thanks again

Our ATT wifi extenders have officially crapped the bed, so I had to place an interim order for a TP Link EAP225 to hold us over until I can get the decision made. We literally have no consistent wifi anywhere in the house except the garage now I'll have to install it Friday when it comes in. Couldn't find a single local store that had any decent budget AP's in stock, everything had to be shipped in. I guess everyone is using wireless mesh systems these days....

 

[trpltongue]

Okay, one last post before I start pulling the trigger on gear

Comparing the following stacks:

Ubiquiti:
ER-4 Router
ES-240-250W Switch (used)
Unifi AC-HD Access Points (qty 2)

Cisco:
RV340 Router
SG350-28P switch (used)
WAP581 Access Points (qty 2)

Cost difference between the 2 is negligible.
My home setup is going to be very basic. At most, a couple of VLANs to isolate iot devices and video cameras from the rest of the hardware. No QoS, no VPN, only 1 Voip drop, etc.

Ubiquiti Pros - Unified Controller software, faster software processing on router (likely unused in my setup)
Ubiquiti Cons - Controller software a bit more complicated than the basic Cisco device wizards, less support, slightly more potential for bugs/reliability (not a big difference here)

Cisco Pros - No need to run separate software, Simple UI for each device, Better support, bullet proof hardware, slightly more reliable/less buggy (not a big difference here)
Cisco Cons - No unified controller, must use same AP hardware within a cluster

Based on the fact that price is not a deciding factor here, I'm leaning towards the full Cisco stack. I do take Trips comments about the router into consideration, but just don't see myself doing any hardcore messing with things on the routing side, so very unlikely to miss the value that the ER-4 could bring in that area. Plus it's easy enough to swap that piece out later if need be

Any last minute reason to talk me out of this setup ?