Adopting Ubiquity/Netgear for my Upgraded Home Network

I started out by adding my first Ubiquity product to my home network, a $50 ER-X EdgeRouter; I found this to be such a breath of fresh air in terms of the UI, Vyatta OS. The fact that all the configs are stored in a JSON-esq file is just fantastic and the CLI is pretty decent once you get the hang of things.

I’ve got some fairly advanced firewall/NAT, DNAT configs running right now and my only complaint is that I probably should upgrade to a more powerful version of the EdgeRouter.

My second addition was a TOUGHSwitch 8-port PoE, and was actually my very first ‘managed lvl2’ Switch. I’ve tagged some VLANs and am currently running 2x G3 Bullet cams directly off it.

I also picked up an entire 1000m spool of ToughCable Carrier and have been running the bulk of the runs inside and out with this cabling. The quality is incredible; the local chepo cabling just wouldn’t have survived the outdoor runs. For jacks, I’m using the recommended TC-100 Ubiquity shielded RJ45 jacks as well as some EZPRO RJ45 jacks that are shielded.

2x UAP AC-LITEs are also running at home. Between the UniFi ‘Controller’ and Video software, so far I’m pretty happy with the upgraded network.

As for the Netgear equipment I’m using:

• Netgear ProSafe 1u 24-port GigE Switch (unmanaged)
• Netgear ProSafe 8-port GigE Switch (unmanaged)
• Netgear Nighthawk AC3200 (R8000) // now, mainly a repeater.
• Netgear Extender EX6200

The Nighthawk and EX6200 were ‘core-components’ for over 3-years, which are now just used to extend the network to parts of the house where I do not want to run cabling to.

Recently, I also added a Linksys WRT AC3200 which I’ve flashed with dd-wrt; this is running an OpenVPN client and all wireless devices that connect, are protected from ISP-snooping.

I plan to make a further upgrade in the form of a dedicated pfSense + Suricata box, but this project is temporarily being delayed. More details in the associated thread.

Maybe I missed it… Is there a question here?

Apologies - I thought one could post here in a similar ‘build-log’ style.

Well, if a question should be asked - should I bother replacing the EdgeRouter with the pfSense box? The approach I plan to take is to ‘gracefully’ introduce it, with the least disruption - i.e. EdgeRouter > pfSense > protected inner network.

I suppose, later on I could phase out the need for the EdgeRouter

The only networking stuff I like better than my Ubiquiti access points is my pfSense router.

Just remember that VLAN handling on other routers than the ER-X is lacking, and it’s only working on the ER-X since it’s all software.

The other ER units have software bridging to get around the VLAN issues (each interface gets its “own version” of a given VLAN), so if you do upgrade your router from the Ubiquiti range, consider also getting an edgeswitch to put everything behind, so you get proper tagging Edit: oh yeah, you configure the “VLANs” (subinterfaces), but only the ER-X can do VLAN tagging. Forgot about that… also, for each subinterface you have to make a bridge, so if you have five VLANs, that’s five bridged interfaces if you want/need to bridge them all.

The nice bit with Ubiquiti equipment, is that it broadcasts (or otherwise, I haven’t read up on it) the Unifi controller, so if you have UAP’s on different VLANs/subnets, you don’t have to ssh and do set-inform.

What you could do, is use the pfsense box as a firewall and to manage all other network services, except routing and NAT. That way, you can play around with pfsense until you’re happy with it, and still have a working internet on the rest of the premises.

I personally have an ER-PoE at home, and have it set up like so:
Eth2-4 can be configured to be (hardware) switched ports, so luckily between my EdgeSwitch and UAP, I avoided any issues with the VLANs.