I’m a full remote working system admin/developer (devops). I do a lot of work with containers and kubernetes, so I’m constantly pushing images between 500MB and 1GB in size to both the public internet, and to private repos via a VPN.
I have moderate Cisco IOS experience. I know how to setup both routers and switches. VLANs, ACLs, and SPF (BGP is outside my skill set).
My wife is a full time twitch streamer.
Both of our machines and the NAS have a wired connection.
We have 2 kids that use the secondary wi-fi while we work for home school and for post-school entertainment.
We currently have 2 ISPs running traffic for our home. My wife and I use one of them dedicated for work (tax write-off), the kids use the other one.
Currently, our work network only has 3 devices (occasionally more for game consoles connected to an unmanaged switch in my wife’s office). Each of our PCs and a NAS.
Requirements:
2 ISPs
Our work machines on an isolated network (I sometimes moonlight for her, and she’ll need to hit my VMs for something).
Kids/Guests/Chromecast/Consoles all on the secondary network.
Wi-fi access to both networks individually.
Automatic Failover WAN for the work network. Ad-hoc failover for the secondary network.
Support for an unmanaged switch in my wife’s office for her PC and consoles.
Both networks should have access to the NAS.
A strong reliable WAP for the secondary network. The work network can have low power since it’s hardly ever used wirelessly.
< $500USD for the full setup.
Thoughts (Tell me what I should be doing, and if I’m wrong):
I’m almost certainly going to get a Cisco 2960g for the switching.
On the fence for pfsense vs a Cisco 2911 (pfsense on a Dell 2950/R710 with 4 NICs).
If I go the pfsense route, I’d want to run it in a VM so I can use the server to get my wife’s services off my machine.
What WAPs should I be looking at for this network? I live in a 1-story 2,000 sq/ft house, so I’ll need decently high power to cover the house.
Are there WAPs that support 802.1q per broadcast id?
Just mainly looking for input on the router side, as I don’t know what all features come on second hand cisco routers, and I’m not familiar with pfsense at all. I also need input on wireless gear as I’m just a normal consumer of wireless (It has to work, and work reliably. I don’t care how).
My post was too spicy so I’ve been forced to edit it.
1: use whatever VLAN capable switch you want. you’re on your own regardless of what you choose.
2: pfSense is better than dealing with Cisco. Good luck with updates outside of contract unless you want to put pirated IOS on your equipment. Piracy is wrong and you’ll go to hell for it
3: pfSense in a VM is fine.
4: I like Unifi. I have 802.11n access points at work and they’ve been great over the 5 years they’ve been installed. I’m well impressed.
5: 802.1q: I’m unclear on what you are asking about. 802.1q is required in order for a WAP to serve multiple BSSID to multiple networks, without having them all in the same broadcast domain.
Really, I think it’s inappropriate to ask an amateur community to spec out your business network, but that’s just me. Clearly this is a business network, and your business should be able to afford professional service if you require this level of complexity.
I’ve been considering this and as time goes on, I want to come home and not deal with more tech issues. That might be something to consider?
On the WiFi side, you might consider Ubiquity, no doubt you’ll get a few people here who like them.
On pfSense, I think there’s the potential for a few quirks when virtualised, but as far as im aware they are well documented. pfSense is possibly a good choice, if you already have the hardware its cost effective, and reasonable easy to maintain depending on what you use it for.
Keep in mind 2.5 looks to require AES-NI, so you need to keep that in mind for future support.
Outside of “turning it off and on again” when the ISP does something crappy, I don’t wanna touch it. I can do network ops stuff. I don’t WANT to do it. Especially after 5pm. Also, I travel a lot, so it has to be brain dead easy, so I can have my wife or kids just power cycle and be back online.
Good info. I have a lot of co-workers that swear by them, and I hadn’t even considered it, because I threw them in with the same crowd that loves apple products. Looks like the price is right, and they have a long range model with vlan tagging support. That’ll do quite nicely. The price is even right.
Yeah, the little bit of research i’ve done on pfsense seemed to indicate that inital setup on virt is a bit more involved, but it was well documented.
I don’t but i’ve been contemplating buying a machine to run my wife’s services. Getting tired of having my RAM eaten during my free time. So I figured I’d just write off the server for both a router and her integration stuff.
Super helpful! I was actually looking at the 2950 a LOT harder than the R710. Glad you said that, or I woulda been completely hosed.
If you think what I asked for is complex, god help you in a business network. I’m asking for 2 VLANs, and failover WAN. I was giving background on what my network should look like and what I’m considering. My experience in Cisco only networks was possibly leading me astray, and I wanted some input. I wasn’t asking for someone to run me through enabling my switch, configuring the VLANs, setting up the ACLs, setting up SLA, or any of the other myriad questions someone with little to no experience in networking would ask. What I asked was for recommendations and sanity checking.
It’s your right to be indignant, but, if you’re going to take the time to write not one, but two indignant posts, you might as well READ what you’re responding to. The first line of my post alone should tell you that I’m not some tinkerer playing around.
Finally, while the majority of the people in this community are amateurs there are those of us who are professionals (at one point, it seems, you could be included in that group). Those of us who like lending a helping hand after decades spent working our way up from the bottom. Yeah, I’m not too proud to admit when I’m a little out of my depth, and ask for advice from a community that has proven time and time again to be FULL of insight.
A year ago, you decided to do the same when you had a simple question about PTR records, and people did their best to help you understand the problem you were facing. Someone with your apparent expertise in telling people how fucking stupid they are, couldn’t figure out who owns DNS records for the IPs for his hosted VPS. For some reason, though, when I ask about network gear for my house, that’s a step too far? Get your act together man. Just because you’ve seen a thing or two in your 40+ years on this earth doesn’t mean you have to be a dick to every single person you talk to. If you took a second…just one entire second, to think before you speak, MAYBE you could unsub from the incel subreddit and not live in your perpetual feeling of unfounded superiority.
It may be worth looking into solutions that are a bit more “everything you need is there and here’s one place to manage it all easy” Cisco isn’t exactly the shining example of easy to manage.
You could for example go for an all ubiquiti outfit, easy to manage, reasonably priced, you lose some advanced features that might be in cisco equipment, but gain manageability and price potentially.
Mikrotik are also another option I’ve been looking at on the network side of things. I had considered cisco for example but its just overkill, and unmanageable for my needs (my needs being I want to have it easy to manage without expending lots of effort).
Considering the budget through, if you’ve already got the cisco stuff laying around you may as well spend the time setting it up (if you want to).
Oh also, don’t go for the long range ubiquiti APs, ive read that these are intended for long range in open areas. Read up on them at least.
I generally will be the first, and last person to say, Go with a dedicated machine for PFSense.
It doesn’t have to be all powerful, or a big machine. It just needs a couple gig ports to act as your outside and inside connections.
Now, that being said.
You can pick up small form factor machines that can run PFSense quite well, and you may only need to add an Intel Line card or two (you can get quad cards for relatively inexpensive)
It may take a little bit of tuning, but it has all the features you need, and will likely rarely if ever need to reboot the machine to get things working. I had a PFSense machine run for almost three years in an office environment before it started having problems, and those issues were hardware in nature.
The other option you can look into is an Ubiquiti USG or USG-pro. They tie into the APs and make managing extremely easy.
For WiFi, I would get an Ubiquiti Access point. Depending on the size of your house, You may want two for full coverage.
If you are looking to have AC radio support, I would suggest the UniFi AP AC Lite or the Pro, depending on if you need maximum bandwidth.
Ubiquiti APs can support multiple SSIDs and they can be VLAN tagged on a per SSID basis.
Yep. I do router on a stick in my environment. 3 WANs and 4 LANs. I don’t do much intra-lan routing so I’m not hampered by bandwidth, but that might be something to consider.
