Home networking advice - 1Gbps symmetrical

Hi forum dwellers!

I’ve moved into a new home and am trying to figure out my network situation (also need furniture, but that can wait).

==Core ask==
Please provide suggestions on network hardware and structure to accomplish the following goals

  1. Take full advantage of the symmetrical 1Gbps connection, and remove most/all internal bottlenecks
  2. Run any higher risk devices (IoT, mobile phones, work computer, etc) on a separate/isolated network than my core devices (NAS, desktops, notebooks, etc.)
  3. Get solid wifi coverage across 2 stories, 2500 sq ft home

==Context==
I’m currently setup in the following manner:

Note 1: The Google Fiber network box is a corner of the garage, far from any outputs. There is a Cat5e cable that they managed to get to a patch panel in an almost inaccessible spot of the house, which then connects it to an upstairs room of the house. I have the PoE injector in this top room, with the router providing WiFi to the house, and it works OK, not great.

Note 2: I tried running all of the mobile devices & IoT on the Guest Network of the Netgear XR500, but I couldn’t set up a single device on it. It’s like the devices couldn’t communicate with each other.

Note 3: I have a couple of Google Wifi router/aps, and also set up the same config but using its Router + AP/mesh setup. The wifi coverage was awesome, but also couldn’t use the Guest network to put the IoT & mobile devices on, same issue persisted where they can’t seem to communicate with each other.

==Budget==
Trying to keep this under $700.

==Strech goal==
I’m going to be preparing the CCNA next year, and will likely be practicing labs on GN3 or other virtualized setups (trying my best not to become a Homelabber!)… however… if there’s specific HW that is not complete overkill and helps get more acquainted with the concepts, interfaces, terminology, or best practices, I’m would much rather buy ‘that’ hardware (even if a bit over budget).

Thanks in advance and happy to provide extra details if needed!

Have you tested what speeds you are getting on your wired connection? Are you getting your full 1gig up and down or are is this your first bottleneck? You won’t get close to that over WiFi but at least you should be able to get that on your wired clients. Have you got a switch that supports vlans? Also does your router support vlans? I’m not familiar with that Netgear device.

@lockharj What do you mean by trying not to become a Homelabber? I did a quick google search and found a Netgear support article that gives instructions on setting up a guest network that I believe is your router. NETGEAR Support How do I set up the guest wifi on my Nighthawk Pro Gaming Router? I know you wanted to set up VLANs for your wifi devices but doing a quick read on your router manual, it looks like the router has minimal control of Vlans.

@StanSmith I did a quick google search, and if I found the right switch, @lockharj switch is an unmanaged switch, so no Vlans set up.

Routing

option 1: recommend A raspberry pi 4 + TP-Link ue-300 running OpenWRT can do 1Gbps up+down simultaneously (e.g. iperf -s ..).

It can do all kinds fun IPv6 and 6to4 nat things with jool.mx for your slow iot things, VLANs and VXLANs and so on… very flexible, do whatever you want basically.

Faster than that (e.g. you want high speed across VLAN firewalling, in addition to internet routing, or super fast OpenVPN or some strange man in the middle filtering you have.

a step up: Odroid n2+ … and a 2.5Gbps USB3.0 RTL8156B nic.

a step up (somewhat up somewhat sideways): various Apollo lake atoms, J4105 because maybe you can get faster PCIe nics.

another step up, microatx motherboard with a cheap 10th gen i3, which you could beef up even more maybe put some HDDs on there ditch Synology or use a second backup.


Wifi

For WiFi, for the surface area of your house, Ubiquiti Unifi U6-LR will do, you’ll probably need at least 2, if you have lots of weird walls and no shortage of ethernet cables then maybe 4x U6-LITE might be better.

Wired backhauls only, mesh is always meh unless your expectations are very low.


Switching

I like Unifi because then I can manage the main 24port and a tiny 5 port usw flex behind the TV the same way, there’s nothing fascinating about switching in a home setting - you figure out how many ports you need and where your cables are and what you’d like to see POE powered and pick it out.

Hi @risk, I thought the Pi 4’s CPU wasn’t powerful enough to handle 1Gbps traffic, nice to know that might not be the case.

I am also preparing for the CCNA exam next year. I hope to take the CCNA exam next spring or summer. I use GNS3 and Vmware Workstation pro 16 (GNS3 doesn’t have a hypervisor, you need to provide your virtualization software from a list of supported hypervisors). The choices hypervisors that work with GNS3 are as follows: VirtualBox, VMware Workstation and Fusion, VMware ESXi, and Microsoft Hyper-V. I have used Virtual Box and Vmware Workstation; I haven’t used the other hypervisors. Suppose you use GNS3; better stick to the Windows version of the supported virtualization software. I have had nothing but trouble with the Linux version of Vmware workstation Pro. Every time I update my Linux system, the update breaks Vmware’s networking solutions and requires an uninstall and a reinstall of Vmware Workstation Pro, even when the update doesn’t have anything to do with GNS3 or Vmware. I will now create a new paragraph to answer your questions about what hardware you should purchase.

I like @risk’s idea of a Raspberry Pi 4. According to Risk, you should end up with a router that fulfills your router requirements for under two hundred dollars. But, of course, Lockharj would need another piece of equipment because Pi 4 wouldn’t provide the WiFi speeds he is looking for.

To fulfill Lockharj WiFi requirements, I would look for a product like the Ubiquiti Unifi U6-LR but a lot cheaper. Unfortunately, Lockharj might not find a more inexpensive solution because he might need to purchase more access points to cover the same area as fewer Unfi access points.

Since Lockharj will be studying for the CCNA exam, I would purchase a used Cisco switch and router; there isn’t anything wrong with an Unifi switch. However, since Lockharj is on a budget, My advice is to purchase Cisco equipment instead of Unifi equipment. Just make sure the Cisco switch is a smart (managed switch)L2 device.

Now to talk about what to use GNS3 labs. There is currently four option for Cisco Lab work. Option one Cisco Modeling Labs - Personal, Cisco’s propriety virtualization solution allows you to set up twenty simulated nodes in the cloud. You purchased virtual images of discontinued Cisco equipment and ran them inside GNS3, but Cisco has stopped that, and they are no longer available. Option two is GNS3 and use a different virtual router and switch images. I currently use this option for my GNS3 labs. I use Pfsense (firewall software that can do some level 3 routing.) as my lab router. I am considering purchasing my own discontinued Cisco equipment. I haven’t yet because work demands a large portion of my time, so no time to study, but soon job will be less demanding of my time. Option three, Cisco Packet Tracer, is a network simulation software that simulates network traffic, but unlike GNS3, you can’t connect the internet to Cisco simulated equipment. Finally, option four purchased physical discontinued Cisco equipment. If you have any questions, please feel free to reach out.

Hi @StanSmith ! Not really a bottleneck at the router level. Measuring at the router stage (after Cat5e from Network Box > Patch panel > Router) gives me 865Mbps download, 862Mbps upload. I’m assuming bottlenecks may happen:

  1. My budget switch right now may not perform at 1Gbps, even over ethernet
  2. Using wifi from the other end of the house, signal level shows as ‘65%’ (not sure what that means in terms of signal or throughput degration)

I’m having trouble testing this even, because the XR500 has some QoS settings by default, and I just don’t know what’s “slower by design”.

On the VLAN aspect, no the XR500 doesn’t support them, just main network / guest network.

haha, and circle back and reframe the ‘not becoming a homelaber’ as ‘sticking to the $700 budget’

I did try the Guest network, but it won’t let me set up the Google Home Minis, cast to a Chromecast, and other inter-device comms limitations… seems like it treats it like a public network and hides devices from each other.

1 Like

I have found being a homelaber is more fun than watching Television or playing Video games. :laughing: But you are right; it can be a costly endeavor. I started my lab last Christmas, and already I want to add Cisco equipment, two Unifi access points, and another equipment rack. So I can understand why you don’t want to catch the Homelaber Bug like me.

Thanks @Shadowbane ! I already have a pi4, so I’ll give it a shot at repurposing it in the meantime & TP Link adaptor is here tomorrow.

Great to hear Win10 is going to work out for the CCNA practice env, I’ve been trying out Linux distros and have already wrecked my UEFI past repair… so many records… PC is insecure about turning on already haha. I feel GNS3 (virtual router and switch images) + Vmware ESXi should be easy enough to get together.

Hi @risk, def trying the raspberry pi 4b solution + tp link dongle. I had an issues using the OpenWRT image + Raspberry Pi imager (image failed during validation), but got past it using Rufus instead.

I like the 2nd step up, I have a spare 8700K with 32gb ddr4 which would be overkill but free to deploy.
=> If you have any suggestions on a network card that would be appreciated… I really can’t even tell a realtek apart from an intel one

On the wifi part, I’m going to the attic tomorrow to have a better look, I’m a bit scared of running ethernet though the walls since it’s a new house and don’t know how hard/easy it will be.

On unify switching, I assume the suggestion is to use the existing cable run to the router, then run a singe cable to the unify switch, where I could setup a vlan for the mobile devices + IoT and one for the computers? And in turn run 2 more cables to the APs you mentioned with POE? What switch model would that be, Switch 24 PoE? Seems to be one of the only items they have in stock currently

Thanks for the detailed advice!

Great to hear that it’s entertainment, I don’t mind losing money in the casino since I know that’s what I’m committing to do the moment I step in haha… this seems to be the same, and I’m not ready to step in :smiley:
I also have my second kid on the way, due December, so bad timing to start a new hobby.

Fingers cross it’s a single story + attic … Even if not, totally worth running cables to hardwire stuff. Best of luck. Congrats on a new home.


So, … it doesn’t make any sense to run one ospf area for kitchen devices and another ospf area for your bedroom, or to deploy 802.1x over a 6ft long cable going behind your desk, just so you could practice setting it up to pass a Cisco cert test. If you end up trying to deploy every single bells and whistles networking concept to your home, you’re more likely to just make your home network unusable and add the stress of fixing stuff to your life which will slow you down in your goal of getting those certs so you could grow your career hopefully.

There’s some really good stuff about CCNA/CCNP/CCIE tracks which is the core concepts behind how some of the networking stuff works, the comprehensive look over what is everything that exists and what are the problems all of that stuff solves and then in an oh-by-the-way if you happened to have a network of Cisco devices here’s how to use. GNS3 and packet tracer are really good about letting you try stuff out.

When it comes to physical hardware, at the end of the day there’s isn’t anything Cisco equipment can do, that you couldn’t do on Linux… in fact it’s usually the other way around. Professionally, if you end up in a place that has big networks, you’re just as likely to run into Juniper or Arista or some other vendor that may or may not be cheaper and may or may not have a perfectly compatible functionality set.

At the end of the day the cert will not help you design the networks, what you end up taking away from having to learn for the cert will.


As for 8700k as a Surricata host. I think it might be better to keep it as GNS3 packet tracer box … maybe a proxmox / docker host if you want to play with cloud networking stuff.

Thanks @risk , unfortunately 2 floors and a lot of scorpions in the attic. It’s going to be an adventure.

I’ve been looking at craigslist and FB marketplace for Cisco HW but no good finds yet, especially nothing with PoE capabilities.

@risk I’ve started setting up OpenWRT, I’ve been following this YT video:

Would you approve or have any other guides you would suggest?

It’s a pretty well made video, it shows a bunch of stuff that you don’t necessarily need to follow and can mix and match. It needs a summary of some kind.

I’d skip the Ubuntu VM partition resizing and I’d do resizing later at some point in the future in openwrt directly.

I’d have perhaps tried to make better use of the built-in wifi nic, crappy as it is for accesspoint use, it’s probably good enough for use as an admin wifi network.

The reason for making it connect to an existing network as a DHCP client, is so that you would be able to download the package containing the drivers/kernel modules for the network.

The guy in the video is installing a package called kmod-net..asix..; which contains kernel modules for asix USB chips and those chips and drivers are not as efficient as the UE300 ones ; the TP-Link UE300 needs the kmod-net-rtl8152 which are actually really good… (e.g. you can traffic shape at gigabit speeds with hfsc at <15% CPU used easily)

Yes, You should have a more effortless experience than I did going with the above setup. There is a YouTuber called David Bombal. His videos have been a great help to me. He has a few Gns3 series videos; the only problem with his videos is that they are designed for Windows, not Linux. So I have to figure out how to follow his instructions using Linux. Nevertheless, David Bombal’s videos have helped me by getting my brain working.

What @lockharj should connect an ethernet cable from a lan port of his router to his switch (Unifi, Cisco, or whatever) then connect access points to his switch. For his computers, he would connect them to his switch. Yes, the switch is where you would create your VLANs. I have uploaded a picture of my network so you can get a better idea.

The little black box sitting on top of the table is a Netgate appliance (Pfsense) acting as my router/firewall. The smaller silver device is an Unifi Wave 2 Cloud Key. The silver device is my Wave 2 Unifi level 2 16 port POE switch. The last device is a power strip that provides the power for my devices. The switch and power strip are contained inside an 8u rack.

1 Like

How come you’re using the cloud key? (e.g. as opposed to running the controller on pfsense or in the cloud)

@risk I purchased my equipment over time, purchased my switch, then my cloud key was going to buy an Unfi gateway but heard Pfsense had more options, so I bought a Netgate appliance instead. I just checked the Ubiquity store you can no longer purchase an Unifi gateway. It seems they want you to buy a Dream Machine, which I won’t purchase. I didn’t know you could run the Unifi control software in Pfsense. I might look into how to set up the control software. I assume the Unifi control software can’t be installed from Pfsense’s web interface; it needs to be installed from the command line. I’m not particularly eager to run any software in the cloud. I prefer to host network control software locally. So I am not a big fan of the cloud.

… sadly no. It’s technically possible to make a package that works be installable through GUI, but for whatever reason no one has done it yet. (Devember?)

For typical use cases it’s not critical for a controller to be reachable all the time, e.g. it’s common they one household member just has it installed on a laptop and only fires it up for updates once in a while. WiFi APs and switches will keep operating with their latest configuration without the controller even when they reboot. You do lose captive portal support, statistics and scheduled upgrades without the controller running.