Return to

Network design for 50+ people


Only if you use bad equipment and/or don’t evaluate the radio environment. RF in general I would agree, but Wifi is really not that complicated anymore.

Ubiquiti is fine up to a couple of hundred users. We manage around 250 sites (thousands of users and guests) on a single Unifi controller, though management does get a bit slow when provisioning. One UAP-AC-Pro covers about 1000 sqft in a typical scenario (25-30 users), but can reliably service a larger area with 40-50 users without any calls to service desk.

Cisco Meraki is very nice for office spaces and provide great throughput for more demanding scenarios.

Huawei and Ericsson have alot of great wireless repeaters, if you have ISP contacts or a really nice supplier.


Doing what tho? Light web browsing? Someone emails the latest viral cat video and everything goes to shit. Things only get worse if you’re accessing a file server.

At 50 users you’re going to want at least a 10GigE pipe from the switch to the file server, nevermind the rest of it all.

I have 200Mbps for 15 users and I’m already over-committed in my opinion just for the interwebs.

The situation OP is in sucks. And I don’t think he can make it work without changing expectations.


I’m straying from the topic now, but:
I think you should seriously analyze where your 200Mbps goes to, and either make a case for increasing capacity, or seeing what you can do to keep that traffic inside the office. Caching could be a good option for the latter.


I work in a 20 story building in LA. We don’t have any options for more bandwidth.
(this is the state of the internet in America)

It’s not 2003 anymore. SSL everywhere means that caching doesn’t work anymore. I know, I tried it and got jack squat for the hassle.


Just a note for going with a pfsense setup. Pfsense will start requiring processors with AES-NI starting with version 2.5 coming sometime in the next year or so.

I have been running Watchguard firewalls for over a decade and I am a big fan of them for what they give you for the cost. Right now I am running an M400 and its been great.


While i dont want to derail the topic, but as a novice who was planning on playing with pfsenese in a VM envorinment, why is it not so good?


As far as capacity goes on our network at 100up & down is enuff for now. We can upgrade to a gig if need but after monitoring the network usage we rarely get up to the full 100Mbps. Most of the large traffic is internal file transfers 10Gb+.

My priority right now is getting the wifi stable. Not fast, stable. Right now it is dropping people at random points, but when you’re connected it’s fast enuff for most things.

The other thing is I’m getting rid of the awful home router that’s running the whole thing with the Netgate SG-8860.


There is nothing inherently “wrong” with running pfSense as a VM. In fact, this is a perfect way to play around with config options and do testing. There are admins that will even run pfsense like this in a production environment. However, if you are running it as a VM, I would assume you have other VMs on that host. You will also have the hypervisor of whatever flavor you chose. All these moving parts adds complexity to the configuration. While I have seen network setups that run smoothly in a completely virtualized environment (only physical networking gear are switches and APs), I have seen others brought to screeching halt due to a problem with resource allocation on the host, an issue with the hypervisor (snapshot left for too long and ate up a whole datastore for example), or the host hardware. As for benefits of the firewall being physical, I argue that it decreases attack vectors, uses dedicated hardware, and is physically between your local network and the internet. I say the latter because I’ve seen virtual network configs that continued to work even after virtualized firewall stopped working due to other configurations on the hosts. It was a period of time before someone realized the problem and was able to fix it. That wouldn’t have happened easily if it was a physical box.


Hmm interesting, thanks for the info. ill keep it in mind when i start to mess around with that.


What @DigitalBytes said about sums it up. @RotaryWombat

If you are running an entire virtual system and put your firewall as a VM, and your VM host has a problem, you chance losing connectivity to your firewall, and everything else. Also, even if you do hardware pass through for your network devices that the Firewall will be using. It’s still sitting on top of the Hypervisor, and the host machine is physically outside your firewall, and if there is some exploit that is discovered later on… you get the idea.

If you want to poke around inside the PFsense OS and see what it’s capable of, by all means load it up into a VM.
I would argue to not use it is a production environment.

The main reason I say to use a physical piece of hardware is, as DigitalBytes said, decreases attack vectors, and segments your firewall away from your other hardware/servers and such.

While PFsense is based on FreeBSD, and FreeBSD is a computer operating system. When you are using as PFSense, it’s best to think of it as a Networking appliance and not a “computer.”

PFSense’s base functions as both a firewall and a router. Both are designed to segment and protect your networks.


OK, so my work network is now much better and much more stable. Thanks for the help. Just one last question off topic but somewhat related. What is a good 1u ish pfsense router for my home? IE under $300? Any threads or products to link?


You could probably build a custom one for pretty cheap using ebay parts. i know they can be built for very cheap using retired server hardware. Alternatively, if youve got a desktop kicking around, just add some intel NIC’s and install pfsense.
Here’s my personal one. Just replace the case for some sort of cheapo 1U/2U case and youll be golden.


Interesting topic. I love to here how it turn out and what worked.


OK, so update. The 4 Unifi AP-LR’s are running great right now with 42 clients. I’m getting around 11 clients per point and getting a speed test of 40Mps Down and 100 Up. The Pfsense router is working like a champ.

Thanks for all the help guys.


Note: they would not approve a new switch and the old one keeps dying. It’s just a matter of time.


Haven’t read everything, but regarding the switch - Whenever it fails, The Cisco Small Business Line e.g. the SG300-48 would be perfect for your use case!



Not a good spend for 2 of those, (his org’s to small to benefit). ES-48-lite is between 1/2 and 2/3 of the price and has a pair of 10G uplinks that cisco doesn’t.


Depends on the use case - the Switch you are refering has a much lower switching capacity which could become a bottleneck with the 10gig Upling


They claim 70Gbps of throughput for the es-48-lite, (50 gigabit ports+2x10gbit ports adds up to 70). Are you referring to pps numbers?

Btw I’m not saying one’s better than the other, just asking you to elaborate (if it’s not too complicated)


Hi there, it should be 140 so that every port can be used bedirectional. We had the problem at a local lan party with a 100Mbit switch which just failed because the bandwidth dropped too much.

But to be honest, I’d also take the 10Gbit Uplink!