Spec me some networking kit

[Semple]

This seems to be a popular topic these days.

I have standard FTTC with a Vodafone router (AFAIK this router doesn't have the ability to be placed in bridge mode).

I've got a 1GbE unmanaged switch connected to a patch panel which goes to a few rooms in the house, which covers maybe 10-12 devices. The rest is on wifi (maybe 40-50 devices - lots of IoT).

Wifi isn't horrendous, but can be patchy and slow at times. There's also the issue that the router can't handle all my devices reconnecting at the same time if it reboots, so I have to gradually connect stuff.

I've also been looking to lock down more of my IoT devices, and most typically do this by placing them on a vlan separate from other devices.

What would you recommend? I had originally looked at the Ubiquiti kit, although from a few threads these don't always seem to be well recommended. I assume an AP is pretty much going to be a must for providing the better wifi connectivity. Then a router and a managed switch for providing vlan capability? And finally a modem I can use to connect the Vodafone FTTC to, rather than double-natting with the existing router?

 

[ChrisD.]

UniFi APs are generally very, very good and hard to beat for price. A single one upstairs centrally mounted will cover most UK homes.

Modem wise you'd need a Draytek Vigor 130 or similar, they do also do all in one modems, routers and wireless, so that might be of interest. Or perhaps look at a Draytek Modem plus MikroTik firewall.

There's nothing much wrong with UniFi firewalls for most UK homes, the firmware on the UDM range has come on a long way IMO. Just don't get the UDR!

 

[Semple]

UniFi APs are generally very, very good and hard to beat for price. A single one upstairs centrally mounted will cover most UK homes.

Modem wise you'd need a Draytek Vigor 130 or similar, they do also do all in one modems, routers and wireless, so that might be of interest. Or perhaps look at a Draytek Modem plus MikroTik firewall.

There's nothing much wrong with UniFi firewalls for most UK homes, the firmware on the UDM range has come on a long way IMO. Just don't get the UDR!

Does the mikrotik/Ubiquiti firewall also have routing capabilities? Or is that something separate.

So in essence I'd need:
- modem (Vigor 130)
- router (if not part of the firewall)
- firewall (Mikrotik or Ubiquiti)
- AP (Ubiquiti)

I'd still need a managed switch for setting up vlans right? I didn't think an unmanaged switch would work with that configuration.

 

[ChrisD.]

Firewalls are routers (for home use anyway) in the basic sense, so think of your new firewall/router as one box. And yes, you'd need a managed switch for VLANs. This is where MikroTik becomes a steep learning curve as their UI is pretty basic but confusing, whereas with something like a UDM it's all very, very simple.

 

[Semple]

Firewalls are routers (for home use anyway) in the basic sense, so think of your new firewall/router as one box. And yes, you'd need a managed switch for VLANs. This is where MikroTik becomes a steep learning curve as their UI is pretty basic but confusing, whereas with something like a UDM it's all very, very simple.

What's up with the UDR then? (You advised to steer clear) it looks very similar in terms of features - a bit slower, but also £100 cheaper.

Annoyingly neither have a built in modem, and as it's not rack-mountable it would mean having both a modem and UDR/UDM on show. Or you stump up £400 for the pro. It suddenly gets quite pricey when you add in an AP and managed switch + of course the modem.

 

[Vince]

This seems to be a popular topic these days.

I have standard FTTC with a Vodafone router (AFAIK this router doesn't have the ability to be placed in bridge mode).

I've got a 1GbE unmanaged switch connected to a patch panel which goes to a few rooms in the house, which covers maybe 10-12 devices. The rest is on wifi (maybe 40-50 devices - lots of IoT).

Wifi isn't horrendous, but can be patchy and slow at times. There's also the issue that the router can't handle all my devices reconnecting at the same time if it reboots, so I have to gradually connect stuff.

I've also been looking to lock down more of my IoT devices, and most typically do this by placing them on a vlan separate from other devices.

What would you recommend? I had originally looked at the Ubiquiti kit, although from a few threads these don't always seem to be well recommended. I assume an AP is pretty much going to be a must for providing the better wifi connectivity. Then a router and a managed switch for providing vlan capability? And finally a modem I can use to connect the Vodafone FTTC to, rather than double-natting with the existing router?

I have pretty much the same line vodafone 900 and use the unifi UMD Pro (there is a normal non rack UDM also) and honestly its a fantastic bit of kit... throw some wireless aps on it and you are away.

 

[Vince]

UniFi APs are generally very, very good and hard to beat for price. A single one upstairs centrally mounted will cover most UK homes.

Modem wise you'd need a Draytek Vigor 130 or similar, they do also do all in one modems, routers and wireless, so that might be of interest. Or perhaps look at a Draytek Modem plus MikroTik firewall.

There's nothing much wrong with UniFi firewalls for most UK homes, the firmware on the UDM range has come on a long way IMO. Just don't get the UDR!

Oi whats wrong with the UDR? Isn't the URD just a Dream machine missing some stuff? Ive got the UDM Pro and its been superb.

 

[ChrisD.]

What's up with the UDR then? (You advised to steer clear) it looks very similar in terms of features - a bit slower, but also £100 cheaper.

Annoyingly neither have a built in modem, and as it's not rack-mountable it would mean having both a modem and UDR/UDM on show. Or you stump up £400 for the pro. It suddenly gets quite pricey when you add in an AP and managed switch + of course the modem.

See below.

Don't forget the UDM Pro has in built in switch, NVR, controller, plus some other software if you wish. The SE is 'better', in that it has PoE ports plus some other minor tweaks.

Oi whats wrong with the UDR? Isn't the URD just a Dream machine missing some stuff? Ive got the UDM Pro and it's been superb.

It's underpowered. Fine for FTTC but it is limited to ~600 Mbps so when FTTP or VM/Alt-Net comes along it'll need replacing if you want Gigabit.

 

[Semple]

See below.

Don't forget the UDM Pro has in built in switch, NVR, controller, plus some other software if you wish. The SE is 'better', in that it has PoE ports plus some other minor tweaks.

It's underpowered. Fine for FTTC but it is limited to ~600 Mbps so when FTTP or VM/Alt-Net comes along it'll need replacing if you want Gigabit.

Is that it's only limitation? I'm currently only on bog-standard FTTC 80/20, so 600 would be more than enough. And frankly unless the prices drop significantly, I can't see me taking on more than 500+ for at least the next 5 years. At which point if needs must then you don't mind buying newer hardware again.

Edit: yeah I see the UDM pro does have 8 ports, it also has a hdd bay for NVR - would this only work with Unifi cameras or any. Hmm I guess I could daisy chain that to a cheaper managed switch (maybe even PoE) for additional ports.

 

[ChrisD.]

I don't know a whole load more about the UDR I'm afraid.

Also with the UDM Pro, the 8 GbE ports will do Gibabit t'put, but if you going to the CPU (required to go to another VLAN) the throughput drops. Not an issue for most but worth bearing in mind.

The HDD will only work with the UniFi Protect application, which will only work with UniFi cameras.

I have two, they're alright but are expensive. The Protect app is nice and intuitive though, but does have drawbacks like no backups etc.

 

[Vince]

See below.

Don't forget the UDM Pro has in built in switch, NVR, controller, plus some other software if you wish. The SE is 'better', in that it has PoE ports plus some other minor tweaks.

It's underpowered. Fine for FTTC but it is limited to ~600 Mbps so when FTTP or VM/Alt-Net comes along it'll need replacing if you want Gigabit.

Ahh ok makes sense, I used to have the small unifi app and its throughput with UTM on was laughable... The pro seems capable of running full gigabit with UTM without much issue at least for the number of devices I have. The UI I would say is very nice at this point. I have a little POE switch out to the AP and the wifi in this house is the best it has ever been although the LR could probably do with an update now. I also had weird issues and missing IPSec settings on the lower models so couldn't say for sure if that would go down to the UDR. I do love their dashboard and interface though:

 

[Semple]

Ahh ok makes sense, I used to have the small unifi app and its throughput with UTM on was laughable... The pro seems capable of running full gigabit with UTM without much issue at least for the number of devices I have. The UI I would say is very nice at this point. I have a little POE switch out to the AP and the wifi in this house is the best it has ever been although the LR could probably do with an update now. I also had weird issues and missing IPSec settings on the lower models so couldn't say for sure if that would go down to the UDR. I do love their dashboard and interface though:

Yeah the UI always looks good.

Do you have a separate modem connected to the UDM pro then?

 

[Vince]

Yeah the UI always looks good.

Do you have a separate modem connected to the UDM pro then?

Nope the UDM pro does it all. You just configure it's wan port and away you go. vodafone fibre comes into my office, goes to it's little box on the wall and it's delivered from there to the UDM via ethernet. I just configure the wan port and away I go. Vodafone give me a fixed IP as well for routing/ipsec purposes. I'm not sure how vodafone deliver fttc (my line is fttp) these days so don't know if that would apply to your line or not.

 

[ChrisD.]

But you have FTTP though, the ONT is modem. You still need a modem for FTTC.

 

[Vince]

But you have FTTP though, the ONT is modem. You still need a modem for FTTC.

It's been a long time since I had or have managed an FTTC connection so had no idea on delivery in the modern world. Turns out some things never change.

 

[ChrisD.]

It's been a long time since I had or have managed an FTTC connection so had no idea on delivery in the modern world. Turns out some things never change.

Most ISP supplied routers have a modem built in, as do some aftermarket. But most will require an external modem and the Vigor 130 is often used.

 

[Caged]

And they are hard to get hold of (again). If this was for my personal use I'd get a BT Business Smart Hub 2 off eBay, they can be put into bridge mode so the ISP lockout they do isn't relevant, and they aren't going to be 6+ years old at this point either. Also they're cheap because nobody really wants them.

If buying for a business then suck it up and wait for the Vigor 130 or pay the inflated prices that places with stock are asking.

 

[Semple]

And they are hard to get hold of (again). If this was for my personal use I'd get a BT Business Smart Hub 2 off eBay, they can be put into bridge mode so the ISP lockout they do isn't relevant, and they aren't going to be 6+ years old at this point either. Also they're cheap because nobody really wants them.

If buying for a business then suck it up and wait for the Vigor 130 or pay the inflated prices that places with stock are asking.

Ah that's a good shout. Just had a quick look at some listings on ebay and these can be had for £20-30 so much cheaper the vigor 130. From a quick Google there are some posts on the BT forums about something called digital voice that doesn't appear to work when in bridge mode, but don't think that would be an issue for me.

 

[ChrisD.]

You can get ECI and other modems for pretty cheap too, you don't have to use the Vigor 130, they just won't have an accessible interface.

 

[WJA96]

Configuring other modems and devices with Vodafone can be a nightmare. You buy a secondhand device and you plug it in. It doesn’t work? Is it because Vodafone in your area is on VLAN 101 or because the modem you bought is defective. Cue hours of frustration. For the couple of ms difference in response time, double NAT isn’t actually that big an issue. And Vodafone aren’t interested in supporting anyone else’s gear. They’re a low-price ISP and you get what you pay for. In their eyes they’re giving you the minimum quoted line speed and that’s what you paid for.