Building Home Network Suggestions ?

[Kursah]

What router are you going with?

You can go with the latest and greatest, there's just a risk you'll have to endure growing pains, bugs and wait for fixes. Not all that dissimilar to newly released video games. Ubiquiti is no saint in this department, great hardware but software & firmware can take a year or two to catch up and provide the hardware's potential at times. That being said, bang for the buck is still there.

The UniFi HD is a bigger AP, bigger antennas so while it might be the same dB TX signal, having a better antenna array might make the difference. That being said, I have 0 experience with the AP 6 line and thus haven't been able to directly compare. I can attest that the nanoHD and HD are solid in my experiences with them.

Monoprice patch panels are great too, that'll be worth it. Get a punchdown tool and CAT45 crimper with some CAT45 tips too, which you may already have or planned on.

Looks like you're getting sorted!

 

[Durvelle27]

What router are you going with?

You can go with the latest and greatest, there's just a risk you'll have to endure growing pains, bugs and wait for fixes. Not all that dissimilar to newly released video games. Ubiquiti is no saint in this department, great hardware but software & firmware can take a year or two to catch up and provide the hardware's potential at times. That being said, bang for the buck is still there.

The UniFi HD is a bigger AP, bigger antennas so while it might be the same dB TX signal, having a better antenna array might make the difference. That being said, I have 0 experience with the AP 6 line and thus haven't been able to directly compare. I can attest that the nanoHD and HD are solid in my experiences with them.

Monoprice patch panels are great too, that'll be worth it. Get a punchdown tool and CAT45 crimper with some CAT45 tips too, which you may already have or planned on.

Looks like you're getting sorted!

I haven’t chose I router my thought process is router equals WiFi

I’ll look into the Unifi HD, at the price point I’d only be able to get one though vs 2. I wish the UnifiHD was WiFi 6 though as it’s more future proof

Yea I ordered the Monoprice 24 Port Patch Panel, 200 Cat6 Connectors, Keystones, Wall plates, and 500ft Cat6 Sold Pure Bare Copper

I have some old hardware laying around, Do you guys think that a AMD A8 can run pfsense

 

[kayjay010101]

I have some old hardware laying around, Do you guys think that a AMD A8 can run pfsense

None of the A8 processors supported AES-NI instructions, so you'd not be able to update. The latest update was supposed to cut off support for processors without AES-NI but it's still supported for processors without them, but subsequent updates will probably remove support for non-AES-NI procs. So I wouldn't recommend doing PfSense on an A8 as you'd be limited to the current update and it's still recommend even for the current update to have AES-NI support. You can technically do it though.

 

[Durvelle27]

None of the A8 processors supported AES-NI instructions, so you'd not be able to update. The latest update was supposed to cut off support for processors without AES-NI but it's still supported for processors without them, but subsequent updates will probably remove support for non-AES-NI procs. So I wouldn't recommend doing PfSense on an A8 as you'd be limited to the current update and it's still recommend even for the current update to have AES-NI support. You can technically do it though.

From what I can dig up for AMD

"
Several AMD processors support AES instructions:

• Jaguar processors and newer
• Puma processors and newer
• "Heavy Equipment" processors
  • Bulldozer processors[10]
  • Piledriver processors
  • Steamroller processors
  • Excavator processors and newer
• Zen (and later) based processors

"

The AMD A8-5500 Is based on Piledriver ie Trinity

Extensions and Technologies

MMX instructions Extensions to MMX SSE / Streaming SIMD Extensions SSE2 / Streaming SIMD Extensions 2 SSE3 / Streaming SIMD Extensions 3 SSSE3 / Supplemental Streaming SIMD Extensions 3 SSE4 / SSE4.1 + SSE4.2 / Streaming SIMD Extensions 4 ? SSE4a ? AES / Advanced Encryption Standard instructions AVX / Advanced Vector Extensions BMI1 / Bit Manipulation instructions 1 F16C / 16-bit Floating-Point conversion instructions FMA3 / 3-operand Fused Multiply-Add instructions FMA4 / 4-operand Fused Multiply-Add instructions TBM / Trailing Bit Manipulation instructions XOP / eXtended Operations instructions AMD64 / AMD 64-bit technology ? AMD-V / AMD Virtualization technology Turbo Core 3.0 technology

Security Features

EVP / Enhanced Virus Protection

What's even crazier I have this CPU installed in a case already that just so happens to be rack mountable (Silverstone GD09). What are the odss

 

[kayjay010101]

From what I can dig up for AMD

"
Several AMD processors support AES instructions:

• Jaguar processors and newer
• Puma processors and newer
• "Heavy Equipment" processors
  • Bulldozer processors[10]
  • Piledriver processors
  • Steamroller processors
  • Excavator processors and newer
• Zen (and later) based processors

"

The AMD A8-5500 Is based on Piledriver ie Trinity

Extensions and Technologies

MMX instructions Extensions to MMX SSE / Streaming SIMD Extensions SSE2 / Streaming SIMD Extensions 2 SSE3 / Streaming SIMD Extensions 3 SSSE3 / Supplemental Streaming SIMD Extensions 3 SSE4 / SSE4.1 + SSE4.2 / Streaming SIMD Extensions 4 ? SSE4a ? AES / Advanced Encryption Standard instructions AVX / Advanced Vector Extensions BMI1 / Bit Manipulation instructions 1 F16C / 16-bit Floating-Point conversion instructions FMA3 / 3-operand Fused Multiply-Add instructions FMA4 / 4-operand Fused Multiply-Add instructions TBM / Trailing Bit Manipulation instructions XOP / eXtended Operations instructions AMD64 / AMD 64-bit technology ? AMD-V / AMD Virtualization technology Turbo Core 3.0 technology

Security Features

EVP / Enhanced Virus Protection

What's even crazier I have this CPU installed in a case already that just so happens to be rack mountable (Silverstone GD09). What are the odss

My bad! I checked wikichip and saw "AES" without the NI part and thought they were different, but after some googling they're interchangeable. That will indeed work for PfSense then!

 

[Durvelle27]

My bad! I checked wikichip and saw "AES" without the NI part and thought they were different, but after some googling they're interchangeable. That will indeed work for PfSense then!

Does Pfsense require alot of CPU power or is it more it just cares about Cores

 

[kayjay010101]

Does Pfsense require alot of CPU power or is it more it just cares about Cores

What are you going to use it for apart from regular home network use?
My pfsense is in a VM with 4 threads from a e5-2450L (so practically a dual-core at 1.7GHz), and sits at below 5% CPU usage even when I'm maxing out my 300mbps internet connection. Granted I haven't used any VPN service or anything else heavy, but in my experience pfsense will run on practically anything without any issues.

 

[Kursah]

Does Pfsense require alot of CPU power or is it more it just cares about Cores

Depends on what you're running. If you want to run things like Snort, pfBlockerNG, Squid, multiple VLANs here instead of a managed switch, etc. it'll appreciate decent CPU power. That being said, mine runs an Intel Celeron n3150 4-core, and it handles everything fine, rarely loads much beyond 10-20%. Most Netgates under $500 don't have that much processing power and deploying them at many sites of various sizes + Snort & pfBlockerNG for some, haven't had any issues. I run my virtual pfSense with 1CPU thread and 512MB RAM, no issues, in-fact at one point I forgot I was testing it in-place of my hardware pfSense for a few months when testing routing and VLANS in my home lab a few years ago.

My hardware pfSense has the N3150, 8GB DDR3 1600, 120GB SSD (Squid cache uses 60GB of it), Intel Pro1000 2-port NIC, Asus N3150-C board and a low power ITX PSU. It depends on what you plan to do. My hardware's been going for 5 years now and its still solid enough I'm not looking to replace it yet.

For your network w/o extra security filtering and modules, an equivalent to the SG-3100 or maybe even SG-1100 would suffice, both are low-power dual cores.

If you have an old PC kicking around, it'll likely do the trick. That's how many folks start down the pfSense/opnsense rabbit hole.

 

[Durvelle27]

What are you going to use it for apart from regular home network use?
My pfsense is in a VM with 4 threads from a e5-2450L (so practically a dual-core at 1.7GHz), and sits at below 5% CPU usage even when I'm maxing out my 300mbps internet connection. Granted I haven't used any VPN service or anything else heavy, but in my experience pfsense will run on practically anything without any issues.

Just my network. I haven't gotten into VM or VPNs as of yet

Depends on what you're running. If you want to run things like Snort, pfBlockerNG, Squid, multiple VLANs here instead of a managed switch, etc. it'll appreciate decent CPU power. That being said, mine runs an Intel Celeron n3150 4-core, and it handles everything fine, rarely loads much beyond 10-20%. Most Netgates under $500 don't have that much processing power and deploying them at many sites of various sizes + Snort & pfBlockerNG for some, haven't had any issues. I run my virtual pfSense with 1CPU thread and 512MB RAM, no issues, in-fact at one point I forgot I was testing it in-place of my hardware pfSense for a few months when testing routing and VLANS in my home lab a few years ago.

My hardware pfSense has the N3150, 8GB DDR3 1600, 120GB SSD (Squid cache uses 60GB of it), Intel Pro1000 2-port NIC, Asus N3150-C board and a low power ITX PSU. It depends on what you plan to do. My hardware's been going for 5 years now and its still solid enough I'm not looking to replace it yet.

For your network w/o extra security filtering and modules, an equivalent to the SG-3100 or maybe even SG-1100 would suffice, both are low-power dual cores.

If you have an old PC kicking around, it'll likely do the trick. That's how many folks start down the pfSense/opnsense rabbit hole.

My switch is not managed (PowerConnect 2724) but everything you just mentioned went right over my head as I'm no network guru so pretty new to this.

The hardware i have is already built and like mentioned its actually in a rack mountable case (I literally just found that out). The Hardware is a AMD A8-5500, Samsung 8GB DDR3 1600, Sandisk 256GB SSD, and a 450w PSU. Everything already in the case. It was a old HTPC I used before retiring it.

 

[Kursah]

• Snort = IDS/IPS = Intrusion Detection and Intrusion Prevention System, constantly scans network traffic against policies and filters to block malicious traffic.
• Squid = Web cache, proxy, access log
• pfBlockerNG = DNS and IP filter, can also do geo-IP filtering, is quite effective, also works well as a built-in ad-blocker for your LAN.
• VLAN = Virtual LAN, you can have multiple subnets (192.168.100.0, 10.0.3.0, 192.168.1.0, etc) on the same infrastructure (hardware and wifi deployment) for different purposes, one could be having stuff for a home lab on one subnet, guest wifi on another, home smart devices on another, etc. You can limit access to other VLAN subnets, provide only access to the Internet, etc. This is best to do at a switch but a router can do it as well, just has more processing overhead. A switch is designed to process tens of thousands of packets a second, a router looks deeper into packs and has to route them accordingly and by various policies, through various filters, layers of encryption, etc. so there's more overhead and slowdowns at the router-level in some cases...not as often in home use small networks tho.

None of those descriptions may help, but hopefully do a little bit.

That HTPC will work just fine as a pf or opnsense box probably for years.

 

[Durvelle27]

• Snort = IDS/IPS = Intrusion Detection and Intrusion Prevention System, constantly scans network traffic against policies and filters to block malicious traffic.
• Squid = Web cache, proxy, access log
• pfBlockerNG = DNS and IP filter, can also do geo-IP filtering, is quite effective, also works well as a built-in ad-blocker for your LAN.
• VLAN = Virtual LAN, you can have multiple subnets (192.168.100.0, 10.0.3.0, 192.168.1.0, etc) on the same infrastructure (hardware and wifi deployment) for different purposes, one could be having stuff for a home lab on one subnet, guest wifi on another, home smart devices on another, etc. You can limit access to other VLAN subnets, provide only access to the Internet, etc. This is best to do at a switch but a router can do it as well, just has more processing overhead. A switch is designed to process tens of thousands of packets a second, a router looks deeper into packs and has to route them accordingly and by various policies, through various filters, layers of encryption, etc. so there's more overhead and slowdowns at the router-level in some cases...not as often in home use small networks tho.

None of those descriptions may help, but hopefully do a little bit.

That HTPC will work just fine as a pf or opnsense box probably for years.

Is there a difference between opnsense and pfsense

Since i have the HTPC i can install either and play around with it. Just need to find a nic

Is this NIC good

Intel® Ethernet Server Adapter I350-T2V2​

or​

Intel® Ethernet Converged Network Adapter X540-T2​

 

[Durvelle27]

So far this is what I have gathered

1. XB7 in Bridgemode
2.Custom PFsense Box (I need to find a NIC card)
3. MonoPrice Patch Panel
4. MonoPrice Solid CAT6
5. Dell Power Connect 2724 Switch
6. Ubiquiti Unifi 6 AP lite (2 Units)

 

[Kursah]

I prefer pfSense only because I want to eek a sharp edge on managing it for our clients, but opnsense is a little better for users overall and provides a lot of the stuff pfSense does with a better UI, and less monetized support. I haven't spent as much time with opnsense, but as @Solaris17 attests to, in quite a few use-case situations it is the better solution and easier to get into. pfSense is still a solid option IMHO, and I implore folks to try both and decide for themselves.

I may run opnsense someday if we stop selling/supporting Netgate pfSense appliances, but at this point we sell and support lots of them, and the quirks and issues I see at a higher level you'll likely never run into in your use-case.

List looks good.

As-far-as the NIC's I'm sure they'll work, pfSense has been really good about supporting Intel NIC's but they've really increased support for broadcom and realtek in recent years. Back in 2016 when I first deployed my home pfSense build the Realtek NIC on my Asus N3150-C wasn't even visible, now it is. I don't use it because I have the intel 2-port NIC. But I can if I want to. So odds are you'll be fine.

 

[Durvelle27]

I prefer pfSense only because I want to eek a sharp edge on managing it for our clients, but opnsense is a little better for users overall and provides a lot of the stuff pfSense does with a better UI, and less monetized support. I haven't spent as much time with opnsense, but as @Solaris17 attests to, in quite a few use-case situations it is the better solution and easier to get into. pfSense is still a solid option IMHO, and I implore folks to try both and decide for themselves.

I may run opnsense someday if we stop selling/supporting Netgate pfSense appliances, but at this point we sell and support lots of them, and the quirks and issues I see at a higher level you'll likely never run into in your use-case.

List looks good.

As-far-as the NIC's I'm sure they'll work, pfSense has been really good about supporting Intel NIC's but they've really increased support for broadcom and realtek in recent years. Back in 2016 when I first deployed my home pfSense build the Realtek NIC on my Asus N3150-C wasn't even visible, now it is. I don't use it because I have the intel 2-port NIC. But I can if I want to. So odds are you'll be fine.

Great

I got everything I need ordered than

So a huge facepalm

The switch I have is managed

 

[Kursah]

Great

I got everything I need ordered than

So a huge facepalm

The switch I have is managed

Congrats and that's a good facepalm issue to have!

 

[Durvelle27]

Congrats and that's a good facepalm issue to have!

So how do I run

I presume like this

 

[Kursah]

Patch panel between AP's, workstations, any wired runs, ports etc.

Modem >Patch Cable(s) > Router (OPNSense) > Patch Cable(s) >Backbone (Primary) Switch > Patch Cables > Patch Panel > Cable Runs > End-user Devices, Servers, AP's, IP phones, Keystones, etc.

 

[Durvelle27]

Patch panel between AP's, workstations, any wired runs, ports etc.

Modem >Patch Cable(s) > Router (OPNSense) > Patch Cable(s) >Backbone (Primary) Switch > Patch Cables > Patch Panel > Cable Runs > End-user Devices, Servers, AP's, IP phones, Keystones, etc.

So like this

 

[Kursah]

Yep that'll do it. Some folks do ALL connections through the patch panel, I don't. If its in the rack, its a direct connection, if its an infrastructure run (wire run) to other locations, I punch it down on the patch panel. So your map looks good to me.

 

[Durvelle27]

Yep that'll do it. Some folks do ALL connections through the patch panel, I don't. If its in the rack, its a direct connection, if its an infrastructure run (wire run) to other locations, I punch it down on the patch panel. So your map looks good to me.

Sweet

thank you guys for all the help

 

[300BaudBob]

If you are going to the trouble of running cable through walls or conduits than I'd go with best spec the budget can afford so you don't have to worry about it becoming a future weak point and then needing to run new cables. Especially if you have long runs and/or noisy (as in stray RF) environment. Of course 6a or 7 need matching more expensive RJ45 etc. But you'll be ready for future higher speeds should they ever become available at your location.
But I'm biased as I hate cable running.

 

[Durvelle27]

If you are going to the trouble of running cable through walls or conduits than I'd go with best spec the budget can afford so you don't have to worry about it becoming a future weak point and then needing to run new cables. Especially if you have long runs and/or noisy (as in stray RF) environment. Of course 6a or 7 need matching more expensive RJ45 etc. But you'll be ready for future higher speeds should they ever become available at your location.
But I'm biased as I hate cable running.

But to my understanding Cat6 can handle upto 10Gb under 100ft so i don't think it would be much of a limitation as residential won't see those type of speeds for a very long time

But something that has hit me in the head, I'm looking for Keystones for the wall jacks and I'm seeing Cat5e, Cat6, and Cat 5e/6. Is there a difference if so why do some market both Cat5e & Cat6




Ubiquiti Order Placed

 

[300BaudBob]

But to my understanding Cat6 can handle upto 10Gb under 100ft so i don't think it would be much of a limitation as residential won't see those type of speeds for a very long time

But something that has hit me in the head, I'm looking for Keystones for the wall jacks and I'm seeing Cat5e, Cat6, and Cat 5e/6. Is there a difference if so why do some market both Cat5e & Cat6




Ubiquiti Order Placed

View attachment 184121

Yeah 6 can handle 10... but 6a is better sheilded as I recall. Anyway it was just some considerations it depends a lot on individual circumstances.
As far as I know all cat6 is also 5e compatible so if someone is charging more for a 6/5e vs. just 6 that would be a marketing ploy.
And 6e actually has a shorter rated distance for 10bT just to make things confusing.

 

[Durvelle27]

Just some updates

my server came in today along with my keystones and 12U rack. Sadly the rack had to get returned. I bought it from Amazon and it came missing the 2 main rails.

 

[OrlyP]

I also have a relatively big home network. I use a number of secondhand enterprise-grade equipment as they're typically more capable and oftentimes, cheaper, than consumer-grade ones.

Untangle HomePro NGFW on HP N40L
Cisco 3560G Layer-3 switch (VLANs and inter-VLAN routing)
Cisco 2621XM with CallManager Express (phone system)
Ubiquiti UniFi Access Points

Pictures:
Full network diagram
VLAN Setup (Wired)
VLAN Setup (Wireless)