|
SwissArmyDruid posted:They said "multiple devices" and "started recently", between that and "is a 2x2 MIMO device" which was a probing question to determine both device age as well as capability, seems to me like "premature router death". The "premature router death" hypothesis is about the only thing that makes sense as far as I can tell. I just wasn't sure if there was something I was missing because wifi, specifically is one thing I'm pretty ignorant about in terms of hardware/physics.
|
#
?
Jul 31, 2022 19:11
|
|
|
|
| # ? Jun 6, 2024 15:03 |
|
|
A lot of router deaths are just the wall wart (transformer) crapping out after 3-5 years. Not all, since many routers are designed in a way that overheats their internals for a long time, but many.
|
|
#
?
Jul 31, 2022 21:37
|
|
|
i finally did it, i ordered two wifi6 pro APs from ubiquity, of course i do not have a POE switch to power them. any recommendations on POE injectors and POE switches, a friend of mine told me not to get a POE injector from UI because theyre called Chinese fireboxes?
|
|
#
?
Aug 2, 2022 19:28
|
|
|
It's so worth it to just get a PoE switch. Then you plug in and things work, no injector needed.
|
|
#
?
Aug 3, 2022 07:23
|
|
|
Sniep posted:It's so worth it to just get a PoE switch. Then you plug in and things work, no injector needed. The wiring in my house is so wonky that it constantly angers me, and i cant seem to find a low voltage electrician that would would even respond to my inquiry. I think i will still need two get two wifi6 in walls for two rooms, i just need to make sure i can force clients to join an AP when they are at room. There are two areas in the house i can get "plenty of wifi bars" just no throughput, which is causing havoc with guests when they visit. phosdex posted:I bought a Dream Machine SE 3 weeks ago, it's already dead. Of course return period is 2 weeks, so I gotta pay to RMA this poo poo. gently caress - that sucks. RoboBoogie fucked around with this message at 14:23 on Aug 3, 2022 |
|
#
?
Aug 3, 2022 14:14
|
|
|
I bought a Dream Machine SE 3 weeks ago, it's already dead. Of course return period is 2 weeks, so I gotta pay to RMA this poo poo.
|
|
#
?
Aug 3, 2022 14:17
|
|
|
RoboBoogie posted:i finally did it, i ordered two wifi6 pro APs from ubiquity, of course i do not have a POE switch to power them. I have a U6-LR hooked up to a Switch Lite 8, works just fine for power. If that's too expensive for you, you could always try one of these: https://www.amazon.com/dp/B07C9FG2Y2/ Dunno what your friend means, unless he had a defective injector. I have two of Ubiquiti's, they get a little hot, sure, but so does every wall wart/transformer. I'm still keeping them around as my area tends to get hit with lightning storms a lot, and if the SW8 gets taken out I can always switch back. UI also claims the injectors will give your AP some additional protection from surges/etc. which is true as if you get hit, the injector will take the bullet instead of your AP. Lot easier to pay $12 for another injector than $150-160 for a new AP.
|
|
#
?
Aug 3, 2022 15:59
|
|
|
RoboBoogie posted:The wiring in my house is so wonky that it constantly angers me, and i cant seem to find a low voltage electrician that would would even respond to my inquiry. I had mine done by a hifi installer. Just called around and asked if they do in-wall installations and offered to pay them for labor+mats if they'd run cat6, and got a bite. It ended up pretty affordable too all things considered.
|
|
#
?
Aug 3, 2022 19:31
|
|
|
Sniep posted:I had mine done by a hifi installer. Just called around and asked if they do in-wall installations and offered to pay them for labor+mats if they'd run cat6, and got a bite. It ended up pretty affordable too all things considered. Is opening up walls always necessary? I have cat5e in my house that I wish could support 10 GbE but replacing it seems like an absolute nightmare. Unless there's some less invasive option that I'm not aware of?
|
|
#
?
Aug 3, 2022 20:03
|
|
|
fletcher posted:Is opening up walls always necessary? I have cat5e in my house that I wish could support 10 GbE but replacing it seems like an absolute nightmare. Unless there's some less invasive option that I'm not aware of? Depends on what kind of access you have. Running cable isn't too hard but can involve attic/basement access, or cutting small holes in drywall. They make some specialized tools that help as well. I've done a few new runs from the attic without much trouble.
|
|
#
?
Aug 3, 2022 20:06
|
|
|
Sniep posted:It's so worth it to just get a PoE switch. Then you plug in and things work, no injector needed. The issue that I've found is that managed PoE switches cost a lot and managed PoE switches with 10G uplinks cost a hell of a lot while not fitting into my ~18"x13" network cabinet, but adding a 4-port injector to my managed 24x1+2x10 switch without PoE is actually pretty cheap and fits just fine. I could use an unmanaged 5-port PoE switch instead if I knew for sure that it would handle VLAN tagging properly, but the transparency of injectors feels a lot more elegant to manage. fletcher posted:Is opening up walls always necessary? I have cat5e in my house that I wish could support 10 GbE but replacing it seems like an absolute nightmare. Unless there's some less invasive option that I'm not aware of? My house is only ~1300sqft and single story with easily accessed crawlspace and attic, but I got it wired in 2017 with 10 drops of Cat6 (paired jacks in 5 different locations) and they didn't have to open any walls. The two guys who did it were done in half a day and charged ~$900, which was 1/3 parts and 2/3 labor. I had the option to get Cat6A instead but the total cost would have gone up to around $1500. I've since added a ceiling access point using the hole they drilled up from the network cabinet and it was a pretty easy job, with 75% of the work just being getting the bracket screwed down to the drywall. Eletriarnation fucked around with this message at 20:36 on Aug 3, 2022 |
|
#
?
Aug 3, 2022 20:23
|
|
|
A TL-SG1005p runs for $50 and is managed 5 port poe. You aren’t getting 10g uplinks but also you don’t need it. And If you are in the very rare instance of actually needing it because you are running multiple APs with multigig ports then you can afford it.
|
|
#
?
Aug 4, 2022 04:43
|
|
|
The TL-SG1005p is unmanaged. You probably mean the TL-SG105PE which is $60. And yeah, that works just as well but it's about the same price to get a 4-port injector and I'm happy to have fewer managed devices if the result is going to be the same. To be clear though, I don't think there's a problem with PoE switches - I'm just saying there are cases for both.
|
|
#
?
Aug 4, 2022 05:02
|
|
|
Yeah the SG105PE, my bad. I didn’t catch that Amazon said “you bought one variation of this on …” instead of “you bought this on …” when I was quickly verifying the model before falling asleep.
|
|
#
?
Aug 4, 2022 13:59
|
|
|
Binary Badger posted:I have a U6-LR hooked up to a Switch Lite 8, works just fine for power. Good to know that option exist. I went ahead and got the 8 port switch and a 4 port switch from UI, maybe its time that i grow up and use managed switches.
|
|
#
?
Aug 4, 2022 14:14
|
|
|
Need a switch recommendation. Running a FIOS G3100, works for my needs,. am not paying for it, and not looking to change it. I want a decent, inexpensive switch (4-8 port, preferably 8 if the price is right) that will mainly function to house a Pi4 + IoT hubs. Something I'm able to pick up at Microcenter in Yonkers is a huge plus.
|
|
#
?
Aug 5, 2022 19:50
|
|
|
Pilfered Pallbearers posted:I want a decent, inexpensive switch (4-8 port, preferably 8 if the price is right) that will mainly function to house a Pi4 + IoT hubs. A dumb switch? They're a commodity at this point. Pick up whatever is cheapest at Microcenter.
|
|
#
?
Aug 5, 2022 19:54
|
|
|
I do whitelisting on my 'internet of things' network and man is AWS a pain. My thermostat has fairly static domain names & ips, but my cat litter box is giving me trouble. At startup it looks up a2wz9c6y6mikoy.iot.us-east-1-.amazonaws.com, which returns 8 results and have only a time to live of max 60 seconds. So I have to set my router to refresh the host alias rules fairly often. But looking at wireshark traffic it seems the device can keep the link open to a specific aws container (or whatever) for a while even after the DNS has moved on, so I'd almost want the rule to allow the last X ips. Or maybe I just let the firewall do it's thing and assume the device will do a new DNS lookup anytime it stops getting a response? Ideally I'd want the router to see when the DNS request comes through (the device does obey the DHCP's provided DNS server, it doesn't have a hard-coded one) and update the alias every time it's internal DNS cache updates. But I don't know if any of the *sense distros can do that. pfsense docs specifically talk about big CDN's in host alias section, and how the rotating IPs screw it up: https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#using-hostnames-in-aliases So I guess what I need doesn't exist, connecting the host alias updates to whenever a new DNS request comes through from a device, so they stay in sync. I guess I'm in transparent proxy territory, but most of these distros don't let you easily run multiple proxies easily and I already have a non-transparent proxy running. Bummer. Rescue Toaster fucked around with this message at 20:21 on Aug 5, 2022 |
|
#
?
Aug 5, 2022 20:15
|
|
|
Looking at upgrading my home network sometime soon (probably to upgrade my 2 unifi (AC Lite) access points to 6/6E when available) and was wondering if there are any decent router options or if it's still better to just roll your own using an older PC and some distro made for being a router. I have an older netgear nighthawk and I really don't like their UI etc. Perhaps something like one of the Unifi or Amplifi ones?
|
|
#
?
Aug 5, 2022 20:27
|
|
|
Rescue Toaster posted:I do whitelisting on my 'internet of things' network and man is AWS a pain. My thermostat has fairly static domain names & ips, but my cat litter box is giving me trouble. No one really firewalls this way except in weird legacy b2b cases. ACLs that involve IP ranges you don't control just leads to pain. Specific to AWS: even if you think a destination is fairly static, you may be surprised later. The load balancers can shift IPs every few months as the underlying resources are rebuilt or a traffic shift happens, and your rules will randomly break. PFSense's docs on this are right on. In your case, even though you have a mechanism to allowlist the IPs associated with a2wz9c6y6mikoy, you can reasonably expect that that DNS record will change over time. I'd ask what the benefit you'd gain for the effort: if your untrusted IOT network can't reach in to your trusted network, who cares what it's sending outbound? It matters more for cameras that are in your home, but your cat box presumably doesn't have cameras or mics. It's much more a use case for IDS or some other heuristic mechanism to let you know when traffic's weird, rather than going through the pain of blocking weird traffic and rebuilding rules whenever they break. KS fucked around with this message at 21:15 on Aug 5, 2022 |
|
#
?
Aug 5, 2022 21:13
|
|
|
KS posted:No one really firewalls this way except in weird legacy b2b cases. ACLs that involve IP ranges you don't control just leads to pain. This is fair enough. It's more that when I first setup my 'iot' vlan I figured I would whitelist stuff and just been going down that road. But finally with this CDN network situation I've kind of hit a wall so that may just be the end of it, as you say. Cameras are on a separate vlan that has no need for internet access at all. As you say, I've been picturing something maybe to monitor the internet-connected VLANs for suspicious traffic as being a better choice.
|
|
#
?
Aug 5, 2022 21:49
|
|
|
Rescue Toaster posted:This is fair enough. It's more that when I first setup my 'iot' vlan I figured I would whitelist stuff and just been going down that road. But finally with this CDN network situation I've kind of hit a wall so that may just be the end of it, as you say. Cameras are on a separate vlan that has no need for internet access at all. Allowlisting is a good approach and no need to drop that. Just allow these devices to connect out based on the source?
|
|
#
?
Aug 5, 2022 22:28
|
|
|
SEKCobra posted:Allowlisting is a good approach and no need to drop that. Just allow these devices to connect out based on the source? bleh, back to assigning static IPs for every mac address then I guess and have to make sure IP source guard is working right on the switch.
|
|
#
?
Aug 6, 2022 00:09
|
|
|
Pilfered Pallbearers posted:Need a switch recommendation. The Yonkers MC is a pain to get to without a car, also a pain if you have one as you have go up the full length of like 2-3 parking levels just to get to it. Cheapest 8 port switch they have is the Netgear ProSafe Plus GS108E for $65.. For $24 more you could get the TPLink Jetstream with four PoE ports.. those come in handy if you need to put up APs in locations where it's hard to run a wall wart. NetGear tends to be better quality, an old GS103 5 port that I bought in like, 2017? is still going strong as part of a home install I did for a friend who hosed off to Michigan.
|
|
#
?
Aug 6, 2022 00:46
|
|
|
The Yonkers Microcenter has 25+ of "TP-LINK TL-SG108 8-Port 10/100/1000 Gigabit Desktop Switch" in stock for $19.99 each https://www.microcenter.com/product/414582/tp-link-tl-sg108-8-port-10-100-1000-gigabit-desktop-switch
|
|
#
?
Aug 6, 2022 00:54
|
|
|
priznat posted:Looking at upgrading my home network sometime soon (probably to upgrade my 2 unifi (AC Lite) access points to 6/6E when available) and was wondering if there are any decent router options or if it's still better to just roll your own using an older PC and some distro made for being a router. What are your priorities when you say "decent router options"? In addition to your idea of an old PC running PFsense or whatever, I'm thinking: 1) If you want the Ubiquiti ecosystem and wireless on the same device as NAT, I'd look at the Ubiquiti Dream Machine or Dream Router (if you can find one in stock) 2) If you would be equally OK with the features of OpenWRT, the Belkin RT3200 or some other WiFi 6 + OpenWRT supported device might be cheaper. 3) If you don't need WiFi 6 but want a strong feature set and maybe a lot of ports, what about Mikrotik? I use a 24x1G+2x10G "switch" that could also do NAT if I wanted it to, but they have larger and much smaller options. 4) If you like the idea of installing the OS yourself but want something smaller and less power-hungry than an old desktop, there are newer mini-PCs with multiple GigE interfaces: https://www.youtube.com/watch?v=Q4_SyLV7s60&t=3s
|
|
#
?
Aug 6, 2022 02:40
|
|
|
Nice, those are all interesting options and gives me more options to help narrow down what features I want. I like that minipc with multiple 2.5Gb interfaces, and wonder if I can consolidate my Pi Hole onto that and free up a Pi to do something else. But then I also like the idea of just going with the dream machine because then it can also do the interface for the unifi aps (I run a docker container on my nas but it sometimes has issues reconnecting) Good options to give me things to research and narrow it down!
|
|
#
?
Aug 6, 2022 02:48
|
|
|
Binary Badger posted:The Yonkers MC is a pain to get to without a car, also a pain if you have one as you have go up the full length of like 2-3 parking levels just to get to it. I’m a little confused by this? I do have a car and live in the Bronx so I’m able to get there. It’s also kinda weird to discourage someone from going to a store because they have to drive up two flights (of a frankly pretty small) parking garage. Especially one of the defacto best computer hardware chains. I was heading there anywhere for a Pi and wanted to get it done in one shot. Just posted the location for stock verification. They had plenty of switches under $25. THF13 posted:The Yonkers Microcenter has 25+ of "TP-LINK TL-SG108 8-Port 10/100/1000 Gigabit Desktop Switch" in stock for $19.99 each I had already set my eye on this one, and your post confirmed it right as I pulled into the lot. Thanks.
|
|
#
?
Aug 6, 2022 05:30
|
|
|
Rescue Toaster posted:bleh, back to assigning static IPs for every mac address then I guess and have to make sure IP source guard is working right on the switch. Honestly, take a step back and remember what you are setting up. It sounds like you are running a neat "secure" network, but using a lot of features that are questionable in a residential setup. At least in regards of necessity. IPSG is mostly a protection against physical attackers, but I guess you are worried about a hacked device trying to do spoofing and escaping it's confinement? The way your IoT network should be set up, this shouldn't matter. The compromised device would still be restricted to the IoT VLAN and worst case it impersonates one of your AWS devices and is suddenly able to talk to a few more internet locations. So what? You worried it will start running attacks? Like man, you seem to have got your poo poo locked down tight, few companies can match that.
|
|
#
?
Aug 6, 2022 07:11
|
|
|
I, for one, look forward to the crush of goons asking how they can isolate their Roombas now that Amazon has bought them.
|
|
#
?
Aug 6, 2022 09:31
|
|
|
While I agree IPSG is excessive for a home network, it would take just a few minutes to set up DHCP reservations in *sense. I do it anyways just to make it easier to troubleshoot in the future.
|
|
#
?
Aug 6, 2022 13:08
|
|
|
Pilfered Pallbearers posted:I’m a little confused by this? Wasn't trying to discourage you, just trying to make you aware of the conditions there. I don't have a car and it's a pain trying to get there via mass transit. Plus I am a  Ok, thought you were looking for a managed switch, not an unmanaged one. Yeah, ever since CompUSA went under, MC has pretty much been one of the only B&M chains to carry a decent amount of computer stuff, at least from a hobbyist point of view. Especially in the Tri-State area..
|
|
#
?
Aug 6, 2022 13:19
|
|
|
Cyks posted:While I agree IPSG is excessive for a home network, it would take just a few minutes to set up DHCP reservations in *sense. The DHCP server on my L3 switch doesn't record some of the fields that others do so you really can't see anything other than the MAC when trying to make assignments, and plenty of IoT devices don't have the MAC printed on them so it can be a bit tedious to keep track of every MAC on the network especially when some devices randomize them. Doing per-device IP filtering without IPSG feels kind of pointless, obviously. Even if it's not a major threat, it's kind of like why bother. My thermostat does actually have a microphone in it, so I like keeping that on a whitelisted network. So if I can't move these other devices to that network I'll end up just leaving them on regular 'guest' wifi. Configuration granularity has become an issue. How many SSIDs and passwords and VLANs & ACLs do I want to actually deal with. Since every device is just a little different, and ideally every device lives on the most restricted network it can, it's just a question of how many degrees of that I want to deal with. I will say I'm glad I switched to a real switch with a flat text configuration file, I'll never go back to switches with god awful GUIs again. Rescue Toaster fucked around with this message at 13:38 on Aug 6, 2022 |
|
#
?
Aug 6, 2022 13:35
|
|
|
Finally joined the Fighting With IPv6 club. The router from my IP doesn't allow changing the DNS. For IPv4 that's not a problem; with my Pi-Hole taking DHCP duties. I haven't yet figured out how to do the same with IPv6. DHCPv6 seems not to be universal, and while the Pi-Hole can take over slaac-ra duties but then that tries to route all traffic to the i-hole instead of the router.
|
|
#
?
Aug 7, 2022 16:11
|
|
|
I have a small apartment but it's got a right angle in it that bends around a stairwell, and my wifi will intermittently drop the connection on the opposite side of the apartment even being just a couple dozen feet from the router. My router is this old thing, a Buffalo WZR-300HP which the highest wireless standard it supports is 802.11n. Would a newer router have a stronger enough signal that it could probably work across the apartment, or should I try and buy a mesh thing and/or hassle with running a long cable along the wall to put the router in a better location?
|
|
#
?
Aug 7, 2022 18:37
|
|
|
Shear Modulus posted:I have a small apartment but it's got a right angle in it that bends around a stairwell, and my wifi will intermittently drop the connection on the opposite side of the apartment even being just a couple dozen feet from the router. My router is this old thing, a Buffalo WZR-300HP which the highest wireless standard it supports is 802.11n. Would a newer router have a stronger enough signal that it could probably work across the apartment, or should I try and buy a mesh thing and/or hassle with running a long cable along the wall to put the router in a better location? I don’t have a specific recommendation, but I would probably buy a mesh compatible router and see if it solves. If it doesn’t, you could add a node in the stairwell, then one where the WiFi is weak in line of sight of the stairwell one.
|
|
#
?
Aug 7, 2022 18:51
|
|
|
Pilfered Pallbearers posted:I don’t have a specific recommendation, but I would probably buy a mesh compatible router and see if it solves. Thanks. How do you tell if a standalone router would be compatible with running a mesh setup with a separately-bought node? Is that part of a certain standard?
|
|
#
?
Aug 7, 2022 19:18
|
|
|
Shear Modulus posted:Thanks. How do you tell if a standalone router would be compatible with running a mesh setup with a separately-bought node? Is that part of a certain standard? Most mesh systems aren't standardized. I'd probably get an ASUS if you might need mesh networking in the future, they have a setup where their routers can be switched to their AiMesh system (just a marketing name, not a standard or related to artificial intelligence at all) to make them access points. Something like this is overkill for an apartment but it should have better coverage than your old router and it supports wifi 6 which is the new hotness. https://smile.amazon.com/ASUS-RT-AX3000-802-11ax-Lifetime-Whole-Home/dp/B084BNH26P/
|
|
#
?
Aug 7, 2022 21:31
|
|
|
Shear Modulus posted:Thanks. How do you tell if a standalone router would be compatible with running a mesh setup with a separately-bought node? Is that part of a certain standard? You buy a router that supports mesh. Then if you need it, you buy mesh nodes separately (think access points but better) from the same set.
|
|
#
?
Aug 8, 2022 03:03
|
|
|
|
| # ? Jun 6, 2024 15:03 |
|
|
I went down the Ubiquiti rabbit hole and watched a bunch of videos on the UDM Pro/SE and it looks like a really neat router solution. A little expensive and perhaps the pfSense option would be more flexible but probably mostly in ways I don't care about. I'd like to expand my ubiquiti APs and possibly get some cameras when they become available again. Any down sides other than the cost ($499) to going with the UDM Pro SE?
|
|
#
?
Aug 8, 2022 18:35
|
|