|
Rescue Toaster posted:Suggestions for a router setup that handles lots of VLANs well? I'm slowly introducing more and more IoT nonsense onto my system and I'd like to go to radius & vlan tagging to put them into different groups based on what they need to do and how much I trust them. So there might be decent amounts of traffic like a smart TVs needing to access a file server for example that all have to go through the router then. I would suggest to go x86 vm if you need LOTS(more than 50, less can be handled by the latest desktop edgerouter 4 or 6) of vlans. Get a host with a reasonable amount of horsepower(a i3 at minimum) and two nic cards(there are nuc equivalents from gigabyte that offers what you need if you don't have a desktop to recycle for that). Mikrotik offers a vm edition of their os at a very low price if you don't want to use pfsense. Modern ac-lites work with active poe so you might replace the access points rather than the switches if want to remove the injectors. Maybe i was a bit too caustic with the unifi switches but i am getting more and more pissed at their kit, while i have nothing to say about the wireless kit the routing and switching kit have lots of shortcomings that i cannot accept at their price. I have a usg3 bought less than six months ago and my cheap/dumb isp router of the same vintage is faster and has less latency, my us8 is a space heater and has made my home lan technically less sicure(vlan 1 is untagged by design and cannot be changed, unless you block vlan cross traffic manually using the router firewall, all vlans with a dhcp interval from the usg can talk inbetween them). Ipv6 is only now being introduced(and it's a loving mess) after years of feature requests and every firmware update it's a lottery if old bugs resurfaces or new one are introduced, i never saw more than two firmware without having to unfuck something by reverting to old firmwares. Every router/switch firmware upgrade i evaluate if upgrading the firmware or find someone to offload the kit and switch to a different brand to end this. SlowBloke fucked around with this message at 20:17 on Nov 25, 2017 |
#
¿
Nov 25, 2017 20:14
|
|
|
|
| # ¿ May 21, 2024 11:19 |
|
|
Thermopyle posted:Anyone have anything to recommend for a point to point wireless at ~100mbit? https://www.ubnt.com/airmax/nanostationm/ Do you have a clean LoS inbetween the two buildings?
|
|
#
¿
Nov 25, 2017 20:19
|
|
|
Thermopyle posted:Thanks. That says it's point-to-multipoint. Does that make a difference when I'm just actually needing point to point? Nanostation can be used as a receiver for bigger kit or to run a simple ptp bridge, you just need to attach them to a pole on the building roof and align them.
|
|
#
¿
Nov 25, 2017 20:48
|
|
|
Veinless posted:What is the recommended firewall for home users that want to be able to define blacklisted source and destination IPs and ports? I’m used to heavy duty Checkpoint hardware at work but don’t know if an affordable home solution exists. If you need simple “block udp/tcp traffic from port x to device ip y” pretty much every router on the market offers that, can you be more specific if possible?
|
|
#
¿
Nov 25, 2017 21:39
|
|
|
Veinless posted:I’m running an ASUS rt68u presently as my router. It only allows 32 rules to be defined in its blacklist, and does not permit ranges. I realize this is different from my initial requirement as posted, thanks for asking for clarification. How much bandwidth is the router going to be handling? If we are talking under 1g i'd say edgerouter4 or a mikrotik.
|
|
#
¿
Nov 25, 2017 22:57
|
|
|
Veinless posted:Ideally very little. The use case is putting a firewall between my IP CCTV equipment and video management server (VMS) and my home network. Majority of traffic should stay local to the POE switch. The only traffic traversing the uplink should be inbound from home network to connect to the VMS to monitor the cameras, and the VMS outbound to internet when I want to do software updates. Maybe there is no need to change your router, wall out your cameras in a dedicated vlan with no internet access/routing and add a virtual nic to the VMS to let it download the cameras feed. You need to have smart switches that supports vlans to do so.
|
|
#
¿
Nov 25, 2017 23:10
|
|
|
Veinless posted:That.. makes a lot of sense. It is a managed switch with vlan support so that’s no problem. Unless I’m mistaken I’ll need to re-address the cameras to a different IP range. I’ll have to do some poking around and thinking after more caffeine. You could make a new vlan and move the camera ports to that vlan id without changing the ips of the cameras but it's best practice to have different ip subnets.
|
|
#
¿
Nov 25, 2017 23:28
|
|
|
let i hug posted:Is it annoying to ask for a kind of specific recommendation for a router + wireless AP? Unifi doesn't have ikev2 in the gui, edgerouter has some success stories but it's a kinda of a mess. Mikrotik seems to support that(https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_Ikev2_RSA_auth). Is there a specific reason why you want to go for ikev2 rather than l2tp? l2tp is supported by pretty much every soho/smb router+ap combo unlike ikev2 which is still kinda niche. SlowBloke fucked around with this message at 08:41 on Nov 26, 2017 |
|
#
¿
Nov 26, 2017 08:39
|
|
|
GnarlyCharlie4u posted:I mean yeah they are loud as gently caress. My main issue with US-series switches is that they are too expensive for their feature sets, i can buy new, fanless AND with 10g uplinks at pretty much the same pricepoint(or less in the case of mikrotik) of an equivalent US24. They are banging the hype war drums with a lot of new SMB kit(and very sketchy testing, all their new sfp+ switches/routers have been plagued by compatibility problems and USG firmwares have been a royal mess since they merged ER 1.9.7 with multi wan problems of all kinds) without refreshing their bottom range when there are now modern chips that could either consume a tenth of the power(so it doesn't leave scorch marks on my furniture) or go faster(so it can be used as a decent edge sw with peripheral AP) than their old caviums/broadcoms. They have just announced that the usg-HD (the home/fanless) router made from the edgerouter 6 is on hold indefinetily because they are stretched too thin with their product line. If there is enough manpower to deliever useless junk like the frontrow but there is not for one of their main products i am not entirely sure i can suggest going all in to new customers. Ubiquiti big selling point was to provide SMB kit at SOHO prices when they introduced the edgerouter series and likewise for unifi(providing SMB grade resilience with SOHO complexity). They haven't refreshed their low end kit since years so most of the competitors SOHO kit overtook them and now provide newer builds of the merchant silicon they use in their switches. In 2013 they were top of the line, now they are obsolete, no if and no buts. The access point products are top specs even now but they are now suffering from ASUS syndrome, where they create a variant for each market. There is now at least seven differents AC access points and three more incoming, with heavy overlapping in price ranges and features in their core market(home to smb). They don't give me an impression of a good command structure if they throw poo poo at random and hope it sticks. Buying in a full ubiquiti network platform seems like a series of compromises that, given the availability of better options, is something i prefer to not force onto someone, that's all. SlowBloke fucked around with this message at 12:14 on Nov 28, 2017 |
|
#
¿
Nov 28, 2017 07:28
|
|
|
Ihmemies posted:So you are saying all my quite new ubiquiti gear is literally outdated garbage and I should have known better to buy actually modern gear? Great.. where was the wisdom earlier, when everyone here recommended ubiquiti UniFi routers and switches are the obsolete/overpriced kit I was rambling about, access points are fine for home usage. Nobody suggested USG or US recently if I'm not mistaken.
|
|
#
¿
Nov 28, 2017 17:25
|
|
|
CrazyLittle posted:
I'm a soho user(my usg was supposed to run both my home lan and my basement workspace/lab) so having a non-existant vpn performance while being advertised as a "business" device made my usg inadeguate for me(emphasis on me), likewise being unable until now(now i need to run experimental controller builds to do so, stability be damned) to use ipv6 forced me to jump some extra hoops that negatively impacted performance. I'm not demanding UBNT to be burned to the ground, just to be aware that there are some limitations with the route&switch products. Since i powered down my usg3, my workspace temp has lowered by two degrees. My old soho routers from Netgear, Tplink and Billion were warm not scorching hot like the usg. Maybe i got a simultaneous bad batch of usg and usw so i won't be giving five stars ratings  Beside my bad experience with my us8-60w, my main problem with the switches comes from unifi having a chasm inbetween small home(eight ports) and high end smb(48), their 24 ports are subpar. I've beein eyeballing multiple products from competitors because there are better products, there are no fanless options for 24 ports for usw, there are no 10g options for 24 ports usw. I don't want to have a big, expensive, noisy, power hogging and overkill switch when i need 18 ports at best so having a subpar choice set doesn't please me. Again, i am a single unlucky dataset but i don't feel like throwing praises when i got hosed by the first two product i bought from them .The controller statistics give me jack on data consumption, when i have a home client killing my bandwidth i get useless data like 80g of http traffic. Is it Windows updates? Is it porn downloads? Who the gently caress knows. If the client stops downloading after a while the dpi data goes up in smoke, you need to run experimental controller builds to have historical data retention but if you have a cloud key you cannot, as it will break the mongodb dataset(cheap 32 bit cpu on the cloudkey means 2gb db limit). Lots of weird code choices that pisses me off(as i used a free meraki mx maybe i got too much accustomed by their super precise data analysis tools). Maybe I am not their best customer scenario(not low tier home, not high tier smb) but again if i were a smb i would go meraki not them 
SlowBloke fucked around with this message at 09:26 on Dec 1, 2017 |
|
#
¿
Dec 1, 2017 09:14
|
|
|
Acid Reflux posted:I'm not sure if this is a networking problem specifically, but it's where the symptoms are, so here I am. That's your system hard drive being trashed. Handbrake is using more cpu/memory to work taking a frame and encoding in a slower interval. If your chinese encoder(ffmpeg can use NVENC and NVDEC without welcoming PRC hackers into your pc so you may want to reevaluate your choice of software) is really using nvenc it means it's elaborating frames and writing them to disk much faster. If you are saving the videos to different drive, i think you are writing to a cache in c:\windows\temp.
|
|
#
¿
Dec 3, 2017 10:06
|
|
|
Acid Reflux posted:Source and destination drives are two separate platters, system drive is an 850 Evo. Very little activity on any of them during the process, 4-5% on the source/destination and 0-1% on C. CPU is pegged at 100% and GPU fluctuates between 70-80%. It's a very strange phenomenon that only seems to happen with this program (MediaCoder Pro). At any rate, I didn't realize that ffmpeg had GPU support, so I'll give that a whack and see how it does. I don't have a whole lot more I want to do this way, and then I'm back to Handbrake anyway for the stuff I want to keep in higher quality. Hmm it seems that you aren't offloading all the load to the cpu, maybe the video decoding(to get the frames to encode) is running by software? Try using both nvdec and nvenc to see if your computer is still running at 100% cpu, there is a synthax sample over at https://trac.ffmpeg.org/wiki/HWAccelIntro
|
|
#
¿
Dec 4, 2017 08:10
|
|
|
PitViper posted:I'm leaning towards 6/6a, only because I'd like to do this once and have some sort of upgradeability past gigabit. Current gear is all gigabit, but having the overhead to swap gear and get 5gbit/10gbit over the same wiring seems like it's worth the added up front cost for 6a cable/keystones/patch panel. The main expense in data wiring is not the wire but the guy pulling it, cat 5-6 price delta is minimal so i'd say to go for the better spec if you can. I would suggest to investigate if you could pull shielded wire to make sure you won't get interference but that's up to you.
|
|
#
¿
Jun 19, 2018 10:48
|
|
|
KKKLIP ART posted:So on a purely academic hypothetical, if I wanted to run single mode fiber around my place, what kind of equipment would I need re: switches, adapters, NICs A point to point link will just require a couple of media converters, a more complex design will require switches with sfp(up to 1gbps speeds) or sfp+(up to 10gbps speeds). Unless you plan to buy 10g nics there is no need for new cards.
|
|
#
¿
Jun 24, 2018 09:48
|
|
|
Paul MaudDib posted:Looking for a 10 GbE base-T adapter, is there any reason to prefer Intel over Aquantia? Depends on the os. I had aquantias(aqc107) on my qnap and windows pc. The driver wasn't cooked at al, plenty of link loss event without any recourse than shutting down the pc and cutting the power at the psu level. I returned them both to get a couple of tehuti cards(with sfp dac cables) and never had any issues afterwards. If i had to pick i would go mellanox or broadcom rather than aquantia.
|
|
#
¿
Aug 15, 2018 12:05
|
|
|
stevewm posted:Looking to replace my ancient Asus RT-AC66U... While it has served me well over the years, I am starting to have random issues that I can only attribute to it; WAN port seems to randomly die, wifi stops working, etc... I have a USG3(equivalent to a edgerouter lite) and 1000/200 ftth, the usg can barely handle it but only if you avoid any fancy feature like smart queues or ids/ips. P2P tends to choke at 20MBps at ~200 connections(more connections lead to slowdowns). IPv6 is a shitshow even on the latest beta/dev builds so if your provider relies on that expect issues. SlowBloke fucked around with this message at 17:29 on Aug 21, 2018 |
|
#
¿
Aug 21, 2018 17:25
|
|
|
Thanks Ants posted:I don't know what the deal is with electrical code in the US, if there's a concept of direct burial steel armoured cable or whether you need to put a conduit in the ground, but I'd be surprised if your low voltage cable could live inside the same conduit as the mains power. You can get direct burial Cat6 cable but digging is a pain, so I'd always advise putting something in that lets you pull more wires through later, even if it's just to replace a damaged run. I guess there's no restrictions on network cable so you could bury a plastic water pipe if you wanted to, and put the network cable inside of that. At least in euroland you are not allowed to mix data copper and power copper(some people say the same for data fiber and power copper). If you go to the extent of digging a trench, running two conduits is not much of an increase in price.
|
|
#
¿
Sep 3, 2018 12:57
|
|
|
I have a usg3 with a 1gbps line and it routinely throttles itself, if you want to go full stack you need at least a usg4
|
|
#
¿
Oct 31, 2018 14:05
|
|
|
caberham posted:
Unless you do IDS/IPS that's what ubnt seems to recommend on 1gbps and up lines if you read the fine print, if you need that they suggest the xg. Having one i would just go pfsense as the advantages of a usg( like integrated dpi which pretty much never gives actionable intel) are not that big.
|
|
#
¿
Nov 1, 2018 08:26
|
|
|
apropos man posted:What does "3-4 hours for burn-in" consist of? Mem test mostly, check if the ram(or the ssd) have manufacturing defects that could preclude operation.
|
|
#
¿
Nov 18, 2018 20:01
|
|
|
unknown posted:To expand on what Valen said - technically the 5G wifi can go to 1.3+Gbps, so they need more that 1 uplink port to support that (via aggregation). Wireless is half duplex so you need to divide the speed in two, making a 1733 ac link effectively 866, so a 4x4 VHT80 wireless ap traffic can possibly fit onto a single wired gigabit link. The LACP feature on HD/SHD is not that useful as there is not enough bandwidth usage to justify it(at least without VHT160) and the controller seems to have visualization issues with trunks(my LACP linked SHD is shown somedays as one device, other as two). SlowBloke fucked around with this message at 08:46 on Feb 7, 2019 |
|
#
¿
Feb 7, 2019 08:40
|
|
|
Thanks Ants posted:Ubiquiti.txt The current unifi network stable controller is 5.10.17. The current manual is for unifi controller 5.6.2. The dashboard/home gui don't match so anybody trying to set it up using the guide is not going to understand what the gently caress is going on. SlowBloke fucked around with this message at 17:33 on Feb 18, 2019 |
|
#
¿
Feb 18, 2019 17:30
|
|
|
DNK posted:YouTube howto’s are ubiquiti’s manuals. At least they were for me. The fact that there are fans doing their work doesn't make their lack of proper official up-to-date documentation less evident. I can understand the manuals lagging a bit(say a couple of minor, or a major on day 1) behind the latest releases on a small newcomer firm but having to rely 100% on xXx_420_Dank_Goku_Ichigo_420_xXx videos to set up a Soho/SMB platform is not a good thing 
|
|
#
¿
Feb 18, 2019 18:43
|
|
|
20€ for a 200/100 is a very good deal eurozone-wise, the sole provider in Italy that does a VDSL2 at 20€ makes Comcast look good(they are very poo poo). Here we pay about 35-40€ (depending on the isp) for any non-adsl line, if you are lucky like me and have gpon coverage, you get a 1000/100, otherwise you get a 200/10 evdsl2.
|
|
#
¿
Mar 4, 2019 13:38
|
|
|
eames posted:Southern European internet infrastructure seems pretty impressive lately. Relatives just got internet installed at their holiday home (Movistar.es in Spain). I think it can be summed up by these simple factors. 1. Southern europe gpon coverage is being done in high density areas, most people moved to the big urban areas so no need to wire up the hillbillies and that speeds up the deployment 2. Existing landlines are stupid old so no issues with ripping everything out(my gpon hookup was made by ripping out old mid90 HFC links that never went in action) 2. Euro funds for improving rural areas and decreasing digital divide 3. GPON tech being "cheap" to deploy with new high resistance fiber and high density OLT chassis. When the ISP subcontractors came to my home to wire me up with GPON i was aghast by the way they handled the fiber, they pulled the wire with a force i never used even for cat6 pulls when i worked as a field tech. It was actually stunning. When i handled OM2 fiber in the mid 2000 i had to babysit the fiber and hope to god i didn't used too much torque or pinched it every time. SlowBloke fucked around with this message at 00:07 on Mar 5, 2019 |
|
#
¿
Mar 4, 2019 22:12
|
|
|
eames posted:Interesting info, thanks. I never heard of GPON before (I only have lowly DOCSIS at home) and didn't know that it is a shared medium, though it makes sense. When I got upgraded to 1000/100 i had similar performance issues with the ISP speedtest servers. I think you might be going slower than the max cause the test server is likely to be oversaturated, try using third parties and see if the speeds still are average at 200-300 down or not(My isp servers gets bottlenecked at 450-500, some private hosting firms goes up to a full 1000 so i know my line is OK). I'm having good results with nperf(since it's still relatively niche) 
SlowBloke fucked around with this message at 00:10 on Mar 5, 2019 |
|
#
¿
Mar 5, 2019 00:07
|
|
|
I didn't see any references to this so i'm posting this snippet. Ubiquiti has released an unifi all in one(in Early Access/beta form), router+4x4 mumimo ap+4 port switch+controller all in one called the UDM. The processor is arm(same the ck2) and they claim it can do 700mbps with smartqueques or IDS/IPS(with 1gbps bursts). The sole issue i'm seeing is that it will only work with the integrated controller no chances of adoption to another site. Current price 300$.
|
|
#
¿
Mar 16, 2019 10:46
|
|
|
eames posted:sounds like the consumer hardware i've been waiting for, though I can't find any information on it. it all seems to be locked behind "early access" portal. I hope it provides PoE. If I had to guess the one plus would be the ck2+ counterpart to the one(and ck2). Since you cannot add protect without a ck2+ and you cannot use third party controllers with UDM i think the plus would add local storage for protect.
|
|
#
¿
Mar 16, 2019 12:17
|
|
|
Captn Kurp posted:
If you want to boot vmware over pxe the quickest/simplest way is to deploy vcsa(or install vcenter server on a win srv) and use autodeploy. No need for dhcp server overlapping/replacement.
|
|
#
¿
Mar 20, 2019 19:20
|
|
|
I can talk about vodafone in italy and they deliver badly on promises. Sync/download is a dsl thing. Sync is the maximum attainable rate, download is the real live rate. Download and Sync are rarely equals unless the cabinet and your household are within less than 100m
|
|
#
¿
Mar 22, 2019 09:24
|
|
|
Thanks Ants posted:Ubiquiti missed a trick by not having that all-in-one box able to put out the same WiFi network as the UAPs in terms of roaming. Maybe they can fix it later in software. The UDM can adopt other UAP, it just cannot be adopted by an existing controller. The wifi part is equivalent to a UAP-HD.
|
|
#
¿
Mar 30, 2019 17:59
|
|
|
eames posted:looks like a job for a modern powerline networking kit if the wiring installation allows for it If the three apartments are on different power circuits powerline won't work tho. If the power/coax/FTA conduits are shared inbetween the three apartments you could pull fiber optic in the power conduits and still be code-compliant. It's a tad more expensive tho.
|
|
#
¿
Apr 2, 2019 14:32
|
|
|
KKKLIP ART posted:So while 10 gigabit Ethernet being overkill for a lot of home users, are there any good 8-12 port base-n switches out that support 1/2.5/5? Netgear does some (https://www.netgear.com/landings/multi-gig/) but the prices are so close to a 10g switch i would suggest to wait and jump to a 1/2.5/5/10 port unit once the prices gets reasonable.
|
|
#
¿
Apr 15, 2019 10:33
|
|
|
El Pollo Blanco posted:I'm not sure if this is the right place for this, but am I correct in thinking newish 802.11ac pcie adapters will support Win 10's miracast wireless display stuff, or do you need to find one that specifically supports Wi-fi direct? wifi direct is a prerequisite for intel wi-di/miracast. Even then i've never saw a desktop wireless card work with miracast, only on laptops. You need a lot of boxes ticked to have it work fine, this guides (https://www.enhansoft.com/how-to-troubleshoot-miracast-when-using-windows-10/) list most of them if you want to give it a shot.
|
|
#
¿
Apr 24, 2019 17:07
|
|
|
El Pollo Blanco posted:Cool thanks! I had read that Win 10's miracast implementation can work without a widi capable card, as long as its driver version supports NDIS 6.40 or something. I have my eye on a ASUS wifi card that claims it's capable of wifi direct, but just wanted to check to see if that really was necessary now.
|
|
#
¿
Apr 27, 2019 18:31
|
|
|
Schadenboner posted:Any rumors of Ubiquiti releasing new stuff? I remember people were saying their hardware was kinda old a while ago? UDM is a brand new platform which is likely to be the foundation for all their future routing products, unlike the current er or usg, it uses raw cpu compute power instead of relying on discrete acceleration in the cavium SoC meaning updates are going to be easier and more timely. You might lose all the finesse vyatta/vyoss can provide but at least you will have a relatively up-to-date linux kernel(instead of what the cavium sdk has) and software modules. Thay have just released the wifi uplinked UDM beacon, pretty much making amplifi a evolutionary dead end.
|
|
#
¿
May 4, 2019 10:59
|
|
|
Thanks Ants posted:Is there any duration of time shorter than the Ubiquiti attention span? I don't think current maths can provide you a number, maybe rent some crunch time in one of those new quantum computers to find out?
|
|
#
¿
May 4, 2019 14:28
|
|
|
Thanks Ants posted:They're a solid PtP/PtMP radio vendor, the devices they make to support that are also pretty decent, the SMB network stuff makes sense, but I can't see why they bother with the surveillance camera range which has recently been rebooted, the LED light panels and dimmers, VoIP phones, solar panels, and now door access control. My main issue with ubiquiti(I have most of my homelan running on their products so i'm not pontificating without cause) is being fast and loose with datasheets, advertising features that are neither ready nor available. The unifi SHD is the worse culprit in recent memory, advertising VHT160 and not delivering until recently(and still not being able to di RF scans on VHT160) along with the security radio doing fuckall(yes it does neighbour scan now but if i have a radio doing fuckall why does the rf scan need to run on the prod radio instead of the idle security one?). I think there would be less nagging if they delivered more rather than just announcing and doing some(not all) of the promised features. The "rebooted" video stuff is just trying to vendor-lock the software to run the cameras to their cloudkey appliance so for each camera they sell at least one ck2+ controller. Led & access control is just flinging poo poo and hope it sticks, i expect it to go the way of mfi. Voip is going to be very shortlived as the trends are to moving to softphones or not having phones at all rather than having a crate of unsafe/unpatched android tablets with a handset stuck on the side SlowBloke fucked around with this message at 19:33 on May 4, 2019 |
|
#
¿
May 4, 2019 19:25
|
|
|
|
| # ¿ May 21, 2024 11:19 |
|
|
KKKLIP ART posted:The “faster” is the USG Pro but it’s rackmount and I still don’t think it hits wirespeed gigabit with all the bells and whistle IPSec stuff turned on. Usg pro with ids/ips is rated for 350mbps max Usg xg with ids/ips is rated for 1gbps In contrast the new udm with ids/ips is rated for 950mbps
|
|
#
¿
May 5, 2019 18:23
|
|