All Ubiquiti, all the time
-
Well, I'm looking at replacing some aging Cisco gear on site, and seeing Ubiquiti mentioned here reminded me of them again. So, do any of you have any experiential feedback on using their gear? I need new switches, firewall/router, and APs.
Requirements:
~50 employees
20 Mb/s internet (Could go higher)
~100 wireless devices in a building being covered by 4 Cisco APs
Multiple VLANs, would need at least 1 L3 switchThanks
-
Only touched the wireless but it's so good I want to get my hands on switches and routers from Ubiquiti.
-
I would start my plan with
- 1x EdgeRouterLite
- 1x EdgeSwitch (increase to cover ports needed or add EdgeSwitchLITE for non-PoE)
- 4x Unifi AP-AC-LITE
On the ERL
- eth0 = WAN
- eth1 = WAN2 (or unused)
- eth2 = LAN or unused depending on VLAN requirement)
- eth2.XX = VLAN XX (repeat as needed)
-
@JaredBusch said:
I would start my plan with
- 1x EdgeRouterLite
- 1x EdgeSwitch (increase to cover ports needed or add EdgeSwitchLITE for non-PoE)
- 4x Unifi AP-AC-LITE
On the ERL
- eth0 = WAN
- eth1 = WAN2 (or unused)
- eth2 = LAN or unused depending on VLAN requirement)
- eth2.XX = VLAN XX (repeat as needed)
Why Lite over PRO? (I'm not sure if I'm using the right nomenclature)
-
@Kelly said:
@JaredBusch said:
I would start my plan with
- 1x EdgeRouterLite
- 1x EdgeSwitch (increase to cover ports needed or add EdgeSwitchLITE for non-PoE)
- 4x Unifi AP-AC-LITE
On the ERL
- eth0 = WAN
- eth1 = WAN2 (or unused)
- eth2 = LAN or unused depending on VLAN requirement)
- eth2.XX = VLAN XX (repeat as needed)
Why Lite over PRO? (I'm not sure if I'm using the right nomenclature)
Because you have no need for it. Sure spend the money if you want. But look at the specs. Do you need that level of performance from your edge routing device?
From the description, you have no need for any of the additional ports.
The PRO does not have a switch chip. All of the ports are routed. You can bridge them internally, but a software bridge kills throughput. -
I love JB's suggestion - but I would consider looking at the Unifi gear.
1x UniFi
Security Gateway
1x 48 port UniFi Switch
1x 24 port UniFi Switch
Xx UAP-AC Pro (wireless access points)This allows you to use the UniFi controller software to monitor, if not even manage, all of the equipment and show you easy to use graphs, etc.
-
@Dashrender said:
I love JB's suggestion - but I would consider looking at the Unifi gear.
1x UniFi
Security Gateway
1x 48 port UniFi Switch
1x 24 port UniFi Switch
Xx UAP-AC Pro (wireless access points)This allows you to use the UniFi controller software to monitor, if not even manage, all of the equipment and show you easy to use graphs, etc.
I am not a fan of the all in one controller model. It requires too much lock in. The entire reason I like Ubiquiti gear (even before price) is because I do not have to have all Ubiquiti gear.
-
The USG seems limited for the price. Centralized management for it doesn't seem like a good trade off for the loss of function.
-
@johnhooks said:
The USG seems limited for the price. Centralized management for it doesn't seem like a good trade off for the loss of function.
Just wondering? what loss of function (I haven't compared them).
And would that loss of function really matter for a 50 computer network?
-
@Dashrender said:
@johnhooks said:
The USG seems limited for the price. Centralized management for it doesn't seem like a good trade off for the loss of function.
Just wondering? what loss of function (I haven't compared them).
And would that loss of function really matter for a 50 computer network?
Who ever said 50 computers? The OP said ~50 employees. That certainly does not usually equal computers.
-
@JaredBusch said:
@Dashrender said:
@johnhooks said:
The USG seems limited for the price. Centralized management for it doesn't seem like a good trade off for the loss of function.
Just wondering? what loss of function (I haven't compared them).
And would that loss of function really matter for a 50 computer network?
Who ever said 50 computers? The OP said ~50 employees. That certainly does not usually equal computers.
You're right - I recalled 50, but didn't confirm it was computers.
-
@Dashrender said:
@johnhooks said:
The USG seems limited for the price. Centralized management for it doesn't seem like a good trade off for the loss of function.
Just wondering? what loss of function (I haven't compared them).
And would that loss of function really matter for a 50 computer network?
There are almost no options for the networking aspect. You can set a subnet and that's close to it.
-
I happen to have one of those switches in house that I will be deploying soon. I'll let you know if I have more options when I manage it directly.
Assuming there are, I mainly like the UniFi stuff because of the simplified pane of glass for bandwidth usage at the switch level like we have at the AP level.
-
@Dashrender said:
I happen to have one of those switches in house that I will be deploying soon. I'll let you know if I have more options when I manage it directly.
Assuming there are, I mainly like the UniFi stuff because of the simplified pane of glass for bandwidth usage at the switch level like we have at the AP level.
Ya from what I've seen, it's really limited compared to EdgeMax which is just VyOS.
-
Watching this thread closely as I'll be doing similar on a larger scale soon
(dumping B/G HP AP's and controllers for something else, switching gear remains the same)
-
@johnhooks said:
@Dashrender said:
I happen to have one of those switches in house that I will be deploying soon. I'll let you know if I have more options when I manage it directly.
Assuming there are, I mainly like the UniFi stuff because of the simplified pane of glass for bandwidth usage at the switch level like we have at the AP level.
Ya from what I've seen, it's really limited compared to EdgeMax which is just VyOS.
And it may be - but I still have to ask for an SMB, what is missing that you really want? The idea of having VLANs is dieing, if not dead already.
If you're really moving to a @scottalanmiller approved network, it would probably be completely flat, a /23 or /22 where you don't trust any device on the network.
Local servers might be limited to OwnCloud (servers for large amounts of data (or large file size) that are impractical to store offsite or in the cloud), PBXes, application server, etc.
But these and the rest all behave exactly like everything else on the internet. You have a secure connection from you to them and that's it.
Of course you could simplify some of the authentication with things like Azure AD, or Google's ID, or FB's ID, Etc whatever your products support.
-
the Unifi stuff is more expensive and does less, too.
We are using Ubiquiti for firewalls, switches and APs, but only the APs are Unifi series.
-
@Dashrender said:
@johnhooks said:
@Dashrender said:
I happen to have one of those switches in house that I will be deploying soon. I'll let you know if I have more options when I manage it directly.
Assuming there are, I mainly like the UniFi stuff because of the simplified pane of glass for bandwidth usage at the switch level like we have at the AP level.
Ya from what I've seen, it's really limited compared to EdgeMax which is just VyOS.
And it may be - but I still have to ask for an SMB, what is missing that you really want? The idea of having VLANs is dieing, if not dead already.
If you're really moving to a @scottalanmiller approved network, it would probably be completely flat, a /23 or /22 where you don't trust any device on the network.
Local servers might be limited to OwnCloud (servers for large amounts of data (or large file size) that are impractical to store offsite or in the cloud), PBXes, application server, etc.
But these and the rest all behave exactly like everything else on the internet. You have a secure connection from you to them and that's it.
Of course you could simplify some of the authentication with things like Azure AD, or Google's ID, or FB's ID, Etc whatever your products support.
You have no routing ability, no VPN capability (could be solved with ZeroTier, but if you only have one or two people using it that might not make sense), I didn't see any firewall or NAT rules, no DNS/DynDNS (EdgeMax uses DNSMasq but it's still usable for simple solutions), not sure about QoS either.
I think it still runs Linux, so yo could probably do most of that. However that kind of defeats the purpose of being centrally managed.
-
@johnhooks said:
I think it still runs Linux, so yo could probably do most of that. However that kind of defeats the purpose of being centrally managed.
VyOS, it is extremely capable. We've been on VyOS or its parent Vyatta for a very, very long time.
-
@johnhooks said:
You have no routing ability, no VPN capability (could be solved with ZeroTier, but if you only have one or two people using it that might not make sense), I didn't see any firewall or NAT rules, no DNS/DynDNS (EdgeMax uses DNSMasq but it's still usable for simple solutions), not sure about QoS either.
I'm unclear to whom you are addressing this or in regards to which aspect of the design.
