Jump to content
Search In
  • More options...
Find results that contain...
Find results in...


  • Content Count

  • Joined

  • Last visited

Everything posted by brwainer

  1. You just plug the router’s WAN into the ethernet, register the router’s MAC with them, and use the router as a normal device.
  2. I don’t know any exact reason, but if I had to guess it might be so that if you have routers in a redundant setup and need to do maintenance on one, it can seamlessly pass off to the other member (by telling the other member to take over during the shutdown sequence) versus having a short downtime while the other member waits to determine whether it needs to take over.
  3. You are quoting a post that is over one month old, and was written before people really tested them thoroughly. Do you expect me to go back and update every old statement I’ve made? I’m sure I can go through your posts and find things that were true at the time you wrote them but not true now. Specifically I was talking about the fact that most Ubiquiti products go through Early Access with semi-public beta testing. The Amplifi Alien did not. What is the model number of an Amplifi mesh point with Wifi 6 that is not the Alien? It doesn't exist as of 2020-01-07. The available mesh units (ones that don’t have all the router bits inside) are not Wifi 6. The selling feature of the Amplifi Alien versus the prior Amplifi models is Wifi 6, therefore although it may work with the units without Wifi 6, I don’t consider them as being in the same family. The “TRUE GIGABIT MESH” they advertise will not work with the existing Amplifi mesh units. The Alien product page says “Buy additional units to increase range and add capacity.” which means Ubiquiti expects consumers to buy multiple complete Alien units, they don’t advertise a mesh-only Wifi 6 point. https://amplifi.com/alien
  4. Depends on how efficient the chips in the switch are. Some switches are known to eat hundreds of watts. If you can find data sheets on those switch models, it would tell you the expected power draw.
  5. Your bigger issue is likely to be loud fans. Just like servers, most enterprise switches (and especially older ones) expect to be in data closets where the noise is acceptable, and its more important to cram as much into the rack as possible.
  6. FastIron switches are an odd category. They are very good hardware wise, very tough and resilient, but their CLI lacks some features and a lot of usability polish compared to Cisco and other brands of the same age. Even today FastIron (now owned by Extreme) isn’t as polished as their competitors. What’s worse for you, is that when Extreme acquired the brand, most of the documentation and firmware files for these older models dissappeared. Are they good hardware you can put to use? Yes. Will they be easy to use and learn? No.
  7. How about the Mikrotik CRS326-24G-2S+RM, https://mikrotik.com/product/CRS326-24G-2SplusRM ($200 MSRP, 24 gugabit ports, 2 SFP+) and to convert the SFP+ to copper ports, use two of the S+RJ10 https://mikrotik.com/product/SplusRJ10r2 ($65 MSRP) If you just want a dumb switch, then you can use this as-is with no changes needing to be made. However this is capable of pretty much every normal “managed switch” feature (note that while you can set up routing on this, this is NOT a “layer 3” switch, so anything other than plain switching has to use the CPU which is very slow). Mikrotik has a learning curve if you want to do anything other than have a dumb switch, but the value can’t be beaten.
  8. What country are you in? If you are in the US, then you likely have split-phase 240V (meaning that you have lines coming into your house where 120V is supplied on one phase, then 120V is supplied on the other phase, and if you connect something to both phases it effectively receives 240V. The phases are alternating on your breaker box going down. So the first row is Phase A, the second row is Phase B, and so on. You'll notice that your 240V devices, like a water heater, stove, or clothes dryer, take up two rows on one side - this is how it uses both phases. For powerline, what matters is that the units be on the same phase. Determine which breakers have the outlets you want to use. They are on the same phase if they are both even or both odd (e.g. Row 3 and Row 7, or Row 8 and Row 10). If they aren't on the same phase, you might still be able to make a connection but at a much slower speed. Powerline units that are listed as "AV2" are able to communicate via the ground pin as well as the hot and neutral. These can often connect on breakers that are different phases.
  9. You are both correct, I missed that they were looking for redundancy. I have seen multiple modems in use in multi-wan where the ISP’s highest available bandwidth tier is not enough.
  10. pardon? You can definitely have a single coax coming into a house/apartment, use a splitter, and connect multiple modems. It is no different from the splitter(s) outside the house/apartment. All that matters is whether the resulting signal is strong enough.
  11. If the ISP is using cable modems (sounds likely from your description), then it is possible to have more than one modem connected next to each other. The DOCSIS system is already splitting up bandwidth between all the apartments in your building (and possibly other buildings as well - often the entire apartment complex is a single DOCSIS headend), so there is actually no difference on the networking/connection side between two modems inside the same apartment and two modems in two separate apartments. Where you are more likely to run into issues, is that most cable companies' systems can only handle a single account at each address, and possibly only a single modem per account. If you have a roommate, it may be possible to have a second account be under their name to rent a second modem. More than one Modem is not possible in a DSL setup, nor having more than one ONT in a FTTH setup (where the fiber goes all the way to each house/apartment, not just to a nearby pedestal or the apartment building in general).
  12. If you have an iPhone, open the settings for that wireless network and make sure “Auto Login” is enabled. “Auto Login” really means “automatically open up the login page when connecting to this wifi”. If you’re on android, maybe they have something similar? Other than a phone config issue, it is also possible that the network is configured to allow through the pages that iOS/Android use to check whether a login is required, so they think that one isn’t. I work with this type of equipment and can 100% confirm that every vendor has a setting to do this, but why anyone would want to I have no idea.
  13. The Amplifi Alien hasn't been out long enough for there to be good reviews by really technical people - it went from being unannounced/rumored, to being available for purchase. The hardware looks nice, although if you want to expand it you have to buy a whole second (or third) Alien unit, they don't have a cut down mesh-only (non-router) unit like the Amplifi HD or most other Mesh systems offer. The feature set of Amplifi is the same as their other competitors in the mesh space - you'll get a wireless system that lets you view and control clients, but it won't have the ability to connect each SSID to a different VLAN, for example. For most home users the feature set is adequate.
  14. I'm waiting to make a decision on whether to leave PIA until I hear updates from LTT (Linus said in the WAN show 11/22 that they have put a hold on their PIA sponsorships, but have not cancelled them, until they hear from PIA) and also Purism, who resells PIA as part of the Librem.one service. Librem is a social-purpose corporation, meaning that by law they must put social good ahead of profit, and their social purpose is privacy and security. I trust them to figure out, at a deep level, whether PIA can be trusted under the new ownership, and to be vigilant for any changes in the PIA service.
  15. The point of a virtual machine, is that once you are talking about the network, it is indistinguishable from a physical device. Do your servers already have their own IP on the LAN side of your router? Or do the servers share the IP of the host? If they share, then that means your VM Host is doing its own layer of NAT, and you want to get rid of that. As long as the router can directly reach an IP, you can 1:1 NAT to it. (I’m simplifying here, there are ways with routing to NAT a device that isn’t directly on a router’s LAN, but that’s beyond the scope of your situation). If you wanted to take the “switch between the modem and router” option, then there are still two possibilities for the VMs to have public IPs, but the host to have a private IP: 1. Use a second ethernet adaptor on the host, and only assign the VMs which should have public IPs to it 2. Learn VLANs and get a switch that is capable of them. This would allow you to use a single port on the host, but have the VMs go to a different network than the host and other VMs. The VPS provider is doing one or both of the things I said above. Typically they will have separate ports for the management of the host versus the VPS traffic (and other port(s) for storage tasks like replication and backup), and sometimes each customer has their own VLAN for their VPSs so they can communicate “directly”
  16. Copying my answer from the Lawrence Technology Services forum so it is here for people who may come across your post in the future: I haven't come up with any other ideas, if I were in your situation I would handle it the way I described above.
  17. Two options: 1. plug in a switch before your router, and connect all the devices that need a public IP (the router and the servers) directly into that switch. 2. (using a router capable of this) set up 1:1 NAT. 1:1 NAT is basically port forwarding but on a whole IP basis - every incoming or outgoing connection on any port is directly mapped between a public IP and a LAN IP. It is named 1:1 because port 1 forwards to port 1, port 2 forwards to port 2, etc. Most installs I support use a mixture of the two - we tend to have multiple routers/firewalls which are connected via the switch, but for servers we do 1:1 NAT because that allows the IPS on the firewall to protect the server against obvious attacks like brute force attempts. This is a feature you normally pay a subscription for, on devices from companies like Cisco, Fortinet, Watchguard, Sonicwall, etc. You can set up IPS yourself for free using PFSense and Snort or Suricata, or you can get a home license of Untangle for $50/year which saves you a lot of hassle of setup and fine tuning.
  18. I am fairly sure that the actual Petabyte Project runs on a more traditional linux distribution like CentOS, on which you can run GlusterFS or Ceph. These are what allow expandability across many servers. But this has a cost in terms of CPU and RAM usage. Running “Hyper-converged” where you have VMs running on the same servers as Ceph or GlusterFS is not recommended without much more RAM than you have (I’ve seen 64 GB as the minimum for testing, and 128GB as the minimum for production use). Also, while you could run VMs on that CPU, I wouldn’t try to run a transcoding VM on the same system as Ceph or GlusterFS because they will compete. I expect you would have to throttle the VM to the point that it isn’t worth using it.
  19. Kind of cheating to post work systems. I don’t remember if the rules for this specifically prevent it, I know the Network Layout Showoff thread does.
  20. The UDM is a Unifi product, and you can connect other Unifi APs to it via Mesh. If you want to place things on desks, go with the FlexHD. If you have spare power outlets, go with the BeaconHD (which apparently just released today, I found out since my earlier posts: https://store.ui.com/collections/wireless/products/uap-beaconhd). The only limitation with the Unifi system is that APs other than the Mesh, Mesh Pro, and BeaconHD have to be first connected by ethernet and have the "Allow meshing to another access point" feature enabled, before you can unplug the ethernet and put them in other parts of the house/apartment.
  21. I would try to have less than 20-30 clients per AP by placing the APs strategically, regardless of which system you go with. I don’t have a lot of insight or opinion on the systems beyond that. The UDM is comparable to the USG Pro in terms of routing capability, so in terms of the connection to the internet I’m sure it is stronger than Amplifi.
  22. Make sure both are using the same type of encryption (WPA2 is preferred).
  23. The Unifi Dream Machine is based on a new operating system, which means it shares nothing on the backend with prior Unifi equipment (prior Unifi Routers, Switches, and APs you could SSH into them and make lots of extra changes, because they used the same OS and basic hardware as the Edge* devices). The frontend, the Unifi software, is still the same and is compatible with other Unifi devices. What this means is the UDM is limited to ONLY what is available in the UI, whereas the older devices can do more if you were willing to do it via command line. They are developing a new Unifi device called “Beacon” which plugs directly into an outlet (it covers the whole outlet plate, which I think makes it very limited) and is intended to be used as a mesh node with the UDM. They also recently released the FlexHD for the same purpose. You can also do mesh with any of the other Unifi APs. In terms of Amplifi vs Unifi (with or without the UDM as the central device), it comes down to how much tinkering and learning you want to do (either required to do, or able to do). A minimal working setup isn’t hard with Unifi, but it is harder than Amplifi. By the same token, if you want to dig into it, Unifi has more for you to do so.
  24. You can use 1:1 NAT and port forwarding together. I have 5 IPs at home, all on a Mikrotik. On the first IP, I do the normal stuff of opening some ports on the router for VPN, forwarding other ports for services, etc. Two of the IPs are 1:1 NAT. The final two are a mixture - certain ports are forwarded, and the rest are 1:1 NAT. This is easy to do on Mikrotik (or anything that uses the same or similar type of firewall stack, which is somewhat common on linux in general) by ordering the NAT rules properly. This would be difficult to do on other systems like WatchGuard and Fortinet. I suspect it can be done on PFSense and EdgeRouter but I haven’t tried. I asked for the IP because I suspected they only have one from their ISP, or that possibly they have CGNAT and/or IPv6. I assume as little as possible. So is this your only IP? Or do you also have .187, .188, etc? Or are the other IPs you have from a completely different set of numbers? I’m trying to understand what you have, in order to figure out how to help you better.