can a mamanged switch act as Router?

[Bacon8tor]

Hello all.  I am helping someone with their wifi at their house. the house is huge and almost everything runs off wifi. including the blinds, garage door, pool pump. Need less to say alot of things need wifi. 

I went and installed a single Ubiquiti AP and it helped but not nearly enough. So Now I am ripping all the equipment he has their and replacing it. 

I am purchasing a 5 pack of Ubiquiti AP I only really need  of them but I want the other 2 incase I need them.  My question is from the cable modem, if I get a managed switched am I able to use it like a router. since I am using the Ubiquit as the acces points I dont want to have to use a regular router(and disable the wifi) then route to all the access points. 

if I cant use a managed switch as a router , what else can I use? (dont want to use PFsense , need something that is pretty much plug and play.) 

 

 

[LAwLz]

A router is a router. It routes packets. A switch is a switch. It does not have routing functionality (in before someone mentions layer 3 switches). 

 

You will most likely need something to do NAT for you. If your modem can do it them great. No need for a router. If it can't then you will most likely have to get one. Switches usually don't have DHCP either so you would need something to handle that. 

 

It entirely depends on what equipment you got, but in general the answer will be no. 

[KuJoe]

A layer 3 switch can be used as a router. My advice is get a router and call it a day.

[Bacon8tor]

4 minutes ago, LAwLz said:

A router is a router. It routes packets. A switch is a switch. It does not have routing functionality (in before someone mentions layer 3 switches). 

 

You will most likely need something to do NAT for you. If your modem can do it them great. No need for a router. If it can't then you will most likely have to get one. Switches usually don't have DHCP either so you would need something to handle that. 

 

It entirely depends on what equipment you got, but in general the answer will be no. 

alright , thought so but im not the best with networking, thought Id double checked.

this is the modem , I dont see that it shows it can do NAT, just gonna get a router that has gigabit ports on it. was thinking about getting a switch with PoE to route to the Ubiquiti AP  the house is wired for ethernet but i dont know how well its labeled and dont want to spend all day testing which cablegoes where. 

[mcraftax]

3 hours ago, Bacon8tor said:

alright , thought so but im not the best with networking, thought Id double checked.

this is the modem , I dont see that it shows it can do NAT, just gonna get a router that has gigabit ports on it. was thinking about getting a switch with PoE to route to the Ubiquiti AP  the house is wired for ethernet but i dont know how well its labeled and dont want to spend all day testing which cablegoes where. 

Look at the Ubiquiti Edge Router range.

Either go for the Lite and a switch of your choice

or

the PoE router/switch (connect the aps to it and have another switch for other things)

 

I know they are not plug and play but for doing what you are doing and the amount of devices i would go for something like this

[Bacon8tor]

3 minutes ago, mcraftax said:

Look at the Ubiquiti Edge Router range.

Either go for the Lite and a switch of your choice

or

the PoE router/switch (connect the aps to it and have another switch for other things)

 

I know they are not plug and play but for doing what you are doing and the amount of devices i would go for something like this

Damn that's exactly what I was looking for. Unfortunately the order has been placed . ?  . 

[mcraftax]

1 minute ago, Bacon8tor said:

Damn that's exactly what I was looking for. Unfortunately the order has been placed . ?  . 

i don't know what you have got but if you think this is better, you may be able to return it? idk

[Bacon8tor]

I just bought a TP Link router made sure it had gigabit ports. I am just going to disable the wifi on this router then use all the ubiquiti AP . Unfortunately I guess nothing is working in his house so this needs to be done asap, otherwise I would return the router, but I only want to make 1 trip out there. Thanks for the suggestion , I gonna keep that in mind, I do like the Ubiquiti equipment. 

[Guest]

19 hours ago, mcraftax said:

Look at the Ubiquiti Edge Router range.

Either go for the Lite and a switch of your choice

or

the PoE router/switch (connect the aps to it and have another switch for other things)

 

I know they are not plug and play but for doing what you are doing and the amount of devices i would go for something like this

Unless you're experienced with networking, Edgerouters are a bad idea to buy. 

[Unhelpful]

25 minutes ago, Windspeed36 said:

Unless you're experienced with networking, Edgerouters are a bad idea to buy. 

You keep saying that... How so? The GUI is incredibly simple and pretty damn good. My dad is capable of setting one up, you can literally just follow a single youtube video tutorial click for click and call it there: 

 

 

After setting up my EdgeRouter PoE, it is something I'd be comfortable recommending to my non-tech-savvy parents, knowing that they could easily set it up.

 

There are similar guides for setting up their APs (I set mine up on AWS using this guide: https://help.ubnt.com/hc/en-us/articles/209376117-UniFi-Install-a-UniFi-Cloud-Controller-on-Amazon-Web-Services , but it's even less effort if you want to use your own laptop or something). Nothing here is difficult, even for non-tech-savvy people. Fairly easy to configure prosumer gear. 

[Bacon8tor]

2 hours ago, JoeyDM said:

You keep saying that... How so? The GUI is incredibly simple and pretty damn good. My dad is capable of setting one up, you can literally just follow a single youtube video tutorial click for click and call it there: 

 

 

After setting up my EdgeRouter PoE, it is something I'd be comfortable recommending to my non-tech-savvy parents, knowing that they could easily set it up.

 

There are similar guides for setting up their APs (I set mine up on AWS using this guide: https://help.ubnt.com/hc/en-us/articles/209376117-UniFi-Install-a-UniFi-Cloud-Controller-on-Amazon-Web-Services , but it's even less effort if you want to use your own laptop or something). Nothing here is difficult, even for non-tech-savvy people. Fairly easy to configure prosumer gear. 

my experience with Ubiquiti is that they are pretty simple to setup. I have never used one of there routers but Id have to agree that the AP's at least are very simple to set up. 

[Unhelpful]

31 minutes ago, Bacon8tor said:

my experience with Ubiquiti is that they are pretty simple to setup. I have never used one of there routers but Id have to agree that the AP's at least are very simple to set up. 

Imo, the router is easier to set up than the AP. Just follow that video click for click and you're done. The CLI isn't that confusing either, but it isn't at all necessary for a home setup.

[Bacon8tor]

12 minutes ago, JoeyDM said:

Imo, the router is easier to set up than the AP. Just follow that video click for click and you're done. The CLI isn't that confusing either, but it isn't at all necessary for a home setup.

as great as this is, I am not going to use this cause the equipment has been ordered and I cant wait to order more equipment.  

 

[Unhelpful]

1 minute ago, Bacon8tor said:

as great as this is, I am not going to use this cause the equipment has been ordered and I cant wait to order more equipment.  

 

Oh of course, it wasn't really a recommendation towards you. Just a question directed at @Windspeed36.

[Guest]

4 hours ago, JoeyDM said:

Oh of course, it wasn't really a recommendation towards you. Just a question directed at @Windspeed36.

 - VPN setup cannot properly be done via GUI

 - Hardware offloading for better performance cannot correctly be done via GUI

 - If you want to forward ports correctly, it's not simple to do.

 

UniFi is an easy ecosystem to use, EdgeMax on the other hand is not. I work as an account manager and presales for networking & server at the largest Ubiquiti reseller in Australia and we quite often get calls for people either returning ER's or requesting a technican to set them up. 

 

[Unhelpful]

29 minutes ago, Windspeed36 said:

 

And very little of that is commonly used for home networking. There is a VPN tab in the GUI, I haven't touched it, but does it have issues? True about the hardware offloading. And what do you mean forwarding ports isn't simple to do correctly? Go to the GUI, Firewall/NAT, port forwarding, and add the rule. It's as simple as it is on most consumer routers. For a home application, they're easy as hell. Let's not pretend these are difficult to use devices. Again, for a normal consumer setup, I would be comfortable giving this to my mother to set up. She didn't know until recently that you can look at texts while talking on an iPhone.

 

[Guest]

31 minutes ago, JoeyDM said:

And very little of that is commonly used for home networking. There is a VPN tab in the GUI, I haven't touched it, but does it have issues? True about the hardware offloading. And what do you mean forwarding ports isn't simple to do correctly? Go to the GUI, Firewall/NAT, port forwarding, and add the rule. It's as simple as it is on most consumer routers. For a home application, they're easy as hell. Let's not pretend these are difficult to use devices. Again, for a normal consumer setup, I would be comfortable giving this to my mother to set up. She didn't know until recently that you can look at texts while talking on an iPhone.

 

• VPN tab won't work correctly, PPTP VPN's specifically need to be done via CLI. IPSEC will also have issues if you attempt to do it via CLI.
• Port forwarding can be done via the port forwarding GUI however the correct way to do it is through custom NAT rules. Using custom NAT rules allows you to define the source, not just the source port number meaning it can work in a multi WAN environment. However you also need to know you must manually define the firewall rules for it too.

[Unhelpful]

7 minutes ago, Windspeed36 said:

 

Again, neither of these are all that common for a consumer setup. And it doesn't really matter if the correct way is through custom NAT rules, port forwarding via the GUI still works just as well as consumer routers, better since it actually always works... Unlike old Netgear routers. So is it to the full potential of the router? No. But for consumers, who cares?

 

This doesn't need to be complex to quickly pass most consumer routers. I could hand my mother a laptop, a couple patch cables, that router, and that video and she could easily set up her house. There's really no reason for you to continue to go around and tell people not to recommend them due to complexity. For a normal home network (or even a small business), the GUI is fantastic and easy.

[Guest]

1 minute ago, JoeyDM said:

Again, neither of these are all that common for a consumer setup. And it doesn't really matter if the correct way is through custom NAT rules, port forwarding via the GUI still works just as well as consumer routers, better since it actually always works... Unlike old Netgear routers. So is it to the full potential of the router? No. But for consumers, who cares?

 

This doesn't need to be complex to quickly pass most consumer routers. I could hand my mother a laptop, a couple patch cables, that router, and that video and she could easily set up her house. There's really no reason for you to continue to go around and tell people not to recommend them due to complexity. For a normal home network (or even a small business), the GUI is fantastic and easy. Honestly easier than UniFi.

For SMB though it isn't ideal - most businesses need more than a router to simply route. They need VPN, they need fixed routes, they need WAN failover. I'm sick and tired of people yelling go Ubiquiti just because Linus came out and played with their products. UniFi routers are a pile of crap at the moment - they can't do anything. @.:MARK:. and I have had long discussions about this - people are blinding recomending products without knowing what they do.

 

For a home environment with little network load, you're going to see very much the same result as if you were to use an Asus or TP Link router or similar. EdgeRouter's are business routers and the featureset that makes them different (advanced VPN setup, RAIDUS auth, origin based port fowarding, WAN failover and load balancing), are not simple things to setup. It's like using a race car for going back and foward to the shop, it may work however it's probably a waste of time and money. 

[Unhelpful]

24 minutes ago, Windspeed36 said:

 

For SMB I know it isn't ideal. Hire somebody who knows what they're doing. I was talking suuuuper small business. Like book stores that I've set up small.

 

I frankly don't give half of a shit what Linus says when it comes to anything other than just PCs. Just look has his server videos. The reason I recommend an EdgeRouter for a home user is for one reason and one reason only: stability. EdgeRouters are small business routers. They're pretty damn good at that. I want to never have to restart the thing unless I'm updating, and an Edgerouter achieves that. With a TP Link or Asus router you generally have to restart them once every month or two for one reason or the other, which is fucking annoying. You can buy an ERLite and an AC Lite for cheaper than a Nighthawk X4S, and only a little bit more than the TP Link AC1900. So I'm going to keep recommending them to moderately tech-savvy people, or even people who aren't tech savvy, who want to get rid of shitty router combos that are inconsistent.

 

I bought mine because I want to play with it as I'm also learning about Cisco stuff, but that's just me.

[KuJoe]

Ubiquiti EdgeMax is pretty easy to configure for basic stuff but it's not exactly plug and play either (but at the same time it's also not plug and pray).

 

I always recommend Ubiquiti for anybody with basic networking knowledge or somebody who wants to learn or have access to advance features but for people who don't care about learning or don't need anything advanced then any router will do just fine (I personally prefer RouterBOARD and Buffalo because I like the advanced features DD-WRT and Mikrotik offer while maintaining a nice web GUI).

[leadeater]

6 hours ago, Windspeed36 said:

 - VPN setup cannot properly be done via GUI

 - Hardware offloading for better performance cannot correctly be done via GUI

 - If you want to forward ports correctly, it's not simple to do.

 

UniFi is an easy ecosystem to use, EdgeMax on the other hand is not. I work as an account manager and presales for networking & server at the largest Ubiquiti reseller in Australia and we quite often get calls for people either returning ER's or requesting a technican to set them up. 

 

 

6 hours ago, JoeyDM said:

And very little of that is commonly used for home networking. There is a VPN tab in the GUI, I haven't touched it, but does it have issues? True about the hardware offloading. And what do you mean forwarding ports isn't simple to do correctly? Go to the GUI, Firewall/NAT, port forwarding, and add the rule. It's as simple as it is on most consumer routers. For a home application, they're easy as hell. Let's not pretend these are difficult to use devices. Again, for a normal consumer setup, I would be comfortable giving this to my mother to set up. She didn't know until recently that you can look at texts while talking on an iPhone.

I can say for sure that the VPN configuration on ERLite's web interface is a waste of time. It'll likely help to explain my setup a little which in terms of what the product is designed for fits with it's purpose.

 

My home network is a two site setup between my house and a friend's, there is a server located at each location that we share resources etc (almost all equipment is my own however). On my site I have a Fortigate 60D and on his I purchased an ERLite-3 which my friend intends to pay me back for. Between these two devices there is a Site-to-Site IPsec VPN with layer 3 routed interfaces, VTI in Ubiquiti speak.

 

This is absolutely not possible to setup using the web interface and if you even so much as touch/modify what it shows on it after configuration using CLI it will break it and you have to drop the entire VPN configuration and set it back up.

 

The other issue I had was that I also wanted to have a second layer 2 GRE tunnel to stretch a couple of VLANs to the other site for a few things that require this, I could not at all get it to work between the FortiGate and the ERLite. I probably could have eventually got it going but after two attempts it was becoming a waste of time.

 

This really is only a basic explanation of my network setup as I have multiple firewall zones using VDOMs and OSPF routing etc but my final conclusion came to this, I would have in hindsight purchased another FortiGate 60D and got my friend to only pay me back what a ERLite-3 costs.

 

The ERLite routers are what I would call professional but not business grade. There are much better options on the market that function properly and are less buggy and yes I know a Fortigate is not a router so isn't a fair comparison but what network doesn't need a firewall....

 

I would recommend a ERLite to an experienced networking person that wants/needs features like dynamic routing or is looking at setting up a decent home server lab at a low cost. Anything else your likely better off looking else where.

[.:MARK:.]

Me and @Windspeed36 have talked about this in depth for some time now. The thing to remember here is that an ERLite is just a MIPS machine with the hardware offloading chip and a fork of Vyatta installed. Vyatta IMO is a great debian based router OS. You can try it out yourself by getting VyOS ISO and running a VM network.

What Ubiquiti does is create their own web-ui and modify their fork of Vyatta to suit their product, and there are quite some issues with this.

 

Ubiquiti releases updates very slowly, this can be useful due to their beta program getting extensive testing with the firmware, but still seems not to benefit from it (an example of this is the reliability of IPSec VPN connections on version 1.8).

This also means that many CVEs wont be patched until Ubiquiti releases the big update.

And despite that, I still like them, but I wouldn't recommend it to someone who doesn't know networking and will want to install themselves, many times people have left WAN-IN wide open  :facepalm:.

 

Also, yes PPTP basically requires CLI to configure, but if you know your way around the config tree in the web-ui, you can do most things there.

And Portforwarding in the web-ui is the right way to do it in a single WAN setup where the rule is simple, the web-ui will handle all the config needed by itself, but it will use defaults (also NAT loopback works perfectly this way!). But NAT rules need to be done if more advanced configuring of the NAT rule or the corresponding firewall rule needs to be done. (yes a NAT rule also requires a manual firewall rule, which a portforward will make automatically).

 

But most businesses will skip over Ubiquiti for their network and go Cisco or Juniper, simply because they can hire someone with the certs for those platforms and know that their network is configured.

[Bacon8tor]

Holy cow, this thread has now gone way past my knowledge of networking. I love it, now I need to get my networking game up. 

 

This is what I came to when I started 6 months ago

Spoiler

The cables havent really been fixed yet, I started with hardware becuase they had some really old machines , as well as running really old software. Started there, thats almost done so now Im trying to upgrade the servers to at least Gb speeds(as they are plugged into 10/100 switches now)

[KuJoe]

9 minutes ago, Bacon8tor said:

This is what I came to when I started 6 months ago

That is at somebody's house? I've seen actual data centers with less cables.