All Cisco network/Other/Mixed

Hi there!

Building a home office network from scratch I stand at a crossroads as in which direction to go.

I need to hardwire something like 10 rooms and add a couple of APs. With setting up a patch panel, I started looking a switches, and the Catalyst 1000-24FP-4X-L switches from Cisco seemed really nice as it seemed quite easy to just plug in POE APs and add more switches should I need to.

So except the switches I would also need a router and firewall.

Looking at the Cisco ISR routers I got a bit worried that they would not be as configurable as I would like. So my question is, is it better to go for an all Cisco network or perhaps go for another brand. Or is the better solution to go for a mixed network picking out the best part of all the brands available.

Normally my preference would be to go for the pfSense choice as I have been a *nix user for over 20 years and am not afraid to learn. But I also don’t have endless time to constantly tweak the network.
I can give it some weeks to set it up, but then I only want to make minor changes to the configuration.

Right now the Wan Fiber connection supplies 250Mbit up and down if that is relevant.

It also turns out I need to have quite high security and might need to implement an IDS as well.

My startup budget for switches, router and APs would be something like $10 000.

What would you guys recommend? All Cisco? All say Ubiquiti or something else? Or should I just mix them?

I would really appreciate your input and experience.

For what it’s worth I wired up my house on a smaller budget :slight_smile: though my main aim was not to have to faff around with the wiring once completed. To that end the main approach I took was to:

  • Use Cat6 as that is still capable for 10g if I ever migrate to it
  • Had double cable runs to all rooms and data ports
  • Setup switches in most rooms with LACP and SNMP, that way if a cable failed there would be redundancy and a notification
  • Got an AP with dual ethernet ports that would allow me the option to daisy chain a 2nd AP if required in the future
  • Run pfSense on a protecli-type box with 6 ethernet ports, connected to my switch over a LAGG

I’ve used Netgear Pro switches PoE switches, they are fine, though the GUI is terrible. My AP is a TP-LINK EAP245, this works great, however, I think that is mainly because I can more easily place it in the optimal location.

Now with more experience would I do anything differently …

If I had more budget I might consider switches from, I like the look of them.
I’d go for an actual Protecli box, maybe two of them.
I now would add more data ports then I actually did, somehow I just need/want more because I can.
Definitely wouldn’t waste my time on terminating my own cables (had a high failure rate for some reason) where possible.

Any recommendations …

For sure get a PoE managed main switch, at least 48 ports, but noise from fans might be a factor.
I hardly ever look at my switch GUI, so I don’t think it’s so critical to have a single pane for them all.
Would be handy to have an always on mini-pc running virtualisation for any controllers etc I’ve got a Lenovo desktop doing that job.
I’d probably go for the same brand of switch, though I don’t think it makes a difference.
Plan for vlans.
Plan for IP cameras, even if you don’t use them now, somehow you will end up there.

The firewall not matching the switches is common, pfsense has lots of features but the IDS system is more work to configure than something such as Untangle Firewall. While I prefer UnIFi for switches and AP’s as they are easy to setup, the Cisco ones work fine.

Thank you for your very detailed feedback!

I don’t think I might be able to have switches in each rooms as these are our home and the missus would not appreciate it too much :grinning_face_with_smiling_eyes:

Cat 6 seems like a good idea as cables tend to stay around quite long.
I was choosing between starting with a 48 or a 24, but I figure you are correct that you always run out of ports. Sure I could buy more switches later, but as it is almost guaranteed it might be better with just one or two instead of several.

I am kind of new to the POE part. The reason I need to rewire the house actually was, as you so correctly pointed out, that you eventually end up with IP cameras. I ended up buying from Hikvision, a company owned by half by the Chinese communist party, so therefore I need to segment my network and have the Hikvision NVR separated. I does have it’s own POE switch so that shouldn’t be hard.

But, as everything now supports POE like AP:s and stuff, it seems prudent to get a switch that can handle that.

Again, thanks for your input :+1:

Thank you for your feedback. I have been watching as many videos by you as I can but this one I have not watched yet. I will look at it right away👍

The only thing I have against the Untangle firewall is the subscription service. Every company nowadays employ this sort of model and for the most important things it’s fine. But when every single thing you do, from software to hardware, come with a subscription model you have to prioritize, and as a longtime open source user I find it hard to support companies doing this.
Sadly when running a business I have noticed that the time it takes to spend configuring “free and open source” things is just not available and I have to pay to get the results.

Big thanks for all the stuff you produce, I has given me a lot of joy, and insight :smiley:

Untangle charges for the threat management and a few other features, but not the basic features. One way to look at it is If you are doing IDS you either spend your time on tuning in in pfsense or buy a $150 annual licence from Untangle to manage it for you.

1 Like

Understood, though I would still put in data ports and I would get the ones where the ethernet ports are angled at 45 degrees. Plenty out there that look pretty :slight_smile:

I would go with a Palo Alto firewall with the security licenses and a Cisco Catalyst like the 1000 series or go used for cheaper if you don’t need support. For the APs almost anything is fine. The only real money worth spending is in the firewall and there are few that offer better security than Palo Alto.

That is a great idea, I will use that for sure :grinning:

Thank you for your input on AP and switches. I will look into this Palo Alto firewall as I have never heard about it before :+1:

Don’t forget to invest on a good UPS

1 Like