Originally posted at https://anebula.io/
A few weeks ago I took the plunge into a more serious home network. I left the basic modem + router setup, which worked fine for many years. Over the last month, I have been researching and designing my upgraded home network which I’ll walk through in this post.
My old setup was a Netgear CM700 cable modem and a Nighthawk R7000 router. I’ve been using the same setup since 2017 which for the most part has been functioning fine. So what pushed me to upgrade? Well, it’s been a combination of issues with the R7000 and also feature limitations that I’ve encountered as my server needs have grown:
- The main issue is that the R7000 started dropping 5 Ghz and 2.4 Ghz clients. I’ll admit, my client list has grown from roughly 12 to 40 clients which makes sense that the router could start facing issues like this.
- Router firmware updates started breaking the R7000 web GUI. After the most recent update the “Attached Devices” list was not populating so I had to perform a factory reset. Someone posted the issue here.
- R7000 does not support Wireguard VPN — I wanted to take advantage of the faster speeds over OpenVPN.
- VLANs and extensive firewall rules — I need support for advanced firewall rules to gate devices across different VLANs
- Intrusion Detection System (IDS) / Intrusion Prevention System (IPS) — packet inspection demands more powerful resources from the firewall (CPU/Memory) which were completely out of the question in the R7000 and even in entry-level pfSense appliances.
The R7000 has been a solid router for the most part and I don’t regret my purchase. In fact, I’ll still be using it for many years to come as it serves well as an access point.
pfSense + Omada Solution
I chose a combination of pfSense and TP-LInk Omada since they both promise excellent features at a reasonable price. Furthermore, both pfSense and Omada offer a lot of room to grow.
Anyrevo pfSense Firewall, Intel Celeron J4125
I went with pfSense because it’s open-source, widely documented and supported, and arguably the most capable firewall/router software out there. I originally wanted to go with a Netgate 2100 option, but ultimately decided against that since it was really pricey compared to Protectli and other appliance hardware. I also eliminated the Netgate 1100 since according to YouTube sources, is not so great at speeds over 400 Mbps.
Protectli was my top choice since it was reputable and offered a better bang for the buck. However, after pricing out the new Protectli VP2410 the total came out to $511 USD which is more than I was ready to spend.
I ended up going with a firewall from AliExpress which had similar specs to the VP2410, but at half the price. The model is Anyrevo Intel Celeron J4125 Quad Core with 8GB DDR4, also preloaded with OPNSense just for kicks — my plan was to install a fresh copy of pfSense after quickly looking at the OPNSense interface.
My Anyrevo pfSense firewall is currently supporting:
- 2 switches (1 managed & 1 unmanaged)
- 1 SDN controller
- 2 access points
- 40 wired & wireless clients (3 cameras + 37 other devices)
CPU Load: 2%, Memory Usage: 6% of 8GB, 12 watts at the wall.
Looking at the resources used under typical load I’d say I have a lot of room to grow!
TP-Link TL-SG2210P-V3 8 Port PoE Managed Switch
Picking the switch was a dilemma for me since I had big plans to grow the network to at least 16 wired devices within the next 12 months. I was deciding between a conservative 8-port switch and a more future-proof 24-port switch.
See switch comparison here.
I was going to go all-in on a Mikrotik CRS328–24P-4S+RM 24 port PoE switch but when it went out of stock on Amazon it made the decision for me. I’m happy with my starter switch as I now have a better idea as to what I want from my next, bigger, switch.
TP-Link Omada OC200
As a beginner, I wanted to take advantage of the controller to help set up the Omada switch and access points. The question was — do I want to buy the physical controller or do I want to run it from a docker container? I researched how to do it from docker and it didn’t seem too complicated, but it was just enough to discourage me. I didn’t want to deal with another component to manage on top of trying to figure out how to set up pfSense and Omada. I also regularly perform maintenance on my server and didn’t want my network to be interrupted at any capacity while my server was offline — I also knew that the network would function fine even if the controller was offline but I didn’t want to comprise don’t he Assisted Roaming features.
Assisted Roaming or “Fast Roaming” is an Omada feature only available while the Omada SDN controller is online as it performs the function of measuring signal strength in real-time to “assist” typical roaming. More info here.
As a power-conscious consumer, I measured the TP-Link Omada OC200 to idle at 6w. I tested this with a Kill A Watt taken from the switch with and without the Omada OC200 controller attached. Had I known this before buying the physical device I would have tried the docker container first.
Power aside, the TP-Link Omada OC200 has not skipped a beat in the two weeks that I’ve had it and made the setup process really easy.
TP-Link Omada EAP245 V3 Access Points
These access points are awesome and the connections at both 5 Ghz and 2.4 Ghz have been solid. The pricing was right for 802.11ac (Wifi 5) at $90. There’s not much to say other than the installation and adoption into the Omada controller was easy.
Wifi 5 vs Wifi 6: I’m not an expert here but in my research, there was a lot of “it’s not really needed unless you are in a high-density area with potentially hundreds of clients”. Also, my switch was only capable of 1G connections so it didn’t really make sense to have >1G capable access points. The last point is that the EAP245 V3 comes with three antennas for each band while other Wifi 6 access points only have 2 antennas per band.
On the power side, I measured each TP-Link Omada EAP245 V3 access point to consume a respectable 5 watts at idle.
TL-SG2210P V3 PoE Power Usage by Port
Omada SDN Controller TL-SG2210P v3.20 Report:
- Port 1 — no power
- Port 2 — EAP245 V3 uses 3.9W
- Port 3 — EAP245 V3 uses 3.6W
- Port 4 — no power
- Port 5–5MP Camera 1 uses 3.2W
- Port 6–5MP Camera 2 uses 3.1W
- Port 7–5MP Camera 3 uses 4.0W
- Port 8 — Omada OC200 Controller uses 2.8W
Omada reports “Remaining PoE Power: 66.89% / 40.80W” so there is definitely plenty to go around.
Keep in mind that these numbers are measured at the switch and not at the wall. For example, I clocked in the OC200 Controller at 6W at the wall versus 2.8W reported by Omada. In either case, the 61W power budget on the TL-SG2210P-V3 is pretty good for multiple 5MP cameras and APs.