Sonic.net

Hi,
I just had the pleasant surprise of seeing an expected install date for 10gbe next month. Much faster than I expected! Thank you Sonic! I thought it would be middle of 2024.

So now I'm trying to figure out an effective 10gbe topology.

I expect my situation is fairly common:
I would like: 1x 10gbe wan and 3x 10gbe lan:
1) main machine
2) NAS
3) Wifi 7 access point

1x 1gb lan for tv streaming

From the wifi ap I would need 3 vlans:
1) trusted wifi clients
2) guest wifi for visitors
3) IoT devices

There's nothing that does this in one box.so which compromises are ok?

"Intrusion Detection System" (IDS) reduces UDM-SE to 2.5gb

Do we need IDS for home networks?

Does a switch between router and wifi ap need to be layer 3, or is layer 2 ok? (given that there are 3 vlans on the ap connected to the switch).

Hopefully someone comes out with a single box that solves all this!

As you pointed out, IDS on the UDM will limit your bandwidth. There’s also user complaints that Ubiquiti’s IDS implementation is more marketing than it is effective so there’s that. I don’t use their gateways so I can’t speak to that.

As long as the switch and AP are vlan capable then layer 2 is fine. One benefit of going with a layer 3 switch is it can handle the routing thus optimizing speed across vlans whereas a layer 2 switch relies on your router for this unless its internal vlan traffic (device traffic within same vlan). For a home network a layer 3 switch is overkill imo and typically more $$. If you’re concerned about network speed across vlans using a layer 2 switch, then put your NAS and any device that accesses it on the same vlan. Untrusted devices go on a separate vlan.

Currently I’m using some Ubiquiti APs which support up to 8 SSIDs or vlans though no more than 4 are recommended from a performance standpoint. I have 4 SSIDs (4 vlans) with client device isolation enabled on the untrusted vlans. All 4 vlans are tagged on the switchport that the AP is connected to. The AP is on a management vlan sitting on pfSense and pfSense rules are configured to block untrusted vlan traffic to my trusted vlans.

This is just one example to give you an idea. It really depends on what equipment you choose to use but if you’re already going with a UDM, perhaps it makes sense to go with a Ubiquiti AP and switch to help keep it simple.

Good luck.

Thanks js9erfan, I like the idea of a layer 2 switch plus a separate firewall for the access point, I'll probably go with that too.

I've not selected any hardware yet, although Sonic are at the Construction phase for me now, my home network is still at the planning / pre-construction dot so I need to get my skates on Also have to get permits for any additional wiring from my wife.

drbubbles wrote: There's nothing that does this in one box.so which compromises are ok?

For what it's worth, I'm using a MikroTik CRS312-4C+8XG-RM switch. It was a bit expensive at around $520 all-in including shipping (tax-free since I bought it from a European store online) but it has 8 x 10Gbps Ethernet ports, 4 x combo 10Gbps Ethernet and SFP+ ports (for each combo port, you can use either the Ethernet or the SFP+, not both), some L3 routing features (https://help.mikrotik.com/docs/display/ ... Offloading), and is fully managed. If you want a bunch of 10Gbps Ethernet ports, there's nothing else that comes close. You can get switches a bit cheaper if you use SFP+ fiber everywhere rather than Ethernet, but it's so much easier to run Ethernet cables.

For the router, I'm using a TP-Link ER8411 ($350). It has one SFP+ WAN port, one SFP+ LAN port, and eight 1Gbps Ethernet ports. I really wish TP-Link had included 2.5Gbps ports at least, but it's understandable given the price point (the UDM Pro is more expensive and has the same ports).

That MikroTik switch does look like a great deal. Yes, a spare 2.5Gbps port on the router would be good for an wifi AP.

I wonder how long till Ubiquiti announce a dream machine with a built in switch with 1 SPF+ port and several 10Gbps ethernet ports...

Here's a L3 24 port 10G switch from Ubiquiti. Also has (2) 25G SFP28 ports. Looks like a nice switch for those who want to wire out their home. Downsides are cost, noise (best suited for a rack, closet or garage/basement) and what appears to be a lack of poe support.