# Soliciting suggestions for a hardware broadband router, no WiFi...

Howdy.

I am finally going to have to pay the technical debt I accrued over the last few years concerning my home network.

The Problem
Despite knowing better, the current network is not designed. It grew organically and is a mess of patching and workarounds. The technology committee (wife, youngest son (living here), and members-at-large (11 other family members who visit regularly) have voiced their disenchantment with "the WiFi" and their disappointment with the CIO, CTO, and IT staff—the would be me, and number 2 son who is a frequent contractor).

This accretion of network kit isn't standing up to use. In particular, the router apparently runs out of resources (speculatively, ARP table entries or something related) and becomes deaf to clients. The connected ones (to the WiFi) can't get out to the Internet and the unconnected ones can't connect. Additionally, the second WiFi network of four meshed APs can no longer see the 'net.

The aggregate network has ~60 ±10 devices connected at any one time. This includes about 15 wired devices with the rest being connected via one of the WiFi networks. Most of these are IoT devices using low bandwidth on the 2.4GHz radios, but counting desktop and laptop computers, tablets, phones, and miscellaneous things like oscilloscopes and SBCs, it is close to a 50/50 split.

The Current Configuration
The kit comprising the current configuration is as follows:

Cable Modem
Arris SB8200

Router and WiFI
Netgear Nighthawk X6 R8000 WiFi Router
Netgear EX7000-100NAS Nighthawk Wi-Fi Range Extender AC1900 Dual Band Gigabit
Netgear EX6300-100NAS Nighthawk Wi-Fi Range Extender AC1900 Dual Band Gigabit

(4) Samsung ET-WV525BWEGUS SmartThings Wi-Fi Mesh Router (also acting as SmartThings IoT Z-Wave hub)

Switchgear
(2) Netgear GS308T 8-port Managed GigE Switches
Netgear GS108PE-300NAS ProSAFE 8-Port Gigabit PoE Web Managed (Plus) Switch with 53W 4 PoE Ports
CENTROPOWER Ethernet Extender with 4 Port PoE+ Switch Support

Wired Devices (live in MDF, in the basement, and in an IDF (a shelf in the office above))
(1) Samsung ET-WV525BWEGUS (IDF) connected to one of the X6 R8000 LAN ports
Arlo WiFI Camera Base Station (IDF) connected to one of the MDF GS308T ports
Ambient Weather Station Base connected to one of the MDF GS308T ports
Philips Hue Hub connected to one of the MDF GS308T ports

RPi 3B+ (MDF) connected to one of the GS108PE-300NAS switch ports
Grandstream VoIP DECT6 phone base (MDF) connected to one of the MDF GS308T ports
SMC1500C UPS (MDF) connected to one of the MDF GS308T ports

Synology DS920+ NAS Server (MDF) connected to one of the GS108PE-300NAS switch ports
Synology DS916+ NAS Server (MDF) connected to one of the GS108PE-300NAS switch ports

Samsung TV (FR)connected to one of the colocated CENTROPOWER Ethernet Extender switch ports
Apple TV (FR) connected to one of the colocated CENTROPOWER Ethernet Extender switch ports

GS108PE-300NAS switch uplinked to X6 R8000 LAN port
(2) GS308T (MDF) switches uplinked to MDF GS108PE-300NAS switch
CENTROPOWER Ethernet Extender (FR) (serves family room media devices) uplinked to MDF GS108PE-300NAS switch
X6 R8000 WiFi Router uplinked to collocated Arris SB8200

Wireless Infrastructure
Netgear EX6300-100NAS Wi-Fi Range Extender on floor 1
Netgear EX7000-100NAS Wi-Fi Range Extender on floor 2 (electronics lab instruments connected to a LAN port on the device)
Samsung ET-WV525BWEGUS Wi-Fi Mesh node on floors 1, 2, and 3

Wireless Devices
3-10 iPhones (depending on occupancy)
3-8 Apple Watches
2 Samsung TVs
15 WeMo Smart Outlet Switches
5 Shelly 1 IoT Relays (more to be added)
~15 assorted MCU/SBC devices
4 Printers
3 Cameras
?? Things I have forgotten are connected but will enumerate with a network survey

The Solution
At this point I am primarily interested in replacing the routing function of the X6 R6000 with a dedicated hardware router (e.g. Microtik, Ubiquiti, MERAKI GO, etc.)

I would prefer an appliance, rather than running say, PFSense, on my own hardware.

I intend to replace the mesh network(s) with a wired backbone, but it's not a simple matter in this house. It was built in 1941 of plaster, brick, and concrete without dedicate risers and the various paths from basement to third floor are each problematic in different ways. I will eventually do this, along with wired cameras but for now it's WiFi for these things.

So, I am interested in any experience with an appliance as mentioned above. While we am currently using ~400mbps cable, the plan is to switch to 1Gbps fiber, so the router has to have decent throughput.

So, AAC—any great advice? Even warnings against something are useful.

Recently I ran into a very similar issue. I had upgraded my ISP service from 40Mbps to 100Mbps and was not getting that at my computer. Their service tech replaced their Arris cable modem and serviced some of their fiber to cable hardware and I still only had 40Mbps. The tech showed me on his laptop that we were in fact getting 100Mbps from their cable modem so the problem was with my NetGear Linksys EA8300 Max-Stream: AC2200 Tri-Band Wi-Fi and cable router. So, I replaced it with a pair of NetGear Orbi AC3000 Tri-Band Wireless Routers. Not only is our ~3000sqft home completely covered now with the one nest extender but throughput now matches supply. I have not installed the CAT5 backlink between them as it would require running the exposed cable down the main hallway of the house and the point was to avoid exposed cabling. I could try using another pair of TP-Link AV2000 Powerline Adapters which is power over ethernet but it would have pass from one circuit to another through the main panel which is not advised. Anyways, give Nest a looksee.

Recently I ran into a very similar issue. I had upgraded my ISP service from 40Mbps to 100Mbps and was not getting that at my computer. Their service tech replaced their Arris cable modem and serviced some of their fiber to cable hardware and I still only had 40Mbps. The tech showed me on his laptop that we were in fact getting 100Mbps from their cable modem so the problem was with my NetGear Linksys EA8300 Max-Stream: AC2200 Tri-Band Wi-Fi and cable router. So, I replaced it with a pair of NetGear Orbi AC3000 Tri-Band Wireless Routers. Not only is our ~3000sqft home completely covered now with the one nest extender but throughput now matches supply. I have not installed the CAT5 backlink between them as it would require running the exposed cable down the main hallway of the house and the point was to avoid exposed cabling. I could try using another pair of TP-Link AV2000 Powerline Adapters which is power over ethernet but it would have pass from one circuit to another through the main panel which is not advised. Anyways, give Nest a looksee.
Sounds like it worked out well for you. The Samsung mesh network is very similar to the Orbi. It works well, and I need to preserve it for the Zigbee radio in it. After a router reboot, I get ~300mbps on the WiFi networks, so that part is currently working OK. The problem I have to tackle first is the Netgear Nighthawk going deaf on me.

It won't route packets to the Arris modem, and it won't accept new WiFi connections. This happens after a variable uptime and rebooting fixes it. I surmise it is a resource issue with the router hardware. In theory, I could use the Samsung network directly with the modem. The trouble is that I have to route between the two WiFi networks because devices are currently split between them.

My tentative plan is to add a hardware router and plug the Nighthawk and Samsung into it as peers. I am hoping this will reduce or eliminate the issue of lost Internet connectivity but it's only step one. I plan to eliminate the Nighthawk and it's WiFi network and rely only on the Samsung—or possibly stand up another network providing 2.4GHz only and dedicated to IoT devices.

I believe any of the obvious candidates for the route role would work, but I can't find a way to select from among them given the information I have.

Thanks for the heads up on the Orbi. It's good to know it works well because I do get asked about it and haven't used it.

The first Generation Nighthawks were crap. I bought a set with three satellites from Costco. At the register, the cashier told me they are "getting a lot of returns on these". One of the three satellites were dead out of the box. I left it setup while I looked for a replacement brand/model. In the two weeks that I had it, the base station locked up three times and had to be restarted. It went back to Costco. I now run Asus. No problems. The Asus "Republic of Gaming" product line is very well rated for a many-user environment.

Hi

Some recommendations:

Cable Modem
Arris SB8200
This is probably a bottle neck. I couldn't find any detailed specifications on this device, but I suspect it really isn't designed for maximum performance on a home network with many clients. I suggest looking a ARRIS CM8200 as is is designed for 5Gb downstream data rates. Upstream data rate is over 1Gb. You'll get better throughput even though your internet service is currently 400 Mbps.

Router and WiFI
Netgear Nighthawk X6 R8000 WiFi Router
This IS a bottleneck.
First, based on what I read in your post, I wouldn't use the Nighthawk switch ports as a switching "backbone".
Run one Gb port connnection from the Nighthawk to a L2 switch that has good back plane bandwidth. Optimally, this switch should have full wirespeed capability on all ports of the switch (no blocking). This will function as the "backbone" switch. Connect "access layer" devices (Cisco speak ) to ports on this switch. The access layer devices will be switches and access points located as various locations of the premise. Use switches that DO NOT have "blocking" ports.

The ARRIS NVG468 would be an excellent choice as a Nighthawk Router replacement.

Netgear EX7000-100NAS Nighthawk Wi-Fi Range Extender AC1900 Dual Band Gigabit
Netgear EX6300-100NAS Nighthawk Wi-Fi Range Extender AC1900 Dual Band Gigabit
I wouldn't be able to recommend WIFI gear without knowing more about your floor plan.
But an immediate observation is the number of different wifi infrastructure devices being used.
Keep in mind that multiple non-managed devices can be bad.....non-managed Wifi transmitters can overpower each other and cause random disconnects. I suggest a plan to use a single "growable" mesh wifi network using devices from the same manufacture.

A comment...
As you probably know, many devices have DHCP services.
Be sure to check that only ONE DHCP server is active and that all clients are receiving addresses from it.
Multiple active DHCP servers can drive you crazy....

My firewall/router is a DL360 G8 Linux (Devuan GNU+Linux) server (with auto-fallback to another server for DHCP and name resolution) using NAT for local IP addressing in the house. It also handles the house IPCAM recording network using zoneminder. I've got 1Gbps fiber with no throughput issues on clients that can handle the I/O load. I don't use the fiber router, It's a direct connect from the ONT internet port and the server external networking port. I've tried to minimize wireless to only those devices that demand it with wireless bridges that let the main server handle DHCP and routing issues from a central database of devices. Over the last 20 years the network wiring has become a mess but the CAT6 backbone to room switches has been solid.

It works great as a small enterprise level backbone router and data server but it's not something you want in a living space.

Backbone and IPCAM switches

Last edited:

I’ve used a lot of DL series servers but never as a dedicated router. Well…maybe for Checkpoint FW-1 or application gateways.

I’ve used a lot of DL series servers but never as a dedicated router. Well…maybe for Checkpoint FW-1 or application gateways.
It's got the internal compute backplane bandwidth to easily handle a large home network while doing other grunt work and it has enterprise level redundancy and error correction on memory, cpu, disk and power.
+ the price is right for surplus gear that's been treated nice at some data-center. I stress tested it this summer during the local heatwave. Those fans are loud but they keep the temps under specifications at ambient temps in the 90's.

HP ProLiant DL360p Gen8 1U RackMount 64-bit Server with 2×6-Core E5-2640 Xeon 2.5GHz CPUs + 64GB PC3-10600R RAM + 8×300GB 10K SAS SFF HDD, P420i RAID, 4×GigaBit NIC, 2×Power Supplies, NO OS (Renewed)
And about $2,000 in direct energy costs over say a 5 year life span. A little more if your house has A/C and needs to take that heat out. #### MikeA Joined Jan 20, 2013 316 But an immediate observation is the number of different wifi infrastructure devices being used. Keep in mind that multiple non-managed devices can be bad.....non-managed Wifi transmitters can overpower each other and cause random disconnects There should be adjustable output power output somewhere deep in the settings. Low output power + line of sight + 5ghz + hardwire to backbone = success. #### nsaspook Joined Aug 27, 2009 10,679 And about$2,000 in direct energy costs over say a 5 year life span. A little more if your house has A/C and needs to take that heat out.
That's a small price to pay for reliability and peace of mind. I live in a cold climate for much of the year, the heat won't be wasted keeping the cars warm in winter. The power requirements of aggressive power save modes is less that most high powered video cards.

https://h50146.www5.hpe.com/product...ream/support/whitepaper/pdfs/a00020432enw.pdf

Last edited:

There should be adjustable output power output somewhere deep in the settings. Low output power
There probably is...but who wants to constantly adjust transmitter settings.
Each member in a managed Mesh network speaks to each other and adjusts their transmitters and receivers automatically.

+ line of sight + 5ghz + hardwire to backbone = success.
Wifi doesn't need line of site for success.

There should be adjustable output power output somewhere deep in the settings.
There probably is...but who wants to constantly adjust transmitter settings. Low output power
Each member in a managed Mesh network speaks to each other and adjusts their transmitters and receivers automatically.
"Low output power" doesn't necessarily mean success.

+ line of sight + 5ghz + hardwire to backbone = success.
I agree with hardwire to backbone. Disagree with the rest.

It's got the internal compute backplane bandwidth to easily handle a large home network while doing other grunt work and it has enterprise level redundancy and error correction on memory, cpu, disk and power.
+ the price is right for surplus gear that's been treated nice at some data-center. I stress tested it this summer during the local heatwave. Those fans are loud but they keep the temps under specifications at ambient temps in the 90's.

Price: \$260.00

View attachment 278071
Typical client net speed while showing stats from the server via ssh terminals.
Ah yes...I do remember...Nice...

You mentioned its a router connected to your internet ONT. I didn't see a firewall in your process table, but I hope you have a firewall service configured and running. Make sure all your OS logging is enabled and check them regularly. Especially if you have ports open to enable remote management. You might be suprised at all the port scans and logon attempts...

Ah yes...I do remember...Nice...

You mentioned its a router connected to your internet ONT. I didn't see a firewall in your process table, but I hope you have a firewall service configured and running. Make sure all your OS logging is enabled and check them regularly. Especially if you have ports open to enable remote management. You might be suprised at all the port scans and logon attempts...

Thanks but:
I'm not a newbie in computer security , my system is very secure and constantly internally monitored.
I run: https://github.com/arno-iptables-firewall/aif

It's a kernel level netfilter firewall so you won't normally see a separate 'firewall' process.
https://www.netfilter.org/
https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/
https://www.howtogeek.com/devops/how-to-lock-down-your-ssh-server/

By default all ports are disabled until enabled in the config file.

Last edited:

Disagree with the rest.
That's how it's done in commercial installations where high throughput and many devices are present. Airports, offices, conference rooms. AP on the ceiling in every open space. Low transmit power. Line of sight is the only way you get clean signal at 5ghz and low power.

That's how it's done in commercial installations where high throughput and many devices are present. Airports, offices, conference rooms. AP on the ceiling in every open space. Low transmit power. Line of sight is the only way you get clean signal at 5ghz and low power.
Not how its done in government installs.
Line of site is usually required for microwave or OFDM type data radio.

Thanks but:
I'm not a newbie in computer security , my system is very secure and constantly internally monitored.
I run: https://github.com/arno-iptables-firewall/aif
Excellent.
Yes..I've hardened many systems.
I didn't think you were a newb....but didn't want to assume.

It's a kernel level netfilter firewall so you won't normally see a separate 'firewall' process.
https://www.netfilter.org/
https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/
https://www.howtogeek.com/devops/how-to-lock-down-your-ssh-server/

By default all ports are disabled until enabled in the config file.
Cool...

Did you get a consensus on a router firewall alternative.
Like you , were looking at a 1 Gb fttp connection.
And I'd love to not use the firewall in the provided modem, way to many holes and back doors for my liking.
The operator just now told me how many Tvs and computers I had on the modem .. .. there argument was they own the modem so they can do what they want !

Did you get a consensus on a router firewall alternative.
Like you , were looking at a 1 Gb fttp connection.
And I'd love to not use the firewall in the provided modem, way to many holes and back doors for my liking.
The operator just now told me how many Tvs and computers I had on the modem .. .. there argument was they own the modem so they can do what they want !
I didn’t, but the leading candidates are Microtik and MERAKI GO. The Microtik uses its own highly rated software and the MERAKI GO uses a customized PFSense. They are similarly priced and seem to have about the same number of fans.

Choosing a particular model is the current challenge. I do think one or the other would work for you, and it would make your LAN invisible to the modem (assuming you are not using WIFi from the modem/router, if equipped).

Been looking at Microtik , but quiet a few on offer. Will look at meraki , not seen them .thanks .
I plug the existing modem direcr into my wired network.
But have to use the modems firewall as by old Netgear one was like others said , not able to keep up