cross-posted from: https://lemmy.world/post/21641378
So I just added a TP-Link switch (TL-SG3428X) and access point (EAP670) to my network, using OPNSense for routing, and was previously using a TP-Link SX-3008F switch as an aggregate (which I no longer need). I’m still within the return window for the new switch and access point, and have to admit the sale prices were my main reason with going for these items. I understand there have been recent articles mentioning TP-Link and security risks, so I’m thinking if I should consider returning these, and upping my budget to go for ubiquity? The AP would only be like $30 more for an equivalent, so that’s negligible, but a switch that meets my needs is about 1.6x more, however still only has 2 SFP+ ports, while I need 3 at absolute minimum.
I’m generally happy with the performance, however there is a really annoying bug where if I reboot a device, the switch drops down to 1G speed instead of 10G, and I have to tinker with the settings or reboot the switch to get 10G working again. This is true for the OPNSense uplink, my NAS and workstation. Same thing happened with the 3008F, and support threads on the forums have not been helpful.
In any case, any opinions of switching to ubiquity would be worth it?
As somebody who runs Ubiquity UniFi gear, it’s all flash and very little substance. Its dashboard will dazzle you with charts that either aren’t accurate, aren’t meaningful, or are generally unhelpful. It has a “new” (half a decade old now) and classic interface you can choose between, but neither interface gives you access to every setting you’ll need. I still to this day find myself swapping between them.
If you just need basic devices to make packets go, they do the job. But an average day in the life of a UniFi-enjoyer consists of things like trying to troubleshoot some kind of network issue only to find that the data collected by the devices doesn’t mathematically make sense, so you go to the UniFi forums just to find out it’s a bug that’s existed for years and has never been resolved. And on days like that, I find myself wishing I had something less flashy that would just allow me to see what’s going on with my network, accurately.
It is the Mac of network hardware in my corporate - entered experience.
It is aesthetic hardware, marketing, and everything software related looks polished on the surface, but is buggy (particularly their access which is the worst thing to be buggy) with the least possible configurability, completely obscured debugging resources, and proprietary ways to make you reliant on their support services.
That being said, I am still using them because I got a 30€ UAP-AC-SHD from my company’s old stock when we switched to Cisco hardware. And their cloud gateway ultra is a good value. My whole house setup with prosumer hardware will be 140€ and where my internet comes in is the worst place in the house to put a wireless router.
Eh, my Ubiquiti AP works pretty well, though it’s a bit annoying setting up the server software. I get way better range with it than I ever got with my previous routers, and I never have to reboot it (my Mikrotik router needs to be rebooted more often, and that’s rock solid as well).
I honestly haven’t had any issues, but I have a very simple setup:
- Mikrotik router
- UAP-AC-LITE
That’s it. No mesh, just a single AP and a single router. It works well, and I largely forget about it because it just works.
That said, I’m considering upgrading to a newer wi-fi standard, so I’ll be doing some research again. Ubiquiti was the best at the time, but I don’t have any particular brand loyalty, so I’ll get whatever seems to work well and is a reasonable price. I will probably keep this AP and add a second, so that’ll factor in as well (i.e. can I have two APs serving the same SSIDs? If so, how do I get them to work seamlessly?).
Meh, I like my udm.
I use some of the features, but mostly it just works, and it’s debian under the hood so I just ssh in and unfuck whatever needs unfucking.
It’s vastly closer to a hand-built setup than anything else, and you can spend less time worrying about security.
Ubiquity is trash with fickle support based on the whims of what sells wide adoption. TP Link IMO is a decent value for the money if you want easy “prosumer” level networking gear. I have I have 3 TP Link APs as well as a 16 port 10g core switch and its great for my needs.
Mikrotik offers more features per $$ but its not as easy to use.
I migrated from OPNSense + 3 omada EAPs + two omada switches to a full Unifi system + UDMP Max, feel free to ask away.
Mostly I was tired with the bugs both for Omada (sometimes I had to restart the switch to change the VLAN on a port bc just changing it in the controller didn’t work; yeah) and OPNSense (OSS vs proprietary complaints in general about “it just werks”).
Unifi really has come a long way, they have proper switch ACLs, real BGP (!!!) by you just uploading whatever frr.conf you want, policy based routing, and more stuff that I can’t remember.
It’s not perfect but I would say it’s very good value for money.
Opnsense and ruckus and Aruba here. Zero issues, but I’m not running bgp at home…
I go for OpenWRT devices from any brand
this is what i do, i look it up on the firmware selector and go from there.
Fun fact you can generate custom images with that as well.
Check out Mikrotik friend…
If a security flaw is discovered and patched, it is a good sign the manufacturer is standing by their product and providing support. AFAIK, tp link does push regular fw updates for their omada gear. I’ve had two in the last month.
In your case, I’d open a support ticket with that issue and see what tp link thinks directly. If you don’t like their reply or are ignored, you will have your answer on whether or not you should switch.
You can try seeing if you can set the speed/duplex of NIC/ports manually if auto-detection keeps getting it wrong.
Unifi I like the APs for mesh & multiple SSID+vlans but I keep them on dedicated vlan with zero internet access because I don’t trust that I properly followed instructions to disable opted in analytics/telemetry. The mgmt software is alright but new UI wastes a lot of space. The PoE switch was alright until it stopped being able to keep a config last year. USG router I kept less than a year because it was too slow with any useful features enabled. I’ve glanced around at replacement APs here & there but pretty much waiting until I have more wifi 7 compatible devices and that’ll be another couple years.
I actually tried this as my second step in trouble shooting, the first being using different ports.
In the non-omada management software, it defaults to 10G, and if the devices is on before the switch it negotiates 10G correctly and works at full speed (tested with iperf3). As soon as any of the 10G connected devices is rebooted, I’m back to 1G. To fix it, I then have to set the port to 1G with flow control on, apply changes, save config, refresh page, change to 10G with flow control off, apply, save config and it goes back to 10G again. Alternatively I can reboot their switch and it’s fine again.
In Omada its the same, fewer steps to get there but I have to sometimes do it 2-3 times before it works.
Same issue with both 10G TP-Link switches, so I’m thinking it might be the SFP. Using Intel SFP+ with FS optical cables. I’m using a DAC for the uplink from the 10G switch to my unmanaged 2.5G switch, and that doesn’t have the problem of dropping, always works max speed.
I may be wrong here but the tp link issues were in the more consumer based hardware and not the eap and switch
From what I’ve seen it seems consumer routers, but it raises flags is all, and makes me reconsider options.
Every network manufacturer has had some CVE for something.
Fair enough. Is there anything one can do to mitigate? Like I know for the recent issue in the news, a mitigation strategy for consumers is to basically reboot their router often. I keep my router and all hardware up to date, and try to follow news here. Not sure if there is really anything else I could do.
You said you’re using OPNSense for routing… Just keep it up to date and you’ll be fine.
If you’re worried about your ap, I think you can set omada APS to restart nightly… Though I could be misremembering.
I’ve ran basically your exact setup for years now with no issues have a mini pc with dual nic running opnsense a eap640( I think can’t remember off top my head ) and a tplink switch with minimal issues have to restart the ap once in a while and restart my mini pc but that’s due to a failing nic I’m pretty sure
I can’t recommend unifi more. I moved into the ecosystem about 10 years ago with a USG and AP.
I run UCG with 3 WiFi APs at home and about 100+ devices, Inc 4 servers and 2 NAS.
Never have issues and it keeps up to date.
I have a separate WiFi for the guest house that is isolated and speed limited.
For a while I ran a controller to manage my home and my parent’s farm network, they have a Starlink into Express with 2 U6LR and loco wireless bridge to cover 1KM of farmland with pretty impressive speed WiFi.
I typically take an express on holidays with me now which vpns home to keep our lan where we go, I just need hotel LAN for the WAN.
I’ve got 4 Omada APs and a virtual controller. There was a bug I experienced where a Google home mini could initiate a broadcast storm. TP-Link got me in touch with engineers very quickly and they fixed the bug in less than a week.
I’m in the (long) process of migrating a mix of PFsense + Tplink switches + Aruba Instant On APs to a fully unifi infrastructure. Even with the mix of devices, my network has been way more solid than ever with a Unifi Gateway Ultra, a few NanoHD APs (still mixed with some Arubas) and 1 unifi switch assisted by the rest of the tplinks.
I should finish the migration next week, no regrets.
The level and ease of control I have now would not have been possible with the previous infrastructure.
If you can still return the Omada devices, I suggest you do and go Unifi.
Unifi Gateway Ultra
How have you liked the gateway? Any stupid decisions that have annoyed?
My USG has decided that, after a decade, it’s going to be flaky and crash if it wants to (even after replacing it’s 4th dead PSU and 2nd USB stick) and I’m thinking it’s probably time to upgrade.
I’ll admit to both liking the Unifi ecosystem and firmly not trusting the Unifi ecosystem one damn bit, which is bit of a weird situation where I’ve been really really unwilling to upgrade anything because that hasn’t always gone uh, smoothly.
I’ve only had it for about 4 months, but no annoyances so far. It did crash once, and it takes (in my opinion) ridiculous amounts of time to fail over a Vlan when one of my Lans goes down (upwards of 5 minutes, when my PFSense was almost instant), but other than that, it’s been super solid.
Does Unifi work with Ansible?
Never used ansible before. All I know is that it seems to work with Ubiquiti edge switches.
https://docs.ansible.com/ansible/latest/collections/community/network/edgeswitch_vlan_module.html
Ubiquiti?
You can’t give me that garbage. I despise it, after setting up a single access point (plus also watching friends deal with it at client sites).
Besides the discovery issues and slow performance when trying to manage it, I had a random open network on it after setup. This network didn’t appear anywhere in the control panel. I could turn off the access point and the network disappeared.
It didn’t show up in the guest network config (which was turned off anyway). It had the same name as the WPA-protected network, it was just open - no security at all.
I had to reset the access point to get rid of this weird random open network.
What kind of garbage product does that?
Now let’s look at cloud keys. One has a hard drive in it. Just one drive, 3.5", which besides storing data also stores the OS. What? Why is the OS not on some firmware or at least an M2, since the drive is really for storing surveillance data (did I mention it’s a single drive?), what a joke. Why would I bother with such an expensive device that has zero fault tolerance, when I could simply buy a cheaper real machine, run multiple drives, and host the software there?
I lack the vocabulary to describe how bad Unifi is.
Unifi + OpenWRT goes hard tho
Oh wow, hard to believe a huge bug like that would make it to production. What do you recommend instead? Stick with TP-Link?
everything has trackers, even those APs or wifi routers flashed with 3rd party firmware (openwrt, ddwrt, etc). If OP is willing to spend time on doing packet tracing or even the most simple one like a setting up a localized dns server/sinkhole, OP might be amazed what lights up.