Mesh Router without cloud dependence?

[NoBanStan]

47 minutes ago, billmeek said:

The main reason I went with the DM pro is better throughput with a gigabit fiber connection with a lot of the security features turned on AND for the fail-over WAN (Internet). The fiber is my main connection but I also have a cable modem as a backup.

As reliable as my fiber has been lately, I want to get one of the UniFi LTE and cancel the cable.

jeez man, are you an MSP or something? WAN redundancy at the house!

[maroonandwhite]

8 minutes ago, NoBanStan said:

jeez man, are you an MSP or something? WAN redundancy at the house!

Yeah if mine goes down (has only happened with power outage),I do what I can on the cell hotspot or take the day off.

[NoBanStan]

Same. Zero judgement but I could work out of Starbucks worst case... or go to the office.
 

However... if work is willing to pay for it....

[billmeek]

 

37 minutes ago, NoBanStan said:

jeez man, are you an MSP or something? WAN redundancy at the house!

Basically, yeah.  I'm the (entire) IT department for 19 small businesses. Mostly local, but one is in east TN and another is in upstate NY.  Having a customer call and saying, "My internet (or PC) is down right now, I'll fix your problem later." is not an option.  I keep redundancy in almost all gear.  For example, I have a battery backup (12V 400AH) for my UPSes, and that is backed up by a propane powered generator.

44 minutes ago, maroonandwhite said:

or take the day off.

What's this mythical "day off"?  My son gave me guff as I was in intensive care hours after major heart surgery taking a service call.

[NoBanStan]

13 minutes ago, billmeek said:

 

Basically, yeah.  I'm the (entire) IT department for 19 small businesses. Mostly local, but one is in east TN and another is in upstate NY.  Having a customer call and saying, "My internet (or PC) is down right now, I'll fix your problem later." is not an option.  I keep redundancy in almost all gear.  For example, I have a battery backup (12V 400AH) for my UPSes, and that is backed up by a propane powered generator.

What's this mythical "day off"?  My son gave me guff as I was in intensive care hours after major heart surgery taking a service call.

And this is why I moved into management.

 

[maroonandwhite]

14 hours ago, NoBanStan said:

You allow tiktok on your network? I kid but i don't. that crap is blocked at the Stan household.

If it were me, i would try the alien first to see if i like it and if it meets your needs. As for the dream machine, here are my thoughts

-The DM Pro is cool if you plan to use cameras, outside of that, it may be overkill if you're a normal "user". It's also going to cost more
-The DM has what you're after, guest networks, QOS. etc.
-Wifi scheduling sucks on it. I have the kids on a specific SSID with parental blocks. I wanted to shut their wifi off around midnight. It works fine on the DM itself but since i have multiple VLANS and SSIDs, when it flips on, it just turns off my AP's signal all together.
-As mentioned previously, the unifi interface will take some getting used to, as it is intended for small/medium business. It's not going to hold your hand.
-By default, any SSID you create will be on 2.4 and 5ghz. Your devices will likely always select 2.4 which will be significantly slower, because it's a stronger signal. You can tell the devices to "prefer 5ghz", but that's not "enforce". So the best way for me was to have 2.4 on a dedicated SSID and if I really needed it, i would enable that (in case family/friends come over with a kids tablet or something. Everything else is 5ghz
-I blacklisted all of the embargoed countries along with China and Russia. it's super simple in the interface
-You can enable IDS or IPS. I have IPS enabled on the most restrictive and have never had a problem.
-My guest network actually has a Eula that states I'm going to take all of your data and you owe me $50 a day.... odd that nobody ever reads it and just clicks accept

Speaking of guest network, that's a fun setup. Looks a little different than this now but it's got a cool level of customization (no, this isn't my network)

 

Circling back to TikTok…. Have you had any success blocking TikTok through the domain using custom DNS like OpenDNS?  I’ve added it to my current setup until the Alien arrives and while it works great for the browser site, I can’t seem to get the app blocked. 

[NoBanStan]

1 hour ago, maroonandwhite said:

Circling back to TikTok…. Have you had any success blocking TikTok through the domain using custom DNS like OpenDNS?  I’ve added it to my current setup until the Alien arrives and while it works great for the browser site, I can’t seem to get the app blocked. 

So the app for us is easy because the kids both have iphones and we just simply don't allow them to install it. They don't have laptops/desktops so i haven't been as concerned with the blocking via browser.

however, i've started looking into it now that you've piqued my curiosity and it is NOT a straight forward process.

https://www.pcwrt.com/2020/08/how-to-block-the-tiktok-app-on-the-router/ this one had a fairly long list of associated domains that you can blacklist. However, OpenDNS has a limit of 25 domains unless you're paying (i assume at least)

I went ahead and blocked that full list in Unifi. Tiktok doesn't load via browser for me. I would install the app to test..... but no thanks.
 

[maroonandwhite]

1 hour ago, NoBanStan said:

So the app for us is easy because the kids both have iphones and we just simply don't allow them to install it. They don't have laptops/desktops so i haven't been as concerned with the blocking via browser.

however, i've started looking into it now that you've piqued my curiosity and it is NOT a straight forward process.

https://www.pcwrt.com/2020/08/how-to-block-the-tiktok-app-on-the-router/ this one had a fairly long list of associated domains that you can blacklist. However, OpenDNS has a limit of 25 domains unless you're paying (i assume at least)

I went ahead and blocked that full list in Unifi. Tiktok doesn't load via browser for me. I would install the app to test..... but no thanks.
 

Yeah I actually tested it this morning with a bogus email account and couldn’t get the app to block with those domains. Apparently some have success with that approach and some don’t. I successfully blocked it in the browser though.  The easy was to do it would be to visit it, look at the DNS logs to see what it requested, then block those as well.  As you said though 25 wasn’t enough.

[NoBanStan]

47 minutes ago, maroonandwhite said:

Yeah I actually tested it this morning with a bogus email account and couldn’t get the app to block with those domains. Apparently some have success with that approach and some don’t. I successfully blocked it in the browser though.  The easy was to do it would be to visit it, look at the DNS logs to see what it requested, then block those as well.  As you said though 25 wasn’t enough.

yeah, from my limited reading, it sounds like TikTok is using some DNS over HTTP tomfoolery to stop it from being easily blockable. Go figure.

[maroonandwhite]

Got the Alien in today. While the QoS features and guest network features are limited, they are good enough and it does seem to have much better coverage than my previous system without all of the handoff issues. Time will tell but initial impressions are good.  I’ll still probably upgrade to the Unifi DM stuff once they release a new model. 

[NoBanStan]

19 hours ago, maroonandwhite said:

Got the Alien in today. While the QoS features and guest network features are limited, they are good enough and it does seem to have much better coverage than my previous system without all of the handoff issues. Time will tell but initial impressions are good.  I’ll still probably upgrade to the Unifi DM stuff once they release a new model. 

Definitely interested in your thoughts. I bought into unifi, so I won't be ditching it anytime soon, but I'm genuinely interested in the alien.

[maroonandwhite]

5 hours ago, NoBanStan said:

Definitely interested in your thoughts. I bought into unifi, so I won't be ditching it anytime soon, but I'm genuinely interested in the alien.

So QoS is basically preset to three levels of priority from high to low.. Gaming, streaming, normal. You can set each device to one of those three. That’s basically the extent of QoS. 
 

The guest network is fairly simple as well. You can leave it on or choose to turn it on for a set period of time. This is a pretty neat feature that’s quickly done in the app.

It also has HomeKit enabled with a recent update.  It basically pairs the router with the homekit hubs and provides different levels of security for those homekit IoT devices.  The only device I have that falls into this category is my Ecobee thermostat. 
Basically you can set it not allow the individual devices to connect to the internet, only connect to HomeKit approved services, or no restrictions at all.  Oddly enough, if you enable the HomeKit integration, you can’t use mesh functionality. 
 

There is a dedicated IoT network option along with three other extra SSID’s available. I didn’t see the need for these in my use. 

Band steering is enabled by default  and it also has router steering if you were to go to mesh later on.

The screen is also a really cool feature. The information is of course boring but it manages to make download and upload speeds look cool and appealing.

 Truthfully, I think some of the other consumer routers may offer more network filtering and security features but so far the hardware of this router seem to live up to the hype.  My I’m home coverage and speeds are definitely improved over the prior system and even more so better than the Starlink router alone. 
 

As I said before, I’m very happy with it but will most definitely be switching to Unifi at the next model release.