u/greensha3

I’m trying to figure out what combination of gateway and switch would best suit my needs while still allowing for future expansion and upgrades.

My current setup is 1 Gbps Spectrum FTTH. I was previously on AT&T Fiber, but I thought I’d give Spectrum a try since they don’t require you to use their router. I recently replaced my old Velop Wi-Fi system with UniFi hardware (5 APs and a USW-Flex-2.5G-8 switch handling the upstairs APs and computers). Everything currently runs back to a Netgear unmanaged switch.

I also recently switched to pfSense for routing and firewall duties, but I’m starting to think I might be better off moving everything over to UniFi for simplicity and easier centralized management.

On the network I currently have 5 PCs used daily for work and gaming, 3–4 laptops that come and go, a fairly large number of IoT devices connected through Home Assistant, 10 IP cameras feeding Blue Iris, and a FreePBX server with several Cisco IP phones that I mainly use as an intercom and paging system. Most of my desktop PCs already have 2.5 Gb NICs, so I would also like to position myself for higher LAN and possibly WAN speeds in the future if multi-gig service becomes available locally.

Eventually, I’d like to segment the network into VLANs for IoT devices, guest Wi-Fi, kids’ computers, cameras, and possibly servers/lab equipment. I’m currently using WireGuard VPN for remote access to my cameras, so I’d like something that either supports WireGuard directly or offers a similar remote-access solution. I’d also like to reserve IP addresses via DHCP so that certain devices always receive the same address.

For the gateway, I’ve been looking at the UniFi Dream Machine Pro Max and the UniFi Cloud Gateway Max. The UDM-Pro-Max might be overkill for my current needs, but it would certainly look nice in the rack and might make more sense if I move toward faster WAN speeds and heavier inter-VLAN traffic later on. I’ve also considered starting with the UniFi Cloud Gateway Ultra just to make sure everything works the way I expect before fully committing to the ecosystem.

For switching, I’ve been looking at the UniFi Pro Max 48 PoE. I need PoE for the cameras and APs, and if I’m understanding the Layer 3 functionality correctly, I could eventually offload some inter-VLAN routing to the switch to improve performance as the network grows. Rack noise and power consumption are not major concerns for me.

Does this seem like a reasonable direction, or am I missing something obvious?

I'm on my second go-around with pfSense and I am being plagued with this problem on my iPhone (and my wife's). I found this post from a couple of years ago with the same problem. The solution was to forget the network and rejoin. That worked for me, for about 5 minutes and then the problem returned.

As far as I can tell, this only affects the iPhone devices. My laptop seems to be working ok. There is no problem connecting to other devices on the network.

I am using pfSense 2.7.2 with the standard firewall settings. The only rules I added were for my IP phones (I'm running FreePBX). I have Wireguard installed and that works as advertised.

Some background - The first time around I was on ATT fiber. I put the modem in passthrough mode. I started seeing this issue with the iPhones and thought it might be my Velop mesh system that was screwing things up. Eventually, I went back to using the ATT modem. I replaced the Velop system with a Unifi AP system and that has been rock solid. I do not have any DHCP servers running on the Unifi system. I just switched over to Spectrum fiber (1 gig symmetrical). Their modem is plugged directly into in the pfSense box (actually, a Proxmox server running pfSense as a VM). There is no Spectrum router or wifi involved. All my other (mostly wired) devices are running without any issues.

Any ideas where I should be looking to fix the problem?

I have Spectrum's 1gig FTTH available at my house (recently installed, no previous cable service). According to the customer service agent I spoke to today, this is a symmetrical service with 1gig up and down. I currently have ATT and, while I've been pretty happy with ATT's service, I would like to use my own router/firewall and not rely on the passthrough option on the BGW320 modem. I'm on GPON with ATT, so the bypassing the modem with a WAS-110 device is not an option for me.

First of all, is this service reliable? I have heard horror stories about Spectrum but they all seem to relate to HFC. Any first hand experience with true FTTH?

Is it possible to plug the incoming internet connection directly into your own router without double NAT'ing or other shenanigans?

Does the public IP address you are assigned change often? While there is no guarantee that the address that ATT provides will not change, I've had the same IP address for the last 8+ years.

Does Spectrum use an external ONT, or do they run fiber right to the modem?

How likely are the installation techs to inadvertently (or otherwise) slice through the ATT fiber during install?

Thanks!