Z3 to replace Home Router

ccapasso
Conversationalist

Z3 to replace Home Router

I've been considering replacing my home router with a Z3.  The goal is to cover the house with Wireless, provide some additional security, have the layer 7 reporting and control, and allow for VPN back home to it.  

 

Has anyone used the Z3 in such a way?  Any caveats/etc ? 

12 REPLIES 12
ww
Kind of a big deal
Kind of a big deal

not sure what your  house looks like, but only 1 device to cover a house with wireless seems very optimistic.

does your prodiver let you install a self owned router? sometimes a username pw is required to connect to your provider.

 

 

ccapasso
Conversationalist

Currently I have just your typical store bought wireless router and it covers the house fine so I would hope the z3 would be sufficient.  

 

In terms of the setup, it is just a broadband circuit and the internet provider is Spectrum.  They provide the modem which then connects to the wireless router.  

 

My thought was replace the wireless router with the Z3.

Just a few of my thoughts:

  1. The max throughput on the Firewall is 100 Mbps. If you're paying for service faster than that, you're limiting yourself from the start
  2. Content filtering on the device only exists in layer 7 firewall rules. Most home routers today allow filtering by category. You can't do this on a Z3
  3. Range - I personally have a Z3 at home for work purposes. I have a 2000sq ft home. My office is on one side of the house with my bedroom on the other. I still get signal though it is very weak. If it was in a centralized spot, it would cover my home fine.
  4. Your modem - Spectrum does allow you to use your own modem. We done this at some of our branch offices. Skip the rental charge each month and just buy one. I personally use the Arris 6183.
  5. Licensing - Keep in mind that you will have to keep buying the license for this every so often so you can keep your access to dashboard and running your network.

So can you do it? YES!!! Would I do it? Unfortunately, no. In fact, I run my home network using Ubiquiti products. For the same cost as a Z3 and licensing, I bought a router, switch, and AP. Although if I didn't have to worry about licensing costs, I would've run my house on the MX64, MS220, and AP that I got from attending Meraki webinars. Sadly, I gave those to my company as my licensing ran out.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Adam
Kind of a big deal

You can typically do one of those trial seminars and get a MX64. I have one at my house and use it to experiment and test frequently.  Much greater visibility than my old router. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
MRCUR
Kind of a big deal


@Adamwrote:

You can typically do one of those trial seminars and get a MX64. I have one at my house and use it to experiment and test frequently.  Much greater visibility than my old router. 


This is definitely the better option IMO. You'll need a separate AP, but you'll have a "real" MX and the firewall is limited to 250Mb instead of 100Mb on the Z3 (although I rarely see my Z3 move above ~50Mb). 

 

(You can always get a free AP & switch from other webinars...)

MRCUR | CMNO #12
PhilipDAth
Kind of a big deal
Kind of a big deal

I agree with @Mr_IT_Guy and @MRCUR.  The Z3 has no advanced security features to speak off.  It really is only intended for providing connectivity have to the business.

 

I would go with a standalone access point like an MR33.


@PhilipDAthwrote:

I agree with @Mr_IT_Guy and @MRCUR.  The Z3 has no advanced security features to speak off.  It really is only intended for providing connectivity have to the business.

 

I would go with a standalone access point like an MR33.


As far as the home environment is concerned, you need to ask what you have attached to your existing network:

 

  • Smart devices
  • Talking scales
  • Chromecast
  • AppleTV
  • Apple Home
  • Google XXXXXX
  • Smart lighting
  • Smart TV
  • Door openers
  • Heating control
  • that damn stupid fridge . . . 

Virtually none of the above are secure . . .

And you will have problems with many flavours of Multicast as used by many ISPs as part of their multiplay package.

 

I split the Meraki network in two

 

  • good network - sits behind the MX and irons its own underpants
  • bad network - gets more action than I do

Anything dodgy goes on bad network, or, as the network name explains "Cold Comfort Farm" (there is something nasty in the woodshed).

 

I live in the old world where houses are not built to withstand earthquakes (think New Zealand, Japan, California) and are built to be solid as brick ***houses, at their weakest point. So I always plan on one WiFi access point per space that is going to need to provide an access service. And I wire everything that doesn't move. Chasing range with APs always causes more problems than it solves in the long run.

 

With those lovely grand Victorian wooden Villas, @PhilipDAth has it easy. Doing drops inside the wallspace, not a problem. Mark you, one does have to wire/staple the house onto the piles to stop it wobbling off in the next big shake. And have the chiminnies replaced with something that doesn't fall down . . .  (Phil - I know Auckland is full of breezeblock commercial space, but have you discovered the thermal lance, just watch your client's faces when you take one of thosse out).

 

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

In a technical sense, there isn't much they can do. They could port scan within your local network from inside your Z3 gateway but it is pretty unlikely. They'll really only be able to see what the Meraki Dashboard shows which is stuff like what IP it received from your router, the outside IP of your router, DNS servers it provides and that's pretty much it. It'll show them data like connection latency as well, so if you saturate your downstream/upstream they'll see something that corresponds.

So, if you're afraid of what data they get, it isn't much, but there is some they get to help them monitor/troubleshoot.

 

 

 

http://mywifeixt.net

jessicajones
New here

I’m new to the product and looking to move from our six Ubiquiti APs. We’ve initially deployed an MR72 for testing and are reasonably happy, but it restricts the 5ghz power output to 1/5th of the UK legal limit and the support team says there’s a firmware bug on all appliances in the CE region. mywifiext

We’ll wait for a fix, but the communication about when it might become available has been a little poor. We had to give proof of the UK power limits (despite them being on the Meraki website) before they would investigate and are still waiting for an ETA on a fix after they identified it as a known issue at the start of Feb. We’d settle for just knowing which quarter the fix is coming in so we can make plans.

If a WiFi deployment is based upon a few APs with TX volumes maxed out it is destined for an unsatisfactory future. As a result of the need to share spectrum with other user groups, this is particularly true in the 5GHz portion. WiFi is not like listening to broadcast radio, the AP has to be able to hear the remote client device to establish a functional WiFi connection.

A more reliable approach might be to identify those areas that require WiFi service and to locate a small AP with the RX volume reduced as much as is possible whilst maintaining required coverage, in each area.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
cmr
Kind of a big deal
Kind of a big deal

In different regions there are different power levels allowed on different 5GHz frequencies (channels).  Please try the DFS channels 108 etc.and the AP should be able to be set to more transmit power, bear in mind what @Uberseehandel said though and don't go overboard.

Uberseehandel
Kind of a big deal

Frankly, if you are in an area in which transmitters broadcasting on the DFS frequencies operate, I'd advise avoiding the DFS channels. The effect of an AP being required to change frequencies can be very disruptive. If an AP is forced to change channels, then there is a mandatory listening period during which the AP checks that there are no other broadcasters using that channel/frequency, usually the delay is up to 30 minutes. However, under some circumstances the delay is up to 4 hours. Which users generally interpret as a network failure.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels