Raspberry Pi 400 router with Uniquiti Access Point

I've been following Network Chuck's guide for this project (https://www.youtube.com/watch?v=jlHWnKVpygw) and I plan on setting up mine a little differently. He needs two wifi interfaces for connecting to public wifi on the go, but my Pi is just for home use, connected via ethernet to my modem and I know the on board wifi chip isn't the greatest, so do I still need a usb wifi adapter (giving him the second interface) or can all the wifi I need be handled by one of Uniquiti's wifi access points?

I decided to create a new topic because OpenWrt on the Pi can also be used as an AP, and I couldn't find anything about attaching a seperate AP device to the Pi being used as a ROUTER.

If anyone has any insight to if this set up would work, I'd really appreciate it!

I would buy a manageable PoE switch and put that between everything. And use vlan to sort the data between the modem, Pi router and Ubi AP (that is powered by the PoE switch).

Which is kind of the rig setup I use for my self.

1 Like

That's a great idea! Thanks! :slight_smile:

The easy approach would be adding a USB3 (realtek based-) ethernet card for WAN, so you get two dedicated ethernet interfaces, wan and lan. While using a managed switch and VLAN tagging can also cover this, the former using a dedicated USB WAN card is easier to set up and faster (as you can get the full 1 GBit/s wirespeed full-duplex that way).

1 Like

The thing is that my approach above is exactly the same approach every home Gbit router already has with a built in switch, you run everything to the router cpu through one internal ethernet port on the switch while the other (mostly five) switch ports are the wan and lan1-4 connectors on the case.

The only difference is that you have the parts on the table or in a rack with cables between them instead of everything prebuilt on a circuit board in a plastic box on the table.

Except that all the home routers have the default split between wan and lan preconfigured for you - and most of those get anywhere near 1 GBit/s, so they won't lose out by using a switch instead of two interfaces (actually ipq806x, mvebu et all do use two CPU ports to the switch to avoid that contention) either.

Given that a USB3 ethernet cards starts at under 15 EUR/ USD, this is the best (fastest) and easiest option.

Disclaimer: I run x86_64 with two onboard ethernet cards (one wan, one lan side trunk port) and a managed switch myself, I do know what it can do and what it can't.

2 Likes

21.02 can’t handle two cpu ports anyway.

Incorrect, it can (and does) on targets still using swconfig and (working) patches for dsa exist. But that's besides the point, for the RPi4 or x86_64 (and 1 GBit/s wan speed) you do lose performance without two ethernet cards, not quite half, but 25-35%.

I would also opt for getting a second ethernet port onto the pi400, which boils down to USB3... this is far more predictable than using VLANs to isolate up- and downlink over a single port, and it avoids having a managed switch outside the firewall on the WAN path (which would however only a problem if the switch is either buggy or misconfigured)

Do you really believe the printed text WAN and LAN actually means something inside the plastic box normally called “home router”?

Why can’t you connect WAN to LAN and LAN to WAN and shift VLAN 1 and 2 in luci? Does it matter for the router or firewall or anyone?

If the five ports was only named Connector 1-5 on the plastic box, where goes the WAN and LAN cable then?

Well, in my router the WAN side is a dedicated interface not piped over thw switch, so WAN and LAN side are different (in addition there are two CPU ports to the switch*). I would not recommend routers that combine a WAN-on-switch with a single 1Gbps CPU port and do not believe these devices to be well designed as they can not sustain bidirectional traffic grwater than 1Gbps in sum.

As before if there are two CPU ports to the switch the performance can be equal to a dedicated WAN port, if there is only a single CPU port going the VLAN route comes at a clear throughput issue.

To the one connected to the non-shared CPU port.... Really, doing a router-on-a-stick config is a viable option, but IMHO only for users expert enough to understand the consequences of doing so, especially in a world where >> 500 Mbps internet access and >> 500 Mbps WiFi is becoming more and more common. (For the pi400 with its weak WiFi hopefully WiFI traffic will not be an issue).

*) One of which is piped through LAN4 which is then bridged with the rest, if I wanted WAN on the switch I would simply use that LAN4 port for that purpose :wink:

That depends, you can only push gross 1000/1000 Mbps though a Gigabit ethernet port, so bidirectional traffic at gross 500 Mbps will fully saturate the link, the point is with two-VLANs-one-Port each packet will have to traverse both Rx and Tx side of the ethernet link, which can range from no noticeable throughput degradation (say on a 900/100 asymmetric link) up to a full 50% on a bidirectionally saturated 1000/1000 link. Now the latter will be rare so I agree the expected throughput cost is likely << 50% (and will require bidirectional traffic).

The original question was based on a modem based ISP connection so I doubt we talk about a 1000/1000 connection.

And he still needs to power the AP.

Could be true, then again, ISPs and endusers tend to call every mandatory device upstream of an endhost/router a modem, be it a cable-"modem", a DSL-modem, a [B|G|XG|XGS|NG|...]PON-ONT, an analog modem, a fiber to copper ethernet media converter... most of these will not allow 1000/1000, but some do.
Again, nothing against multiplexing a single ethernet port for up- and downstream traffic for informed consenting "adults", the trade-offs however should be made explicit IMHO. (And the trade-offs can well be acceptable, or even irrelevant say if we are talking about a 100/40 DSL link, still making these consciously avoids complaints when the link speed gets updated to something more modern).

…not to underestimate ease-of-use for a normal user. VLANs and then configuring plethora of managed (OEM-) switches, each presenting access to their VLAN configuration in a very different way, usually isn't on the 'easy' scale, while plugging in a USB3 network card and suddenly getting a WAN port is a 5 minute job at most.

4 Likes

I guess the challenge here for novices is getting the required drivers into the firmware image either via the firmware builder or as installable packets.

At least r8152 should probably be shipped by default, it's the most common choice and it's not as if the RPi ecosystem were size constrained.

--
Disclaimer: I have no personal experience with or exposure to the RPi world.

1 Like

There's so much more that would make sense in ARM-land, such as using O2 by default for instance and I highly doubt you'll manage to get an unrelated driver (for the platform) approved as default dependency.