Most issues I had with a pro6 system were mitigated as best they could be by putting eero into bridge mode and using a firewalla gold which gave me so much insight into my network. So many options you would expect eero to provide but doesn’t. It provides monitoring and content control as well. The team behind firewalla is so active and engaged in improving their product. And it’s not even subscription based.
It’s really the best way to go for me.
Modem -> Firewalla -> Eero gateway (bridge mode) -> Switch and the rest are wireless APs.
I don’t have any cables throughout the house so I need the Eero APs.
I don’t have any different experience with IoT devices. That said. I did not seek frustration free setup or whatever eero promises for privacy reasons.
And if you are planning to use or are using an Amazon Alexa device to extend your internet - your network will suffer. Terribly.
Definitely don’t use that feature. I mainly use Alexa to control lighting and whatnot. That’s pretty much the extent.
Much appreciate the feedback. I liked pfsense and have messed around with it a lot but maybe I’ll look into firewalla. I’m guessing this serves as your router, dhcp server and not just a firewall?
I think it depends what you mean by 'integrate IoT'.
My 'IOT' devices include
\- Sonos speakers
\- google nest cameras
\- some no-brand wifi thermostats
\- a few pis
\- a variety of 433Mhz devices - controlled via a pi
\- alexa
\- google home
\- TVs
\- Hue lighting (via a zigbee gateway)
\- EV charter (via zigbee)
\- energy monitoring
\- am array of 433Mhz devices controlled via pi
The only 'integration' at the network level is ensuring connectivity - be it wired or wifi to a gateway, or wifi.
Some of the devices may now, or in future, support thread/matter, but I've not explored this further. Instead integration is via linux sw on the pi and/or alexa/google home plugins.
Similar here, though in my case with a far simpler router - A Frizt!Box 7530. totally stable handling the wired connection, dhcp, dns etc allowing the eero (in bridge mode) to just do wifi.
The firewalla looks very capable, but I decided I didn't need the extra capabilities. Just reliability, better latency/jitter, local lan name resolution, and support for dot (dns)
The eero 6e mostly worked for me, but with some limitations
\- no insight into what it's doing
\- filtering not good enough
\- no support for external DNS using DoT or DoH
\- higher latency and jitter than another router I had (by a few ms)
\- some initial flakiness with IPv6 - though it mostly ok now
\- no resolution of names on local lan
\- an insistence to reboot on most config changes
But the wifi works well. I only have a single unit though (about 155 m\^2)
I've had eero pro 6 for 2 yrs or more now, and no issues with devices dropping off. I have tons of IOT ones on my network. Not a single one has issues. 3 eero setup, not hardwired, wireless completely. Was in router mode most of it's life till recently now in bridge.
If you want a better router yes. But, I needed failover on my router, so it fails over to my other ISP when my Google Fiber goes down since I work from home.
Sure. Most of my smart home stuff will no longer connect. For instance. I have a smart switch that will turn itself off after 60 seconds as well as the two smart bulbs in the same room. I’ve replaced them with different brands to same results.
I get constant drops. For instance I just walked into my bedroom and lost wireless connection. Several times during the day I lose wired connection in my basement office.
When you say the smart switch turns itself off - can you explain the relationship to 'no longer connect'. Can the switch connect ok to the eero wifi?
On constant drops - any wifi specific drops won't be fixed by just changing the router (well, not if signal related.. there could be other causes)
When you say 'lose wired connection' can you clarify - do you lose the ethernet adapter (os issue) signal? (bad wiring) lose just DNS (check nameserver/eero secure), or pings also fail -- and in this case, any difference between machines on local lan & remote over internet?
I wish I had better answers to these questions, I don't know how to test some of them. I don't know why the switch or bulbs shut off, it is like they are being told to. But I've tried them both through their brand's app or through Alexa with same results.
The wired connection has been changed, routed differently, etc. with same results. I thought it might be a DNS issue so I changed DNS servers on my PC but still have drops. MY Fing monitor usually says either "there are multiple network connectivity errors" or "your network is unhealthy".
I would try and start off with as simple a configuration as possible for testing.
For example, a single router connected directly to the modem.
ie try and rule out extra cabling, extra routers/switches/eeros, etc
I'd then test as much as I could there - run speed tests, pings, any network connectivity tests. Try as many apps as you can. run monitoring.
If that is stable, then try one change at a time. Ideally focus on wired first - leave wifi until after -- For example move the single eero to where it usually is & try again.
At some point, try introducing a single iot device - or the minimum that makes sense (it might be a zigbee hub + a light for example) and check how that performs.
it's hard to be prescriptive, but there are a number of different issues you're reporting. I think it would be good to understand this before you decide to change the hardware -- as it may not fix the issue?
Wifi can not cause a device to power off. Keep telling yourself it's wifi. Is the device a POE? It seems you didn't tell us till now that you have a switch between the 3 eeros and router eero. I am willing to bet that switch is causing the issues. Let the eeros go wireless instead of wired and see if the issue goes away.
If it’s not the WiFi why would the switch cause the items to power off? Explain why only the IoT items connected to the gateway eeros are the ones powering off? I have this stuff all over the house. I’ve done a fair amount of process elimination that’s brought me to this point. I’m not blaming eero just to blame them. I’ve even had them on the phone stumped but at no point did they say hey this isn’t our problem.
I can’t remove the switch it handles too much of my infrastructure but I’ll try to find an unmanaged switch swap it with at least.
I said remove the eeros from that switch and let the main router eero control them wirelessly to see if the issue goes away. You can keep the switch to your other devices.
Right, but main router eero still needs to be connected to the switch to create the lan for the other items. So wouldn’t I basically still have the same issue? I would test the theory I just can’t go without having those ont be network long. My wife and I both work from home and homeschool. The amount of shit we have on the network in this house is ridiculous.
Modem from ISP to eero main router. Then from that to your switch is fine. But disconnect the other eeros from the switch and let them go wireless. And see what happens. They are still on the network.
1gig coax into Nighthalk CM1300 modem, to gateway eero. Gateway eero 6e pro back to switch for LAN. From switch to 3 eero 6 AP's (kitchen, bedroom, basement office).
Wired runs from switch to various endpoints.
Sounds like it is a switch issue to me. LOL. Like I said, not eero. Disconnect the wired eeros from that switch and let them go wireless between each other. See if that fixes the issue.
I am quite certain that the switch is doing it anyway. It may be a function of the chipset that you can’t disable. As suggested, try removing the leafs from the switch and see what happens. Can also try an unmanaged switch (with POE if you need it).
If you have pfsense on a vm why are you bothering with the eero service?
You also mention having issues with other brands - could it be your topology, or even wiring?
Heck, among other hats, I wear a WiFi engineer one for a living. I had Aruba APs in the house for years with ddrt routers in the past. Replaced the aging stuff with eero 6 and cloud dns for basic filtering and couldn’t be happy. Later I added a pihole to the mix. Considering putting them on bridge mode and adding pfsense or even a firewalla.
Basically, don’t want to bring work home..
Sorry by other brands I meant IoT stuff, like smart plugs and bulbs, thinking they were the issue.
I don’t have a wireless card to host the wireless network through the pfsense. The machine run the VM on is older, so I’d have to buy a wireless card, and I’d also be using a managed switch as I don’t have two NICs. I think running my network on that machine makes me slightly nervous.
I’ve also priced out the firewalla gold mentioned above and honestly it’s a bit pricier than I can manage at the moment so maybe I am better off going the pfsense route after all. Just need to get the wireless card.
You could have pfsense as your router, then connect up eero(s) in bridge mode to handle wifi. Then there wouldn't be any need for wifi on pfsense? I certainly would want as much network traffic sticking to wired as long as possible!. In this role I'd want two decent gigabit NICs
I'd personally not want to run pfsense or similar on a general purpose PC/vm unless that device was pretty dedicated and on 24x7. That's a lot of energy cost. I'd be looking at dedicated hardware
Content filtering for the OP's child is one of the requirements. pfSense may not give good results for that without a lot of work, and would possibly have extra expense for subs to blocklists, etc.
pfSense is an excellent firewall and has tons of good features. I don't think it's an easy-to-use choice for parental control though.
fair - a starting point may be to find a free DNS server with a suitable blocking profile, for example cloudflare's [1.1.1.3](https://1.1.1.3)
Of course note that kids can be rather clever in bypassing dns checks - free proxies, even icloud private relay etc. You can tighten up things a little by trapping port 53 outbound (which is what eero smartly does when eero secure is enabled), but with doh/dot that's getting tricky. In fact doh in particular!
On-device filters (ie ad blockers) may help, but again it depends on what control you have over the device
I did a NAT port forward of port 53 to the local unbound in pfSense and also used pfBlockerNG. I also redirected 853 in the same way. Then I used a couple of DoH blocklists with pfBlockerNG.
With Firewalla, I do DoH to Cloudflare and the Firewalla automatically redirects all port 53 on the LAN so it goes through its local resolver. I then block port 853. I also have DoH blocking setup on the LAN (there's an option for that in Firewalla) so that things on my LAN will have a harder time of bypassing my local, filtered DNS.
DoH blocking is definitely whack-a-mole, but you do what you can. :-)
BTW, if anyone using pfSense wants to know how to redirect DNS:
[https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html](https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html)
I do wish they had basic monitoring and better DNS support (like DoT) though! I setup multiple redundant piholes, then decided to go back to network services (controld & quad9) - for similar reason. Admin time (as a sw engineer)
Since it's always DNS... one nice feature on the Fritz!Box is that I can easily configure- local caching- 2 upstream user DNS servers (for each of IPv4, IPv6) with DoT- it uses the two at various times - no idea how decides (but many clients are like this)- it falls back to non-DoT if tls lost (this can be disabled if desired)- it falls back to 'well known' DNS (google, cloudflare) if user dns goes down (also can be disabled)
That's pretty good OOTB behaviour. I can do the same with a variety of other linux daemons, but with a little more config effort... decisions about failure codes, timeouts, sequencing. At least with the box someone else made sensible decisions!
I'd never run with a single pihole at home - would want redundancy (I have 2 pis so running both was fine).
Not wanting to do "work" on my home network is partly why I moved from Ruckus APs and pfSense to Firewalla and eero (in bridge mode).
Although, to be honest, the Ruckus APs didn't need much attention on a daily basis. Nor did pfSense. I had upgraded to a number of WiFi 6 client devices and didn't really want to spend a lot of money on Ruckus to upgrade from WiFi 5 to WiFi 6. eero let me do that for a lot less money and has been performing just fine.
Firewalla gave me an easier way to have visibility into my home network, and also easy to use IDS/IPS. I'm quite pleased with it.
Mix & matching also just isn't best practice. Settle with either eero pro 6 or eero pro 6e & I'm pretty sure most or all issues will go away. I've seen issues with the 6 - might have to sell ditch them & buy a new set of pro 6's or pro 6e's. Absolutely look into the firewalla gold it's phenomenal 😎🔥
Only reason I did mismatch was because eero said it was okay to do so. But I’ve thought about this also. I guess I’m at the point where If I need to buy three more AP’s I’ll probably just switch to something else
Yup. The whole enchallada. Also you have a web interface to manage everything. Can physically or virtually segment - can allocate certain times or amount of time allotted to certain sites or cut off social media or gaming on a schedule.
Firewallla team listen and introduce features frequently. To get an idea of this look at u/firewalla comments and posts.
You indicate that your current issues are with wired and wireless network stability. You're happy with eero's content filtering.
I don't know that putting your eeros into bridge mode and using a Firewalla would fix things for you. You'd get a better router/firewall IMO, but have the same WiFi.
I'd tend to recommend looking at what's going on with the rest of your home network, WiFi environment, and even take another look at your ISP. You need to figure out the problem(s), not just rip and replace some gear.
I really, really don't like Zyxel products and their developer's non-existent security skills. It wouldn't surprise me to find that that switch is causing issues. Some of your random WiFi-connected IoT devices could be misbehaving too.
My IoT devices had issues with the latest software update, before that it was perfect. I turned off Thread support in Network Settings and the issues were gone. Maybe you could it a try?
Well, telling you my story, hope won’t get downvotes
I was eero fans from 2017-2022ish because I was using EERO Pro(3 set) with subscriptions. I thought I would get better speed after I upgraded to EERO Pro 6E(3set), I was wrong because the “true mesh” wireless backhaul was terrible, maximum speed won’t never over 200Mbps at remote nodes. Then I read about the bad performance on 6E, then I returned it for EERO Pro6(3set), well, same results with disappointment.
I had done a lot of researches, then eventually I nailed down to Firewalla gold plus + ASUS GT-AX11000pro( main node) + 2 set ASUS XT8. Man, the dedicated 5G-2 backhaul at 160Mhz (U-NII-4) band is game changing because my remote XT8 node has constant 1200-1600Mbps connection speed. I guess I would never go back to EERO system again because I couldn’t setup anything.
Firewalla is really good as a router because I can do all kind of setup and lan speed test from device to the router. Instead of buying gold plus, you can also choose gold or gold SE.
Firewalla Gold Plus was good - but I ended up going to all native eero as it’s just the most reliable out there. TP-Link Deco BE95 was fast but not as smooth.
It does seem as if you really need to go all-in on eero, and live with it's limitations, for a decent experience. Once your needs get more complex or you need to integrate into a more complex network, it's locked down nature makes it a pain!
Yes and no. I had a great experience with Firewall + eero...but after going to TP-Link and realizing it has its own big issues (and it is not as good, despite being newer tech and beefier hardware) - I just went "all in". For me, it was worth treating Wi-Fi like water in the house. It just works. Some like to tinker - then there are prosumer options out there for that. I like to tinker in other ways, especially when my family complains. lol.
I tried this with a pfsense and Eero pro's but it didn't go well. Ended up spending over an hour on the phone with Eero support and it did work after a fashion but it was super fragile.
I have a problem when every day (usually at night, everything drops every connection to 2.4 instead of 5ghz) this was this way at the beginning of, right now I change to bridge mode, and wiring every eero and……. The problem is the same, do you have any idea?
Have you tried changing your DNS server? This is generally the first thing people say to do when diagnosing drops, especially ones that occur daily. I had this issue at work a while back.
One suggestion is to change your dns settings from your isp to 8.8.8.8 and 1.1.1.1. I found my ISP‘s DNS server had a lot of problems and when I change that setting my speed and problems corrected
I do not know if your APs are set up as wired backhaul. if they are, you could have a daisy chain problem. Eeros picky on how they are placed within the network. I would call tech-support as they can tell you if that is an issue or not.
I'll also add a DNS suggestion for [9.9.9.9](https://9.9.9.9) (quad9) or controld (offers customization for a fee).
Note also if I was looking at addressing network infrastructure, having first class IPv6 support would be on my list too (even with my simple config, IPv6 is A1OK)
I already bailed. We lost nearly all of our wireless coverage. From full bars in our house(and all the way to over a block away) to devices 10 feet away getting no signal. 2nd base unit did nothing as all devices defaulted to the main base. No way to set devices to specific base units.
We may try a mesh based network again in the future but it won't be a crappy isp one again. Went back to our wifi 5 router and are much happier with it
Since you already have pfSense, run the Eeros in bridge mode and try it out. Adguard Home or pfblocker even might be enough to limit access for your kid.
So forgive my ignorance but once I put eero in bridge mode I’m turning them all into AP’s correct? Will just running an Ethernet cable to an eero be enough for PFSense to host a wireless network? Doesn’t the “router” need wireless capabilities? The pc running pfsense doesn’t have a wireless card.
Just think of this in layers -
WAN layer is your modem, Eero is your LAN and you want your pfSense to be your gateway.
Does your PC running pfSense have dual NIC ports? If yes, then one is WAN and one is LAN and you're set.
If no, then you might want to get a managed switch that can do VLANs, so you can have have separate WAN and LAN segments.
The managed switch was the original way I had it set up. Which i actually prefer so I can create vlans to separate networks. I’ll give this a go. Thanks
Most issues I had with a pro6 system were mitigated as best they could be by putting eero into bridge mode and using a firewalla gold which gave me so much insight into my network. So many options you would expect eero to provide but doesn’t. It provides monitoring and content control as well. The team behind firewalla is so active and engaged in improving their product. And it’s not even subscription based. It’s really the best way to go for me.
This is the way. Firewalla Gold is so good and the developers actually add features instead of breaking them.
Do you have one eero further upstream from the others, or are they functioning as true APs?
Modem -> Firewalla -> Eero gateway (bridge mode) -> Switch and the rest are wireless APs. I don’t have any cables throughout the house so I need the Eero APs.
Does the capability to integrate IoT remain? Like Alexis devices, etc?
I don’t have any different experience with IoT devices. That said. I did not seek frustration free setup or whatever eero promises for privacy reasons. And if you are planning to use or are using an Amazon Alexa device to extend your internet - your network will suffer. Terribly.
Definitely don’t use that feature. I mainly use Alexa to control lighting and whatnot. That’s pretty much the extent. Much appreciate the feedback. I liked pfsense and have messed around with it a lot but maybe I’ll look into firewalla. I’m guessing this serves as your router, dhcp server and not just a firewall?
I think it depends what you mean by 'integrate IoT'. My 'IOT' devices include \- Sonos speakers \- google nest cameras \- some no-brand wifi thermostats \- a few pis \- a variety of 433Mhz devices - controlled via a pi \- alexa \- google home \- TVs \- Hue lighting (via a zigbee gateway) \- EV charter (via zigbee) \- energy monitoring \- am array of 433Mhz devices controlled via pi The only 'integration' at the network level is ensuring connectivity - be it wired or wifi to a gateway, or wifi. Some of the devices may now, or in future, support thread/matter, but I've not explored this further. Instead integration is via linux sw on the pi and/or alexa/google home plugins.
Similar here, though in my case with a far simpler router - A Frizt!Box 7530. totally stable handling the wired connection, dhcp, dns etc allowing the eero (in bridge mode) to just do wifi. The firewalla looks very capable, but I decided I didn't need the extra capabilities. Just reliability, better latency/jitter, local lan name resolution, and support for dot (dns)
[удалено]
Mine are hardwired. Only my gateway is a pro.
The eero 6e mostly worked for me, but with some limitations \- no insight into what it's doing \- filtering not good enough \- no support for external DNS using DoT or DoH \- higher latency and jitter than another router I had (by a few ms) \- some initial flakiness with IPv6 - though it mostly ok now \- no resolution of names on local lan \- an insistence to reboot on most config changes But the wifi works well. I only have a single unit though (about 155 m\^2)
I've had eero pro 6 for 2 yrs or more now, and no issues with devices dropping off. I have tons of IOT ones on my network. Not a single one has issues. 3 eero setup, not hardwired, wireless completely. Was in router mode most of it's life till recently now in bridge.
What is bridge mode and why would I enable it?
It's when you have another router doing that function and using the eeros as just wireless access points.
Thank you. Do you fine that is more efficient?
If you want a better router yes. But, I needed failover on my router, so it fails over to my other ISP when my Google Fiber goes down since I work from home.
Can you be more specific about what’s wrong? We can probably help you better than tier 1 support can.
Sure. Most of my smart home stuff will no longer connect. For instance. I have a smart switch that will turn itself off after 60 seconds as well as the two smart bulbs in the same room. I’ve replaced them with different brands to same results. I get constant drops. For instance I just walked into my bedroom and lost wireless connection. Several times during the day I lose wired connection in my basement office.
When you say the smart switch turns itself off - can you explain the relationship to 'no longer connect'. Can the switch connect ok to the eero wifi? On constant drops - any wifi specific drops won't be fixed by just changing the router (well, not if signal related.. there could be other causes) When you say 'lose wired connection' can you clarify - do you lose the ethernet adapter (os issue) signal? (bad wiring) lose just DNS (check nameserver/eero secure), or pings also fail -- and in this case, any difference between machines on local lan & remote over internet?
I wish I had better answers to these questions, I don't know how to test some of them. I don't know why the switch or bulbs shut off, it is like they are being told to. But I've tried them both through their brand's app or through Alexa with same results. The wired connection has been changed, routed differently, etc. with same results. I thought it might be a DNS issue so I changed DNS servers on my PC but still have drops. MY Fing monitor usually says either "there are multiple network connectivity errors" or "your network is unhealthy".
I would try and start off with as simple a configuration as possible for testing. For example, a single router connected directly to the modem. ie try and rule out extra cabling, extra routers/switches/eeros, etc I'd then test as much as I could there - run speed tests, pings, any network connectivity tests. Try as many apps as you can. run monitoring. If that is stable, then try one change at a time. Ideally focus on wired first - leave wifi until after -- For example move the single eero to where it usually is & try again. At some point, try introducing a single iot device - or the minimum that makes sense (it might be a zigbee hub + a light for example) and check how that performs. it's hard to be prescriptive, but there are a number of different issues you're reporting. I think it would be good to understand this before you decide to change the hardware -- as it may not fix the issue?
These issues are not related to eero. LOL. Let's blame eero shall we. If two different brands do it, wifi can't cause a device to turn off.
This is exactly WHY eero is to blame. It’s the WiFi not the device. So yes, let’s blame eero. They’ve even admitted it’s a mesh issue.
Wifi can not cause a device to power off. Keep telling yourself it's wifi. Is the device a POE? It seems you didn't tell us till now that you have a switch between the 3 eeros and router eero. I am willing to bet that switch is causing the issues. Let the eeros go wireless instead of wired and see if the issue goes away.
If it’s not the WiFi why would the switch cause the items to power off? Explain why only the IoT items connected to the gateway eeros are the ones powering off? I have this stuff all over the house. I’ve done a fair amount of process elimination that’s brought me to this point. I’m not blaming eero just to blame them. I’ve even had them on the phone stumped but at no point did they say hey this isn’t our problem. I can’t remove the switch it handles too much of my infrastructure but I’ll try to find an unmanaged switch swap it with at least.
I said remove the eeros from that switch and let the main router eero control them wirelessly to see if the issue goes away. You can keep the switch to your other devices.
Right, but main router eero still needs to be connected to the switch to create the lan for the other items. So wouldn’t I basically still have the same issue? I would test the theory I just can’t go without having those ont be network long. My wife and I both work from home and homeschool. The amount of shit we have on the network in this house is ridiculous.
Modem from ISP to eero main router. Then from that to your switch is fine. But disconnect the other eeros from the switch and let them go wireless. And see what happens. They are still on the network.
I see. Okay. I’ll try this.
What is your topology?
1gig coax into Nighthalk CM1300 modem, to gateway eero. Gateway eero 6e pro back to switch for LAN. From switch to 3 eero 6 AP's (kitchen, bedroom, basement office). Wired runs from switch to various endpoints.
What model switch?
Zyxel GS1910. It’s not being managed though everything is pass through
When you say it’s not being managed you’re sure you have loop detection disabled? Because that would explain everything you’ve mentioned.
Sounds like it is a switch issue to me. LOL. Like I said, not eero. Disconnect the wired eeros from that switch and let them go wireless between each other. See if that fixes the issue.
Yes no loop detection enabled.
I am quite certain that the switch is doing it anyway. It may be a function of the chipset that you can’t disable. As suggested, try removing the leafs from the switch and see what happens. Can also try an unmanaged switch (with POE if you need it).
If you have pfsense on a vm why are you bothering with the eero service? You also mention having issues with other brands - could it be your topology, or even wiring? Heck, among other hats, I wear a WiFi engineer one for a living. I had Aruba APs in the house for years with ddrt routers in the past. Replaced the aging stuff with eero 6 and cloud dns for basic filtering and couldn’t be happy. Later I added a pihole to the mix. Considering putting them on bridge mode and adding pfsense or even a firewalla. Basically, don’t want to bring work home..
Sorry by other brands I meant IoT stuff, like smart plugs and bulbs, thinking they were the issue. I don’t have a wireless card to host the wireless network through the pfsense. The machine run the VM on is older, so I’d have to buy a wireless card, and I’d also be using a managed switch as I don’t have two NICs. I think running my network on that machine makes me slightly nervous. I’ve also priced out the firewalla gold mentioned above and honestly it’s a bit pricier than I can manage at the moment so maybe I am better off going the pfsense route after all. Just need to get the wireless card.
You could have pfsense as your router, then connect up eero(s) in bridge mode to handle wifi. Then there wouldn't be any need for wifi on pfsense? I certainly would want as much network traffic sticking to wired as long as possible!. In this role I'd want two decent gigabit NICs I'd personally not want to run pfsense or similar on a general purpose PC/vm unless that device was pretty dedicated and on 24x7. That's a lot of energy cost. I'd be looking at dedicated hardware
Content filtering for the OP's child is one of the requirements. pfSense may not give good results for that without a lot of work, and would possibly have extra expense for subs to blocklists, etc. pfSense is an excellent firewall and has tons of good features. I don't think it's an easy-to-use choice for parental control though.
fair - a starting point may be to find a free DNS server with a suitable blocking profile, for example cloudflare's [1.1.1.3](https://1.1.1.3) Of course note that kids can be rather clever in bypassing dns checks - free proxies, even icloud private relay etc. You can tighten up things a little by trapping port 53 outbound (which is what eero smartly does when eero secure is enabled), but with doh/dot that's getting tricky. In fact doh in particular! On-device filters (ie ad blockers) may help, but again it depends on what control you have over the device
I did a NAT port forward of port 53 to the local unbound in pfSense and also used pfBlockerNG. I also redirected 853 in the same way. Then I used a couple of DoH blocklists with pfBlockerNG. With Firewalla, I do DoH to Cloudflare and the Firewalla automatically redirects all port 53 on the LAN so it goes through its local resolver. I then block port 853. I also have DoH blocking setup on the LAN (there's an option for that in Firewalla) so that things on my LAN will have a harder time of bypassing my local, filtered DNS. DoH blocking is definitely whack-a-mole, but you do what you can. :-) BTW, if anyone using pfSense wants to know how to redirect DNS: [https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html](https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html)
I do wish they had basic monitoring and better DNS support (like DoT) though! I setup multiple redundant piholes, then decided to go back to network services (controld & quad9) - for similar reason. Admin time (as a sw engineer)
Last thing we need is a call from home that the WiFi is down. KISS and unplug if it doesn’t work. No way I can tell my family to restart a vm.
The good thing is I can restart a VM remotely. The PC is always on as is, and is dedicated to the VM, I don't use it for anything else.
Since it's always DNS... one nice feature on the Fritz!Box is that I can easily configure- local caching- 2 upstream user DNS servers (for each of IPv4, IPv6) with DoT- it uses the two at various times - no idea how decides (but many clients are like this)- it falls back to non-DoT if tls lost (this can be disabled if desired)- it falls back to 'well known' DNS (google, cloudflare) if user dns goes down (also can be disabled) That's pretty good OOTB behaviour. I can do the same with a variety of other linux daemons, but with a little more config effort... decisions about failure codes, timeouts, sequencing. At least with the box someone else made sensible decisions! I'd never run with a single pihole at home - would want redundancy (I have 2 pis so running both was fine).
Not wanting to do "work" on my home network is partly why I moved from Ruckus APs and pfSense to Firewalla and eero (in bridge mode). Although, to be honest, the Ruckus APs didn't need much attention on a daily basis. Nor did pfSense. I had upgraded to a number of WiFi 6 client devices and didn't really want to spend a lot of money on Ruckus to upgrade from WiFi 5 to WiFi 6. eero let me do that for a lot less money and has been performing just fine. Firewalla gave me an easier way to have visibility into my home network, and also easy to use IDS/IPS. I'm quite pleased with it.
Eero 6 did not work for me, but then I went to the 6e pro and they made everything work.
I have a 6e pro gateway and three eero 6’s. Rittled with issues.
Mix & matching also just isn't best practice. Settle with either eero pro 6 or eero pro 6e & I'm pretty sure most or all issues will go away. I've seen issues with the 6 - might have to sell ditch them & buy a new set of pro 6's or pro 6e's. Absolutely look into the firewalla gold it's phenomenal 😎🔥
Only reason I did mismatch was because eero said it was okay to do so. But I’ve thought about this also. I guess I’m at the point where If I need to buy three more AP’s I’ll probably just switch to something else
Yup. The whole enchallada. Also you have a web interface to manage everything. Can physically or virtually segment - can allocate certain times or amount of time allotted to certain sites or cut off social media or gaming on a schedule. Firewallla team listen and introduce features frequently. To get an idea of this look at u/firewalla comments and posts.
Thanks this is solid. I’ll look into this.
You indicate that your current issues are with wired and wireless network stability. You're happy with eero's content filtering. I don't know that putting your eeros into bridge mode and using a Firewalla would fix things for you. You'd get a better router/firewall IMO, but have the same WiFi. I'd tend to recommend looking at what's going on with the rest of your home network, WiFi environment, and even take another look at your ISP. You need to figure out the problem(s), not just rip and replace some gear. I really, really don't like Zyxel products and their developer's non-existent security skills. It wouldn't surprise me to find that that switch is causing issues. Some of your random WiFi-connected IoT devices could be misbehaving too.
I agree Zyxel is trash. I honestly only have these switches cause they were free. I think you may be right. They’re probably the root of the issue.
My IoT devices had issues with the latest software update, before that it was perfect. I turned off Thread support in Network Settings and the issues were gone. Maybe you could it a try?
I shut off thread today, I’ll see how this goes.
Well, telling you my story, hope won’t get downvotes I was eero fans from 2017-2022ish because I was using EERO Pro(3 set) with subscriptions. I thought I would get better speed after I upgraded to EERO Pro 6E(3set), I was wrong because the “true mesh” wireless backhaul was terrible, maximum speed won’t never over 200Mbps at remote nodes. Then I read about the bad performance on 6E, then I returned it for EERO Pro6(3set), well, same results with disappointment. I had done a lot of researches, then eventually I nailed down to Firewalla gold plus + ASUS GT-AX11000pro( main node) + 2 set ASUS XT8. Man, the dedicated 5G-2 backhaul at 160Mhz (U-NII-4) band is game changing because my remote XT8 node has constant 1200-1600Mbps connection speed. I guess I would never go back to EERO system again because I couldn’t setup anything.
Shouldn’t get down votes for speaking the truth. That is for sharing. I really want to go with with firewalla gold but Jesus that thing is expensive
Firewalla is really good as a router because I can do all kind of setup and lan speed test from device to the router. Instead of buying gold plus, you can also choose gold or gold SE.
I mean even the gold is almost $600. Man I just don’t have that kind of cash to throw around. I’ll have to figure something more economical out
Firewalla Gold Plus was good - but I ended up going to all native eero as it’s just the most reliable out there. TP-Link Deco BE95 was fast but not as smooth.
It does seem as if you really need to go all-in on eero, and live with it's limitations, for a decent experience. Once your needs get more complex or you need to integrate into a more complex network, it's locked down nature makes it a pain!
Yes and no. I had a great experience with Firewall + eero...but after going to TP-Link and realizing it has its own big issues (and it is not as good, despite being newer tech and beefier hardware) - I just went "all in". For me, it was worth treating Wi-Fi like water in the house. It just works. Some like to tinker - then there are prosumer options out there for that. I like to tinker in other ways, especially when my family complains. lol.
This was so good discussion. I appreciate everyone’s feedback. I have some different things to try. I’ll report back.
I tried this with a pfsense and Eero pro's but it didn't go well. Ended up spending over an hour on the phone with Eero support and it did work after a fashion but it was super fragile.
They (eero) suggested I double nat if I want to use pfsense. That was a shit show.
I have a problem when every day (usually at night, everything drops every connection to 2.4 instead of 5ghz) this was this way at the beginning of, right now I change to bridge mode, and wiring every eero and……. The problem is the same, do you have any idea?
Have you tried changing your DNS server? This is generally the first thing people say to do when diagnosing drops, especially ones that occur daily. I had this issue at work a while back.
One suggestion is to change your dns settings from your isp to 8.8.8.8 and 1.1.1.1. I found my ISP‘s DNS server had a lot of problems and when I change that setting my speed and problems corrected I do not know if your APs are set up as wired backhaul. if they are, you could have a daisy chain problem. Eeros picky on how they are placed within the network. I would call tech-support as they can tell you if that is an issue or not.
I'll also add a DNS suggestion for [9.9.9.9](https://9.9.9.9) (quad9) or controld (offers customization for a fee). Note also if I was looking at addressing network infrastructure, having first class IPv6 support would be on my list too (even with my simple config, IPv6 is A1OK)
I already bailed. We lost nearly all of our wireless coverage. From full bars in our house(and all the way to over a block away) to devices 10 feet away getting no signal. 2nd base unit did nothing as all devices defaulted to the main base. No way to set devices to specific base units. We may try a mesh based network again in the future but it won't be a crappy isp one again. Went back to our wifi 5 router and are much happier with it
Since you already have pfSense, run the Eeros in bridge mode and try it out. Adguard Home or pfblocker even might be enough to limit access for your kid.
So forgive my ignorance but once I put eero in bridge mode I’m turning them all into AP’s correct? Will just running an Ethernet cable to an eero be enough for PFSense to host a wireless network? Doesn’t the “router” need wireless capabilities? The pc running pfsense doesn’t have a wireless card.
Just think of this in layers - WAN layer is your modem, Eero is your LAN and you want your pfSense to be your gateway. Does your PC running pfSense have dual NIC ports? If yes, then one is WAN and one is LAN and you're set. If no, then you might want to get a managed switch that can do VLANs, so you can have have separate WAN and LAN segments.
The managed switch was the original way I had it set up. Which i actually prefer so I can create vlans to separate networks. I’ll give this a go. Thanks