Home Network Overhaul Suggestions

[Jdiesel 1114]

The time has come to overhaul my current home network. I like in a 4-level split house which is currently not wired for ethernet. I will with great effort be bring at least on network drop to each level where possible. I have also ordered a Samsung Smartthing hub and will be starting my journey down the IoT path. 

 

My initial thoughts look something like this with Level 1 being the basement and Level 4 the top floor:

 

 

I don't know if the single UniFi AP will be enough to cover the entire house but I figure it must be better than my current wireless router in located in level one of my house. I could always add a second AP if needed.

 

I want to keep my Smartthings hub and all associated home automation devices on its own network which I believe should be possible with pfSense.

 

What else should I be doing/looking out for? As much as I would like to do a network drop to every room it is not possible in my house without a huge expense but luckly this should cover all my high bandwidth devices.

Edited January 3, 2018 by Jdiesel

[Tur0k 143]

Looks good to me. I won't lie I focus less on physical design kind and more on logical design, and security.

 

PFSense can support this type of configuration.

 

What model Ubiquiti AP are you using? How seriously are you considering setting up multiple APs? Are you planning on setting up the controller on site? There are some features it offers that are nice. How many wireless devices are you going to host?

 

Is that core switch that runs right off the PFsense firewall managed?

 

Have you considered creating VLANS (virtual LANs). This allows you to segregate traffic and limit the vulnerable surface area of your network infrastructure from attack by a potential compromised device on the LAN?

 

Using VLANs You can:

1. segregate internal network devices from guest devices that need Internet access only.

2. You can also setup local only devices on isolated networks to keep them from accessing the Internet and or accessing your internal network. You can do this with network attached alarm panels, and security cameras. Many of these IOT devices have a tendency to phone home for no good reason.

3. You could also use VLANS to isolate IOT devices that need Internet access only away from your internal network. I do this with my smart water irrigation system, and my echo dot.

 

 

Sent from my iPhone using Tapatalk

Edited January 3, 2018 by Tur0k

[Jdiesel 1114]

I haven't purchased any of the hardware yet other than the dual lan NUC that I will be repurposing to run pfSense on.

 

I don't know which Ubiquiti AP I will get yet but I would prefer to avoid using multiple at all costs. I've heard the Ubiquiti AP are very good but I'm sure there must still be some trade-offs to using multiple APs so I'd like to avoid it if possible.

 

Same goes for the switch which I have not purchased yet. Should I get a managed switch or is a dumb one good enough? I am trying to keep my budget within reason.

 

Yes my plan was to setup vlans. Likely one for my home network with the hardwired devices and a few other wireless devices, a guest network, and another for all my IoT devices.

 

Right now I can count about 10possible Wifi devices that would be on the network but I do plan and adding a few wireless IP cameras to the network eventually.

[Guest asrequested]

The Unifi AP will need PoE. It comes with a power inserter, but as you're going to buy a new switch, you may want to think about a PoE switch. For configurability, the Unifi stuff is easy to work with. The AP I have is the long range, model. That should be more than enough to cover your whole house.

 

Unifi AP-AC-LR

 

https://www.amazon.com/gp/product/B015PRCBBI/ref=oh_aui_detailpage_o07_s00?ie=UTF8&psc=1

 

And this the PoE switch I use. It works very well. It costs more than a regular switch, but it's good plan ahead.

 

https://www.ubnt.com/unifi-switching/unifi-switch-16-150w/

Edited January 3, 2018 by Doofus

[Jdiesel 1114]

Is there any benefit to using an Ubiquiti switch with an Ubiquiti AP?

[Guest asrequested]

Is there any benefit to using an Ubiquiti switch with an Ubiquiti AP?

 

You'll be able to use the Unifi controller to manage everything. It makes management so easy, and gives you a lot of information about your network. Cloud control, too.

[Tur0k 143]

Ok, if you plan to run VLANS you need to get a managed layer 3 switch that supports VLANS. Be careful here. While enterprise hardware can handle a holy poop-load of PPS (packets per second) the magic is in the configuration of the hardware and this can take some time to dial in on your first go around. Also you likely want devices that offer web user interfaces to manage configuration if you are not a command line cowboy.

 

Do you expect to need POE (power over Ethernet). VOIP phones, IP cameras, raspberry PiS, and some home automation sensors can use this.

 

It sounds like you may end up having around 20 devices maximum on LAN and WLAN. While that is a good deal for home use mid grade enterprise hardware can handle this easily.

 

As far as a managed switch I have friends and business clients that run SG series Cisco and Ubiquiti unifi switches. The Cisco SG series has a web-front UI (user interface) that allows you to configure the device relatively easily (and there is a command line interface). The Ubiquiti unifi line of switches can be integrated with the same unifi controller that the unifi AP line uses. It is pretty Lite on resource requirements on a smaller network so you don't need a big honking server to run it. At home I loaded my unifi controller on an old raspberry Pi I had laying around.

 

Most enterprise APs should support multiple VLANS. They should also be able to host multiple wifi networks (usually around 4). This means you should be able to host an internal wifi network associated with your internal VLAN, then host a internet access only wifi (guest network), and lastly host a IOT wireless ip camera only wifi network (no internet access and limited access to the internal vlan).

 

All the unifi APs should be able to handle 2 dozen devices or more that are in range. As for the question of do you do multiple APS or a single one note that your wifi network is only as fast as your poorest connection to your AP. So if you have a lot of devices that operate on the outside edge of what your network can support their connection will be slow. the devices that are closer will notice latency. The problem of multiple APs is increased complexity of configuration.

 

The second question for what type of wifi design you need is what type of square footage, dimensions, and how many floors are you trying to support?

 

Personally, I wouldn't shy away from adding more APs if they end up being needed as you won't get the wireless experience you are looking for if it is needed and not done. There are more than a few of the users on the forum who either do this for a living or have done this at home. Ask questions we can help.

 

If your plan is to do one AP at first and then add more if needed make sure that you give your AP network run enough extra line to move it if needed.

 

 

Sent from my iPhone using Tapatalk

Edited January 3, 2018 by Tur0k

[Guest asrequested]

Unifi AP data sheets

[Jdiesel 1114]

Thanks guys, lots of good info so far. I will look into some Ubiquiti switches for ease of setup.

 

Wifi coverage will be approximately 2000sq ft over 4 floors. I expect the majority of wifi devices, other than phones, will be on floors 3 and 4 thus my reason for locating the AP on the third floor.

 

Are the Unifi AP antennas directional? Just wondering what would be the best way to mount it. Outside wall pointing to center of home, located in center of the home, and wall versus ceiling mounted.

[Tur0k 143]

+1 to @ for posting the data sheet for the Ubiquiti AP line.

 

What type of construction is the house? If wood I suspect you won't have any trouble, but give yourself extra cable to move the AP in the event you end up wanting to move it away from the center of the house in the event you want to add a second AP.

 

So, I have a ranch style home with 1500 square feet. I have a fully finished basement so across two floors I have 3k square feet to support.

 

I have a single Ubiquiti UAP-AC-LITE it has 2x2 Omni directional antennas and supports my 14 devices on 3 distinct wifi networks. I bought it because it is:

1. dirt cheap. I paid $84 for it. If I need to run a second or third AP I can quite easily afford this.

2. it can support all my 14 devices even with data intensive activities like streaming video.

If I need

3. Once setup it can run autonomously or provisioned on a controller.

4. If running autonomously you can pickup the iOS or droid app to configure it. You can also connect the app to a controller for administrative control.

5. It supports greater bandwidth than i have provisioned through my ISP (Comcast 200 Mbps).

 

The drawbacks to the uap-ac-Lite unit are:

1. it is not MU-MIMO capable.

2. It uses 24V passive power so you either need a Ubiquiti switch or you have to use their power injector.

3. It doesn't have as wide a footprint as the LR model.

4. It is an enterprise device so you do need to mount it appropriately. It does support wall and ceiling mounting.

 

I mounted mine in the ceiling in the center of the house and it covers the whole house and into the back and front yards.

 

I will note the UAP-AC-SHD is the newest BA unit from Ubiquiti with a great footprint, great internals, insane throughput, and MU-MIMO support.

 

https://unifi-shd.ubnt.com

 

Sent from my iPhone using Tapatalk

Edited January 3, 2018 by Tur0k

[Tur0k 143]

I would recommend being attentive to tidiness. Patch panels, clean cabling network racks, appropriate battery backup, and proper cable termination will save you time in future when upgrading and performing administrative tasks.

 

 

Sent from my iPhone using Tapatalk

Edited January 3, 2018 by Tur0k

[Jdiesel 1114]

I'm currently leaning towards the UAP-AC-PRO as the cost is only slight more than the UAP-AC-LR at my local supplier. The secondary port on the Pro seems like it might be useful as well. Which if I understand correctly would allow me to daisy chain my SmartThings hub or an IP camera if I need to.

 

The 8 port switch would likely meet my current needs but I would hate to need more ports in the future so I figure I should future proof now and get the 16 port switch.

[mastrmind11 717]

If you want to integrate everything into the Unifi controller, make sure you only get the Unifi branded stuff.  The Edge series stuff doesn't integrate with the controller.

The AP-LR is what I use.  I have it mounted in the attic and I still have about 70% signal strength through 3 ceilings/floors into the basement.  Not sure whether the radio on the Pro will penetrate that well.  Things to consider.

[mgworek 121]

If you want to integrate everything into the Unifi controller, make sure you only get the Unifi branded stuff.  The Edge series stuff doesn't integrate with the controller.

The AP-LR is what I use.  I have it mounted in the attic and I still have about 70% signal strength through 3 ceilings/floors into the basement.  Not sure whether the radio on the Pro will penetrate that well.  Things to consider.

 

 

They do have a new UNMS software that is supposed to get Unify added to it later this year. It will let you control everything from one spot but I don't know how well everything will talk to each other. This would have been awesome 2 years ago when I had a Edge switch and Unify Ap's. 

[Jdiesel 1114]

I'm going to need to out a hold off on purchasing any hardware until I can figure out how and where I want to mount the AP/APs. All information out there indicates that the Unfi-AP models should be ceiling mounted whenever possible.

 

Does Ubiquiti have any AP with an omni-directional antenna? I'm thinking of maybe locating an AP inside the cold air return vent for my furnace on each floor for ease of access of running the network drop.

 

Other option would be to locate an AP-LR in the basement ceiling pointed up towards the roof of the house.

[Guest asrequested]

I've got mine on my wall. My apartment is second floor, and I can go outside pretty far, and get great signal. I also provide internet for the guy below me. It works perfectly.

[Jdiesel 1114]

I suppose the only way to know for sure is to get a 200ft patch cable and move the AP around to find the best spot to permanently mount it.

[Guest asrequested]

I wouldn't worry about it too much, unless you know you have radio interference in some places.

[mastrmind11 717]

I'm going to need to out a hold off on purchasing any hardware until I can figure out how and where I want to mount the AP/APs. All information out there indicates that the Unfi-AP models should be ceiling mounted whenever possible.

 

Does Ubiquiti have any AP with an omni-directional antenna? I'm thinking of maybe locating an AP inside the cold air return vent for my furnace on each floor for ease of access of running the network drop.

 

Other option would be to locate an AP-LR in the basement ceiling pointed up towards the roof of the house.

They're designed to be ceiling mounted, yes, but I've seen them mounted on the walls or even placed on a desk facing upward.  The radio is still just a radio, so as long as there's coverage, it really doesn't matter.  There are diagrams out there that show the radio umbrella to give you an idea, but it's a pretty flat angle from the base outward, and you can tweak the tx power to meet your coverage needs (though I've found auto to do a great job).  THey do make directional attachments for their gear, I believe it's their Air line, but based on your description it sounds like overkill.  If your returns are aluminum, which I'd imagine they are, that's really going to mess w/ your coverage and signal quality.  Also, depending on your coax runs in your house, I'd look into the MoCA 2.0 adapters.  Actiontec makes 2.0 bonded adapters that work very well for like $150/pair last I looked, and unless you need true Gb throughput will definitely suffice for streaming.  Just need to make sure any coax splitters anywhere on your run are 1.2Ghz minimum or they'll congest the bond(s).  My entire local network is coax bridged and I iPerf tells me I get an actual 600Mb sustained from the 2 farthest points on the coax run.  My AP is in the attic over coax which saved me the headache of trying to get cat6 up there.  ymmv.  gl and keep us posted.

Edited January 3, 2018 by mastrmind11

[Tur0k 143]

I'm going to need to out a hold off on purchasing any hardware until I can figure out how and where I want to mount the AP/APs. All information out there indicates that the Unfi-AP models should be ceiling mounted whenever possible.

 

Does Ubiquiti have any AP with an omni-directional antenna? I'm thinking of maybe locating an AP inside the cold air return vent for my furnace on each floor for ease of access of running the network drop.

 

Other option would be to locate an AP-LR in the basement ceiling pointed up towards the roof of the house.

the UAP-AC model line prefers ceiling mounting but does support wall mounting.

https://dl.ubnt.com/guides/UniFi/UniFi_AP-AC-Lite_QSG.pdf

 

I would not recommend setting APs up inside metal duct work. Metal ducting, concrete, brick walls, steel support beams, and anything that creates EMI (electromagnetic interference) (ex: electric dryers, refrigerators, and electric furnace motors) does not play well with your wireless signals. Specifically be careful of configuring your APs near these structures and devices. The closer your AP is to them the wider the dead spot behind the obstacle.

 

Omni-directional antennas are antennas that send and receive in all directions. Technically, the UAP-AC model line supports wall mounting so I don't know that you really need to worry about buying a directional AP that is specifically for wall mounting. If you insist on a directional wall mount AP, you could look into the AC mesh Pro

https://unifi-mesh.ubnt.com/#antennas

http://dl-origin.ubnt.com/guides/UniFi/UniFi_AP-AC-M-PRO_QSG.pdf

 

I have set the older version of these in outdoor settings and they do work really well.

 

The other option would be to setup smaller wall mounted APs that are designed to support a single room instead https://inwall.ubnt.com/.

 

I would be careful with mesh systems that do not connect with a Cat6 cable back to the core switch. They can get finicky if not designed and implemented carefully.

 

Ubiquiti does have a design tool https://design.ubnt.com/#/. it is pretty basic. most of the nicer planning tools are paid software.

Edited January 3, 2018 by Tur0k

[revengineer 127]

Apology in advance for not reading all posts. You MUST separate the IOT devices, they are a security nightmare. I would have suggested as tripple NIC pfsense machine with one port for WAN, one for LAN, and a DMZ for IOT. You said you already have a dual-NIC NUC. The NUC I have cannot be modified by adding a NIC so you are stuck with two ports. This implies that you need to go the VLAN route to separate your networks. You could get a cheap $60 GS108E managed switch and create several VLANs. Then you connect your 16 port unmanaged switch to the GS108E to feed your LAN. The smarthub connects to the GS108E as well but the port would be mapped to a different VLAN. My house is not wired for ethernet. I use powerline networking Dlink DHP-701AV. These are gigabit adapters which work surprisingly well. i previously tried some cheaper Trendnet 200 AV adapters; they sucked, were slow, and needed to be power cycled every few days. Stay away from these.

[Jdiesel 1114]

I wasn't able to find any reasonably priced bulk cat6 cable and termination supplies locally so I needed to order online which will delay things to next week.

 

I think I found a route to run the network drop the 4th level attic which will allow my to mount the AC-LR in the ceiling of the 4th level. In the event I have poor signal in the basement I can easily add a second AP, probably an in-wall, in the basement. I will go with a 8-port Unifi POE switch. I originally planned on future proofing with a 16 port but I'm already over budget.

 

I will need to brush up on my vlan configuration skills once I get everything setup. I will setup pfSense on my NUC and poke around a bit since it has been a few years since I used it last.

 

Also I'm kind of choked that the Samsung Smartthings Hub doesn't support POE so it looks like I'll need to add a POE splitter to keep my install nice and clean.

[Jdiesel 1114]

Apology in advance for not reading all posts. You MUST separate the IOT devices, they are a security nightmare. I would have suggested as tripple NIC pfsense machine with one port for WAN, one for LAN, and a DMZ for IOT. You said you already have a dual-NIC NUC. The NUC I have cannot be modified by adding a NIC so you are stuck with two ports. This implies that you need to go the VLAN route to separate your networks. You could get a cheap $60 GS108E managed switch and create several VLANs. Then you connect your 16 port unmanaged switch to the GS108E to feed your LAN. The smarthub connects to the GS108E as well but the port would be mapped to a different VLAN. My house is not wired for ethernet. I use powerline networking Dlink DHP-701AV. These are gigabit adapters which work surprisingly well. i previously tried some cheaper Trendnet 200 AV adapters; they sucked, were slow, and needed to be power cycled every few days. Stay away from these.

Yep I own the Trendnet powerline adapters too, complete junk. I should have returned them when I had the chance.

[Guest asrequested]

Configuring networks is easy with the Unifi controller. You're gonna like it.

[revengineer 127]

Yep I own the Trendnet powerline adapters too, complete junk. I should have returned them when I had the chance.

I got mine at a Thanksgiving sale so I did not pay much for them. The bigger problem was that as a result I thought for a long time that powerline ethernet just sucks, which is not true. I am happy with the quoted Dlink adapters and actually bought two more to extend the network. Syncing the second set of adapters to the first was some pain but worked eventually. It was much easier than fishing ethernet cables through the wall. (I just fished coax from the attic to a floor below; it was painful despite it being an easy fish.)