Home Network Overhaul Suggestions

[Swynol 375]

nice setup idea. I use most the equipment you listed. I have a unifi router, unifi 48 port switch and a few unifi APs. rather than pfsense i use SophosUTM and i also use samsungs smartthings.

 

What everyone has already said i have 3 VLANs or sub networks. one for my main devices, PC, laptops, servers, phones etc, a second one for IOT devices and a third for guests. Very easy to configure with unifi controller. 

 

I currently have one Unifi AC-Lite ceiling mounted on the first floor of my house and it does a good job with coverage. I have a second unifi ap in the garage area, which covers the garage and most the side of my house. and finally a third in the outdoor shed which covers all my garden. 

 

I wouldnt be too concerned about getting a AC-LR (long range) as wireless signal works both ways so your mobile device would also need to be long range compatible and there are very little devices out there that are, only time i would recommend the LR over the Lite or Pro is if you were connected 2 AP's together to create a bridge and even then i'd be tempted with air fibre instead.

 

You dont really need a unifi switch but it does make it alot easier to manage everything from one place. I used to have a L2 netgear switch. Every time i needed to mess around with VLANs i would have to edit it in the unifi controller for the APs, then the netgear switch and then the Sophos UTM. Luckily now i can edit it once in the unifi controller.

[Tur0k 143]

take note of your POE runs. the UAP-AC-LR is a passive 24v POE device.

https://dl.ubnt.com/guides/UniFi/UniFi_AP-AC-LR_QSG.pdf

 

This means that your maximum network run to support POE for the device should be 100-150' from the POE switch, depending on quality of the CAT6 cabling. If your run is longer you may need to run power to the attic and use the provided 24V Passive power injector (in the attic), and disable Poe on the switch port.

I think I found a route to run the network drop the 4th level attic which will allow my to mount the AC-LR in the ceiling of the 4th level. In the event I have poor signal in the basement I can easily add a second AP, probably an in-wall, in the basement. I will go with a 8-port Unifi POE switch. I originally planned on future proofing with a 16 port but I'm already over budget.

I have a buddy that has a 4K square foot 3 story house (including full basement). He runs an LR in the house and a pro in his garage. He gets wifi connectivity 2 houses down the street from his house on his smartphone.

I will need to brush up on my vlan configuration skills once I get everything setup. I will setup pfSense on my NUC and poke around a bit since it has been a few years since I used it last.

Let me know if you get stuck. I am running nearly the exact setup you have, and I have it purring.

 

Also I'm kind of choked that the Samsung Smartthings Hub doesn't support POE so it looks like I'll need to add a POE splitter to keep my install nice and clean.

It is better to get the most central location for the wireless home automation controller as they tend to build large mesh networks.

 

I like having power available in my attic. I tapped an existing power outlet in my kid's bedroom on the first floor of my house with romex and put a double outlet in my attic. I am able to run my attic fans, and some automated exterior holiday lighting from it. My other plan is to setup:

1. Arduino driven LED strip lights in my pantry, entry closet, and hallway linen closet on the first floor to automate lighting when they are opened.

2. power my Zwave driven multi-sensors on the first floor so I can get off the battery fix...

 

Since you won't have a unifi routing device you will need to setup the controller on a computer In our network. It doesn't need to be heavy duty. I have it setup on an old raspberry Pi model 1B (single core ARM running at 900Mhz with 512 MB of RAM and a 4GB flash drive). I would recommend running the controller on Linux but there is MAC OSX and windows installers.

 

 

Sent from my iPhone using Tapatalk

Edited January 5, 2018 by Tur0k

[Jdiesel 1114]

I have a buddy that has a 4K square foot 3 story house (including full basement). He runs an LR in the house and a pro in his garage. He gets wifi connectivity 2 houses down the street from his house on his smartphone.

 

Let me know if you get stuck. I am running nearly the exact setup you have, and I have it purring.

 

Since you won't have a unifi routing device you will need to setup the controller on a computer In our network. It doesn't need to be heavy duty. I have it setup on an old raspberry Pi model 1B (single core ARM running at 900Mhz with 512 MB of RAM and a 4GB flash drive). I would recommend running the controller on Linux but there is MAC OSX and windows installers.

 

 

Sent from my iPhone using Tapatalk

I have a few low powered devices running Linux that I can use. Does the controller software need to stay running or just need to be running to make any changes?

[Tur0k 143]

I have a few low powered devices running Linux that I can use. Does the controller software need to stay running or just need to be running to make any changes?

Take a re-look at my last post. I added some stuff.

 

Technically, the APs can run autonomous as long as you are not using a guest portal. Even if you are using RADIUS authentication (for enterprise level encryption), the APs act as independent clients.

 

I run mine 24x7 for the logs, notifications, automatic FW updates, and metrics. I send my notifications to my pushover service.

 

 

Sent from my iPhone using Tapatalk

[Guest asrequested]

You don't need to run the controller all the time if all you want to do is change the settings. You only need to run it continually if you want the stats, cloud control and automatic updates etc.

[mastrmind11 717]

A few releases ago I noticed there is no requirement for an external RADIUS server for VPN authentication.  Does that mean it was moved to the USG proper or is it run off the controller?  I run the controller 24/7 so I'm asking more as it relates to the discussion above than to my own requirements.

[Guest asrequested]

I don't use it, but I'm pretty sure it's part of the firmware, and is native to the USG

[mastrmind11 717]

I don't use it, but I'm pretty sure it's part of the firmware, and is native to the USG

THought so too.  It works really well, btw.

[Jdiesel 1114]

Alright all my cables and termination supplies arrived. I will see if I can get around to getting some network drops run around the house this week.

 

 

 

Starting to rethink my router/NAS setup now. Should I just run pfSense and FreeNAS on a beefier ESXi server? Does the free version support this? Any downsides to doing this? I have an i5-2500k system collection dust at the moment.

[Tur0k 143]

Take pictures of your build out.

 

There is a vm image of PFSense out there. You should only need 2 cores, 2-4 GB of RAM, and a dedicated small SSD. I would recommend a CPU with AES-NI support and a multi-port Intel NIC.

 

 

Sent from my iPhone using Tapatalk

[Jdiesel 1114]

Was able to run all 5 network drops yesterday. Things went surprisingly well and it only took me about 2 hours to do by myself. I'm going to grab the AP and switch today and setup a test network to start playing around with things.

 

I think I am going to go the ESXi route as it will give me the most flexibility plus I already have the hardware on hand.

 

I'd post build out pictures but to be honest things are not very sexy at the moment. No Rack, just an unpainted shelf I quickly through together in my crawlspace.

[dcrdev 251]

Was able to run all 5 network drops yesterday. Things went surprisingly well and it only took me about 2 hours to do by myself. I'm going to grab the AP and switch today and setup a test network to start playing around with things.

 

I think I am going to go the ESXi route as it will give me the most flexibility plus I already have the hardware on hand.

 

I'd post build out pictures but to be honest things are not very sexy at the moment. No Rack, just an unpainted shelf I quickly through together in my crawlspace.

 

While perfectly fine to visualise pfSense/FreeNas - two things to bear in mind:

 

- A lot of ZFS features require access to the raw disks - so if you want to make use of ZFS properly, be sure to connect all your disks to something like a hba and do pcie pass-through on that to FreeNas

- pfSense - Are you sure you want your ESXi host to be the single point of failure for your entire network?

[Jdiesel 1114]

While perfectly fine to visualise pfSense/FreeNas - two things to bear in mind:

 

- A lot of ZFS features require access to the raw disks - so if you want to make use of ZFS properly, be sure to connect all your disks to something like a hba and do pcie pass-through on that to FreeNas

- pfSense - Are you sure you want your ESXi host to be the single point of failure for your entire network?

 

Both good points that I hadn't considered.

[Tur0k 143]

@@dcrdev makes a good point. Best practice would be to host two or more VMHosts on separate backup UPS systems connected to separate breakers with an HA switch stack (also on separate backup and breakers from each other), and two different WANs. For a home build this can get pricey.

 

Getting your cable modem to work with the two separate VMHosts is a little tricky, but should be possible to do at layer 2 using a good quality managed switch.

 

Sent from my iPhone using Tapatalk

Edited January 15, 2018 by Tur0k