Home networking plan

[thelonghop]

Hi, I'm glad to have found this site! I've looked for something like this before and never came across it, but the timing couldn't be better.

I'm moving into a new house soon and need some help with my home networking plan.

The house is wired with about 22 Cat5e drops and I figure I'll have around 16 things wired in. We'll also have AT&T 1000Mbps fiber internet and whatever modem comes with it. It's a two-story, 4400sqft house, so I'll also need lots of wifi coverage.

The wife really likes the idea of being able to easily control our kids' internet usage. We have a Circle with Disney, but I'm not in love with it. My kids and I both game some, but I don't know if it's worth it or makes that much difference to get a 'gaming' router.

What I had in mind was TP-Link 24-Port Gigabit Ethernet Unmanaged Switch TL-SG1024D and the Google Wifi 3-pack. I was considering adding a wired only router to the mix. I had planed to disable WiFi on the modem if I don't need a wired router. After reading reviews here trying to decide which modem, I've begun to question the Google Wifi decision.

I saw the suggestion here to use Ubiquiti AP drops instead of a mesh system which I'm open to it if user friendly controls are available.

I'm also open to building my own pfsense router, and probably have spare parts around already.

I have a Synology DS and have used it for a VPN server, but would prefer a router than can act as OpenVPN client or server as necessary.

With all this in mind, I'm looking for some direction on how to get where I want to go- good gigabit performance, whole home wifi coverage, VPN options, and easy enough for the wife to manage wired and wireless kid internet controls, for under ~$750. Am I asking for too much?

 

[coxhaus]

I would think if you are going to use Ubiquiti APs then you would want a Ubiquitit switch as well and maybe router.
As our home networks become more complicated with Wi-Fi calling, roaming, smart homes and such the small consumer routers start showing their limitations. The small business gear may be where you want to go for the future. I use Cisco's small business gear but I think you will be safe with Ubiuitit's gear. Once you get into one of these systems it becomes easier and cheaper just to change a piece of gear rather then replace the whole thing every year or 2. It is more difficult to put together to start. I run my gear years before I change. I recently changed out my wireless system out because it was getting old and I had run for many years. I did not change my router or switches they stayed the same.

 

[thelonghop]

I would think if you are going to use Ubiquiti APs then you would want a Ubiquitit switch as well and maybe router.
As our home networks become more complicated with Wi-Fi calling, roaming, smart homes and such the small consumer routers start showing their limitations. The small business gear may be where you want to go for the future. I use Cisco's small business gear but I think you will be safe with Ubiuitit's gear. Once you get into one of these systems it becomes easier and cheaper just to change a piece of gear rather then replace the whole thing every year or 2. It is more difficult to put together to start. I run my gear years before I change. I recently changed out my wireless system out because it was getting old and I had run for many years. I did not change my router or switches they stayed the same.

Hey, thanks for the thoughts. I'm not tied to Ubiquiti at all, that's just what was suggested in that review. I have seen lots of support for the ERLite-3 but I'm not sure if it supports the ease of use I require. Also, from the prices I've found Ubiquiti switches are much much more expensive that NETGEAR or TP-Link alternatives.

 

[umarmung]

Disney's Circle is largely independent of your network devices since it uses ARP poisoning. There are people who run Ubiquiti APs + Circle. However, a single Circle only works against one subnet and does not support VLANs. So, all your kids devices would have to be in one subnet.

One alternative would be OpenDNS, especially with their FamilyShield. This works again with any network setup. However, to make it as close as possible to bulletproof (unless you have some really technical teens who know what a "tunnel" is), you'd need a router/WiFi system that forces DNS with DNS redirection or arbitrary DST-NAT rules or a powerful firewall that allows selective DNS traffic.

Once you start getting into WiFi systems rather than standalone routers, combined with advanced firewalls and advanced and accessible parental controls, your choices rapidly narrow. This is especially the case because you ideally want a scalable AP system, not a mesh system.

At least Ubiquiti Unifi supports the scalable AP system, forced DNS, scheduling and VLANs. Since you already have a Circle as an alternative to use with it, this seems the system to beat. Do tell us if you find something better for you!

 

[coxhaus]

Hey, thanks for the thoughts. I'm not tied to Ubiquiti at all, that's just what was suggested in that review. I have seen lots of support for the ERLite-3 but I'm not sure if it supports the ease of use I require. Also, from the prices I've found Ubiquiti switches are much much more expensive that NETGEAR or TP-Link alternatives.

I don't think the ERLite-3 is not going to be the best choice as it is getting old. Look at the new Edge router 4 from Ubiquiti for full speed gig internet. Another option would be Ubiquiti USG GUI interface routers. They control the switches with VLANs and wireless. This would give you ease of setup. You would need the higher end router for gig internet. I can't remember what it is called. I think it would run as a nice system. I don't think it will reach full gig internet speed. If you chose ER-4 you can probably run any old switch.

I run all Cisco small business gear, router, switches, and wireless. The Cisco gear is expensive new but I think it is the best. I am old Cisco guy so I buy some used and some new. My router, wireless and switches all run together but are independent systems. I can work on any one independent of the other. I can also replace one without replacing the other systems. This gives me a long term goal in my mind.

PS
I would hate to buy a switch now days which did not support VLANs. I think in the future we are going to need them.
This is all my opinion and worth what you paid for it.

 

[thelonghop]

Disney's Circle is largely independent of your network devices since it uses ARP poisoning. There are people who run Ubiquiti APs + Circle. However, a single Circle only works against one subnet and does not support VLANs. So, all your kids devices would have to be in one subnet.

One alternative would be OpenDNS, especially with their FamilyShield. This works again with any network setup. However, to make it as close as possible to bulletproof (unless you have some really technical teens who know what a "tunnel" is), you'd need a router/WiFi system that forces DNS with DNS redirection or arbitrary DST-NAT rules or a powerful firewall that allows selective DNS traffic.

Once you start getting into WiFi systems rather than standalone routers, combined with advanced firewalls and advanced and accessible parental controls, your choices rapidly narrow. This is especially the case because you ideally want a scalable AP system, not a mesh system.

At least Ubiquiti Unifi supports the scalable AP system, forced DNS, scheduling and VLANs. Since you already have a Circle as an alternative to use with it, this seems the system to beat. Do tell us if you find something better for you!

I don't have to use Disney Circle, it's just a tool in the toolbox that's available if there's not a better router-based alternative. I've never messed with subnets or VLANs, so that's probably not a concern though.

Going the Ubiquiti AP route, will I need a PoE switch?

 

[coxhaus]

Going the Ubiquiti AP route, will I need a PoE switch?

I would buy what matches the Ubiquiti APs. POE in a switch sure is easy.

When I bought my Cisco WAP371 APs I did not notice they used POE+ which is different. There is 802.1af POE and 802.1at POE+. Make sure you check it out. Use one or the other as they are a standard. Don't use Ubiquiti old non-standard power for APs. There are still a few old ones out there.

 

[thelonghop]

Going down this Ubiquiti rabbit hole is raising its own questions. The Unifi Controller software looks really robust and user friendly, and seems like it would meet my needs as far as easily turning kids wired and wireless devices on/off? I'm just trying to understand what I need to purchase to make this happen. If I go with ER-4, US-24 Unifi switch ($200 less than PoE option!), Cloud Key, and a couple UAP-AC-PROs should I be set? Not really clear on what difference it makes not having the USG?

 

[umarmung]

The USG uses the same Unifi software as the AP wireless system. So, it makes it very easy to configure. The Edgerouters expose a lot more configurability via their GUI and even more via their command line interface.

If you only need a handful of ports, you don't need to buy such a large switch. I believe Ubiquiti make an 8-port fanless, i.e. silent, PoE+/PoE/Passive PoE, VLAN-aware managed switch with a large PoE budget that is wirespeed, non-blocking and comes with 2 SFP ports for future compatibility: https://www.ubnt.com/unifi-switching/unifi-switch-8-150w/. You could also get any switch from any vendors, if you really wanted, but it wouldn't be managed by Unifi, may not even have VLAN support, may have limited PoE options or a low PoE power budget, and almost certainly will not have SFP ports. If you have an existing VLAN-aware managed switch, you could also just use the PoE injectors that come with the Ubiquiti APs.

The Cloud key only runs the controller software. Since you mentioned you may have other gear lying around, if you have PCs or mini-PCs around, you can run the controller software on there. I think some even run it on a Raspberry PI! If you only had one AP, you wouldn't even need to permanently be running the controller software since it would only be needed for changes.

Depending on whether you have many 3x3 WiFi radio clients scattered around your home, e.g. MacBook pros, UAP-AC-Pros may be overkill. In general, it is better to have more APs, so that devices are within say 40ft of a controller, than it is to have one or two very powerful ones - that's pretty much the core argument to move away from the standalone routers of the consumer market, the Asus, Netgear, TP-Link standalones etc. All routers have to follow the same wireless power regulations after all and physics limits their performance across range and, most importantly, through materials.

For the same price as getting 2x UAP-AC-Pro, you can get 3x to 4x UAP-AC-Lite and put them at "opposite" ends of your house or enclosed areas with zero deadspots or performance drop off. It also makes it less of a (head/heart)ache if you ever want to upgrade to the latest and greatest, e.g. the new Unifi AP nanoHD which is up for pre-order.

So, the really tricky part is whether to get the Edgerouter ER-4 for its Gigabit routing performance and 1 GHz CPU or to get the much more CPU-limited USG (just an Edgerouter ERLite-3) because the latter is convenient to manage via the same Unifi software. Something like the USG is a set it and forget it type of device, except for minor changes like port forwarding. A Unifi-managed ER-4 probably won't be coming any time soon.

If you really were going to set up a pfSense box, then you won't need either of those routers, but running a pfSense box puts you firmly into Power User category. This means the ER-4 is a better fallback option for you between those two. It also keeps open certain advanced configuration options like DPI (deep packet inspection) and QoS (Quality of Service). You could, of course, just try both the ER-4 and USG, see which you prefer and return the other.

A good introductory place to ask for Ubiquiti specific questions is on Reddit: r/ubiquiti. Those guys are rabid Ubiquiti fans. If you want to ask more technical questions, receive more neutral responses, with a much wider diversity of Ubiquiti users including many professionals who use them and the actual developers, then the Ubiquiti Community Forums are best: http://community.ubnt.com

 

[EngChi]

you got good response from umarmung here
- start with the plan , what components your network diagram would have (router to connect to LAN to WAN, switch for internal switching, access points for wifi, etc)
- designate a budget and be realistic on what you want to spend
- pick physical components for specific network pieces

I have good personal experience with Ubiquiti as wireless hardware (centrally install one on the ceiling of each floor, run the network cable to each and forget about wifi). I can walk from second floor to basement and back and not care about which AP I am on as they handoff.

I use Unifi 24 for switch and Mikrotik RB 750G R3 as router, work great. I do not get fancy graphs inside of my unifi software (because of no USG) however I do not need or care enough at this point.

if I were to do one thing different were to buy bigger switch with SPF+ built in vs going with Unifi-24 which is only SPF , so may be I will upgrade and sell Unifi 24 and spare TPlink 24 port that is laying around.

 

[thelonghop]

The USG uses the same Unifi software as the AP wireless system. So, it makes it very easy to configure. The Edgerouters expose a lot more configurability via their GUI and even more via their command line interface.

If you only need a handful of ports, you don't need to buy such a large switch. I believe Ubiquiti make an 8-port fanless, i.e. silent, PoE+/PoE/Passive PoE, VLAN-aware managed switch with a large PoE budget that is wirespeed, non-blocking and comes with 2 SFP ports for future compatibility: https://www.ubnt.com/unifi-switching/unifi-switch-8-150w/. You could also get any switch from any vendors, if you really wanted, but it wouldn't be managed by Unifi, may not even have VLAN support, may have limited PoE options or a low PoE power budget, and almost certainly will not have SFP ports. If you have an existing VLAN-aware managed switch, you could also just use the PoE injectors that come with the Ubiquiti APs.

The Cloud key only runs the controller software. Since you mentioned you may have other gear lying around, if you have PCs or mini-PCs around, you can run the controller software on there. I think some even run it on a Raspberry PI! If you only had one AP, you wouldn't even need to permanently be running the controller software since it would only be needed for changes.

Depending on whether you have many 3x3 WiFi radio clients scattered around your home, e.g. MacBook pros, UAP-AC-Pros may be overkill. In general, it is better to have more APs, so that devices are within say 40ft of a controller, than it is to have one or two very powerful ones - that's pretty much the core argument to move away from the standalone routers of the consumer market, the Asus, Netgear, TP-Link standalones etc. All routers have to follow the same wireless power regulations after all and physics limits their performance across range and, most importantly, through materials.

For the same price as getting 2x UAP-AC-Pro, you can get 3x to 4x UAP-AC-Lite and put them at "opposite" ends of your house or enclosed areas with zero deadspots or performance drop off. It also makes it less of a (head/heart)ache if you ever want to upgrade to the latest and greatest, e.g. the new Unifi AP nanoHD which is up for pre-order.

So, the really tricky part is whether to get the Edgerouter ER-4 for its Gigabit routing performance and 1 GHz CPU or to get the much more CPU-limited USG (just an Edgerouter ERLite-3) because the latter is convenient to manage via the same Unifi software. Something like the USG is a set it and forget it type of device, except for minor changes like port forwarding. A Unifi-managed ER-4 probably won't be coming any time soon.

If you really were going to set up a pfSense box, then you won't need either of those routers, but running a pfSense box puts you firmly into Power User category. This means the ER-4 is a better fallback option for you between those two. It also keeps open certain advanced configuration options like DPI (deep packet inspection) and QoS (Quality of Service). You could, of course, just try both the ER-4 and USG, see which you prefer and return the other.

A good introductory place to ask for Ubiquiti specific questions is on Reddit: r/ubiquiti. Those guys are rabid Ubiquiti fans. If you want to ask more technical questions, receive more neutral responses, with a much wider diversity of Ubiquiti users including many professionals who use them and the actual developers, then the Ubiquiti Community Forums are best: http://community.ubnt.com

The USG uses the same Unifi software as the AP wireless system. So, it makes it very easy to configure. The Edgerouters expose a lot more configurability via their GUI and even more via their command line interface.

If you only need a handful of ports, you don't need to buy such a large switch. I believe Ubiquiti make an 8-port fanless, i.e. silent, PoE+/PoE/Passive PoE, VLAN-aware managed switch with a large PoE budget that is wirespeed, non-blocking and comes with 2 SFP ports for future compatibility: https://www.ubnt.com/unifi-switching/unifi-switch-8-150w/. You could also get any switch from any vendors, if you really wanted, but it wouldn't be managed by Unifi, may not even have VLAN support, may have limited PoE options or a low PoE power budget, and almost certainly will not have SFP ports. If you have an existing VLAN-aware managed switch, you could also just use the PoE injectors that come with the Ubiquiti APs.

The Cloud key only runs the controller software. Since you mentioned you may have other gear lying around, if you have PCs or mini-PCs around, you can run the controller software on there. I think some even run it on a Raspberry PI! If you only had one AP, you wouldn't even need to permanently be running the controller software since it would only be needed for changes.

Depending on whether you have many 3x3 WiFi radio clients scattered around your home, e.g. MacBook pros, UAP-AC-Pros may be overkill. In general, it is better to have more APs, so that devices are within say 40ft of a controller, than it is to have one or two very powerful ones - that's pretty much the core argument to move away from the standalone routers of the consumer market, the Asus, Netgear, TP-Link standalones etc. All routers have to follow the same wireless power regulations after all and physics limits their performance across range and, most importantly, through materials.

For the same price as getting 2x UAP-AC-Pro, you can get 3x to 4x UAP-AC-Lite and put them at "opposite" ends of your house or enclosed areas with zero deadspots or performance drop off. It also makes it less of a (head/heart)ache if you ever want to upgrade to the latest and greatest, e.g. the new Unifi AP nanoHD which is up for pre-order.

So, the really tricky part is whether to get the Edgerouter ER-4 for its Gigabit routing performance and 1 GHz CPU or to get the much more CPU-limited USG (just an Edgerouter ERLite-3) because the latter is convenient to manage via the same Unifi software. Something like the USG is a set it and forget it type of device, except for minor changes like port forwarding. A Unifi-managed ER-4 probably won't be coming any time soon.

If you really were going to set up a pfSense box, then you won't need either of those routers, but running a pfSense box puts you firmly into Power User category. This means the ER-4 is a better fallback option for you between those two. It also keeps open certain advanced configuration options like DPI (deep packet inspection) and QoS (Quality of Service). You could, of course, just try both the ER-4 and USG, see which you prefer and return the other.

A good introductory place to ask for Ubiquiti specific questions is on Reddit: r/ubiquiti. Those guys are rabid Ubiquiti fans. If you want to ask more technical questions, receive more neutral responses, with a much wider diversity of Ubiquiti users including many professionals who use them and the actual developers, then the Ubiquiti Community Forums are best: http://community.ubnt.com

Thanks, I did post over on Reddit. I think I need the big switch due to the number of lan drops I have, right? If I add more APs I'm up against the 24 pretty quick.

I like the PoE idea but they're so dang expensive it's blowing up my budget for this, though I might just have to do it. I started off looking at the UAP AC lite but thought bigger is better and started leaning toward the PRO.

I've tried to do some research on pfsense but their website has little info, so I don't know if it will suit my needs. I'm not a power user who will be tweaking things all the time, more set it and forget it. I don't know anything about DPI or QoS. Ideally I'd like an app like circle where I can just turn off internet for the kids on a schedule or when grounded. It looks like I can do that in Controller software, my big questions are can I do that in the app and can I do that for both wired and wireless if they're on a Unifi switch?

Sent from my Pixel using Tapatalk

 

[coxhaus]

If you want to turn off wired ports to a room with Cisco switches you can schedule and turn off switch ports. Look at the Ubiquiti switches for that feature. I have only used Cisco switches.

To schedule the wireless it will need to be handled in the wireless devices not the switch.

Most routers let you use which ever DNS you want.