What's new

Home / small biz wireless network advice

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Cheekymonkey

New Around Here
I have a home/small home biz networking architecture that's grown into a franken network over the years.

So here's the basic user story/requirements/need:
We have a large family with a requisite large three story home with many iot and mobile devices (over 80 or so) distributed over the house. I and the wife both often work from home and we are frequently on video calls. I used to host servers in the house for work and fun (e.g. minecraft for the kids) but have moved most of that to cloud services. Overall, I'd things to be simple, if possible. No managed services or consoles needed with one exception below.

In terms of how things are set up, I have pfsense acting as the firewall and the main router. Most of the permanent fixtures (printers, tv, chromecast audio, etc.) are given static routes. There are 3 access points, the engenius being the 'business' and the ac86u being the main 'home' although I haven't partitioned things beyond that. There are no vlans. Each AP has their own distinct ssid - auto negotiation hasn't been a requirement although I might be talked into it. The only new feature that I'm strongly considering is better network mgmt administration so I can control my kid's network access. The basement router is there for streaming video in our entertainment room to the FireTV as the signal strength wasn't quite strong enough. Luckily, the home is wired with ethernet and there are plenty of drops throughout.

So... if you were me and you were starting fresh now in 2024, what wireless architecture would you use? Mesh? APs? I assume we should consolidate to one vendor, but which? Asus for aimesh?

Attached is a simple diagram of the network.

Much appreciated!
 

Attachments

  • network.png
    network.png
    103.9 KB · Views: 17
The only new feature that I'm strongly considering is better network mgmt administration so I can control my kid's network access.

You have to recreate on your pfSense firewall the Parental Control rules you want to implement. There is no built-in Parental Controls on a business oriented router OS. You can do application filtering, IP-blocking, DNS-blocking, DNS interception, etc. For VLAN network segmentation you need APs with VLAN support. Your home routers used as APs don't have it, unless you can script it yourself. Perhaps a home "mesh" product like Nest, eero, Deco, Orbi, AiMesh, etc. will be easier for you and more cost efficient?
 
If you are used to pfsense and like it, do not move off that. Nothing you can find in the consumer space is anywhere near as good, or as stable, for router and firewall functionality (I've been through Orbi, AIMesh, UniFi, and more). However, replacing your wireless APs behind the router could be worth doing. Do not even think about mesh; if you have ethernet drops where you want to put APs, you are miles ahead already. Independent APs are fine unless you notice problems when roaming around the house.

For the specific task of limiting your kid's network access, can you do it with firewall rules on pfsense, or were you hoping for something higher-level? I don't know too much about what's good in that area.
 
The easiest to do is DNS interception and redirection to upstream filtering DNS like Cleanbrowsing plus blocking avoidance Proxy/VPN/DoH/DoT/DoQ. Should be good enough and can be done per client. The issue - no control if the kid's personal devices have access to mobile network. One click and all local network filters are gone.
 
The easiest to do is DNS interception and redirection to upstream filtering DNS like Cleanbrowsing plus blocking avoidance Proxy/VPN/DoH/DoT/DoQ. Should be good enough and can be done per client.
+1
The issue - no control if the kid's personal devices have access to mobile network. One click and all local network filters are gone.
This is well outside my personal experience, but Apple devices can be locked down with "management profiles" a/k/a "configuration profiles", see this Apple help page for starters. Presumably you could use that to force use of a particular DNS server whether it's on your wifi or on mobile, and then @Tech9 's suggestion works for both. Likely there is something similar for Android, but I know even less about that.
 
Apple devices can be locked down with "management profiles" a/k/a

Android devices too, but this is outside of my personal experience. 🤷‍♂️


 
Much thanks for all the tips. I've been curious about Omada as it seems to be well positioned for my needs/budget. I just wasn't sure whether it plays nicely with pfsense, which I know and would like to keep. Looks like I'll be doing some research tonight.
 
And I hear you about mobile devices. That's a whole different set of problems but I have been able manage using some of the tools/techniques already mentioned for iOS. The parental controls I don't have a good handle on is managing desktop computer internet access as that's where most of the gaming happens. It will be most likely be dns blocking as ip blocking will be difficult for the gaming platforms.
 
Much thanks for all the tips. I've been curious about Omada as it seems to be well positioned for my needs/budget. I just wasn't sure whether it plays nicely with pfsense, which I know and would like to keep. Looks like I'll be doing some research tonight.
If you don't already know this site: Evan McCann has a lot of great reviews and info about Omada, UniFi, and other SMB-grade network gear. I went through his reviews last year and eventually opted for UniFi, although it was a close call over Omada. I'm happy with the APs I got from UniFi (U6 Enterprise APs), but after reading a ton of chatter on their community forums I'm glad I didn't dip into their router gear. Seems like the software is only barely ready for prime time, and it's notably less configurable than pfsense.
 
If you don't already know this site: Evan McCann has a lot of great reviews and info about Omada, UniFi, and other SMB-grade network gear. I went through his reviews last year and eventually opted for UniFi, although it was a close call over Omada. I'm happy with the APs I got from UniFi (U6 Enterprise APs), but after reading a ton of chatter on their community forums I'm glad I didn't dip into their router gear. Seems like the software is only barely ready for prime time, and it's notably less configurable than pfsense.
Very helpful, thank you. I found other resources that signal Omada's compatibility with Pfsense, so I'm going that route. Appreciate all the advice.
 
I've been happy with Omada's compatibility in general. I don't use pfSense, but I've noticed no difficulties using Omada APs with an old Ubuquiti Edgerouter. The Omada experience is delightful, and roaming between APs is seamless and transparent (single SSID). I don't really even think about which AP I'm connecting to when I move around the house. I even put in a small "mesh" network where my (detached) garage is bridged wirelessly in order to provide connectivity between my IP security cameras and my wired network, where the NAS is. It all just kinda works.
 
Both Ubiquiti UniFi and TP-Link Omada are good price/performance options for home installation.

Both offer wireless mesh options when wires are not available or possible. In my experience Omada does roaming better, but Omada software UI is not as good looking as UniFi. Functionality is about the same. Omada is cheaper though, readily available in many places and with more AP options in different class from AX1800 to AX11000. They also have AIO router + controller + PoE model perhaps suitable for home use - ER7212PC. It has limitations - up to 8x APs.
 
I think the Cisco small business APs like the Cisco 150ax wireless access points would be very good. The support is fantastic from Cisco for firmware updates. They are GUI driven and fairly easy to setup. The roaming is very good and Wi-Fi calling works well.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top