Need sage advice for SOHO, Home, Guest network in house

[mwunder]

From doing my own research my head is a bit spinning so I have come here to ask for advice. My apologies in advanced if my post is too detailed, i.e. too long. But I want to give as much info as possible. Please ask if something doesn't make sense.

I would say I am somewhat technical but definitely not as adept as most of the advanced users on this forum. My interest in networking products pretty much disappear when you have to configure via a terminal. Maybe turning something "advanced" on or off via terminal is Ok, but nothing on a consistent basis. So my preferred interface is GUI. I don't need the ability to tweak to a microscopic scale but not be too limited like Airport products are.

What I currently have is an aging Airport Extreme/Express network system with some power line adapters thrown in. Recently we had some weird power blips and it seemed to have messed with the power line adapters. Plus I am just tired of rebooting things when the kids complain about slow speeds.

Hardware setup is as follows:
1. ISP is Comcast with my own modem it is hardwired to my...
2. Airport Extreme AC which is wired to a Netgear GS108Ev2 and one of my power line adapters. This is all located in my home office that is at the lower front/right of a two story 2400sqft house of wood and stucco build.
3. GS108E is wired to various devices within the office. iMac, 8x8 VoIP, Synology DS411Slim, Lutron processor, network printer/scanner, and then a run to the rear, lower, left of the house to an other GS108Ev3 which is wired to...
4. Airport Express to expand the wireless network, TV, Xbox, PS, Apple TV, Sonos (which then uses it's own mesh network to speak to other Sonos devices)
5. The power line adapter mentioned above in 2 expands the system upstairs to another Aiport Express and Apple TV. I tried this route to see if I could get improved wireless performance upstairs rather than use Apples WDS. This location is approximately in the middle of the house upstairs.
6. Upstairs wireless devices are 3 laptops, iPhones, and some other older gaming consoles.
7. I also have the guest network enabled on my Airport devices with the thought of segregating Home from my office but that creates issues when I want to share resources like a printer.
8. Oh, and I do have some wireless cameras and Ring installed. Wireless cameras are managed by DS411Slim. I also have a wireless power line adapter outside in my pool pump room/shed for networked sprinkler controller and added coverage for internet in that outside area. These all connect to the office wireless.

Please note my home office is my MAIN office. There is no main office I need to connect to.

This is what I would like to do. I have two goals...a) improve wireless reception/speed upstairs (damn gaming laptops!) and b) have better control of my network. I would like 3 wireless networks. Office, Home, Guest. I would like these networks to be segregated from each other to a certain extent. I want them all to share the internet connection and the network printer. Office and Home I want to have access to Sonos and the various multimedia devices we have. Reason I want Office to have access to these devices is because usually I have my phone/laptop hooked up to the office wireless because that was what I have all my main devices connected to given the limitations of Apple networking and my hardwired runs. I know that the GS108E has some Vlan capabilities, but not quite sure if it's enough for my desired setup. I haven't delved into it too much because I know other gear is needed for my desired setup. I may not need to connect to the office wireless anymore Or even need office wireless as I can setup user access on the Synology NAS for the various resources I keep there. So maybe I can keep all my home automation stuff on Home wireless, ditch needing an Office wireless, and the wired iMac (which also runs Windows 7) can be the master computer which can access all resources. Thoughts?

I need some help in what products to get and my thought process. I have gotten as far as thinking a ceiling mounted POE AP upstairs will help things immensely as I can probably get a network run up to the attic from my office below. However, I don't know what products support the setup I want and are reliable. Obviously the Airport Extreme needs to go away and be replaced with a wireless router that also meets my above needs. Not sure how to deal with the shed mentioned in 8 above but hoping with the updated gear my wireless strength will improve outside too and I can completely get rid of the power line adapters.

I do know I don't want any mesh tech like Orbi, Eero, etc. It seems that every forum for those products have more issues than resolutions and all seem to cause problems with Sonos. Plus, they seem just limited enough to not be able to do what I want to do above.

Again, sorry if this was too long of a post but I have read many post where they were short and sweet but a ton of questions later they would compile to be as long as this one.

I appreciate any good input. Thank you.

 

[mwunder]

No takers? Ok...should I simplify my question? Did I post this to the wrong forum?

 

[coxhaus]

I think you need to ask specific questions. Wire is always better than wireless so string your wire.

 

[mwunder]

Thanks for the feedback. Yes, I agree. I do lighting control systems and I always say if you can run wire, do it. Unfortunately, I am limited on where I can run wire in my house.

Specific Questions:

1. What is a good and reliable base router with wireless that will allow me to setup up at least 2 wireless networks (3 would be preferred) and allow me to route them to shared and not shared resources? E.g. both can access the network printer and internet but limit access to other things. I would say minimum it has to do up to N and AC isn't THAT critical but nice to have.
2. What is a good and reliable ceiling mount POE AP that will mimic the abilities described in 1? This will have a wire run.
3. What is a good and reliable wall mount AP (doesn't have to be POE) that will mimic the abilities in 1? Prefer same manufacturer for 2 and 3. This will have a wire run.

I don't need cloud setup but do prefer most configuration via a GUI.

As stated above in my original post, the new mesh systems are nice but seem to still have a lot of issues and I want to avoid those. Especially since I have a Sonos system and they all seem to have issues with them from what I have read in forums.

Hope this helps.

 

[MichaelCG]

You are asking a lot of questions in general and very tough to answer them all in a single post....but here it goes.

1.) SONOS - I think you will find issues with maintaining SONOS functionality across multiple VLANs. I am pretty sure it is very dependent upon broadcast/multicast traffic between the controller/app and the speaker itself. I have not tested it myself, but there may be ways to get around this will some fanciness at the firewall....but I doubt it will be easy nor stable as client and speaker being on the same broadcast domain.

2.) Share Printers - This is easy with a proper firewall assuming you are not dependent on mDNS/auto-discovery features. You will need to print via name/IP instead.

3.) Multi-SSID - This is easy with a proper AP, VLAN capable switch, and firewall.

If I were in your shoes, here is what I would consider.....

1.) Firewall - A proper firewall will be so much simpler to manage access controls across multiple VLANs than any standard consumer device. Consider pfSense, opnSense, or any of the other free home use distros available.

2.) Managed Switch - Will be required to get the SSID isolation you are after. Just needs to be VLAN capable. Lots and lots of options here...I am running a used Cisco 2960G I picked up off of ebay for $100 for this purpose.

3.) APs - Dedicated APs throughout the house for sure are the best bet. You have distributed APs now, but are reliant upon the PowerLine back-haul. Getting dedicated Ethernet drops in multiple places throughout the house would be key.

I am running Ubiquiti UAP-AC-LR at my house and have 2 SSIDs being broadcast. One is the normal user and one is guest. My guest drops directly to my modem while my normal drops behind the pfSense firewall. This keeps guests completely out of my network.

4.) Shed - Either continue using your PowerLine devices, or look into outdoor APs. I know Ubiquiti has outdoor APs as well as outdoor point-to-point solutions to do exactly what you are talking about.

I am only mentioning Ubiquiti since I happen to own a few and spend more time than I should on their forums researching my own solutions. There are other vendors out there as well...I just don't know much about them. The price point of most Ubiquiti items also tends to make them quite attractive when you are trying to provide blanket WiFi coverage.

 

[coxhaus]

I share printers and resources across VLANs. I built my own networks. My wireless devices support these VLANs also. I don't think most home routers do this by default so you may not get too many answers. It may be build your own.

I use old Cisco wireless APs on 5 GHz which do not support AC mode but work as one using the Cisco built-in software.. The newer ones probability do. I don't use the pro models but the small business solution. I have 3 of the older Cisco WAP321 wireless units.

 

[mwunder]

Thank you MichaelCG and coxhaus. I appreciate your input.

MichaelCG...Sonos is set up with one unit plugged in via my wired network and then it uses it's mesh network to communicate to the other devices. I assume as long as my routing is setup correctly, I shouldn't have problems? I don't use their WiFi setup solution. Your comment on the firewall is noted and I will research your suggestions. Thank you. I have been eyeing Ubiquiti and given it appears to work without the controller software running after configuration I may just go that route. People really seem to like them.

coxhaus...Thanks for the input. Yes, I do realize I am above home grade network gear as basically I have a need for a true office network segregated from the house network but sharing some resources. Since both you and Michael mention Cisco products I will look into that too.

 

[coxhaus]

When you go to VLANs there is only one broadcast domain per VLAN so make sure Sonos supports routing or run Sonos only in one VLAN.

PS
I have a thread on this site where I setup a Cisco SG300-28 switch in layer 3 mode. This is what I run at home. It routes and controls access between VLANs so you can share resources.

 

[MichaelCG]

Thank you MichaelCG and coxhaus. I appreciate your input.

MichaelCG...Sonos is set up with one unit plugged in via my wired network and then it uses it's mesh network to communicate to the other devices. I assume as long as my routing is setup correctly, I shouldn't have problems? I don't use their WiFi setup solution. Your comment on the firewall is noted and I will research your suggestions. Thank you. I have been eyeing Ubiquiti and given it appears to work without the controller software running after configuration I may just go that route. People really seem to like them.

coxhaus...Thanks for the input. Yes, I do realize I am above home grade network gear as basically I have a need for a true office network segregated from the house network but sharing some resources. Since both you and Michael mention Cisco products I will look into that too.

On the Ubiquiti...you are correct you don't need the controller running after setup. You can just use the app on your phone if you want. I am running a Ubuntu VM to keep my controller running. I will eventually just buy the cloud key so I don't have to mess with it anymore. I like stats and pretty pictures...hence I want my controller running.

Sonos....no I do not think Sonos routes its traffic between the app and speakers. I am pretty sure it is broadcast or mutlicast which is not routable. I am pretty sure if you launch the Sonos app from your office VLAN while the speakers are on the house VLAN, it won't work. I have not tried to isolate my Sonos in that manner....basing these statements off of reading on their user forums. I do know that with my phone off network connected to OpenVPN, I cannot access my Sonos system but I can access pretty much anything else on my network. I have yet to do a PCAP to fully verify the theory...just know it doesn't work.

Cisco products are generally quite functional and when purchased used may be affordable. Keep in mind, unless you have access to a Cisco contract, you probably won't be able to get software updates. I had to phone a friend to get the latest software for my switch. Cisco is generally true Enterprise and they expect you to pay maintenance to get access to support and updates. The reasons I went for that switch in particular was the price point for a 24-port Gigabit managed switch, I am somewhat familiar with iOS commands, and I have access to people who can get updates if needed.

 

[coxhaus]

If you buy the Cisco small business switches, routers and wireless devices you will get free software updates even if you buy used. If you go pro Cisco gear then you need to buy software updates.

My Cisco SG300-28 has free software updates as well as my wireless units. I run a free Cisco product called Findit 1.0 which tracks software updates and lets me know when new ones are released so I can update my hardware.

 

[MichaelCG]

I always forget about their SMB gear since I live in the Enterprise world most days. I remember reading your thread on your adventures with the SG300.

 

[coxhaus]

Yes it was fun. Then I built a router VLAN so the only traffic slowing the router VLAN is internet traffic no local traffic can effect this VLAN. As network traffic gets chatty.

 

[mwunder]

Thank you. I have plenty to look into now. Appreciate it.