New Home Network build help

[Hooverf16]

Hi everyone!
I'm having a new home built that includes a structured wiring box with Cat 6 ethernet run to all of the rooms in the house. My thoughts are to have the Cable Modem (Cox) installed in the box and then feeding the rest of the house internet through a Legrand switch that is installed in the box. I would like to keep all of my hardwired connections behind a router hardware firewall for security. Not sure how a router will do in the box (plastic enclosure) itself. I currently use an ASUS RT-AC68U and an ASUS RT-66U configured in AiMesh mode. Also curious about installing a VPN on the routers as well and have a current subscription to Private Internet Access. Not a total noob and can navigate the routers but don't have the experience that many of you do. Thanks!

 

[CaptainSTX]

A modem probably won't do well or last a long time in a structured wiring box unless you install a powerful fan. My AC86 which is out in the open and in an air conditioned home runs at 171 F.

What you need to do is install your modem and router in another location in your home and then use one of your Cat 6 cables to back feed to the wiring box.

Install a small switch either managed or not managed in your wiring cabinet and plug the Ethernet cable coming from your modem into it as well as all other cables for other Ethernet jacks you want to activate.

Small switches use very little power so the heat generated is minimal and even if the heat should cause the switch to prematurely fail they are cheap.

I have a switch in my wiring cabinet and after four years it is still going strong.

 

[Hooverf16]

A modem probably won't do well or last a long time in a structured wiring box unless you install a powerful fan. My AC86 which is out in the open and in an air conditioned home runs at 171 F.

What you need to do is install your modem and router in another location in your home and then use one of your Cat 6 cables to back feed to the wiring box.

Install a small switch either managed or not managed in your wiring cabinet and plug the Ethernet cable coming from your modem into it as well as all other cables for other Ethernet jacks you want to activate.

Small switches use very little power so the heat generated is minimal and even if the heat should cause the switch to prematurely fail they are cheap.

I have a switch in my wiring cabinet and after four years it is still going strong.

Thanks for the quick reply. The box is located in my new laundry room which is fairly central to the house. Was thinking of snaking power, coax and ethernet cables up the wall above the box on a shelf and place the modem & router there. I know that higher is usually better for wifi and neither would be enclosed with a heat issue.

Sent from my SM-N975U using Tapatalk

 

[OzarkEdge]

Thanks for the quick reply. The box is located in my new laundry room which is fairly central to the house. Was thinking of snaking power, coax and ethernet cables up the wall above the box on a shelf and place the modem & router there. I know that higher is usually better for wifi and neither would be enclosed with a heat issue.

Sent from my SM-N975U using Tapatalk

Ditto on enclosure heat and ventilation requirements.

An all-in-one router with AP should be located 'high and in the clear'.

If you do tuck your router away somewhere inconvenient, it might be helpful to configure a second more convenient location for it for comfortable troubleshooting... i.e., configure and upgrade it in your office/tech area and when ready, deploy it to the final location. Me, I would prefer to keep it where I can comfortable administrate its services, like next to my desktop PC, and stick an AiMesh node in the laundry room if you need one there.

Also, rough it in at first and use it for while before nailing it down... you'll likely change your mind or need to reconfigure for some reason like getting certain devices wired to your LAN... although you are off to a good start avoiding this by having the house wired. A second cable run in key places can be useful.

OE

 

[CaptainSTX]

That will work if you don't mind the appearance of the wires running up the wall.

Without including a switch in the mix you will limit yourself to having no more than four LAN jacks hot and you will probably want to use one of them as an Ethernet connection between your router and your mesh node.

 

[Hooverf16]

That will work if you don't mind the appearance of the wires running up the wall.

Without including a switch in the mix you will limit yourself to having no more than four LAN jacks hot and you will probably want to use one of them as an Ethernet connection between your router and your mesh node.

I'm going to snake the wires up the wall and bring the ethernet out of the router to a switch that is in the box. Coax out of the splitter/amplifier in the box plus power supplies to modem and router.

Sent from my SM-N975U using Tapatalk

 

[dosborne]

Also curious about installing a VPN on the routers as well and have a current subscription to Private Internet Access

Very easy to do. Lots of existing posts on how to do it. Merlin firmware has some advantages in this regard over Asus firmware.

 

[Hooverf16]

Very easy to do. Lots of existing posts on how to do it. Merlin firmware has some advantages in this regard over Asus firmware.

Thanks for the reply! Any differences in loading the OpenVPN on a AIMesh network or just on the "master" router? Like the security of having hardware firewall and VPN protecting all connections.

Sent from my SM-T830 using Tapatalk

 

[Val D.]

Like the security of having hardware firewall and VPN protecting all connections.

Running a VPN Client on a router:

Pros:
- network-wide VPN, no need to setup devices one by one
- devices without VPN Client capabilities are also covered
- no limitations of how many devices will be using the VPN

Cons:
- more expensive, you'll need to upgrade your hardware*
- more complicated process of changing the VPN server
- more difficult to disable VPN on a client, when needed
- may have issues with sites and services not running through VPN
- issues with wife from all of the above, i.e. life threatening situation

* The two best routers for VPN are RT-AC86U and RT-AX88U, both supported by Asuswrt-Merlin firmware. Two major issues though - the first is not very reliable at the moment; the second is way overpriced at the moment.

In a new house with proper cabling I would go UniFi SEG + 2 x UniFi AP AC LITE or 1 x UniFi AP AC LR, depending on coverage needs. Some consumer routers have better specs on paper, but UniFi system once setup properly delivers really top quality WiFi with excellent management and control tools. Then I'll run VPN Client software only on devices I need VPN. I was a big fan of running VPN Client on a router, but not anymore.

 

[Hooverf16]

Running a VPN Client on a router:

Pros:
- network-wide VPN, no need to setup devices one by one
- devices without VPN Client capabilities are also covered
- no limitations of how many devices will be using the VPN

Cons:
- more expensive, you'll need to upgrade your hardware*
- more complicated process of changing the VPN server
- more difficult to disable VPN on a client, when needed
- may have issues with sites and services not running through VPN
- issues with wife from all of the above, i.e. life threatening situation

* The two best routers for VPN are RT-AC86U and RT-AX88U, both supported by Asuswrt-Merlin firmware. Two major issues though - the first is not very reliable at the moment; the second is way overpriced at the moment.

In a new house with proper cabling I would go UniFi SEG + 2 x UniFi AP AC LITE or 1 x UniFi AP AC LR, depending on coverage needs. Some consumer routers have better specs on paper, but UniFi system once setup properly delivers really top quality WiFi with excellent management and control tools. Then I'll run VPN Client software only on devices I need VPN. I was a big fan of running VPN Client on a router, but not anymore.

Great words and exactly what I was looking for. Thanks!

Sent from my SM-N975U using Tapatalk

 

[Val D.]

Great words and exactly what I was looking for. Thanks!

Just to add something:

a) when running 3-4 PCs on a router VPN Client, the router's CPU has to handle all the traffic
b) when running VPN Client software on each PC, each local x86 CPU handles it's own traffic

No need to explain why option b) Internet connection is much more responsive. Visibly more responsive.

 

[dosborne]

- more complicated process of changing the VPN server
- more difficult to disable VPN on a client, when needed
- may have issues with sites and services not running through VPN

Personally, I disagree with these.

No need to explain why option b) Internet connection is much more responsive. Visibly more responsive.

Have to disagree with this one too.

I find running the VPN on the router much easier to manage across all the devices as it is central, and available. No need to configure 10 individual devices. I can easily flip devices between VPN providers too. I have yet to encounter a cpu load that impacted my overall internet speed. I only route specific devices (essentially specific traffic) through the VPN though.

Your points are valid but not necessarily accurate for all situations.

 

[Val D.]

No need to configure 10 individual devices

There is a solution for everything on the router, but makes things even more complicated. I was testing and using Policy Rules, VLAN scripts, few preset VPN Clients, VPN Fail Over scripts, etc. and every device was getting exactly what I wanted. Everything was working properly, but at some point I realized things got unnecessary complicated. To restore this configuration I need about 2h time. Usually only 4 devices use VPN and the VPN account allows up to 6. Since I like simple solutions, I moved the VPN Clients on the devices and the router just moves bytes around the network. If the router fails, I can replace it for about 20min and the network is up and running again. And the router is RT-AC86U with not very good reliability record, you know. It already failed once.

Internet feels indeed faster and more responsive when multiple Intel x86 CPUs do the VPN work. My ISP speed exceeds router's VPN capabilities. There is a chance to get even faster ISP connection in near future. No need to overload the router with something it was not designed to do as main function in first place.

I can easily flip devices between VPN providers too

I'm sure you can. What about your wife? Yes, you can do separate SSIDs for separate VPN connections, but why? On a computer VPN Client software the same is possible with few clicks only. The only exception are devices with no VPN Client, they have to go through the router.

 

[Trip]

EDIT - Questions removed.

Keeping it simple: how many square feet is your house?

 

[Val D.]

Everyone here has jumped straight to into specifics, instead of asking the big questions first:

Yes, and few more questions:
- How many power generators you plan to use and on what fuel?
- How many UPS devices, what type and power?
- Do you need WiFi underwater in your pool?
- What is the structure of your airplane hangar, wood or metal?
- Do you need WiFi when taxing your plane and how far?
- What is your budget in thousands of dollars?

@Trip, seriously man? @Hooverf16 has the most important things done - wires and a switch. He is asking for an advice for a home network, not for a data center. He'll figure it out based on needs one device at a time.

 

[Trip]

Point taken. How about just square footage, roughly?

EDIT - I've also redacted my questions, to K.I.S.S.

 

[Hooverf16]

Thank you all. I do appreciate everyone's input and I'm trying to take it all in. The media enclosure is the Verge P3000 made by Primex. There are Cat 6 drops in every room and I have added 2 drops in my den/office and one on my patio. Inside the box, there is a LAN switch (I think 10 or 12 out) and cable splitter as well as 2 110v plugs.

The box is centrally located and I plan to have the master router and cable modem there. I will have the additional AiMesh router in the entertainment center to cover the rear of the house and back patio. House is 2200 square feet.

Thanks again!

Sent from my SM-N975U using Tapatalk