Assistance with Large Wifi Network over multiple Buildings Ubiquiti

[BreakingDad]

Hi All,

I've been away a while but here I am back with the big one Hope you are all doing well out there?

Wondering if some of you clever folk @Tech9 @ColinTaylor @SomeWhereOverTheRainBow @thiggins etc could assist with a project I am involved in. Please note I am a tech hobby guy and not a professional in this field, my trade is logistics, hence why I am asking so many questions.

My place of work is moving to a new site in the next year or so and with that we would like to set up a stable strong Wi-Fi system. We would also like to DIY it to save money, but don't mind spending on decent equipment to do it right and do it once.

We are interested in using Ubiquiti equipment and have come up with two possible plans so far Wi-Fi Plan 0 and Wi-Fi Plan 3 (attached) (no idea why they are 0 and 3 but let's go with it)

We would like the latest generation of Wi-Fi.

Plan 0 has 17 qty https://uk.store.ui.com/uk/en/products/e7-campus e7 Campus access points/repeaters. I believe these access points cover 465 m2 and therefore would cover the green circles on the picture which are the buildings we want to have Wi-Fi.

We were initially thinking about having a "mesh" system, however I have since been reading that 17 points is far to many for a mesh system and this would put a lot of strain on the first points in the loop Can someone confirm this? However I have also learnt that these unifi points can work as both mesh and/or access points. I am told that access points may be better for our purposes? Would this be ok for best coverage ?

The M numbers on the map are "Mesh" or "Access Points" (I think this is a case of configuration as to which is used).
The S number is a Network Switch.
The R is the incoming BT fibre open reach box (router)

Wi-Fi Plan 3 (The second plan) is essentially the same, however on this one we have added 3 x https://ui.com/wifi/bridging/building-bridge (Building Bridges).

These are numbered B1 B2 and B3 (both ends) and this system would have only 14 Access Points (or mesh points (e7 Campus))

Where possible we will use PoE for power, however most of the points will be wired with POE injectors , please could you also advise which ones we should use for this to power the access points?

We have several questions on top of all this !

1) Which system is faster?
2) Which system is more reliable?
3) Will it all work through breeze block / cavity walls
4) Are Ubiquiti Access Points inter switchable to Mesh Points?
5) Have we over estimated the amount of access points, bearing in mind this is a huge site and we have calculated the range based on the advised square metre coverage?
6) Which Network Switches for this system should we be looking at?
7) Would we be able to set a guest network on this system, or would this come from the BT router? (would we indeed need a better router?)
8) Is there a better way of doing this?

For now I will leave it there and let the conversation commence.

Thank you all in advanced for your help, it will be really appreciated.

I look forward to reading up over the next few days.

 

[tgl]

Avoid "mesh" if at all possible. It's not great for performance with any gear, but it's particularly not great with UniFi APs, which do not have a dedicated radio for mesh backhaul. While it says on the spec sheet they can do mesh, the right answer is that all your APs should have ethernet connections back to the main router.

If you can't manage an ethernet link between buildings, a dedicated point-to-point wifi link is your second choice for those hops. I wouldn't recommend the UBB though, as it is overpriced for what it is. The going recommendation seems to be to use 60GHz PtP units from Ubiquiti's UISP (not UniFi) "Wave" line.

Assuming you do manage to get wired connections run to all the APs, you should think seriously about dropping a few bucks on PoE-supplying switches instead of using injectors. Nothing wrong with injectors for individual APs, but for a lot of APs they become clutter very very quickly.

Keep in mind that the E7 APs are absolutely brand new and have no field track record. If you won't be buying this stuff till next year, that's probably not such a problem, but I'm not sure I'd drop kilobucks on them today, especially not after watching UI struggle to get the bugs out of their U7 series. If I were buying a lot of UniFi APs today I'd go for gear from the U6 line. (Personally, I've had several U6-Enterprises for about a year, and they are solid kit.)

UniFi APs do guest networks fine, but if you want trustworthy isolation between the guest net and the main LAN then you need VLAN-capable switches and routers. I don't know which "BT router" you have in mind, but there's not much ISP-supplied kit that does VLANs.

I'm not totally sure what "breeze block" is, but UniFi APs have no special pixie dust that lets them work through obstructions that other APs can't penetrate. Rule of thumb is that you don't want more than about one sheetrock wall between client and AP: that comes down to physics and transmit-power regulations, so all makes are going to be about the same.

Lastly: you will get far better-informed opinions about Ubiquiti gear over at https://community.ui.com/ than you will get here.

 

[Tech9]

Is there a better way of doing this?

What you guys are doing is totally wrong planning for a site like this and it won’t even work as Ubiquiti system since you are missing key components. I can give you pointers, but the most important thing is missing too - how many expected clients with what expected traffic?

I know we have time difference, when I get home will give you better planning strategy with explanation why you have to do it in a specific way.

 

[tgl]

how many expected clients with what expected traffic?

Yeah, I was wondering about that too. 17 E7-Campus units, or even 14, is one hell of a lot of wifi. The spec sheet says 1000+ clients; even allowing for marketing inflation, you're talking about a system built for ten thousand or so users. Do you really expect that many?

You're also paying a very pretty penny for outdoor-rated units ... are ALL of these going to be mounted outside? I could see using gear like this in a football stadium, but then you wouldn't be asking about wall penetration.

Lastly, the E7-Campus units are very directional, with essentially no signal out the back or sides per UI's radiation patterns. There are certainly use-cases for that, but they might not fit your plans.

 

[OzarkEdge]

Miscellaneous input... for a big project, you might want to spend a little bit upfront on a few 'samples' to put hands-on and to flex the supply/support channel... before fully committing to the project direction and cost.

OE

 

[Tech9]

when I get home

1. For stability and performance - wired infrastructure first. This is the backbone of your future network. If you cut corners somewhere by going wireless - stability and/or performance will go down. Wireless mesh will eat 2x bandwidth, wireless P2P links will be relatively slow or very expensive for your application.

2. The site plan above with proper dimensions, ceiling height, wall materials -> https://design.ui.com/; The Design Center will tell you how many APs do you need of the type you want, the tool is very close to the reality after. Spend some time drawing walls and selecting materials and you'll get +/-2dBm expected signal level accuracy.

3. Latest Wi-Fi technology - not needed because of the following:
- APs connected to GbE uplink can't exceed Gigabit anyway.
- APs connected to 2.5/10GbE uplink increase the project cost significantly. May be a reason, may be a waste of money.
- There is not enough bandwidth for speed, you have to run the APs on 20MHz wide channels on both 2.4/5GHz bands.
- You don't want someone to steal available Ethernet bandwidth using Wi-Fi 6E/7 device and hurting others.
- Higher modulation needs better SNR, the range for speed will drop anyway.
- Very high initial cost with practically no return of investment.

4. APs must be many, preferably the same type, on low power and working on narrow channels. They will reach further and together will utilize better the available bandwidth. On the same wide channels the range will be shorter and the APs will wait for each other to transmit/receive data. The APs will see each other better than client devices see the APs, they have more sensitive radios. Roaming will be better with properly tuned system, you can have 2 sec. transition time close to "seamless".

5. APs with high gain antennas can't be omnidirectional. This U7 Campus model has 90-degree beam. The green circles on your plan don't actually exist in reality. The radiation pattern is 1/4 of a circle. You need omnidirectional APs with no more than 5dBi antennas. Radiation patterns -> https://help.ui.com/hc/en-us/articles/115005212927-AP-Antenna-Radiation-Patterns

6. Available wireless bandwidth - in the UK you have only one 80MHz wide non-DFS channel on 5GHz band. You don't want gambling in DFS. With 15+ APs they have to work on 20MHz wide channels, 40MHz worst case scenario. One building with 4x APs as an example has to have them set on 36, 40, 44, 48... then next building at some distance again 36, 40, 44, 48, etc. The same for 2.4GHz, but with every other AP with 2.4 radio disabled. First building 1, 11... then next building 1, 6, etc. If you want to offer 6GHz - keep 20MHz wide channel again. This way no client will steal bandwidth. Single SSID, 2-3 radios per AP, multiple clients support and no client will exceed 50Mbps throughput. You can limit it further unless you plan 5Gbps ISP of faster and 10GbE network.

7. UniFi network - has four components: Gateway, Controller, Switch, Access Point. If all Ubiquiti - you can do whatever you want wired or wireless. Each AP has own SSID, power, bandwidth, VLAN, etc. control. Each Switch port has VLAN control, some have PoE power control. The Gateway can do application filtering, geo-blocking, packet inspection, DNS filtering, DNS interception and redirection, selective routing, inter-VLAN routing... everything you need for business environment. The Controller is your control center managing and monitoring everything from a single screen. Remote access, site-to-site, custom notifications (ISP down, device down, management access, intrusion detection, etc.), it will let you know what and when happened with the network.

8. With UniFi you can have multiple VLANs served on the same SSID with Private Keys. Password1 is your main VLAN, few people may have access. Password2 is general access, or what you call Guest Network, with Captive Portal showing your business logo if you like. Password3 may go through VPN, if you want to. You can have different client authorization methods, for example to protect your Ethernet ports. You may not like someone to arrive with a laptop and just connect to your office LAN getting straight on the main VLAN. You can make this visible wall plate jack on the general access VLAN, but the one behind your desk on the main VLAN... if you find it easier.

9. Do you want security cameras with face and license plate recognition? Check the new AI models, they have impressive features. Do you want employee ID entry/exit system? Check Door Access line of products, they have from Home to Enterprise systems. They all can be integrated into your network. Do you want NAS or a power backup? Check Integrations section on Ubiquiti Store. Make a list of additional or eventual future requirements. This will determine the equipment you need to start. You don't have to buy everything at once, but you have to buy the right products. Not every Gateway has Protect, not every Gateway has built-in Controller, not every Switch has the required PoE budget, most APs are built for specific applications, etc.

10. Hire a professional, this project won't be cheap. Home tech hobby approach may accumulate many costly mistakes very fast. This system is different than home Wi-Fi. You don't want speed, but maximum reliability and guaranteed service with minimum administration time. You set it once and move on to something else business related. Time is irreplaceable commodity.

 

[BreakingDad]

Some amazing advice, thank you everyone for your time.

It seems what we have come up with is overkill

The amount of users would be no more than 30 on the wifi, not quite football stadium amounts.
We basically would like a solid reliable Wi-Fi connection in each building.

Refering to @Tech9 points

1) Where possible we could install wires. The main office will be wired. Regarding the larger buildings we could either install wires or a building bridge of some type to get the "signal" to the building. I think a wire would be more stable and more storm resistant. From there we could have a Switch (which I assume could provide the POE and Network to the access points of the building?) I think perhaps U6 generation as advised by @tgl .

3) Agree that we do not need the latest generation which only provides speed rather than reliabilty. For reasons @Tech9 put over in point 3. Initially we thought latest gen would be more "future proof" but you make a valid argument that we don't want fast devices on 6E/7 taking all the band width.

4) How many U6 access points per buildings that measures 45 x 10m , 30 x 12m and 31 x 18m would you recommend?

5) Assume the U6 "flying saucers" would be a better option?

6) We are not sure of the incoming speed as yet as the internet is switched off, all I can tell you is it's connected via a fibre point on BT openreach)

7) Which gateway and controller would you recommend for a Small/Medium Business, we have aprox 20 staff, and up to 10 guests on site.

8) I partially understand this, essentially we need 1 password for Admin, 1 for Staff and 1 for Guests, Possibly another one for the house that is on site. Could you maybe go into more detail of VLANs? however we do have an IT company that set things up and support us here (at a cost)

9) Yes we will have I would guess around 10 CCTV cameras on site, at the moment the ones we have are HD Cameras recording continuously to a box. I don't know if these will be replaced with a new system. Assume this will consume more bandwidth over the system. We also have NAS drives at present, I think maybe three right now, we also have a big server box. I'm not sure which equipment we are taking over to the new site.

10) We have discussed this morning in the office and we agree, however based on what you guys are saying and other conversations we are having, we are coming up with a "Game Plan" so we can go to two or three professionals and ask for a quote and advice of what we need without being "Over Sold" We will probably perform the physical installation ourselves as we have many capable engineers (not IT but electronics/vehicles and familiar with wiring and tools etc) on site.


I think (after reading all your advice) we have decided now to hard wire each building under the tarmac, with a powered switch in each building connecting to how ever many access points. 1 AP per port. I would have thought that most of the cameras can be linked into these switches as well.

Will keep viewing your suggestions. Thank you again.

 

[degrub]

9) Keep the raw video feeds off of your lan if possible. Only the ethernet interface, assuming it has one, to the NVR should be on the wired LAN and under its own VLAN with restricted access if possible.

1) Use fiber between buildings to avoid grounding/earthing and lightning protection issues. Otherwise PtP wifi as last choice.

3) The equipment should last 5-10 years subject to electrical issues and vendor support. You can buy spares to offset immediate down time. Suggest device surge protection at least. Is this a manufacturing facility with arc welding or large machines being used ? Those can cause havoc as they broadcast on all frequencies.

4) use the Ubiquiti planning tool once you know the rough dimensions and interior space layout details.

 

[Tech9]

The amount of users would be no more than 30 on the wifi

In this case you need baby UniFi system similar to the one in my signature. The ISP modem feeds UGC-Max Gateway connected to 2.5GbE PoE switch in the Office for wired devices and for few office APs, then each building has GbE PoE switch and 3-4 local APs with wired/wireless uplink (whatever is cheaper for you to build) back to the Office.

UCG-Max -> USW-Flex-2.5G-8-PoE -> 2-4 U6-Plus

                    |

                GbE / UBB

                    |

            USW-Ultra-60W -> 3-4 U6-Plus (x number of buildings)

Why U6-Plus APs? - cheap and up to 23dBm power, your maximum power limit in the UK for 5GHz non-DFS band.

For the buildings - at 20MHz wide channels to 2-stream client you get 144Mbps (2.4GHz) and 287Mbps (5GHz) PHY rates in ideal conditions and up to -52dBm signal level. Count 4x APs ~200Mbps throughput each -> Gigabit uplink for all 4 is good enough. You can connect 5-6 APs without noticeable performance difference just because they are not loaded 100% all the time.

UCG-Max supports 30+ devices (APs, switches) and 300+ clients, more than enough for your needs. It also supports Protect, Access, Talk, Connect extra UniFi features and has built-in storage (optional). May come handy in the future.

For a network with 1x 2.5GbE gateway, 1x 2.5GbE PoE switch, 3x GbE PoE switches, 3x GbE wireless links and let's say 16x APs (Design Center will tell you how many) you are looking at ~£3200 + VAT in hardware, wiring extra. What you get is full control over every AP and every LAN port. After the hardware is installed setting it up in my opinion is easier than home router with Asuswrt-Merlin + Custom Scripts. You'll have up to 2.5GbE WAN/LAN in the office and GbE links to each building. Total possible throughput is going to be up to 2.5GbE (1.5GbE with IDS/IPS enabled). You can save ~£1200.00 if you can wire the buildings. If you daisy chain them though - the total uplink to all buildings will be GbE. May be enough, may be more convenient and easy to do - you decide.

UBB is IPX6 device with 200km/h wind resistance. Huge overkill for such small distances, but £395 a pair (fair price in my opinion), high quality and with all mounting hardware and power in the box. Ready to go and may come cheaper than digging trenches.

U6-Plus is indoor AP, -30 to 60°C operating temperature. If you need water resistance on top (you guys have humid climate) - U6-Mesh with IPX5, but it's almost 2x more expensive per unit and will increase the cost significantly. It is better AP for 4-stream 5GHz radio, universal mount options and higher power, but none are important for your application.

Expand and modify as per needs. Add a switch for more ports, add APs for more coverage, watch PoE power budget. USW-Ultra-60W can power 5x U6-Plus, but 4x U6-Pro/Mesh for example. If you need more 2.5GbE ports without PoE - USW-Flex-2.5G-8 is cheaper.

 

[degrub]

Some amazing advice, thank you everyone for your time.

It seems what we have come up with is overkill

The amount of users would be no more than 30 on the wifi, not quite football stadium amounts.
We basically would like a solid reliable Wi-Fi connection in each building.

Refering to @Tech9 points

1) Where possible we could install wires. The main office will be wired. Regarding the larger buildings we could either install wires or a building bridge of some type to get the "signal" to the building. I think a wire would be more stable and more storm resistant. From there we could have a Switch (which I assume could provide the POE and Network to the access points of the building?) I think perhaps U6 generation as advised by @tgl .

3) Agree that we do not need the latest generation which only provides speed rather than reliabilty. For reasons @Tech9 put over in point 3. Initially we thought latest gen would be more "future proof" but you make a valid argument that we don't want fast devices on 6E/7 taking all the band width.

4) How many U6 access points per buildings that measures 45 x 10m , 30 x 12m and 31 x 18m would you recommend?

5) Assume the U6 "flying saucers" would be a better option?

6) We are not sure of the incoming speed as yet as the internet is switched off, all I can tell you is it's connected via a fibre point on BT openreach)

7) Which gateway and controller would you recommend for a Small/Medium Business, we have aprox 20 staff, and up to 10 guests on site.

8) I partially understand this, essentially we need 1 password for Admin, 1 for Staff and 1 for Guests, Possibly another one for the house that is on site. Could you maybe go into more detail of VLANs? however we do have an IT company that set things up and support us here (at a cost)

9) Yes we will have I would guess around 10 CCTV cameras on site, at the moment the ones we have are HD Cameras recording continuously to a box. I don't know if these will be replaced with a new system. Assume this will consume more bandwidth over the system. We also have NAS drives at present, I think maybe three right now, we also have a big server box. I'm not sure which equipment we are taking over to the new site.

10) We have discussed this morning in the office and we agree, however based on what you guys are saying and other conversations we are having, we are coming up with a "Game Plan" so we can go to two or three professionals and ask for a quote and advice of what we need without being "Over Sold" We will probably perform the physical installation ourselves as we have many capable engineers (not IT but electronics/vehicles and familiar with wiring and tools etc) on site.


I think (after reading all your advice) we have decided now to hard wire each building under the tarmac, with a powered switch in each building connecting to how ever many access points. 1 AP per port. I would have thought that most of the cameras can be linked into these switches as well.

Will keep viewing your suggestions. Thank you again.

Be careful with running copper based ethernet between buildings. Usually, each building will have its own electrical panel and earthing. Running a ethernet cable between both creates an electrical path between both buildings. If there is a difference in earth potential, which there will be, just a question of how much, it is possible to burn out electronic gear. This can get worse during passage of clouds/storms overhead. No lightning involved. Don't ask how i know. Distances between earthing rods was only 50 ft.

 

[OzarkEdge]

And even if the gear survives, ground loop current between different Earth Ground voltage potentials... is noise to equipment, impacting performance.

One sometimes difficult solution is to connect/bond together the separate building Earth Grounds.

Similar is required when grounding an outdoor TV antenna with a dedicated ground rod. That rod should be bonded to the building ground rod.

Side note... I understand the US electrical code is now requiring two ground rods instead of one for the building Earth Ground. I guess they want to be sure not to suffer a poor Earth Ground in a modern building full of electronics. I often find poor/inadequate building Earth Ground and ISP cable ground connections whenever I look for them (step one).

OE

 

[azdeltawye]

For your fiber runs between buildings, these SFP modules are very affordable.

Just make sure to get a switch with SFP ports...

1G Multi-Mode Optical Module
UACC-OM-MM-1G-D
$9.00


SFP transceiver that supports 1G connections up to 550 m using multi-mode fiber with a duplex LC UPC connector.

Max data rate: 1 Gbps

Compatible with SFP interfaces

Duplex LC UPC connector

Supports multi-mode fiber connections up to 550 m*

*Fiber cable is not included.



UniFi SFP

 

[Tech9]

I believe UBB may come cheaper than copper/fiber installation and will hold steady GbE at this short distance. Electrical segments separation comes as a bonus. I also believe local professional advice is the best approach. Ubiquiti is just one of the options. Someone local may have installed different equipment already in similar environment with positive results, may do it and provide warranty for the entire system. DIY is components warranty only. For a business makes a difference.