Build a home network for under $1,200

[magnus_ca]

Hi All,

I just got done reading through the 'help me build me build a top of the line setup' thread a few posts down, which parallels my upgrade project. Rather than hijack his/her thread I thought it'd be best to start my own...

I'm a self taught part-time IT Manager at a small company (<50 emp). I'm not formerly trained but consider myself scrappy when it comes to computers and networking. I've gotten our company through an ERP upgrade, server upgrades, email system migrations, firewall upgrades, setting up VPN's, yatta yatta...so I'm not a guru by any means but have familiarity with Enterprise level IT concepts and hardware.

I'm trying to implement a solid wireless network over at least 4,000 square feet (single story). The former owner ran CAT5E to most of the house (via wall jacks) from a utility closet. I'd liked to use the existing lines for hardwiring stationary network devices and as an Ethernet backbone for wireless.

I setup Google Wifi for my folks, which is working great for them, but I'm not crazy about its performance. If I'm paying for 400/20 Mbps I want to see it on my wireless clients, especially if I'm in a room with an AP. I tried Eero first in my home but wasn't crazy about its performance either. I have Plume Superpods in my home right now, which have been great (the verdict is still out on coverage). I'm consistently seeing better than advertised speeds on my wireless devices which is great...but I'm not sure I'm happy with my network as a whole.

My cable signal comes into the same utility closet the Ethernet leads terminate. I don't have a router so I need to run a Pod behind my modem (in a closet!). I know I could use the WiFi router provided by my cable company and move the Pod out of the closet but I try to avoid ISP-provided equipment like the plague. I need to buy a 16 or 24 port switch anyway so I figured why not go POE and get some POE-powered AP's? I was also flirting with the idea of building a Pi-Hole server for ad blocking out of a raspberry pi. While researching it i came across pfSense and Untangle tumbling me deeper down the rabbit hole. My current shopping list is as follows:

+Untangle u25x Appliance w/ Untangle HomePro (for FW, DHCP, DNS and adblocking)
+Ubiquiti Unify 16 Port GB POE+ Switch or Netgear 16 Port Gigabit POE+ (PGS116PP)
+Ubiquiti Cloud Key (controller for AP's)
+3 or 4 Ubiquiti Unify Pro AP's

I know this will get me a great home network and will cost about $1,200, but is there anything else I should be considering instead? I'm pretty set on the Untangle box. It seems like it will do everything pfSense will do and be simpler to setup and manage over time. The wildcard for me is Ubiquiti. I wish they had a cloud option for managing the AP's. I'd really like the management portion of the WiFi network to be easy.

If I had a lamp to rub I'd ask the genie to whip me up a POE-powered AP for $150 or less that has a switched port and easily attaches to, or in place of, a wall plate, AND can be managed by a mobile app with not controller dongles required.

Does anyone have experience with OpenMesh? I think they check all my boxes but the A42 is on the large side (not that Ubiquiti Pro's are petite). I also need to get my arms around the Engenius product line, which seems overly vast and complicated.

If I stick with Untangle as a router what value would I get out of using a managed POE switch, like the Cisco SG300 mentioned in the other thread, over an unmanaged one?

Finally, if I go with an unmanaged 16 port POE switch are there any good ones under $200?

Thanks in advance for your assistance.

 

[abailey]

I use Untangle at my home and really like it. I tried several other routers before it and never got them to really do what I want (I tried Ubiquiti, Asus, Zyxel, and pfSense). So I like your choice of firewall. A managed switch is nice as you can use it to separate out a visitor network, or a network for your IOT devices, etc. You can extend these VLANs out to your AP's also if they support VLANs. The Ubiquiti AP's do support VLANs. I don't know much about the Openmesh. I also like some of the TPLink AP's, though they might not be the fastest of the bunch. If your only going to use a couple of AP's then it might be better to just use a POE injector and thus a non-POE switch. Adding POE to a switch will usually up the price substantially. For home I just use a layer 2 switch to carry VLANs and let Untangle do the routing. You can certainly use a layer 3 switch to carry and route your VLANs but it will make your setup a little more complicated.

 

[magnus_ca]

Thanks for the reply. I like your recommendation to use the injectors. The only thing is that I'll probably install 3 or 4 AP's and could see myself adding 2 or three cameras at some point eventually.

Regarding guest vlans from a managed switch... Doesn't that capability exist within some AP's? We have an Aruba AP at work that does. It has bandwidth management as well.

Sent from my Pixel 3 XL using Tapatalk

 

[abailey]

Regarding guest vlans from a managed switch... Doesn't that capability exist within some AP's? We have an Aruba AP at work that does. It has bandwidth management as well.

Sent from my Pixel 3 XL using Tapatalk

Yes some AP's can accommodate VLANs. But if you use VLAN's then your switches also need to be able to pass VLAN traffic. Now some AP's can do guest isolation without VLANs. Ubiquiti AP's can do this. So you could have wireless for visitors that is separate from other stuff on your LAN without using VLANs. VLANs just give you more options, like separating out IOT devices and such, whether they are wired or wireless.

 

[magnus_ca]

Yes some AP's can accommodate VLANs. But if you use VLAN's then your switches also need to be able to pass VLAN traffic. Now some AP's can do guest isolation without VLANs. Ubiquiti AP's can do this. So you could have wireless for visitors that is separate from other stuff on your LAN without using VLANs. VLANs just give you more options, like separating out IOT devices and such, whether they are wired or wireless.

Why put IoT devices on their own separate VLAN?

How are wireless IoT devices managed by a switch? Do you set the switch as the gateway for those devices? Or do they hit the switch off the hardwired AP's?

Sent from my Pixel 3 XL using Tapatalk

 

[sfx2000]

I'm a self taught part-time IT Manager at a small company (<50 emp)

BOFH in other words - not the writer, but the boss...

+Untangle u25x Appliance w/ Untangle HomePro (for FW, DHCP, DNS and adblocking)
+Ubiquiti Unify 16 Port GB POE+ Switch or Netgear 16 Port Gigabit POE+ (PGS116PP)
+Ubiquiti Cloud Key (controller for AP's)
+3 or 4 Ubiquiti Unify Pro AP's

Might be over building... look at the AP's and footprint - put the AP's where the people generally congregate, that's your 5GHz footprint, and then 2.4 is the backstop for the rest of the house...

Good write up here...

https://arstechnica.com/information...flecting-on-almost-three-years-with-pro-gear/

 

[tannebil]

Why are you concerned about coverage with Plume? Is you've got an area where you want better coverage, just add another Pod for $39 or SuperPod for $89.

 

[magnus_ca]

Why are you concerned about coverage with Plume? Is you've got an area where you want better coverage, just add another Pod for $39 or SuperPod for $89.

I'm not concerned about coverage with Plume, I was just commenting that I hadn't had a chance to evaluate it from that standpoint. I suppose you're right though, with a mesh/AP approach coverage is less important...just add additional nodes where you need it.

Sent from my Pixel 3 XL using Tapatalk

 

[Trip]

For routing/firewall, Untangle is a good choice. And it can do fq_codel-based QoS, which tends to fix 99% of WAN-LAN quality issues for small, flat networks. I would personally do a DIY build based on an i3 or i5 Protectli or Qotom appliance off Amazon or AliExpress, as you'll get way better throughput for the dollar, but if you want a pre-loaded one so you don't have to monkey with it, that's understandable. Either way, $400 max aught to do it.

For switching, I'd at least go with a web-managed L2/L2+ "smart" switch, even if you run just a single subnet, largely unmanaged. Considering you're using it as the "core" of your LAN, I find it preferable to be able to control/limit/view/segment traffic, if ever needed. Yes, you can upgrade this piece later, but I think starting L2 managed right off the bat is a better idea. Cisco SG and HPE Aruba are my first choices, FS/Netgear/Zyxel/TP-Link second, and Ubiquiti/Mikrotik for those who can stomach more but potentially flakier features and the no-support model. For 16-24 L2 ports with PoE, you're looking at $200 to $350, brand/model depending.

For wifi, if there's several hundred dollars or more to invest, I'm going intro-enterprise, AC (probably Wave 2) and true mesh-capable. I'll just leave it at that, no rants or explanations necessary. I would do an embedded-controller product like Ruckus Unleashed or Aruba Instant. Some still like Cisco WAP/Aironet, but I find them less desirable. Regardless, you may only need two if you place them smartly. For setup, I find it to be fairly self-explanatory, but between official docs, YouTube and Google, you should be able to find plenty of adequate material to get you through it. Then you just configure them up, and done. And pretty much every product in this space has cloud-enabled management, if that's your thing.

$1200 invested. Rock-solid network done.

P.S. A quick word on cloud-based access to your network. It is nice to see slick interfaces for all your gear, akin to the "app" feel that everything else seems to come with these days in a "smart" home, but it's also an area than can dramatically increase the threat surface to your home's security, so I would be careful with how much you expose to the internet, just for the sake of visibility from afar. With solid gear (per my post), reliability should be in the class of: no reboots needed for months, if not years, if ever. And at that point, other than observation or tweaks, it should function as reliably as a hot water heater or a ceiling fan. I can understand the want to have centralized control and/or the power to admin your network any way you want, though. But just something to think about from both sides.

 

[Trip]

A couple of additional notes on some brands you asked about:

UniFi - A decent product, who's primary advantage is price and single-vendor stack. Great for MSPs and VARs, and SMB budgets. However, as soon as you get into mixed brand environments (through choice or force), it beings to make less and less sense in my opinion, and each product running standalone is often bested by alternatives. In your case, a USG beaten by Untangle for platform maturity, ease-of-use and support. UniFi switches perhaps bested by, for example, HPE in reliability, warranty and support. And the APs themselves, arguably the strongest piece of the puzzle, maybe not outright beaten but definitely given a run for their money by slightly pricier stuff that could perform as well or better, have embedded controller options (common UBNT... really?), and potentially better support structures as well. Nothing against UniFi outright, it's certainly been a game-changer for many, but it's clearly not the answer in all cases.

Open-Mesh - At one point, I was entertaining them, but from all that I've tried and observed, just never that impressed enough to switch. No particular feature set that to me differentiates them enough, other that price (at one point, anyways). And as a recent Datto acquisition, I'm not quite sure how the product will lifecycle moving forward. Again, nothing particular against them, but I'm just inclined to gravitate to more enterprise-ish solutions that I know tend to "just work".

 

[magnus_ca]

$1200 invested. Rock-solid network done.

Trip, your advice is awesome! Thank you for turning me onto Ruckus Unleashed and HPE Aruba!

I would have liked to put together a more powerful box like a Protectli/Qotom but I placed an order for an Untangle u25x appliance with Untangle HomePro pre-loaded yesterday.

Here's what I have so far:

Untangle u25x Appliance and 1st year HomePro: $390
HP JL384A 1920S 24G 2SFP PPOE+ 185W Switch: $315

Wireless AP's are a bit of a wildcard. Ruckus Unleashed AP's are exactly what I was looking for but I'm pretty sure they'll require softening my budget. Fortunately they're having a 50% off promotion right now on Unleashed products, which should help. I don't have a floor plan available but I whipped up a diagram off a satellite view that should help explain the project.

I outlined the rooms where I want wireless access in yellow. I didn't outline the backyard but would like wireless access there as well. The locations labeled E1-E7 are where I have existing wall plates with Cat5E. I'm willing to run additional ethernet to ceiling mounted AP's if necessary but would prefer to utilize the existing cable where possible.

Guidelines:

• Speed tests from hard-wired devices are giving me 450/25 Mbps from my ISP.
• I'd like 250+ Mbps wireless performance in the following rooms/areas: Great Room, Master
• I'd like 100+ Mbps wireless performance in the following rooms/areas: BR1, BR2, BR3, Dining Room
• The Patio & Pool Deck, Pool House, Garage, and the Guest House need serviceable performance. I'd say 25 Mbps or greater would be acceptable.

My initial thoughts (although I'm flexible)...

• Install an AP in the wall plate at position 'E2'. This is in the back hall just outside my kids bedrooms 'BR1' and 'BR2'. I have a Superpod there currently that's working well.
• Install an AP with power only in the Pool House and use a wireless backhaul to extend the signal serving the Master or Patio area.
• Install an AP with a strong 2.4GHz radio in the Dining room to serve the garage and Guest House.

Thanks again for the help!

 

[magnus_ca]

Open-Mesh - At one point, I was entertaining them, but from all that I've tried and observed, just never that impressed enough to switch. No particular feature set that to me differentiates them enough, other that price (at one point, anyways). And as a recent Datto acquisition, I'm not quite sure how the product will lifecycle moving forward. Again, nothing particular against them, but I'm just inclined to gravitate to more enterprise-ish solutions that I know tend to "just work".

You are right about Open Mesh. All of their products, even the ones introduced within the last year, are End of Sales this month and EoL in 2021. You can get the Datto-branded A42/A62 but they're only available through VAR's (bleh).

 

[Trip]

You're welcome re- advice! And no worries on the Untangle box; the 3215U in there is a decent little CPU. It does lack AES-NI, but if you don't plan to run VPN on the box, or if you do and can get by with, say 100Mb or so of throughput over VPN, then you should be fine.

Good choice on the 1920S switch. The JL384A is quiet at 36dB, has low latency and has the lifetime warranty. The only kicker with that model is PoE is only available on ports 1-12 (13-24 are non-PoE), so you must map your patch cables accordingly. 185W is enough for several APs and a few other lower-power items. Make sure you give the ops manual a good read-through, so you understand the concepts of upgrading firmware, saving and committing configuration changes, etc. and you should be good to go.

For wifi, I think you'd enjoy Unleashed and the Wave 2 AC models should get the job done throughput-wise, as long as you get placement correct enough. Assuming your house isn't solid concrete and/or has tons of metal in it, you may be able to get away with just 2 APs, an R510 or 610 at E1 and an R510, maybe even an R310, at E3. *Important* make sure you buy the SKU that actually says "Unleashed". You can technically flash any Ruckus SKU unit with Unleashed, ZoneFlex or Standalone firmware flavors, but I like buying the SKU that matches how you envision running it, as they tend to only want to support that flavor for which you originally purchased. With two in place, I would test for throughput. If it falls short anywhere, you can always add a third AP into the mix, then adjust your layout into a triangle, as you were initially thinking. And lastly, yes, wired backhaul running on PoE wherever possible. They will form a SmartMesh automatically wherever wires are lacking, but wire is obviously preferred, especially in your high-throughput zones. Good luck!

 

[magnus_ca]

I was able to cancel my order for the u25x and bought an i3-7100u box with 64gb SSD and 8gb RAM direct from Qotom's storefront in ebay.

Sent from my Pixel 3 XL using Tapatalk

 

[Trip]

Nice! That will pretty much drive anything you want to run at gigabit or near-gigabit speeds.

 

[magnus_ca]

Do you think I'll lose anything wall mounting the R510/R610 12 inches off the ground?

 

[Trip]

This thread and best practice guide (and my experience, as well) would indicate horizontal mounting produces slightly better results that vertical mounting (ie. ceiling, bookshelf, desk top/bottom better than wall), but you may just have to play with orientation in your own environment to see if that's really the case for you. I would do some "soft" temporary mounts and test performance before committing to hard mounts once you've decided on location and orientation.