I am leaning heavily towards ubiquity. Please correct me if I'm wrong, but i would use a 3.1 modem, ub router, switch poe or injector, access point. The bi switch and system would tie into the internet switch.
I figured it would run about 400+. This set up will support a vpn. I suppose a vlan depends on the type of such i buy, managed. Also if I'm away from home and the system gives problems, what options do i have. Are there network specialists that will do simple residential?
This forum has been a great resource and is really fueling my interest to learn.
Thank you
I'll give you a brief description of my layout so hopefully it answers some questions. I have cable Internet service and own my old DOCSIS complaint modem. It's just a plain modem: No wifi, router, or switch. The cable modem connects to eth0 of my EdgeRouter Lite.
Eth1 on the EdgeRouter Lite connects to a Ubiquiti EdgeSwitch Lite. I went with the Lite version when I got it a couple of years ago because I didn't want the fan noise associated with the POE version and cameras weren't on the roadmap at that point.
In the EdgeRouter, I have three virtual interfaces hanging off eth1 for various purposes. With VLANs, I use the EdgeRouter's firewall to selectively permit or deny traffic to/from different network segments. For example, I don't allow anything on the camera VLAN to make outbound connections except to a single time server. But devices on the camera VLAN can accept and respond to connections initiated from other network segments. This allows me to access the web GUI of a camera from my PC, or stream video to my TinyCam on my phone, but should the camera decide to phone home to the People's Army, it won't be able to.
While I use an Ubiquiti switch, any managed switch will work fine. I created VLANs on the switch that match the VLANs on the EdgeRouter. For example, VLAN 140 is for the cameras. Eth0/23 on the switch is configured to access only VLAN 140 and anything plugged into that interface is automatically put on VLAN 140. That's the interface where I have a BV Tech 16 port POE switch which will power the cameras. That is an unmanaged switch but it doesn't matter because only cameras will be connected to it and all of the cameras will be on the same VLAN.
I also have an Ubiquiti AC Pro wireless access point. I use the POE injector that came with it and connect it to eth0/8 on the EdgeSwitch. Unifi wifi supports up to 4 separate wireless networks and each can optionally be assigned to a different VLAN. In the EdgeRouter, I have a VLAN 130 that's for IOT stuff. On the wifi, I have an SSID for IOT, configured for VLAN 130. On the EdgeSwitch, eth0/8 is allowed onto the default VLAN and VLAN 130 to pass both my default (privileged) wireless network and the IOT network through the switch and to the EdgeRouter. So devices on my main wifi can access anything and devices on the IOT network have firewall rules regulating their traffic. Basically, I don't trust IOT devices but unlike the cameras, they do need Internet access to function. So I only give them enough access to function and hopefully not enough to get into trouble.
Ubiquiti has forums you can read and participate in and there are a lot of video tutorials online.
