Network & Wifi Planning

[TVille]

I have a complicated "compound" of three buildings spread across an acre. I currently have a Google Wifi Mesh system that, uhhh, has challenges. The setup has the main house, which runs a single CAT5E to the next building, and, after a switch, over to the third building. also via CAT5E. The main house, due to home runs on every installed ethernet, and lack of enough ethernet, has three switches. Dedicated runs to each camera is not possible. They run on the same network as eveything else. VLAN woudl be possible with the right equipment, but it would be a lot due to the switches.

I am not a real computer geek, but have been around them forever, and have the ability to terminate RJ45, test them, etc. I can handle setting up and configuring software. My current desktop is a Linux machine that I use to control my headless Win 10 BI box. I am not averse to figuring out how to set up pfSense/Netgate, if that is included in a recommended solution. I am not looking for another mesh system, as I have wired back hauls for everything. I would need four APs, two in the main house, one in each of the buildings.

Eventually I want to replace it due to these challenges. I would like:

1. Obviously firewall protection, built in is fine, this isn't Fort Knox.
2. I will have a GB switch right after the modem and router, to keep LAN traffic off the router, if needed.
3. All APs will be wired.
4. VLAN capable
5. Guest Wifi capable

What I'm looking for is an English explanation of: "Well, you need the Acme brand, Trojan series of equipment, If you get the router and wifi points, it will all work through there Miracle software." And the more brands/options, the better!!

 

[Gargoile]

What kind of traffic will be in each building? What kind of network connections are in each now? What do you hope to have in each in the future?

Sounds like you need a Spine-Leaf configuration.

 

[TVille]

I have GB switches in each. System has been tested to run 800 Mbps from laptop to desktop from furthest points. Furthest building mat have four cameras, TV, single computer. Middle building will have the same but more usage by far. Existing cables between buildings are underground and I really, really, don't want to try and pull new cables!

Main house, where cable enters, router, etc. is 90% of the bandwidth.

Sent from my Pixel 4a using Tapatalk

 

[TVille]

I should add, it's just two of us 95% of the time. We use the network for movies, music, surfing, and uploading videos of stupid people the cameras catch. Not that heavy. Currently we have Comcast with 300/12 Mbps. It runs around that when I test it.

Sent from my Pixel 4a using Tapatalk

 

[Teken]

Is the ask for recommendations for new network hardware to replace the existing old units?!?

As the first line was about poor WiFi?!? If that’s the problem just purchase any WiFi 6 AP and rock on . . .

If it’s about just replacing everything Just Because it’s time. The worlds your oyster based on your budget.

If you have limited budget just replace the wireless with Ubiquiti WiFi 6 access points. Start with one and see what the improvements are and if it’s fine - stop. If you need more coverage add a second unit on the opposite side of the property if that solves the WiFi issues - stop.

If not add the third unit for all building structures for full coverage.

These devices incorporate wireless VLAN so no extra hardware required once set up with the controller software (PC, Linux, Mac supported) or spend more for a dedicated Ubiquiti hardware controller.

If the budget is higher than replace all the switches with Ubiquiti 16, 24, 48 POE+. Lots of people enjoy the UniFi line and offers lots of hardware options that covers the entire spectrum of price.

If you’re more hands on and want more enterprise switching hardware than buy Ubiquiti Edge Switch (ES) line. As it relates to a firewall you simply can’t go wrong using pfSense. Depending upon how serious you’re about security out of the box the system is only a 20 minute install and ten clicks away from go.

If you want more advanced features, protection, that just comes down to invested time to install more software packages and learning to use the new software features that span IDS, IPS, VPN, UPS, load balancing, charting / graphing etc.

You’ll need at the minimum a dual NIC computer that meets the hardware requirements. Given this is yet another 24.7.365 system operating you can virtualize the software or run it on a low power Atom CPU to reduce energy consumption.

 

[TVille]

Wifi coverage is fine. It is the Google mesh system that is troublesome. The damned thing takes one or more of my APs (Google Wifi "puck" or whatever) that is wired, with a known good connection, and switches to mesh wireless. With metal roofs, and cinder block walls, speed drops to maybe 20 Mbps. Maybe. It worked fine until a year ago, and then started this. I have done all the torubleshooting possible, swapping APs, rebooting, restoring them to stock, etc. This appears to be a common issue with them, with no known solution. As such, I am tired of the challenges of a fully closed, proprietary system which has significant limitations. Much like a ReoLink vs. Dahua camera. Both get a job done, just not the same job.

Will the Ubiquiti Wifi 6 Aps provide guest wifi and vlan services without Ubiquit switches? I have five GB switches right now, would I need to replace them to get those services?

 

[Teken]

Wifi coverage is fine. It is the Google mesh system that is troublesome. The damned thing takes one or more of my APs (Google Wifi "puck" or whatever) that is wired, with a known good connection, and switches to mesh wireless. With metal roofs, and cinder block walls, speed drops to maybe 20 Mbps. Maybe. It worked fine until a year ago, and then started this. I have done all the torubleshooting possible, swapping APs, rebooting, restoring them to stock, etc. This appears to be a common issue with them, with no known solution. As such, I am tired of the challenges of a fully closed, proprietary system which has significant limitations. Much like a ReoLink vs. Dahua camera. Both get a job done, just not the same job.

Will the Ubiquiti Wifi 6 Aps provide guest wifi and vlan services without Ubiquit switches? I have five GB switches right now, would I need to replace them to get those services?

VLAN: You'll need a switch, router, firewall that supports VLAN's.

As it relates to so called Mesh it should be noted the vast majority of people and vendors do not explain or use the term Mesh correctly - much less use it as intended! A true Mesh system is assumed that three nodes (those widgets / blocks) in use are simply powered and than connected wirelessly to one another!

Depending upon the system (All in one vs Add on's) there is at least one node that is connected to the LAN. All others are linked together to one another by RF.

The biggest mistake is thinking when they have say three nodes and connect them via hardline to the LAN and also enable Meshing! That's not how it was intended or works and absolutely will impact your ability to see the stated range, speed, and throughput.

When three nodes are connected directly to the LAN they are Access Points.

There are common problems that everyone should check and fine tune to suite their personal environment.

- Auto Mode: Almost every system on the market has a auto mode for transmit power, and channel. Some environments just work better in auto and negotiate perfectly fine vs others don't. In those cases it makes sense to choose a less used channel for better reception / transmit. When channels are selected they should be based on using any of the dozen tools to identify what channels are heavily in use. Once known, select the channels that are not in those ranges for less interference and reliability.

It should be noted just because you select a different channel doesn't mean its going to be a lot better vs worse. As some devices simply do not connect reliably to X vs Y.

In your scenario place all units into auto and let the system choose what works best. If it solves the problem - stop. if it doesn't insure all three systems are using channels spread apart say 1- 6 - 11 for 2.4 ghz.

Transmit Power: The biggest problem when a mesh system is deployed is everyone changes the output to high. If the system is in auto change it to low, medium, high, and see what the difference is. One major problem which seems counter to what people would expect is when a so called mesh system is in place each node should be set to drop off or over lap a specific distance / range.

Why???

Signal hang . . .

Essentially this is seen everyday where a device can see one bar. That WiFi device will just keep hanging on to that signal forever until it can't connect. This is why having a mesh network that is well defined for low power to avoid over lap works much better.

You literally walk past 30 feet and poof no signal . . .

It doesn't matter because node one is in building one and this covers that area completely. Now, you walk over to building two and once you reach 15 feet you see a new signal - no signal hang.

Walk over to building three same thing . . .

Obviously this requires testing, validation, and long term follow up. So, adjust the power to low / medium to see if this cures the signal hang.

As it relates to channel width VHT 20 / 40 / 80 . . .

Same applies and comes down to your own environment of building materials, RFI / EMI interference, distance, etc.

The easiest thing to do is disconnect all mesh nodes and leave just one in place. Complete basic tests of streaming a YouTube video and walk around the house. If everything is fine your next step is to be realistic as to connectivity outside of the home. If you're like many who want to see 50-100 feet from a unit installed in the house - shake your head!

People who want outside WiFi need to have AP's installed - Outside!

Again, this is why its important all three buildings in the above example define realistic WiFi reception that is germane to that location only.

 

[iwanttosee]

Dedicated runs to each camera is not possible.

How many cameras do you plan to have?
What MP?

 

[TVille]

I have 13 cameras now, thanks to a couple of "new" refurbished Andy Cams, ranging up to 4 MP. Network bandwidth is not the issue. My main backbone is GB. I could end up with 20 cameras, probably no more than that. I cannot physically segregate the camera network, any future segregation would be VLAN based.

 

[iwanttosee]

I have 13 cameras now, thanks to a couple of "new" refurbished Andy Cams, ranging up to 4 MP. Network bandwidth is not the issue. My main backbone is GB. I could end up with 20 cameras, probably no more than that. I cannot physically segregate the camera network, any future segregation would be VLAN based.

How many camera is going to be on the wifi?

 

[TVille]

How many camera is going to be on the wifi?

I currently have two. One old Foscam and one Amcrest. They are running 0.3 and 2 MP. I won't be adding any more to wifi. Wifi is for computers and devices, TVs, etc.

 

[iwanttosee]

I'm cheap, so I bought used routers that are capable of using OpenWRT firmware so I can set them up however I want them to be.
For your case, Asus makes some great routers that can be setup as Access Point. RT-AC88U has 8 LAN ports!

 

[asq19]

I have a complicated "compound" of three buildings spread across an acre. I currently have a Google Wifi Mesh system that, uhhh, has challenges. The setup has the main house, which runs a single CAT5E to the next building, and, after a switch, over to the third building. also via CAT5E. The main house, due to home runs on every installed ethernet, and lack of enough ethernet, has three switches. Dedicated runs to each camera is not possible. They run on the same network as eveything else. VLAN woudl be possible with the right equipment, but it would be a lot due to the switches.

I am not a real computer geek, but have been around them forever, and have the ability to terminate RJ45, test them, etc. I can handle setting up and configuring software. My current desktop is a Linux machine that I use to control my headless Win 10 BI box. I am not averse to figuring out how to set up pfSense/Netgate, if that is included in a recommended solution. I am not looking for another mesh system, as I have wired back hauls for everything. I would need four APs, two in the main house, one in each of the buildings.

Eventually I want to replace it due to these challenges. I would like:

1. Obviously firewall protection, built in is fine, this isn't Fort Knox.
2. I will have a GB switch right after the modem and router, to keep LAN traffic off the router, if needed.
3. All APs will be wired.
4. VLAN capable
5. Guest Wifi capable

What I'm looking for is an English explanation of: "Well, you need the Acme brand, Trojan series of equipment, If you get the router and wifi points, it will all work through there Miracle software." And the more brands/options, the better!!

It sounds like you have already done a lot of research and have identified some good options. There are several ways of skinning this. I went with a PFsense router and haven't looked back. security, VLANs, etc are fairly simple, and the options are almost endless. You can purchase a netgate appliance to run it all, or get something like a dell R210 and run it on that. For the switches, again there are several options. You can go the unifi route, if saving time is the driver. even without something like the USG you can load the management software on a computer and do your vlans, guest wifi management really quickly and painlessly. If you are wanting to save $ and don't mind investing time, then you can get some decent switches used, like the Cisco 3560G series. They are a managed, POE, gigabit switch, and can be had for ~$100 on ebay. I went with a PFsense router>Cisco3560G>Ubiquiti APs, and really like the solution. It is solid, allows for VLANs and guest wifi (also it's on VLAN), and the PFsense also has OpenVPN built in.