Home Network Advice

[Echthros]

To start things out, I am not deeply technical so looking for a solid solution that won't cost an arm and a leg but also doesn't need me to muck around with console commands. I looked into building my own router and use APs, but it looks to be more than I want to deal with. I'm comfortable with setting firewall rules on consumer routers so I don't see any need for a full custom/manual setup even if the initial investment may be lower.

 

I will be moving into a new house in ~5 months or so and it is almost double the sq ft of my current place. New one is 2 stories and for sake of this post, around 4,000 sq ft. 

 

We will have access to 5 GIG fiber to the house but will likely get no more than 1 GIG to start out as our kids are young and not clogging up the internet traffic yet. House will be wired with CAT 6E to plenty of spaces and we're getting conduit from the main panel to the attic for ease of future expansion. Since I'm not an expert, I'm looking for some feedback on whether the below makes sense. 

Setup:

• 8 Cat6e drops for primary computer/entertainment use
• 4 Cat6e drops for PoE security cameras (including a PoE smart doorbell)
• Network box is centrally located on first floor (20"x16" panel) in a closet which opens to 2 story high opening that goes length of house
• Home server/NAS with all our media (music, videos, etc.) and local archive storage (inb4 yes offsite backup for critical stuff is in place)
  • Running a Plex server on this that only serves locally
  • This is one of those micro-PCs running TrueNAS scale so it's capable of more than a basic consumer NAS
• Dedicated NVR for aforementioned PoE cameras/doorbell
• ~3 additional wifi cameras (these are for the kids' rooms while they're younger so didn't want to pay for ethernet drops as this use case won't be needed after a few years)
• Lots of IoT stuff (light switches, appliances, whatever have you)
  • Switches will likely go to a homeassistant box (not sure if this will be a separate thing or just hook a gateway to my home server and run it there)

 

What I'm trying to accomplish:

• I'd like to make sure I can blanket the house with 5ghz and 2.4ghz networks for all the non-stationary or non-latency-critical stuff (e.g. phones, our printer/scanner, IoT stuff,  Echo devices, etc.)
• For the home media and backup pieces, I'd really like to have 2.5gbe wired connections between: 
  • 2 main computers (at the end of 2 of the Cat6e drops)
  • The home server
  • At least 1 of the other Cat6e drops but ok if I can run it to 2 others (main is primary media watching Cat6e drop, the other 2 are secondary media players)
  • The goal here is to improve backup speeds and just make it faster to move media to the media NAS
    • (yes, I purchase physical media and then create a digital copy because I think artists should be paid and consumers should have perpetual licenses/ownership rights)
• I'd really like to prevent the NVR from having internet access but still be fully accessible from within the LAN
  • i.e. I'd like to prevent it from calling home to anything outside my network - basically I don't trust anyone and I'll have cameras in my kids' rooms so no-go on external access there. Wouldn't matter to me as much if it was just external cameras.
    • I have identified that I can firewall block everything internet except what's needed to send notifications and then VPN in if I need to view anything remotely

 

Specific hardware I'm looking at using:

• Main router + AP :: TP-Link Archer AX55
  • I don't see a reason justify the doubling of price here to get a pair of Wifi-7 routers to get 2.5gbe ports at those nodes
• 2.5GbE switch :: TRENDnet TEG-S380 (per Serve-the-home recommendation)
  • Need 8 ports and don't need a managed switch since this is the deeply trusted node
• PoE switch :: since this is for cameras, I'm planning to pick up a used sub $40 unmanaged switch with at least 4 PoE ports (but if I can get at least 1 more, I'll save a cable on my 2.4ghz AP)
  • I think I should be good with just a 100Mbps switch since nothing branched off this node needs any more than that but if gigabit is the same price, it's just gravy
  • I think this route will let me more easily segregate traffic if I have all the "naughty list" items coming off a single node

 

Network map plan:

 

 

Thank you!
 

[Electronics Wizardy]

I'd be tempted to go unifi or a similar system. Then you can manage it all in one control panel.

 

I'd probbly go with something like a udm pro here. Then that has the router + nvr in one box. Then get a few of the wifi 6 aps to place around the home.

 

I'd get more aps here for 4000 sq ft. Not sure exactly how its layed out, but 2 aps seems low here.

 

 

[Echthros]

11 minutes ago, Electronics Wizardy said:

I'd be tempted to go unifi or a similar system. Then you can manage it all in one control panel.

 

I'd probbly go with something like a udm pro here. Then that has the router + nvr in one box. Then get a few of the wifi 6 aps to place around the home.

 

I'd get more aps here for 4000 sq ft. Not sure exactly how its layed out, but 2 aps seems low here.

 

 

My brother (who works in large enterprise networking) recommended Unifi as well, but price wise, I'd be spending significantly more than the above setup. (Gateway $129, CloudKey $200, 2.5g switch $479, 16 PoE switch $199, then I didn't bother putting in-ceiling CAT drops so I'd probably need 2-3 U6 Mesh APs at $179 each and I'm already more than triple the above investment = $1,365 vs ~$400). I don't have a rack nor want to deal with the space-hogging of a rack so that significantly limits the Unifi options.

I think I should be ok with just the 2 based on the layout since there's a lot of open space and thus not many walls for each AP to punch through. First would be in the entryway closet with the network panel and the second would be in the gameroom.

1st Floor

2nd Floor

[Echthros]

I will note that I currently have a TP Link AC4000 sitting in a far back top corner in my current 2100 sq ft house and it covers everything just fine for what I'd have on wifi was just thinking that if I'm doing some investment anyways, might as well go to Wifi 6 but could just pick up another one of these for $80 as an AP but it doesn't look like it has all the new mesh stuff to make roaming between the APs as seamless as the newer routers would.

[seanondemand]

Couple things:

A small rack can fit in the closet and are reasonably cheap and with this many drops and the amount of hardware you want, without a rack in that closet, it is going to be a mess without one. You could build a rack mounted NAS for ultimate cleanliness too.

 

Look, I get it - a lot of this stuff is expensive. But do you want to do it cheap, or do you want to do it right? You could start with a UniFi Dream Machine SE - sure, it’s 499, but that covers the cloud key, the gateway, and the poe ports that you need, and slap a cheap HDD in there and that’s your NVR covered too. It sounds like at this point a couple in-ceiling drops wouldn’t be a big deal to add - grab a couple APs and you’re set. At that point, you’ve got management of the entire infrastructure in a single pane of glass, and a much more future-proof solution. If you want to save a buck today, you could then grab a reasonably cheap unmanaged switch and you’re good to go, probably closer to $800 for the networking equipment.

[Echthros]

1 hour ago, seanondemand said:

A small rack can fit in the closet and are reasonably cheap and with this many drops and the amount of hardware you want, without a rack in that closet, it is going to be a mess without one. You could build a rack mounted NAS for ultimate cleanliness too.

Sure, I could stick an open frame short depth 2U rack on the shelf above the network panel (it's the only coat closet on the first floor so no chance of anything going below there). I was avoiding this route mainly from the extra physical space this configuration would be taking up. I have no desire to have tiny rack fan whine in that space and I already have a home server setup (NUC + 4 bay DAS) so will already need to be taking up space on the top shelf. 

 

Quote

Look, I get it - a lot of this stuff is expensive. But do you want to do it cheap, or do you want to do it right?

"Right" is a very loaded word there and means different things to different people. For me cost does matter as my bank accounts are going to be suffering for a bit after all the down payments and other post-closing upgrades we're doing to this house. It's also important that I don't have to be a sysadmin professional to manage the setup. Unifi is targeted towards people who know what they're doing, consumer-grade stuff is targeted to people like me who don't need 2000 options to dig through. I'm not against Unifi in principle, it's just cost and form factor seem way overkill for my use case so why spend the money if I'm only going to be using 5% of its capabilities? If they had equipment better scaled to a home use case (which includes wife aesthetic approval) then it would probably be an easier pill to swallow. 

 

Quote

It sounds like at this point a couple in-ceiling drops wouldn’t be a big deal to add

Still an unnecessary cost at this point and when I'm already spending a ton of money for the place initially. Sure, in 5-10 years it may be worth doing a larger upgrade but I'm not sure if I'd even be using that much throughput. 

 

 

To entertain your suggestion (still not convinced it's worth the extra cost and hassle) this is the setup I'd probably have to go with:
 

• Wall bracket for rack mount :: a cheap startech 2U thing :: $63
• Dream Machine SE :: $499
• Cheap unmanaged 2.5gbe switch :: $150
• Probably can get away with just 3 Wifi 6 Lite APs :: $99 each - $297 (ebay is not saving me here maybe $10 less for used than list for higher power U6 versions)

Total cost :: $1009 before tax, shipping, and patch cables

I'd have to place the rack over the shelf and would still probably place the unmanaged switch wall mounted into the network panel to reduce the number of patch cables going back and forth. The home server/NUC would likely just sit on the Dream Machine with the 4 bay DAS. Then I'd have an AP in that closet, 1 in bedroom 2, and 1 in the gameroom though I'd lose the ability to direct connect anything there unless I spend another $80 for a U6-IW or add another unmanaged switch up there. Not a big deal, was just hoping I could keep more stuff off the wifi. 

What I was planning was having both of the switches in the network panel, then have the router, NUC, DAS, and an old QNAP NAS (for the NVR) sitting on top of the shelf. The 2.4Ghz AP I already have would sit in Bedroom 2, and the other router would be in the gameroom. 

I get that I'll be using a bunch of different brands of stuff, but so far the only benefit I see is that I'd have the NVR combined with the PoE switch so only 1 thing to log into instead of 2. 

At the end of the day, I like the idea, just not convinced that the extra spend is remotely worth it for my use case. I don't have a big homelab going nor do I like to tinker with networking for the sake of it. I'm likely to set everything up once and then leave it alone for a long time.