Help me build my new home/business network

Currently reading
Help me build my new home/business network

just for your imagination how is perfect the proposed outdoor Mesh based on Ubiquiti Unifi APs, tested, both of them:

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.
 
just to be sure:
- as you can see in my proposed solution, you don't need purchase Unifi Cloud Key, because you will run your controller from NAS Docker container.
- in the video attached above you can see, how to easy setup the MESH network by Unifi controller
- you will manage all the network appliances from single point - Unifi controller
- finally you can switch off your current WiFi network appliances in the Shop (there is an option for the coverage mentioned in previous posts)

MESH outdoor network final stage:
1. use primary MESH AP (in your New house) the UAP-AC-M (standard version)
- there is possible way, that you can save one AP UAP-AC-M-Pro in the Grain Leg Tower (for Meshing the network to Barn) because it possible will be enough power for the one of them to cover also Barn connection from the Grain Leg Tower. Then you can purchase the second one (proposed in my plan) when you will fail during test with single AP in the Tower. This is just for economy efficiency plan point of view.

2. also there is a second option for this:
a) in case of the proposed test confirmation (point 1.), that you don't need second AP in Grain Leg Tower for Barn connection - you can use primary MESH AP (in your New house) the Pro version (UAP-AC-M-Pro) instead the standard (UAP-AC-M), when you really need stream 4k movies in the Barn :cool: . Then you can use the standard AP (UAP-AC-M) for a coverage of area behind Shop and rest of buildings. Take it as really not necessary, but comfortable solution.

the coffee will be really costly :cool:
 
sooo... I'm finally back at this. Sorry for the delay.

I've played around with docker without much success. I haven't been able to get it running correctly despite multiple attempts. I want to get unifi to docker eventually, but it isn't going to happen before we need to get the new home network set up. If I'm not going to be running the controller on docker initially, then it looks like I need the cloud key after all?

It turns out I also probably won't need a wireless connection from the house to the barn. I was talking with my ISP yesterday, and the hardwired line that currently provides internet to the barn is actually already run to the same service box on the property as the house. I had thought they were completely separate lines all the way out to the public utility box. So, they're going to try adding a signal booster to that line to see if I can piggyback the barn internet off the house internet and thus be able to drop the separate barn service on my account. It'd save $80/month and I'd still have hardwired internet to the barn, so that's a win.

So in terms of what I need to purchase, I'm looking at a Cloud Key, a Security Gateway, the switch, and a couple of the AP-AC lite access point to actually provide the wireless coverage at the house. Is that all for now? Does it matter which security gateway or cloud key I go with for my application? Extending the network to the shop will be handled by the existing hardware until it fails or I want to extend wifi coverage over other parts of the farm.

I'm interested in rack-mounting most of this stuff. Dad and I are going to be working on setting up several NAS's as discussed earlier to provide us both with on-site and off-site backups. I plan on selling him my 819+ & tower-style upc (he doesn't have any NAS or upc currently and doesn't have any rack-mountable gear) and switching over to rack-mount synology stuff and a rack-mount upc. So stashing everything in a nice rack cabinet seems a good way to go. Do you happen to have any suggestions on rack brands?
 
controller sw you can run in your NAS (docker container).
You can run first the controller from your computer for a first touch. Then you can easy migrate the controller (backup) to your docker container:


OFCm that will save some $$ for you
 
re USG vs USG Pro
definitely USG Pro (the price gap is too thin, but the performance and possibilities really bigger)

then just remember for this discussion:

 
re APs:
1. it’s up to your final choice what APs you will chose. Your budget, your money.
2. AC lite is lowcost AP with Wawe 1 spec = Single User Multiple input Multiple output = SU-MIMO = communicate with only one client at a time.
3. AC NanoHD (Wawe 2) is sweet point between low cost and Pro grade AP. Include MU-MIMO technology support = Multi User = communicate with Multiple clients at a time. It’s significantly increasing multi-user throughput. More channels, more SSIDs ...

OFC: client’s devices need support MU-MIMO for such performance booster. What is applicable for all current mobile phones and laptops.
Others devices what needs just 2.4 (smart devices,...) doesn’t need speed of light, what is applicable also for the NANO HD AP.

Advantage of the Unifi is, that you can mix many of different APs and manage up to your requirements (experiences, expectations).
 
btw
in one of my sites I have single Nano HD, that deliver magic performance trough 3 concrete walls (16cm thickness each of them). This is incredible for such device and 5GHz.
 
btw
in one of my sites I have single Nano HD, that deliver magic performance trough 3 concrete walls (16cm thickness each of them). This is incredible for such device and 5GHz.
Thanks for all the info. I have all the hardware set up and have been busy running cat6 everywhere. I have a AC-lite currently. It seems to have good coverage, but being able to only talk to 1 user at a time will not work. I guess that one is going back. We are moving this weekend so once we get settled in I'll post some pics. I have some questions about the different ports on the router and switch, but they'll have to wait a bit. I'm supposed to be packing right now...
 
Well I got moved in and got my new office set up finally. I've been promoted to an upstairs office instead of being banished to the basement, so that's a plus. The network cabinet is a 9u Navepoint power ventilated cabinet that is located in my basement. I was initially impressed for the pricepoint, but now I'm thinking I got what I paid for. The fans are very loud and now that I have some weight on the rack, it is pulling itself out of square. The door closes fine if it hinges on the right, but if I flip it upside down to hinge from the left, it hangs out of square by 1/2". Plus, the side access panel is skewed a bit now too. Oh well, it'll work for me. I have the USW-24-POE Gen2 switch, USG-Pro4 router, DS918+, and the ISP modem in there. A Cyberpower UPC is hiding at the rear. I need to finish up cable management, but I'm hoping to trade in the DS918+ and UPC for rack-mount versions in the near future so that might wait a bit. I was surprised how fast the 9u rack filled up when I only have 2 rack units mounted. Glad I got the 9u and not a 7u.

network cab1.jpg

network cab2.jpg


On to the questions:
1. on both the router and the switch there are SFP ports. In one of the "easy start" type of instruction inserts that came in the packaging, they showed connecting the router to the switch via the SFP port. I bought an SFP cable and tried it, but never got any internet through the switch. I ended up connecting the LAN1 port on the router to Port24 on the switch to get internet to work. The internet is coming into my router from the modem via the WAN1 port. Do I have something hooked up incorrectly that the SFP ports aren't working, or was I misunderstanding that instruction insert?
2. I tried connecting my AP-AC lite to port1 of the switch and it would not connect. Lights would not turn on. I plugged it into port2 and all is well. Do I have a defective switch where port1 isn't working, or is port1 designated for something by default that I'm unaware of?
3. I haven't done anything at all to any of the security settings in the Unifi controller. Is there anything specific I need to address there?
4. Synology Assistant cannot find my DS918+. It shows up as being connected in the Unifi Controller map, and I got emails from synology whenever I unplug the ethernet cable from the rear of it as I was working on cable routing/connection troubleshooting. So, I'm reasonably certain that it is connected to and seeing the internet. Before I moved it, I changed it over to DHCP as suggested in a previous post. Why can't Synology Assist find it?
 
well done

1. seems to be you have now spare SFP to future. :cool:
Primary purpose of two SFP ports in the USG-Pro is for your choice what kind of connection port you will use for WAN ports = RJ45 or SFP. Then you have combinations, when RJ45 is connected and you will connect SFP, then RJ45 will be disabled by system: WAN1 to SFP1 and WAN2 to SFP2. It is also market in the front panel by thin line:

B8F1AB00-6288-4089-BE1B-4BA308AC601E.jpeg


For your target, you need connected the switch to LAN1 USG-Pro port.
Follow clean port installation you can use Port1 in the switch for USG-Pro. But this is just nice to have rule.

... real men don’t read instructions ;)
 
re PoE and AC Lite AP:

this AP is compatible with: 802.3af/A PoE 24V Passive PoE (Pairs 4, 5+; 7, 8 Return)
your switch is pre-configured to “auto sense” PoE+ devices
you need configure all PoE port separately for each PoE devices
 
you can see the NAS IP from your Unifi controller

when you have Win based PC, download:

then open the tool and search all your devices in LAN
Note:
you have to define subnet for the search
 
3. I haven't done anything at all to any of the security settings in the Unifi controller. Is there anything specific I need to address there?

it's really heavy topic
1. Unifi controller has written User manual also for unskilled users. Then my recommendation is open it and follow all steps for proper setup + write there your comments (for a better understanding in future). It will be also a training, how to use the controller.

2. Network:
- "Corporate network" for your main LAN (computer, NAS), use also VLAN setting for it
- "Guest" for Guest WiFi portal, you can define there VLAN field, for next "shielding" of such network, e.g. just for connection of your guest to internet, but not for your Corporate Network.

3. Firewall is your best fiend. You have to define WAN IN/OU/Local, LAN IN/OUT/Local, Guest IN/OUT/Local rules

4. Port forwarding also

5. Geo IP filtering or THREAT MANAGEMENT:
a) when you enable Geo Filtering feature, you have to also enable Hardware offload, then you can't use THREAT MANAGEMENT. In Geo IP Filtering you can define lot of possible features. For me it's better to use Threat Management (IDS) when you have WAN download line >250Mb (I have 1Gbps). But try it and test the performance of the filtering.
b) Hardware offload you can setup by the mentioned Unifi controller guide.
c) THREAT MANAGEMENT (better IPS) and its CATEGORIES - you can play with all the categories, even till a time when you chose "Game categories ON" and your children will ask you - why I can't connect to Minecraft? :cool:
this is really up to your testing. I will send you a screenshot by PM.

1597141838409.png


6. Definitely you have to enable DPI - Deep packet inspection
Then you will see what happens in your network - STATISTIC section.
You can setup all possible data category visualization (e.g. what IP or named client eat what bandwidth by what category e.g. YouTube streaming, or by Netflix, ...). or you can see all details by client (split of packet inspections).
1597141667618.png


7. for direct Unifi VPNs - Services/Radius

.... we can spend time till next morning
 
well done

1. seems to be you have now spare SFP to future. :cool:
Primary purpose of two SFP ports in the USG-Pro is for your choice what kind of connection port you will use for WAN ports = RJ45 or SFP. Then you have combinations, when RJ45 is connected and you will connect SFP, then RJ45 will be disabled by system: WAN1 to SFP1 and WAN2 to SFP2. It is also market in the front panel by thin line:

View attachment 1931

For your target, you need connected the switch to LAN1 USG-Pro port.
Follow clean port installation you can use Port1 in the switch for USG-Pro. But this is just nice to have rule.

... real men don’t read instructions ;)
Yes, I read about SFP disabling the RJ45 port. What I didn't understand is the point of the instructions suggesting to connect the router to the switch via WAN through the SFP port. I am bringing the ethernet into the router via RJ45 WAN1 port, so connecting the SFP disabled that port and I couldn't get internet into the router. When I was trying to troubleshoot why the SFP wasn't working, one of the sources I read said to connect router LAN1 to switch Port24, so that's what I did.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

When I used Apple's Airport routers then timed wireless access could be done per MAC address, this was...
Replies
3
Views
1,016

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top