Need some direction on hardware for home network

Hi guys. I’m not having any problems per se with my network, I’m just looking for some advice on how to improve the network.

Currently here is my setup
Comcast router —> pfsense protectli --> Dlink managed switch

------> Airport Extreme (Downstairs)

------> Various ethernet plugs in house
… (one ethernet port) -> Unmanged switch -> AirEx(upstairs)
… (another etherner port -> (Um switch) -> FreeNas and PS4
…(another ethernet port -> (Um switch) -> TV and apple TV)

I have various wireless devices (smarth switches, nest thermostats, ipads, phones etc) connecting wirelessly, with wired TV, various computers, Xbox, etc

I’m not running out of IP addresses – I’ve allocated probably (50) or so - so this isn’t the problem.
I want however to kind of divide and separate the various devices, for example
(All home automation stuff), (Wireless Computer, ipads, phones), (Game Consoles), (Wired Computers and Freenas). Some of the wireless computers need to talk to Freenas as well for backup purposes.

The house is wired Cat 5 with central hub in the basement and distributed to about 8 rooms in the house. The Comcast router, protectli, and managed switch are in the hub in the basement, and the various unmanaged switches are located within the various rooms to in effect act as a splitter for the rooms to connect various devices within each room. There is one wireless network. The two Airport Extremes (one both upstairs and downstairs) act as Access Points. One Airport connects directly to the Managed Switch, whereas the other connects to Unmanaged Switch which goes to Managed Switch.

I’m willing to buy new hardware minus the protectli/pfsense box, however I’m just not sure if and what I need. I’ve read a lot about VLANs which if I go this route, I’m either going to need new access points or managed switches in front of the Airport extremes since these devices don’t specifically work with VLANs. I’m sure there may exist other solutions that I haven’t thought about.

I’m just wondering what the pros would say. Thanks.

You may want to add Unifi managed switches in place of the unmanaged swiches to help facilitate VLANs at the layer 2. Personally, I would also replace the Airport APs with Unifi APs. The Unifi switches would also be able to provide PoE to the APs. The Airport APs probably won’t be getting anymore security updates from Apple and the multiple Unifi APs will work together to provide wifi coverage. You may also want to get a cloud key for the AP controller. Just my input.

Tony

I’m with @TSB707; get a UniFi setup to go with pfSense (that’s what I use). You could just replace the switches first and continue to use your Airport Extremes (for now): https://www.thegeekpub.com/5191/use-airport-extreme-guest-network-bridge-mode/

I was looking at the unifi items however is there any specific model numbers you would recommend for both the switches and access points? The main switch needs 10 ports and the switches in the rooms have no more than 3 clients.

I question the house wiring. Did they really only wire one line to each room? Surely they put plugs on multiple walls?

I may get looked at cross-eyed here for this one, but UniFi isn’t a golden umbrella that everyone has to buy. Some of their stuff is cost effective enough for home use, others imho, aren’t.

I saw their LR AP’s on sale at MicroCenter for $100. That’s a worthwhile purchase for home use imo.

If your house seriously only has one port per room, I’d hit the contractor over the head first, than cry a little, as, why, just why…

If you’re pfSense rig has multiple hw interfaces in it, I’d use those to segment out ports on the managed switch. That alone will give you granular settings to rooms easily using different subnets. I’d be shocked if your TV didn’t have Wireless built into it, and I’d use WiFi for everything. The UniFi AP lets you have multiple SSID’s and you can segment all that out as well with VLans from the main switch. A second AP could be used to get distance using a mesh network off the first one if you needed it.

Honestly, I’d physically draw out a rough schematic of all your devices, their locations, and just what you want from them network wise, before I’d buy anything and start “fixing things”. I’d also double-check anything you think is wired only, for a possible wireless setting.

Plan plan plan, then buy and build. It’s like, measure twice, cut once.

Is there a reason why you want vlan ? Your problem is the lack of IP address, or are you trying to block certain devices from connecting to each other.

If you don’t mind them inter communicating, I fail to see the reason for vlan. If your problem is just the additional IP address, address that issue.

If you want better managed switches, you can look into HP, Ubiquiti etc. With their access points.

A singular system instead of a hybrid generally works better. Specially in terms of unifi devices. Or you can always go down the access points routes with openwrt

@faust Sorry only one jack per room – common jack where the cable for TV and ethernet jack are located. I’m preferring wired solution as much as possible since its not only faster but generally more reliable. I understand I’m after a wired and wireless hybrid solution. The pfsense router has 5 out ports, so yes its possible to subnet out different ports, however the problem is the one wire in each room problem – I need a switch in some of the rooms to duplicate ports and some of the devices within each room I’d like on a different subnet if possible – for example – a computer on a different subnet than the gaming system. I’m curious about the UniFi APs – I like the idea of running multiple SSID’s from each AP – preferably I need two AP’s to cover the house, however I’d like if the 2nd AP was connected to the ethernet cable rather than the range extended wireless from the first – my experience with range extenders are that they tend to have limited bandwidth – perhaps this isn’t the case with more professional products such as unifi.

@satisha
I’m not necessarily wed to the idea of using VLANs however I need either different VLANs or subnets for both wired and wireless clients. I’m trying to separate them from connecting – such as separate out all the wireless wall switches and plugs and thermostats from the main LAN traffic. Perhaps I’m over thinking things. I currently have a hybrid system with pfsense and the two access points.

@kevdog One jack per room, that’s crappy planning. So then you’re best bet is to probably get managed (or smart) switches for the rooms you want and start using VLAN’s everywhere. If all you’re after in the rooms is segmentation, then any low-cost managed switch will suffice. You’re better off spending more for the AP, as nobody likes to hear, “Honey/Dad/Techguy, the WiFi is down again!” If you buy a UniFi AP or another business level AP, you’ll quickly realize just how janky the consumer level stuff is. Tom has a great video on using UniFi as a wireless mesh network outside his building and down the road if you need proof of how well it works.

Basically, just replace the room switches and AP’s, use VLANS, and call it a day. Spend more time learning pfSense and VLANs.

Personally I think you’re over thinking it. There generally is no reason to run 2 separate networks at home unless you want a guest network for friends so they don’t access your main data.

Think of this, you have a smart TV. Perhaps wired. And you have your phone which will either stream to the TV or something. Do you want this on 2 networks.

Imagine a file server, do you want your TV to access it. If your TV isn’t wired you won’t, but if it’s wired then your phone won’t access it unless you create additional routes and rules which means everything needs to go again via pfsense instead of just the switch.

It’s just an additional layer of complication. I’ve learned the simpler the network, the less crap to deal with. And less things that can and will go wrong

More complications

That depends on your level of comfort with pfSsense, vlans, networking, etc, imho. At home I run a total of 10 subnets. Overkill, maybe, however fully controllable and locked down. Some subnets only have one or two things on it, but they’re well defined.

Suggesting, 2 is enough for most, is similar imho, to Bill Gates saying, “640k should be enough for anyone” Back then, that were somewhat true for a few people, however, not really.

My opinion would be 3 as a basic. Wired, Wireless, IoT

Do you recommend a particular model of access point for home use? Must they be powered by Poe?

I’d recommend the UniFi AP’s, and I personally run a TP-Link EAP245 v3 at home as I couldn’t pass up the sale price at a local brick n mortar. The stores stupidity was my gain that day.

Any “business / enterprise” class AP should suffice based on what you’re willing to spend. They will all be PoE if you’re buying the right class of hardware. Comes down to your wallet, like most everything else does.

Hahaha, true. Everyone has their own approach on what they want to do, and how much they want to spend to do it

I’ll add to the posts above that a managed switch for the rooms might cost more than using the cable in the walls to pull 2 or 3 (or what ever you need) behind them. It depends if the contractor secured the cable in the wall, or if they drilled a 3/4" hole and you can just pull more cables through. The least expensive Ubiquiti US-8 Unifi Switch is ~ $100 so you can decide if it’s worth pulling more cable or not.

As others have said, you really have to weigh this out. You could VLAN everything only to discover you can’t use your chromecast with your laptop…

@extramile_mike makes a valid point. You can buy a spool of CAT5/6 and jacks for under $100, and pull it yourself if there’s enough slack to do so, then just use the stuff in the main hub closet for everything. Maybe get the significant other, or the kids to help by seeing if there’s movement on the longest run of cable. Would be a money saver and would save some sanity.

So I went down and looked at all the actual wiring coming from the network box – the wires to the individual rooms – cat5 cable, coax cable and a white wire are all individually sheathed or wrapped. The wraps run parallel to each other until the diverge to go to their separate rooms. The wrapped bundles are ziplocked together about every 10 feet or so and then the zip locks are connected to the studs. So basically it looks like pulling new cable would be a major PITA without a lot of time, expense, and likely drywall damage and repair. So unfortunately it looks like I’m going with individual managed switches for rooms that have items for separate vlans and possibly just dumb unmanaged switches for those rooms where the items don’t need to be separately tagged. So much for planning for the future…

Find contractor, pin to brick wall, shake vigorously yelling, “Why man, WHY!”

To bundle and ziptie everything so nicely, it’s a sin to only run a single line to each room. Unless the contractor built it for himself, in which case, his foresight was horrible.

imho of course

Are the drops on the right side of the room for what you want to plug in? If not, you might be better off pulling new cable. There are a lot of tools for fishing wires that help you do the job without messing up the drywall. Even with a stud finder, flexible installer bit + drill, and some fiberglass rods you could probably get the job done. It would cost a fraction of what it would cost to add managed / PoE switches to more than a couple rooms.

It’s hard to blame a contractor for only running one CAT 5e drop to each room. Most houses don’t have any and don’t need any. In the end the contractor did what the spec called for.

Maybe if you don’t live in a decent size city, however it costs next to nothing to run while being built and unless it was done 10yrs ago, there’s no excuse imho. Contractors tend to screw everyone, so I have no qualms about pinning them for things. Biased, maybe, but as I said, all imho. I do live in LA.

If @kevdog has a single level house, I’d agree it’s still worth diy new lines, however if it’s two story or something, it’s more work than most would want to endure.

Everyone’s time is worth something, and only they know what it’s valued at, and what they’re willing to trade for it.

Two level house. I already ran a couple of extra lines to first floor rooms from basement, however I need additional lines pulled to second floor as well. I’m fairly certain it’s possible to run more cable however I don’t personally have the equipment nor expertise to do this. Hole where the wires run through subflooring looks pretty tight. Finding contractors to do this type of work sometimes is very difficult