Need some direction on hardware for home network

Personally I think you’re over thinking it. There generally is no reason to run 2 separate networks at home unless you want a guest network for friends so they don’t access your main data.

Think of this, you have a smart TV. Perhaps wired. And you have your phone which will either stream to the TV or something. Do you want this on 2 networks.

Imagine a file server, do you want your TV to access it. If your TV isn’t wired you won’t, but if it’s wired then your phone won’t access it unless you create additional routes and rules which means everything needs to go again via pfsense instead of just the switch.

It’s just an additional layer of complication. I’ve learned the simpler the network, the less crap to deal with. And less things that can and will go wrong

More complications

That depends on your level of comfort with pfSsense, vlans, networking, etc, imho. At home I run a total of 10 subnets. Overkill, maybe, however fully controllable and locked down. Some subnets only have one or two things on it, but they’re well defined.

Suggesting, 2 is enough for most, is similar imho, to Bill Gates saying, “640k should be enough for anyone” Back then, that were somewhat true for a few people, however, not really.

My opinion would be 3 as a basic. Wired, Wireless, IoT

Do you recommend a particular model of access point for home use? Must they be powered by Poe?

I’d recommend the UniFi AP’s, and I personally run a TP-Link EAP245 v3 at home as I couldn’t pass up the sale price at a local brick n mortar. The stores stupidity was my gain that day. :grin:

Any “business / enterprise” class AP should suffice based on what you’re willing to spend. They will all be PoE if you’re buying the right class of hardware. Comes down to your wallet, like most everything else does.

Hahaha, true. Everyone has their own approach on what they want to do, and how much they want to spend to do it :smiley:

I’ll add to the posts above that a managed switch for the rooms might cost more than using the cable in the walls to pull 2 or 3 (or what ever you need) behind them. It depends if the contractor secured the cable in the wall, or if they drilled a 3/4" hole and you can just pull more cables through. The least expensive Ubiquiti US-8 Unifi Switch is ~ $100 so you can decide if it’s worth pulling more cable or not.

As others have said, you really have to weigh this out. You could VLAN everything only to discover you can’t use your chromecast with your laptop…

@extramile_mike makes a valid point. You can buy a spool of CAT5/6 and jacks for under $100, and pull it yourself if there’s enough slack to do so, then just use the stuff in the main hub closet for everything. Maybe get the significant other, or the kids to help by seeing if there’s movement on the longest run of cable. Would be a money saver and would save some sanity.

So I went down and looked at all the actual wiring coming from the network box – the wires to the individual rooms – cat5 cable, coax cable and a white wire are all individually sheathed or wrapped. The wraps run parallel to each other until the diverge to go to their separate rooms. The wrapped bundles are ziplocked together about every 10 feet or so and then the zip locks are connected to the studs. So basically it looks like pulling new cable would be a major PITA without a lot of time, expense, and likely drywall damage and repair. So unfortunately it looks like I’m going with individual managed switches for rooms that have items for separate vlans and possibly just dumb unmanaged switches for those rooms where the items don’t need to be separately tagged. So much for planning for the future…

Find contractor, pin to brick wall, shake vigorously yelling, “Why man, WHY!”

To bundle and ziptie everything so nicely, it’s a sin to only run a single line to each room. Unless the contractor built it for himself, in which case, his foresight was horrible.

imho of course

Are the drops on the right side of the room for what you want to plug in? If not, you might be better off pulling new cable. There are a lot of tools for fishing wires that help you do the job without messing up the drywall. Even with a stud finder, flexible installer bit + drill, and some fiberglass rods you could probably get the job done. It would cost a fraction of what it would cost to add managed / PoE switches to more than a couple rooms.

It’s hard to blame a contractor for only running one CAT 5e drop to each room. Most houses don’t have any and don’t need any. In the end the contractor did what the spec called for.

Maybe if you don’t live in a decent size city, however it costs next to nothing to run while being built and unless it was done 10yrs ago, there’s no excuse imho. Contractors tend to screw everyone, so I have no qualms about pinning them for things. Biased, maybe, but as I said, all imho. I do live in LA. :roll_eyes:

If @kevdog has a single level house, I’d agree it’s still worth diy new lines, however if it’s two story or something, it’s more work than most would want to endure.

Everyone’s time is worth something, and only they know what it’s valued at, and what they’re willing to trade for it.

Two level house. I already ran a couple of extra lines to first floor rooms from basement, however I need additional lines pulled to second floor as well. I’m fairly certain it’s possible to run more cable however I don’t personally have the equipment nor expertise to do this. Hole where the wires run through subflooring looks pretty tight. Finding contractors to do this type of work sometimes is very difficult

Most electricians can do the cable pulls but do the terminations yourself. They will charge just as much as a cable guy but it will be somewhat less painful than diy.

Have you tried looking for an official openwrt build for your Airport AP’s? Flashing that would give them full VLAN and multiple SSID capability. Everything a unifi switch can do plus more.

I’m running 1 tplink tl-wr940nv6 as an access point and another tplink tl-wr841nv9 as a repeater for both of my wireless networks. The DMZ vlan starts on an extra gigabit nic coming out of the pfsense box, and going to a second port on the tplink router, that is tagged for that vlan, effectively using the tplink router as an advanced switch and wireless AP.

I paid no more than $40 for both tplink routers. You can repurpose just about anything with the right software. Openwrt IMHO is a more professional piece of software than what the unifi AP’s run.

I havent tried OpenWRT in a few years, however I wasn’t a big fan of it then. Didn’t seem to integrate too well with the rest of the components.

Well that sure was a while ago. It’s got a stable release tree now, I haven’t had one single problem since 2016 and my system is very responsive and stable. Pfsense compatibility is as easy as going in startup settings, disabling firewall, odhpd, and dnsmasq. It’s worth a try, especially if you can reuse hardware you already have. Earth friendly and all that.

You also get the latest Linux kernel and security that comes along with it.

The main problem with openwrt is some restrictions on hardware due to licensing/driver/doc availability for certain chipsets. Sadly, I cannot use that with my ASUS wifi routers.
One thing worth noting - your TL-WR940v6 will be unsupported by any new version of openwrt in 2020 due to RAM size.

My wr841nv9 (older than 940nv6 and same amount of ram) has been unsupported multiple times throughout the last few years for that suppossed reason, yet I’ve always found a barebones community documented build of either openwrt or lede. Since I only use these routers as a wireless AP and repeater the ram is never a limitation. However I wouldn’t recommend someone go out and buy my setup lol. I’m using what I already have until it no longer meets my needs.

Openwrt’s restrictions on hardware are only for those few routers out there running proprietary chipsets. The drivers have no documentation. Openwrt wouldn’t be able to implement those routers reliably without breaking their own guidelines of software integrity. They actually do offer builds for most of those routers (mediatek chipset comes to mind)the difference is they’re compiled without the proprietary driver, leaving you with just a switch and no WiFi functionality. Most proprietary drivers are built on older Linux kernels and are rarely updated to run with newer ones. Openwrt would have to roll back from the latest kernel just to support these proprietary drivers, which they aren’t willing to do.

However, there is a solution to almost every problem. DD-WRT is more friendly to proprietary code. I’ll bet there is an unofficial, documented DD-WRT build out for your router right now. I recently liberated an Asus router with the mediatek proprietary chipset using a community DD-WRT build. Full wifi functionality, 100% reliable and haven’t had to restart it once. Running for 5months now. The builds are pretested by the dev before release.

DDWRT’s gui is a little rough around the edges but you can do almost anything openwrt can.

@TheAlmightyOrgreLord

I don’t doubt you’ve have good results with either OpenWRT or DDWRT, however consider your audience here in the forum. Tom seems to have organized this forum to be directed towards more business or professional solutions. In my opinion DD-WRT/OpenWRT is more slanted towards the home user or more specifically the home hobbyist. I have no doubt some SMB may utilize this technology, however I don’t think deploying and managing anything at a large scale would make utilize Openwrt – Way too much tinkering.

@kevdog I understand where you’re coming from, however I don’t see how software that brings corporate-level router features to consumer routers can be considered only for hobbyists.

Most businesses looking to increase their profit margin would appreciate the ability to get the job done with what they already have. That’s exactly the goal of OpenWRT, and especially DD-WRT. OpenWRT was made because of the demand for more integrity with open source software. Running the latest Linux kernel and benefitting from the latest wpa2 security protocol is far from unprofessional.

Sorry but I disagree: