I’m building a new home and need a little help with my network design. It’s a simple layout: 2-storey rectangle building with a 1400 sq ft footprint (2800 sq ft total). I’ll be running a handful of Cat6 lines to some key locations, but most of the devices in the home (family of 7) will run on Wi-Fi. I have gigabit fiber coming in and plan to just hand that off to my pfSense firewall which will be the brains of my network. For the Wi-Fi, I’m thinking the Ubiquiti U7 Pro. My priorities are to keep this simple, reliable, and locally-hosted. I don’t plan to mesh the Wi-Fi. Everything will be homerun back to a PoE switch. I also plan to add one or two U7 Outdoor APs. I also have a server that can run the controller if that’s the best way to do it.
How would you build this network? Can I consolidate any of the components for simplicity? I do prefer to keep my pfSense firewall, but the rest of the network can be whatever. Thanks for the help.
My house is about the same size as yours. I am able to cover everything wifi with one wireless access point. The “data center” is in my office on the second floor. I have two WAN connections (one cable modem and one 5g modem), both connect to my pfsense box in a failover configuration. My pfSense is connected by two 2.5gbe ethernet links (link aggregation) to my managed switch (no name brand…mokerlink). All other devices, including my one access point, four Proxmox nodes, and a Synology NAS all connect to the switch and all live in my office. I may run some Cat6 down to my wife’s computer in the dining room so she can have 10gbe for video editing on the NAS. But other than that, I don’t have any ethernet outside of the office at the moment. I also don’t have any need for outdoor wifi. YMMV
Oh and my WAP is VLAN aware so, so I can have SSIDs for each VLAN if need be. Currently I only have SSIDs for the Home, Guest, IOT and Television VLANs. I use one of these. It reaches all parts of the house, no issues
Given it’s a new build, it’s gonna be dead easy to lay cable, the cost is marginal if you buy a box of cable. If it was me I’d lay dual runs of cable to each room, a few spots in the house for AP’s and into the loft.
You can add a switch into the rooms at a later date and connect with a LAGG, if one cable goes down you have the other. I did this in my already built house and it was a real pain, what I later found out was that I could do with a few more ethernet ports, but it’s a lot of hassle later.
You might want to lay cable at the edge of your garden pointed to your house so have that view rather than just looking from the house if you want IP cameras in the future.
Can never have too many ethernet ports in a house!
It’s fine to use pfsense at the head and but if you are looking for a single place to manage firewall, switches, and WiFi one of the UniFi cloud gateways are good for that. They are locally hosted edge first and cloud capable, but not cloud required. I have not had any issues with the new WiFI 7 devices from UniFi but if you are using WPA3 and 6GHZ some older devices don’t like that.
I would suggest the U7 Pro XG over the Pro, it’s only $10 more. If you have money to spare, go with cat 6a or higher (I assume you want to keep the house a long time).
I’m running smurf tube to the network drop locations so it won’t be as difficult to add or upgrade cable in the future. But it might be a good idea to just run double drops to each location anyway since the walls are open now. I’m on acreage with some outbuildings, so my plan is to just blast some outdoor Wi-Fi to those areas.
I do like the simplicity of managing everything in a consolidated manager, but I’m also partial to my pfSense. Does Ubiquiti have a device that combines switch and Wi-Fi management duties?
The UniFi Dream Machine Special Edition has an 8 port switch built in and two of the ports are POE, but for a new setup you might want to look into getting a bigger POE switch as it sounds like you are going to have more than just two access points to plug in.
Since this is a new building and you can still easily run cables everywhere: have you considered laying single mode fiber - at least from the “data center” to the switches on the different floors? This is something you might regret not having done right away, if you ever want to upgrade to 10G later on.
I have no opinion on the access point models. I am using 3 different models of the Unifi line and I am very happy with those. Also also switches I use are from the Unifi line (1Gbps as well as 10Gbps). It is very convenient to mange the network from the Unifi controller. And the added premium for the Unifi equipment is easily worth it for me. I run the self-hosted controller as a docker container on a XCP-ng VM.
Also I run pfsense on bare metal machines as well as virtual instances.
This network is very stable for me and I love this setup. If you have any specific questions regarding that setup, you are welcome to ask.
Almost all of the Unifi Gateway/router have the controller software built into them. In fact, you’d really have to hunt to dig up the ones that don’t. Everything on the Cloud Gateway page has the controller software built in.
All gateways except the very lowest end models have some switch ports. I think you mentioned you had plans for 10Gb Ethernet. If so, you might want to start your shopping with a look at the UCG-Fibre. It’s got four 2.5Gb ports, one of which has PoE, one RJ45 10Gb port, and two SFP+ 10Gb ports. Any of the ports can be WAN, and you can have up to six of the ports as WAN interfaces at the same time.
It also has room for an M.2 SSD for surveillance cameras. Unifi has a wide variety of cameras. You can buy it with storage or without. If you buy without storage, you’ll need to buy the tray that holds the SSD separately later
The more expensive UDM Pro models have a variety of features and you’re best using the web site compare feature to see the differences between them.