Question Help me plan my new network - Considering UniFi

Toggle sidebar Toggle sidebar
In2Photos

In2Photos

Platinum Member
Mar 21, 2007
2,585
2,777
136
I recently had fiber installed at the house and it got me thinking about my network. Mainly because the location of where my modem was before to where the ONT is installed now. But as I dove into some research it got me thinking that my network setup isn't ideal and could be better/more secure. Everything right now is on the same network, no VLANs. Originally my internet came into my bonus room. The main router went to a switch which fed several devices and other switches in other rooms. The fiber company came into the other side of the house so they installed the ONT where my second node of my mesh network was installed, the family room. I had Ethernet backhaul so swapping the 2 routers was not a big deal except I now have my office as the third switch from the internet. Here's what my network looks like now.

Network Diagram - Fiber Internet.drawio.png

I have a combination of Cat5e and Cat6 in the house (most runs are less than 60' except the one from the bonus room to the family room which is roughly 100') so my thought is to use 2.5G where possible, upgrading my server and work laptop since all other PCs have 2.5G or 5G already. I'm thinking of using the new Cloud Gateway Fiber along with a few PoE 8 port 2.5G switches. I'm also thinking about swapping out my cameras and maybe adding a couple more (4-5 total). My initial thought is to use the cloud gateway's M.2 slot to handle the protect functionality for now and upgrade to an NVR later if I need to. I don't really have everything wired to a single home run location. And the three main rooms that will use wired have several devices that would need to be connected so my thought is to just leave the ONT in the family room and run a new line to my office from there. So one switch in the family room, office, and bonus room for all of the devices to connect to. Cameras would be run to the nearest switch OR I could find a central location and put a switch and run all the cameras to it, then run a single line to one of the switches or directly to the gateway. I'm probably way over thinking this, it's just a home network and I wouldn't notice any real difference depending on how it is hooked up. But maybe I should be doing this a different way so I wanted to get some thoughts from others here.

The Cloud gateway has a lot of connectivity so I could theoretically eliminate the switch in the family room and connect more stuff to the gateway, but that might not be the best method. Probably best to let the switch handle the traffic? Most of the traffic from the devices will be internet based, not local. The local traffic will mostly be in my office and when we watch something from the Server on the TVs in the house.

Here's the Unifi setup without all of the devices connected for clarity.
Network Diagram - Router in Family Room.png
 
DaaQ

DaaQ

Platinum Member
Dec 8, 2018
2,026
1,439
136
In2Photos said:
I recently had fiber installed at the house and it got me thinking about my network. Mainly because the location of where my modem was before to where the ONT is installed now. But as I dove into some research it got me thinking that my network setup isn't ideal and could be better/more secure. Everything right now is on the same network, no VLANs. Originally my internet came into my bonus room. The main router went to a switch which fed several devices and other switches in other rooms. The fiber company came into the other side of the house so they installed the ONT where my second node of my mesh network was installed, the family room. I had Ethernet backhaul so swapping the 2 routers was not a big deal except I now have my office as the third switch from the internet. Here's what my network looks like now.

View attachment 133239

I have a combination of Cat5e and Cat6 in the house (most runs are less than 60' except the one from the bonus room to the family room which is roughly 100') so my thought is to use 2.5G where possible, upgrading my server and work laptop since all other PCs have 2.5G or 5G already. I'm thinking of using the new Cloud Gateway Fiber along with a few PoE 8 port 2.5G switches. I'm also thinking about swapping out my cameras and maybe adding a couple more (4-5 total). My initial thought is to use the cloud gateway's M.2 slot to handle the protect functionality for now and upgrade to an NVR later if I need to. I don't really have everything wired to a single home run location. And the three main rooms that will use wired have several devices that would need to be connected so my thought is to just leave the ONT in the family room and run a new line to my office from there. So one switch in the family room, office, and bonus room for all of the devices to connect to. Cameras would be run to the nearest switch OR I could find a central location and put a switch and run all the cameras to it, then run a single line to one of the switches or directly to the gateway. I'm probably way over thinking this, it's just a home network and I wouldn't notice any real difference depending on how it is hooked up. But maybe I should be doing this a different way so I wanted to get some thoughts from others here.

The Cloud gateway has a lot of connectivity so I could theoretically eliminate the switch in the family room and connect more stuff to the gateway, but that might not be the best method. Probably best to let the switch handle the traffic? Most of the traffic from the devices will be internet based, not local. The local traffic will mostly be in my office and when we watch something from the Server on the TVs in the house.

Here's the Unifi setup without all of the devices connected for clarity.
View attachment 133240
Click to expand...
What brand cameras? The Unifi Cams are pretty expensive. Unless you can grab the indoor only wifi connected one. G35 might be the sku. Was when I got mine. was like 40 bucks. The other cams are the bullets and at the time were 350, I have 2. I use a DMP but it was the 1st iteration. I have a 2 TB WD red drive in it and never have had to clear space.

There is a 3rd iteration of DMP IIRC I would go full integration personally.
My network is DMP with SPF to RJ45 transceivers to Wan IN and 2nd goes to my pc hardwired. I can pull over 1G down. Upload is limited by provisioning.
From there it goes to a 8 port POE switch with 4 POE ports other 4 are non POE. I power 2 AP in my home, power a PTP Airbridge to In law's with another PTP ( loess than 1000 ft) where it goes into their utility closet with some POE adapters to a 8 port 1G switch with runs their AP.
I am on a 1Gd 50Mu plan and never have issues. Although I would like to upgrade my side to 2.5 or 5G. I have a WiFi6e and WiFi 7 AP in my home and a WiFi 5 LR AP in the in law's home.
 
In2Photos

In2Photos

Platinum Member
Mar 21, 2007
2,585
2,777
136
DaaQ said:
What brand cameras? The Unifi Cams are pretty expensive. Unless you can grab the indoor only wifi connected one. G35 might be the sku. Was when I got mine. was like 40 bucks. The other cams are the bullets and at the time were 350, I have 2. I use a DMP but it was the 1st iteration. I have a 2 TB WD red drive in it and never have had to clear space.

There is a 3rd iteration of DMP IIRC I would go full integration personally.
My network is DMP with SPF to RJ45 transceivers to Wan IN and 2nd goes to my pc hardwired. I can pull over 1G down. Upload is limited by provisioning.
From there it goes to a 8 port POE switch with 4 POE ports other 4 are non POE. I power 2 AP in my home, power a PTP Airbridge to In law's with another PTP ( loess than 1000 ft) where it goes into their utility closet with some POE adapters to a 8 port 1G switch with runs their AP.
I am on a 1Gd 50Mu plan and never have issues. Although I would like to upgrade my side to 2.5 or 5G. I have a WiFi6e and WiFi 7 AP in my home and a WiFi 5 LR AP in the in law's home.
Click to expand...
I plan to use the UniFi cameras. I have Wyze ones now and while the cameras themselves work ok the notifications don't always work and you have to pay monthly for more than just the basics. The G5 bullet is like $129 and the G6 is $199 so they aren't that bad. More than my current cameras yes, but if they perform better it's likely worth it.

I don't have space for the rack mounted gear unless I use a closet in my office and reroute everything. The new Cloud Gateway Fiber has 3 10Gb ports (1 RJ45 and 2 SFP) and 4 2.5G ports. I don't believe any of the DMs have a similar setup. Sure they have more horsepower to run lots of stuff but I will be no where near the limit of the cloud gateway fiber. I can get 2.5G now and still have the ability to go to 10G later if I want, although max throughput is 9G on the gateway. As mentioned I don't saturate the 1G now unless I'm transferring some video files to the server or downloading something that actually lets me hit 1G.

So I would be using the following:

Cloud Gateway Fiber
3-8 port 2.5G PoE switches
2-U7 Pro Wall APs
Doorbell Cam (may have to go the WiFi version have to recheck wiring to see if I have Cat5e here)
4-5 Bullet/Turret cameras
Maybe the NVR Instant or another switch to connect the cameras

This would eliminate all my other switches, cameras, and mesh system.
 
Fallen Kell

Fallen Kell

Diamond Member
Oct 9, 1999
6,229
543
126
It is really hard here mainly because you don't have a proper central home run for your network gear, so you will never have an optimal setup without major work, or going to higher speed equipment where you can, but recognizing that overall it will be bottle-necked due to the network layout.

As you noted, you really need to get yourself onto layer 2/3 network gear that support VLANs, especially for cameras and other IoT devices. I would also look at some of the camera systems that can integrate with HomeAssistant and/or are completely private (i.e. storage is all local, nothing is sent to the "cloud") especially if you have indoor cameras (I mean really this is just common sense as otherwise you are just broadcasting everything your cameras record to the internet and/or the company that makes them for them to use and abuse the content).
 
DaaQ

DaaQ

Platinum Member
Dec 8, 2018
2,026
1,439
136
In2Photos said:
I plan to use the UniFi cameras. I have Wyze ones now and while the cameras themselves work ok the notifications don't always work and you have to pay monthly for more than just the basics. The G5 bullet is like $129 and the G6 is $199 so they aren't that bad. More than my current cameras yes, but if they perform better it's likely worth it.

I don't have space for the rack mounted gear unless I use a closet in my office and reroute everything. The new Cloud Gateway Fiber has 3 10Gb ports (1 RJ45 and 2 SFP) and 4 2.5G ports. I don't believe any of the DMs have a similar setup. Sure they have more horsepower to run lots of stuff but I will be no where near the limit of the cloud gateway fiber. I can get 2.5G now and still have the ability to go to 10G later if I want, although max throughput is 9G on the gateway. As mentioned I don't saturate the 1G now unless I'm transferring some video files to the server or downloading something that actually lets me hit 1G.

So I would be using the following:

Cloud Gateway Fiber
3-8 port 2.5G PoE switches
2-U7 Pro Wall APs
Doorbell Cam (may have to go the WiFi version have to recheck wiring to see if I have Cat5e here)
4-5 Bullet/Turret cameras
Maybe the NVR Instant or another switch to connect the cameras

This would eliminate all my other switches, cameras, and mesh system.
Click to expand...
Oh wow, they were like 350 several I mean like a heavy several years ago.
I just have the DMP sitting on top shelf of desk, with a 8port lite switch on top of that.

Cable management pics would put me to shame. But it all does localize to this room. Also running a 2.5G MOCA adapter that works well. ( for the TiVo system link through 2 homes)
 
In2Photos

In2Photos

Platinum Member
Mar 21, 2007
2,585
2,777
136
Fallen Kell said:
It is really hard here mainly because you don't have a proper central home run for your network gear, so you will never have an optimal setup without major work, or going to higher speed equipment where you can, but recognizing that overall it will be bottle-necked due to the network layout.

As you noted, you really need to get yourself onto layer 2/3 network gear that support VLANs, especially for cameras and other IoT devices. I would also look at some of the camera systems that can integrate with HomeAssistant and/or are completely private (i.e. storage is all local, nothing is sent to the "cloud") especially if you have indoor cameras (I mean really this is just common sense as otherwise you are just broadcasting everything your cameras record to the internet and/or the company that makes them for them to use and abuse the content).
Click to expand...
The UniFi cameras are all local storage, but at the moment we do not have any indoor cameras except for on the Echo Shows, but we have them closed as we don't really use them. I don't know that I'm really not "optimal" in my setup the more I think about it. I mean I have 3 rooms where there are a lot of things connected hardwired. I would have to have 4-5 drops in each of those rooms back to a central location for a true "home run". But does that really make sense? I mean I can do 10G between the cloud gateway and 8 port switches if I really wanted to, then could have 2.5G for all the devices so I'm not really that limited if I connect all 3 back to the gateway. On the other hand I could connect the office and bonus room switches to the family room switch via PoE. All local traffic would then go through the switches which are rated at 60G switching capacity. I'm not saturating any of this stuff anytime soon.
DaaQ said:
Oh wow, they were like 350 several I mean like a heavy several years ago.
I just have the DMP sitting on top shelf of desk, with a 8port lite switch on top of that.

Cable management pics would put me to shame. But it all does localize to this room. Also running a 2.5G MOCA adapter that works well. ( for the TiVo system link through 2 homes)
Click to expand...
They actually just released the NVR Instant with a kit variation that offers the NVR, 4 G5 Turret Ultras and a 1TB HDD for $699. I'm leaning towards that if I do cameras for the whole house. If I just replace the 2 cameras that I have now I'll use the gateway as the NVR with it's built in NVME slot.

So I'm leaning towards one of these 2 configurations, but probably going to settle on having the family room switch as my "aggregation" switch as shown here unless somwone has other ideas?

UniFi - Main Switch.png

The alternative is to connect all 3 switches to the gateway like this.
UniFi - Cloud Fiber Connections.png
 
  • Like
Reactions: DaaQ
In2Photos

In2Photos

Platinum Member
Mar 21, 2007
2,585
2,777
136
Been thinking about this some more. I think ideally I would like all of the network gear to be in my office. I have room in the closet and am thinking abut a 30u rack that could hold my server, a UPS, and the networking equipment. I have to run wires for the cameras anyway so I could run a few extra cables to the other areas and just home run everything. In reality there are a few devices that could be connected wireless instead of wired, like TVs, since they only have 10/100 ports anyway. This would also allow me to use the U7 Pro XG ceiling style APs instead of the on wall units. The big decision on this one is which switch to use. If I go with the dream machine SE I can connect the cameras to that so I only need enough ports on the switch to handle to drops. 4 in the office, the 2 APs, my son's gaming PC, and I can use a small 2.5G switch in the family room for the 3 hard wired devices for a total of 8. I'd want all of these to be at least 2.5G. So that would be one of the following 4 switches:

Pro HD 24 - $599 - This has 22 ports at 2.5G and 2 at 10Gb. Would have to use PoE injectors for the 2 APs and the small switch in the family room. But the same switch with PoE is $400 more!
Pro HD 24 PoE - $999 See above.
Pro Max 24 PoE - $799 - This has 8 ports at 2.5G and 16 at 1G. I could connect the cameras to this instead of the DM SE or just have extra ports for future use, but only 1G.
Pro XG 10 PoE - $699 - This has 10 10G PoE ports so enough for all my current needs plus some room to expand a little, but has 10G available should I upgrade to 10G stuff later on.

I'm leaning towards the XG 10 for the future speed but would love to hear any thoughts on what you'd choose. Here's what the layout would look like now. Interestingly this new config is close to the same price as the other setup I was considering.

Homerun to Office.png
 
Fallen Kell

Fallen Kell

Diamond Member
Oct 9, 1999
6,229
543
126
Wow! Why in the world would you spend so much on those switches? I mean, yeah it is Ubiquity... but that is a heck of a lot of extra cost baked-in for the convenience of Unify. You can get a Ruckus/Brocade ICX 7250-24p (or -48p) for like $75-80 shipped from ebay (it may say it only has two 10gbit SFP+, but it can be unlocked for all 8 ports of 10gbit for free). That is a 8x10gbit SFP+ and 24/48 1gbit RJ45 PoE+ ports (layer 3, IPV4/IPV6 routing, L2/L3/L4 ACL's, VRRP, OSPF, SNMP, sflow, and even VRFs and tunnels)... Sure, no support, but you are paying 1/10th the price of a Pro Max and getting 8 10Gbit ports instead of 2.5G and 24 1G ports....

Heck you can get a ICX 6610-24p for about $100, and get 16 10gbit SFP+ ports, and 2x 40Gbit QSFP+ ports, and 24/48 1G ports (and a jet engine of fan noise, which is why I didn't recommend it and recommend the 7250 instead). I have one of these myself (it is in an enclosed 1/3 rack in my basement, so it's noise doesn't bother me).
 
Last edited:
In2Photos

In2Photos

Platinum Member
Mar 21, 2007
2,585
2,777
136
Fallen Kell said:
Wow! Why in the world would you spend so much on those switches? I mean, yeah it is Ubiquity... but that is a heck of a lot of extra cost baked-in for the convenience of Unify. You can get a Ruckus/Brocade ICX 7250-24p (or -48p) for like $75-80 shipped from ebay (it may say it only has two 10gbit SFP+, but it can be unlocked for all 8 ports of 10gbit for free). That is a 8x10gbit SFP+ and 24/48 1gbit RJ45 PoE+ ports (layer 3, IPV4/IPV6 routing, L2/L3/L4 ACL's, VRRP, OSPF, SNMP, sflow, and even VRFs and tunnels)... Sure, no support, but you are paying 1/10th the price of a Pro Max and getting 8 10Gbit ports instead of 2.5G and 24 1G ports....

Heck you can get a ICX 6610-24p for about $100, and get 16 10gbit SFP+ ports, and 2x 40Gbit QSFP+ ports, and 24/48 1G ports (and a jet engine of fan noise, which is why I didn't recommend it and recommend the 7250 instead). I have one of these myself (it is in an enclosed 1/3 rack in my basement, so it's noise doesn't bother me).
Click to expand...
Yeah the switches are expensive. But I was planning on buying 3-$200 switches (plus $80 for each AC adapter if I wanted PoE) on my original design. How much are the SFPs for the Ruckus? With the UniFi switch I don't need any SFPs (just one DAC from the UDM to the switch). And those are used prices. I could buy used UniFi switches too (a Pro Max 16 PoE is $470 on ebay right now, but the listing says it is brand new, there's also a used Pro XG 10 for $490). I know Ruckus has a good product and following, but if I do this upgrade I would be willing to spend for the convenience of UniFi. Having everything in one echo system is worth it to me (as long as the echo system is a good one and the UniFi stuff seems to be). I work in a field where we have lots of customers that use similar devices made by different companies and require different software to program/commission/troubleshoot/manage them and it makes a HUGE difference when the vendor has the better software. I've gone the less expensive route before (that's where I am now) and often regretted not getting the stuff I really wanted originally. Sometimes it works out, but others you just end up spending more time and money to get what you wanted in the first place.

I'm also hoping there's a decent BF deal.
 
Fallen Kell

Fallen Kell

Diamond Member
Oct 9, 1999
6,229
543
126
You can use the branded Brocade SFP+ modules or just about any third party ones (WiiTech, Mikrotik, 10Gtek, FS, etc.). The branded ones will get you some extra monitoring info, but it isn't really needed. You may still want to do PoE power injection if you have higher power devices, but for a few lower power items, the switch's PoE+ can handle them (I know with the 6610 the PoE is a separate internal board, which unfortunately does not get tested by many of the ebay sellers, so in many cases, people find it non-functional as most of the resellers primarily just test network connectivity, power supplies, and fans).

I have a combination of FS DAC cables, WiiTech and 10Gtek on my 6610. I havn't heard of any that do not work (I think the only gumblings I have heard are issues using some of the 2.5G SFP+ modules). As long as you are using 10G or 1G, I have not heard of any problems.
 
In2Photos

In2Photos

Platinum Member
Mar 21, 2007
2,585
2,777
136
Fallen Kell said:
You can use the branded Brocade SFP+ modules or just about any third party ones (WiiTech, Mikrotik, 10Gtek, FS, etc.). The branded ones will get you some extra monitoring info, but it isn't really needed. You may still want to do PoE power injection if you have higher power devices, but for a few lower power items, the switch's PoE+ can handle them (I know with the 6610 the PoE is a separate internal board, which unfortunately does not get tested by many of the ebay sellers, so in many cases, people find it non-functional as most of the resellers primarily just test network connectivity, power supplies, and fans).

I have a combination of FS DAC cables, WiiTech and 10Gtek on my 6610. I havn't heard of any that do not work (I think the only gumblings I have heard are issues using some of the 2.5G SFP+ modules). As long as you are using 10G or 1G, I have not heard of any problems.
Click to expand...
So something like this from FS? https://www.fs.com/products/178039.html?attribute=113264&id=4608902

Those are pretty pricey. There's probably something cheaper out there?
 
Fallen Kell

Fallen Kell

Diamond Member
Oct 9, 1999
6,229
543
126
These Wiitech ones work (but in most cases only at 1G or 10G on some of the Brocade switches):
www.servethehome.com

Wiitek SFP-10G-T Review 10Gbase-T Adapter

In our Wiitek SFP-10G-T SFP+ to 10Gbase-T adapter review, we find a very solid unit that also supports 2.5GbE and 5GbE speeds
www.servethehome.com www.servethehome.com

These are the Mikrotik ones that a lot of people use (and have been tested by people on several of the Brocade switches), tariffs have hurt this one as they were $29:

Amazon.com: MikroTik S+RJ10 : Electronics

Amazon.com: MikroTik S+RJ10 : Electronics
www.amazon.com

Mikrotik S+RJ10 10GBase-T transceiver with ConnectX-2

In case anyone is following this, for the sake of curiosity I plugged the S+RJ10 into my Dell X4012 and it negotiated a 10Gb link over a short run of cat6. One interesting thing to note, the Dell X4012 link light lit up as soon as the transceiver was plugged into the SFP+ slot, it didn't wait...
forums.servethehome.com forums.servethehome.com


I also took a look and I do have 2 of those Mikrotik S-RJ10 ones as well, but only used one at 10G speeds.
 
Last edited:
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom