Home/SMB network design


Junior Member
Jul 17, 2017
I am building a new house where I would also like to have a small business with standard pc services (i.e. building and fixing). I am trying to design the network for the house and I would like to get some input on what hardware to use.

Networks & Requirements
  • Home network
    • a couple of PCs, security cameras and a Active Directory/DHCP/DLNA/File servers
    • WiFi access
    • VPN access to this network (assuming one public v4 IP won't be a problem)
  • Guest network
    • Isolated WiFi for customers with a separate SSID (private VLAN?)
    • Can only connect to the internet
  • "Biohazard" network
    • Separate network for the PCs I'm going to be working on (completely isolated in case the PCs are stuffed with viruses and/or other junk
    • Should have access to the internet
    • Should have limited access to some of the servers in the Home network to access some shared folders
Components & Questions
  • I won't be able to cover the whole house with one AP, should I use multiple APs or a single one with extenders? Which option would you recommend considering the above?
  • For the VPN access, does it make sense to buy a specialized VPN firewall (e.g. https://www.zyxel.com/us/en/products_services/smb-security_appliances_and_services.shtml?t=c) or would you recommend using a custom server as a gateway to the network?
  • How would you recommend to implement the isolation of the network for the PCs I'm going to be working on? I'm guessing that port based VLAN will not help since I can't really achieve the limited trust between the networks


Elite Member
Super Moderator
Oct 25, 1999
Extenders are a Bad idea since they cut the signal.

Since you build new make sure that you have a CAT6 going to each room and the you can put APs as needed.

Feb 25, 2011
Extenders are a Bad idea since they cut the signal.

Since you build new make sure that you have a CAT6 going to each room and the you can put APs as needed.

Not just a CAT6.

In case one jack fails or something. As long as you're doing it during construction, the additional materials and labor cost is insignificant. And you won't need a breakout switch in every room either.


Senior member
Oct 16, 2005
well, you can do it fast and easy way or slow learning way and it comes down to what you believe the value of your time is
if this is truly a business and time has value, downtime hurts, I would simply go get the entire set from someone like Ubiquiti using their Unifi line
USG (security gateway aka router/firewall), a unifi 24/48 port switch, a cloud key (if you don't want to install their controller on any of your hardware/ VM), couple of access points. you would be set for fair amount of time, these things just work, get patched and updated very regularly and come together in very easy to use yet powerful package.

Of cause they are not the only player in the same and my own router is from Mikrotik which I am very happy with . Again a $60 piece of equipment that just works, end of story.

now ,if you want to learn, something like pfsense would be a great firewall/router, would run on $200 qotom mini PC, and function exactly as you configured it.

Below all of that is the lowest tier of consumer junk which would try to sell you all in one solution , a router-switch-firewall-wifi device that is (barely) adequate at any of the things it does.

I went the reverse route myself from consumer devices -> pfsense -> prosumer hardware.

you do not need anything else (VPN accelerator) unless you are having real business need for it (connecting remote offices on regular basis with specific performance requirements, etc)

and yes, forget about extenders, these are junk for people who are afraid of opening the wall. just run the cable(s) into each area, set up access points, and forget about any wireless problems..