Network Designing Help

[BinaryData]

Hey Ladies & Gents,

 

A long time friend of mine has recently been complaining about his network at his families BnB being terrible. He asked what kind of setup I had, and I showed him how much control I had over my network. He's looking to upgrade his network to something similar to mine, however I'm no Network Guru, and I don't want to say something that isn't possible or plausible to do.

 

What I suggested was;

 

Router - RV320 SMB VPN Router

Switch - SG300-10

WAP - Ubiquiti AC Lite Pro x2 for inside, and x1 Non-Lite for Outside

 

I suggested he drop a second switch in his office area / work area / bedroom to make things easier to run and network. I suggested an SG200, not sure how many ports he exactly needs, but I chose an 18 Port just for reference material.

 

He needs three networks setup.

 

1. Guest WiFI with RADIUS Style Control (If you have a better suggestion, I want to hear it)

2. Family WiFi, No RADIUS.

3. His Network with no restrictions to the network. He can access his devices from anywhere on the property, either by WiFi or by Wired connection.

 

He originally spoke of putting a small hub in each room, but when I explained to him the amount of cables to be ran, and connected to a switch, he about died. That and his internet is less than 100/100, so it would tank pretty quickly.

 

This is something he wants to upgrade over time, and doesn't want to spend more than $750 - $1000. I'm also donating my RV320 to him once I upgrade to my pfSense box, and potentially giving him my SG300, haven't fully decided upon that.

[+BudMan MVC]

Not sure what you mean by radius for guest?  I think you mean captive portal setup where guest users put in their room number or a code to access it?  Unifi controller could provide this, or pfsense could as well.

 

Not sure what a ac lite pro is - do you mean Pro or do you mean lite?  For outside - really should prob get one of their specific outdoor ones.

 

What is he going to run the controller software on?  I would suggest one of their cloud keys.

 

How does a BNB need inbound vpn.. I really would not suggest that router at all.  Why not just by a pfsense router, or build one diy.  Or if you like the unifi stuff just get one of their routers, shoot you could go with their switches as well.  Does the BNB not have any security camera's.. You could for set it up all up for around 1k

 

Er-lite-3 router $100

ES-24-LITE (24 port switch)  $200

2x AC-lite $200

1x Beta - UniFi AC Mesh AP (OUTDOOR) $100

Cloud Key $100

NVR - record cameras $300

1x UVC-G3 - camera $150

 

These are all rounded up numbers less then 1200..   Camera's could come later.. If you talk just the wifi and network your looking at 700.. Would be less than that prob since I rounded everything up..

 

 

 

[BinaryData]

40 minutes ago, BudMan said:

Not sure what you mean by radius for guest?  I think you mean captive portal setup where guest users put in their room number or a code to access it?  Unifi controller could provide this, or pfsense could as well.

 

Not sure what a ac lite pro is - do you mean Pro or do you mean lite?  For outside - really should prob get one of their specific outdoor ones.

 

What is he going to run the controller software on?  I would suggest one of their cloud keys.

 

How does a BNB need inbound vpn.. I really would not suggest that router at all.  Why not just by a pfsense router, or build one diy.  Or if you like the unifi stuff just get one of their routers, shoot you could go with their switches as well.  Does the BNB not have any security camera's.. You could for set it up all up for around 1k

 

Er-lite-3 router $100

ES-24-LITE (24 port switch)  $200

2x AC-lite $200

1x Beta - UniFi AC Mesh AP (OUTDOOR) $100

Cloud Key $100

NVR - record cameras $300

1x UVC-G3 - camera $150

 

These are all rounded up numbers less then 1200..   Camera's could come later.. If you talk just the wifi and network your looking at 700.. Would be less than that prob since I rounded everything up..

 

 

 

Captive Portal, yeah. That sounds about right. I don't want to overly complicate things for him. He's already blown away with the RV320 / SG300 setup I have running now, and even this is overkill for his families BNB.

 

AC PRO says it works outside. By outside, it'll be protected from the rain, and elements, just be mounted on the side of the wall. If it was a stormy area, I'd build a protective plexiglass case for it, but it isn't too bad.

AC LITE PRO - Says it's for "indoor" use only. I was looking at 2 of these.

 

The controller software will be ran on a desktop in the office area, which is essentially his work area. He does all the "IT" work, web development, etc.. He's not as tech savvy as I am, nor am I as tech savvy as you are, BudMan. pfSense would be a lot more complicated for him. I don't know where the equipment is currently located at, so I'm trying to keep things small, and compact. I'm familiar enough with the equipment I suggested, that I could struggle getting his network setup for him. Minus the Captive Portal. For right now, he just wants his WiFi to cover all 3 stories, and outside area. As for cameras, I'm not 100% sure on that front, I can always ask when I talk to him next.

 

On a side note, that Cloud Key looks bad ass. I might have to pick up a copy of that because I keep running into port usage problems. I need to make a list of what ports are in use, lol.

[+BudMan MVC]

Again WTH is a "AC Lite Pro"  There is no such thing.. You mean a AC Lite.. why do you keep adding pro on it??

 

As to the pro model saying it works outside.. While you could prob put it under a soffit or something.  Its not really designed to be outside..  Like you would with one of that actual outside AP -- mount on a pole sort of thing.  Or sure they can be mounted to the side of a wall..  The new beta model coming out, or you can buy from the beta sort is only $100

 

I really would suggest he just go with all unifi router and switch..  This gives him control of everything in his controller.. Makes it brain dead easy for anyone to use.. And if need be he can contact them for support and his whole network is under them..  If he wants to run the controller on his PC ok.. But the cloud key makes it easy to use on something that uses like no juice and run 24/7/365 etc..

pfSense would be a lot more complicated for him.

 

Not sure where you get this idea that pfsense is complicated.. Its not any more complicated than any soho router you buy at your local computer store..  Its a webgui you hit.. Out of the box it works just like any other soho router..  Can you get fancy with it sure..  But to be honest in a typical home setup its clickity clickity done..   Tell you this for sure WAY FREAKING EASIER than your RV320 that is for sure..

[sc302 Veteran]

Pfsense is really easy.  While the back end is Linux based, the front end is completely GUI.  The end user never has to touch the back end.  I have setup many simpletons with pfsense and they love it. 

 

The interface is 2000x easier than that Cisco you recommended. 

[BinaryData]

6 hours ago, BudMan said:

Again WTH is a "AC Lite Pro"  There is no such thing.. You mean a AC Lite.. why do you keep adding pro on it??

 

As to the pro model saying it works outside.. While you could prob put it under a soffit or something.  Its not really designed to be outside..  Like you would with one of that actual outside AP -- mount on a pole sort of thing.  Or sure they can be mounted to the side of a wall..  The new beta model coming out, or you can buy from the beta sort is only $100

 

I really would suggest he just go with all unifi router and switch..  This gives him control of everything in his controller.. Makes it brain dead easy for anyone to use.. And if need be he can contact them for support and his whole network is under them..  If he wants to run the controller on his PC ok.. But the cloud key makes it easy to use on something that uses like no juice and run 24/7/365 etc..

 

 

 

Not sure where you get this idea that pfsense is complicated.. Its not any more complicated than any soho router you buy at your local computer store..  Its a webgui you hit.. Out of the box it works just like any other soho router..  Can you get fancy with it sure..  But to be honest in a typical home setup its clickity clickity done..   Tell you this for sure WAY FREAKING EASIER than your RV320 that is for sure..

Well, if it were to be ran in a VM, that's where it would get tricky. I'll suggest the Ubiquiti route to him, and see if he bites. That Key Cloud is looking pretty nice, my question is, does that work on any router or switch?

 

I just want him to be in full control of his network, because right now, it's absolute mayhem.

2 hours ago, sc302 said:

Pfsense is really easy.  While the back end is Linux based, the front end is completely GUI.  The end user never has to touch the back end.  I have setup many simpletons with pfsense and they love it. 

 

The interface is 2000x easier than that Cisco you recommended. 

Well, I'm trying to do this with a budget in mind, and trying to keep it simple. Thus the reason why I posted on here, my knowledge is only limited to what I know, and that's not much. IF you suggest the Ubiquiti route, then I'll go with that. I'm trying to avoid Virtual Machines completely, and anything that requires constant maintenance.

 

I'll talk to him, and see what he thinks. If there's a Microserver out there that could handle pfSense, that would be crazy cool. He MIGHT be up for the idea of an ESXi Server running pfSense and an Ubuntu Server for web testing. He has spoken to me in the past about that. I just need to bring him a game plan, the cost, and how long it'll take to implement it. When we're ready to do this, i'm going to take a short vacation over at his BNB, and set it up. So, i have about 3 - 6 months to brush up on my Networking and Ubiquiti configurations. Or have BudMan/sc302 on speed dial

[sc302 Veteran]

Or just buy the pfsense appliance. It done and ready for install much like your off the shelf router. 

[+BudMan MVC]

yup the new sg1000 is very budget friendly even..

 

The cloud key works on any switch.. But if its poe you don't even have to supply it power cord..  The 24 port lite switch is very budget friendly..  And there is actually one thing I ran into they can do that the cisco doesn't that I am kind of wanting to try out.  You can do dynamic assigned vlans and have the switch handle the vlans all on the same switch port.

 

In the paste I have heard they can have some issues.  But been following the boards for quite some time and don't see many issues with the switches.  I might have to get a couple myself to play with.  Thinking about a 24 port to replace my sg300-10 and then one of the new beta poe ones for my av cabinet.

 

If you want to keep it simple and give him full control the unifi route is prob the best path from cost and ease of use that is for sure.  With the camera's and shoot the phones, they do sell complete package sort of thing.

[BinaryData]

With the AC Pro APs, they've got dual RJ45 ports, and that allows you to daisy chain them, correct? Do you still need a poe adapter to make that work? Can you just use one POE Adapter on the first one, or is it not powerful enough? I'm also trying to minimize how destructive we will have to be. The less cables the better.

 

I'll probably role the pfSense Router or Ubiquiti router, with a switch, and 3 APs with the Cloud Key. Seems like the most logical decision. Which means, I don't need to give any of my gear up, hooray.

[Circaflex]

The second ethernet port on the uap-ac-pro does not carry over POE, you can daisy chain them however you would need an injector for each AP.

[adrynalyne]

On 11/26/2016 at 1:38 PM, BinaryData said:

Captive Portal, yeah. That sounds about right. I don't want to overly complicate things for him. He's already blown away with the RV320 / SG300 setup I have running now, and even this is overkill for his families BNB.

 

AC PRO says it works outside. By outside, it'll be protected from the rain, and elements, just be mounted on the side of the wall. If it was a stormy area, I'd build a protective plexiglass case for it, but it isn't too bad.

AC LITE PRO - Says it's for "indoor" use only. I was looking at 2 of these.

 

The controller software will be ran on a desktop in the office area, which is essentially his work area. He does all the "IT" work, web development, etc.. He's not as tech savvy as I am, nor am I as tech savvy as you are, BudMan. pfSense would be a lot more complicated for him. I don't know where the equipment is currently located at, so I'm trying to keep things small, and compact. I'm familiar enough with the equipment I suggested, that I could struggle getting his network setup for him. Minus the Captive Portal. For right now, he just wants his WiFi to cover all 3 stories, and outside area. As for cameras, I'm not 100% sure on that front, I can always ask when I talk to him next.

 

On a side note, that Cloud Key looks bad ass. I might have to pick up a copy of that because I keep running into port usage problems. I need to make a list of what ports are in use, lol.

If a PC is running the controller software, keep in mind it must run at all times else Guests can log in without the portal stopping them. 

[BinaryData]

46 minutes ago, adrynalyne said:

If a PC is running the controller software, keep in mind it must run at all times else Guests can log in without the portal stopping them. 

I kind of figured it would be like that.

1 hour ago, Circaflex said:

The second ethernet port on the uap-ac-pro does not carry over POE, you can daisy chain them however you would need an injector for each AP.

Thought as much, but if I'm running the POE Switches, I should be solid then, except for that one on the 2nd floor. I'd need an injector for that.

 

He doesn't need a whole lot of ports either, so I'm thinking 2x 8 Port Switch will be enough. One for his AP Network, and the other would be the office area.

 

Edge Router X

EdgeSwitch 8-150w

AP AC Lite

UniFi Mesh

Cloud Key

 

2x EdgeSwitches, 2x AC Lite, and I'm thinking the total will be around $800 - $900. Which works out perfectly. If he needs to upgrade his network to support cameras, then it'll be super simple to do that.

[Circaflex]

Just make sure the switch provides enough juice for the ap pro, i believe they run off of 48v whereas most common switches I have seen provide 24v poe which wont work.

 

nvm i see youre now using the lite instead.

[adrynalyne]

11 minutes ago, Circaflex said:

Just make sure the switch provides enough juice for the ap pro, i believe they run off of 48v whereas most common switches I have seen provide 24v poe which wont work.

 

nvm i see youre now using the lite instead.

I think it's the other way around. 24v passive Poe needs the injectors unless the switch provides passive Poe ( perhaps only Ubiquiti?). The Pros support standard 802.3af. 

 

 

[sc302 Veteran]

Look up 802.3af vs 802.3at. The ac pro supports at. 

 

Circaflex it has more to do with wattage than voltage. 

[adrynalyne]

2 minutes ago, sc302 said:

Look up 802.3af vs 802.3at. The ac pro supports at. 

 

Circaflex it has more to do with wattage than voltage. 

It supports af as well. 

[Circaflex]

I was told by ubiquiti you need 48v passthrough/poe+ for those, which is why it would not work on the er-x which is 24v passthrough. had i used the edgerouter 5 poe which has 48v passive poe i couldve left off the injector.

[adrynalyne]

7 minutes ago, Circaflex said:

I was told by ubiquiti you need 48v passthrough/poe+ for those, which is why it would not work on the er-x which is 24v passthrough. had i used the edgerouter 5 poe which has 48v passive poe i couldve left off the injector.

Pros don't use passive Poe at all. 

 

The important thing is the switch supports all the Poe modes he needs even if he gets Pros. 

 

[Circaflex]

3 minutes ago, adrynalyne said:

Pros don't use passive Poe at all. 

 

The important thing is the switch supports all the Poe modes he needs even if he gets Pros. 

 

But the pros do need 48v's right? Isnt that what the POE+ standard is? I was just pointing out that he makes sure his router or switch has enough juice, for instance the er-x cannot power the ac pro via poe because it only offers 24v passthrough POE. I 100% used the wrong terms originally or didnt describe it correctly, I get what you guys are saying.

[adrynalyne]

2 minutes ago, Circaflex said:

But the pros do need 48v's right? Isnt that what the POE+ standard is? I was just pointing out that he makes sure his router or switch has enough juice, for instance the er-x cannot power the ac pro via poe because it only offers 24v passthrough POE.

The Pros can work on af PoE too per white paper. 

[sc302 Veteran]

9 minutes ago, Circaflex said:

But the pros do need 48v's right? Isnt that what the POE+ standard is? I was just pointing out that he makes sure his router or switch has enough juice, for instance the er-x cannot power the ac pro via poe because it only offers 24v passthrough POE. I 100% used the wrong terms originally or didnt describe it correctly, I get what you guys are saying.

Pros will work on either.  Btw, you can get 24v or higher voltage power injectors.  Just because it requires more than 24v doesn't automatically make it af or at. 

[Circaflex]

14 minutes ago, sc302 said:

Pros will work on either.  Btw, you can get 24v or higher voltage power injectors.  Just because it requires more than 24v doesn't automatically make it af or at. 

by either you mean 48v or PoE+ correct and not 24v?

[sc302 Veteran]

They can work off of power injector, af or at (I believe at is backwards compatable to af anyway, meaning that if an af device is plugged into an at switch, the device will receive power). 

 

All devices, to my knowledge, can be powered with an injector. Not all devices support af or at, and a Poe switch that supports these standards will not power the devices. 

 

The power injector, to my knowledge, is always applying power on the energized port.  The af and at switches apply power if the device requests it. 

[+BudMan MVC]

5 hours ago, BinaryData said:

and that allows you to daisy chain them, correct?

No you can not daisychain them - unless you inject power into the connection you send onto the second one.

 

But daisychaining is not what that 2nd port is meant as..