Update: since I first wrote this article, we have upgraded our Ubiquiti Cloud Key to the Cloud Key Gen 2 and our USG to the USG Pro 4. Additionally, we supplemented the aggregator switch in the networking rack with a PoE US‑16‑150W switch for POE devices like the Cloud Key Gen 2 and Unifi AP’s. Finally, I sunset the Sonos Boosts in favor of a Sonos networking architecture that leverages multiple Ethernet-connected Sonos Beams.
Overview
The DIY, Piecemeal Approach
For years, I have constantly upgraded and maintained our home network. While I embrace new technology solutions, I am not an IT administrator. Figuring out what is broken–and why–is often time consuming and aggravating. This is particularly true at home, where I lacked the necessary tools to view the health of our home network and to easily upgrade it. My wife would frequently tell me that “the Internet is slow” or “the Internet isn’t working”. In reality, something went haywire within our home network.
Part of that is my fault: our home serves as a product testbed. By virtue of my day job, the number of IP connected devices has multiplied: with over 100 “nodes”. When we moved into our first house, we wired our home with Gigabit Ethernet. Then, we installed three premium consumer routers and a number of unmanaged Ethernet switches from Netgear. For greater stability than Netgear’s stock firmware, I used DD-WRT, an open source firmware.
This DIY approach quickly reaches its limits: first, this isn’t a comprehensive system. It’s a collection of networked components that work together only with a lot of time and effort on my part. Wireless handoff between access points depends solely on the wireless client’s WiFi managers. As good as DD-WRT is, most of its releases are “beta” quality. There are unexpected bugs due to limited hardware vendor support. Managed Ethernet switches give you greater control and visibility over IP network traffic than the unmanaged switches I was using. Most importantly, I lacked a unified dashboard where I could view and control network activity.
A Comprehensive System
Clearly, I needed a solution that was prosumer, if not SMB, quality. I tested Netgear and Cisco managed switches before settling on Ubiquiti. Although Ubiquiti has a consumer grade mesh network system, AmpliFi, I preferred their higher end UniFi product line. Unlike most residences, we had already invested in the necessary Gigabit Ethernet wiring of our home.
Most consumer WiFi routers are all-in-one devices, serving firewall, NAT, routing, Ethernet switching, WiFi access point, and administrative interface functions. By contrast, UniFi is a modular system. You will need to buy multiple components to replace all the functions of your consumer router.1 Ubiquiti describes UniFi as their software defined networking (SDN) solution. Below is an illustration of how the discreet Ubiquiti UniFi devices come together.
UniFi Controller & UniFi Cloud Key
You start with the UniFi Controller. This software component is available in Windows, Mac and Linux versions. You can run it as a Docker instance on your NAS device. You can run on a Raspberry Pi. It is even possible to run it on the Amazon AWS’ cloud.
At $80, the simpler solution–particularly factoring in subsequent Controller software upgrades–is to purchase the UniFi Cloud Key. The Key is a low-powered, dedicated appliance–about the size of a notebook computer power adapter–that runs UniFi Controller. Since I am not using PoE, I connected the Cloud Key via a 2 amp micro-USB adapter. You can elect not to connect your account to the cloud, if desired.
You can view a web demo of the Controller dashboard here. There is also a companion mobile app for iOS and Android.
UniFi Security Gateway
The next network element that you should buy for your home network is the Unifi Security Gateway (USG). This is your firewall, DHCP server, and router. Since this is a home network installation, I purchased the USG rather than the USG-PRO-4. The key capabilities of the USG are firewall, VLAN, VPN, and radius server. Moreover, the USG is required for deep packet inspection (DPI). Ubiquiti recently released new intrusion detection system and intrusion prevention system capabilities. However, these have severe performance hits for WAN connections over 70MBps. If your Internet connection is faster than that, I recommend disabling the IDS and IPS features for now.
I prefer the USG over Ubiquiti’s cheaper EdgeRouter product line because it is very easy to install and manage. This includes statistics collection, speed control, and blocking of individual clients. All of networked devices can be managed from a “single pane of glass”.
Plug the USG’s WAN port into your cable modem or ISP’s gateway. You can also add a second ISP on the WAN2 port. After powering up your USG, you need to “adopt” it, using the UniFi controller software.
UniFi Managed Switch
The third network element that you should buy is the managed switch. A UniFi switch is necessary in order to view historical latency and throughput charts in the Controller. Although Ubiquiti offers higher end models with power-over-Ethernet (PoE) available on all ports, for my aggregator switch, I selected the Unifi Switch 24. This is a cheaper model that lacks PoE.2
I replaced the unmanaged switches in my home theater cabinets and my office with Unifi Switch 8’s, which give me 4 PoE ports for access points near those switches. I should note that UniFi access points include a PoE injector if you don’t have an available PoE port on your switch.
The Unifi Switch 24 also includes SFP ports, which permit you to interconnect other SFP-equipped switches using fiber optic cables. This frees up Ethernet ports, permits longer cabling runs, and reduces potential radio frequency interference. But it likely isn’t necessary for a home network unless you are short on Ethernet ports. And, if you have spare Ethernet ports, then there is little value using SFP if you want short cable runs.
UniFi Access Points
Ubiquiti began as a company focused on the needs of wireless internet service providers. So, they offer a wide variety of WiFi access points that complement the UniFi solution. If you are future proofing your home, then you want a 802.11ac Wave 2 MU‑MIMO (Multi‑User, Multiple Input, Multiple Output) equipped access point. That means you want their UniFi AP HD model, which Ubiquiti claim has a 2.4 GHz radio rate of 800 Mbps and a 5 GHz radio rate of 1733 Mbps.
However, the UAP‑AC‑HD AP’s are currently considerably more expensive than the UAP-AC-PRO. If you have a large house, you will likely want at least three access points. Depending on your budget, you might be better off in the long term purchasing the Pro model now and then upgrading to the HD model when it inevitably falls in price.34
Update: since this was first written, the Unifi NanoHD was introduced. Depending on your needs, this may be more cost-effective for your home. It is cheaper but has less throughput than the UAP‑AC‑HD AP.
Building a Keystone Patch Panel
I recommend terminating all your Ethernet cables into a keystone patch panel. Typically, in-wall wiring uses 22 or 24 AWG, solid conductor cabling. This type of cabling is easy to work with and low cost. But, it is also rigid, making it prone to damage when repeatedly handled or bent. This damage can cause intermittent connectivity issues. A patch panel permits you to use a patch cable for the final connection to your networking equipment.
Monoprice sells a rigid, 48-port metal bracket for about $12. Because you are using managed switch, there is no need to label your ports or buy colored cabling (your switch will auto-identify the connected client). Your in-wall wiring should be solid-core CAT-6. But, these cables may connect to wall outlets first, requiring a patch cable to connect them to the back of your patch panel. Therefore, you need to purchase either punch-down keystone jacks or female-to-female Ethernet couplers depending on whether you are connecting solid-core wiring or longer patch cables, respectively.
Wiring Everything Together
- Connect each Ethernet port on your patch panel to a port on your aggregator switch.
- Only use CAT-6 Ethernet patch cables. I prefer the lower profile, “slim run” cables to save space.
- I prefer to put my uplink cable on Ethernet port 1 of all my secondary switches. Beyond keeping everything consistent, for Ubiquiti POE switches, this frees up a POE port.
- For my Sonos BOOST devices, I place them on Ethernet port 2 of my secondary switches because they don’t need POE.
- For my Ubiquiti AP’s, I always wire them to port 8 to draw power from the POE port.
Next: Part 2
Be sure to read Part 2, where I cover provisioning, configuration tips, issues, and resources.
Updated on February 23rd, 2019
You could buy a firewall or a managed Ethernet switch from another company but then it wouldn’t work as seamlessly, with a single controller and dashboard.↩
The 24‐port model supports up to 26 Gbps non-blocking throughput; the 48-port model supports up to 70 Gbps.↩
I ruled out Ubiquiti’s lower end UAP-AC-LITE and UAP-AC-LR access points because the performance jump in the UAP-AC-PRO is worth the extra ~$50 per AP. Similarly, I also ruled out the expensive and specialized UAP-AC-EDU and UAP-AC-SHD models. Ubiquiti also sells an per-room, in-wall access point but this seems less attractive on a price-performance basis than the ceiling mount models for a home networking installation.↩
Of course, there is also the cost and hassle of running Ethernet to ceiling or wall drops for these access points.↩
You must be logged in to post a comment.