New Year New Network

Reading time: 10 minutes
Warning: This post is over a year old. The information may be out of date.

I had a Netgear Orbi router and satellites running my home network, but things were becoming unstable. Constant dropouts, a router that thought the WAN port was down and required multiple reboots a day, it just wasn’t cutting it anymore.

So, I decided to bite the bullet and go for the UniFi setup I’d been considering for a while.

Here’s my initial impressions.

Background & Existing System

For some background, I have a few dozen devices that connect to my network in a mix of wired and wireless modes. Computers, phones, tablets, CCTV cameras, home servers, games consoles, media players etc.

Previously I used an Orbi Router (RBR20) to talk wirelessly to an Orbi Mesh Satellite (RBS20) upstairs, that satellite then had a wired connection running under some carpet to a gigabit switch in my office for my personal gaming desktop, my work laptop, and my NAS.

I used some powerline adapters to give me a wired connection upstairs, but they were slow.

It worked fine, but I never really liked it as it’s never worked 100% as I wanted.

That wireless backhaul started becoming more and more unreliable. Frequent drop outs and a low bandwidth connection would cause issues.

I did try to fix this by running a wired connection upstairs to that satellite. I’d held off on doing it for so long as this is a rental and I didn’t want to run cables, but in the end I cable-clipped it to the edge of the stairs, it’s barely noticeable, and the landlord was fine with it as it can be taken out when we eventually move.

That improved the stability of the systems in my office, but the WAN dropouts were still happening.

I’d had enough.

Searching…

I looked for other mesh systems, and found some that were pricey.

If I was going to have to spend £300-£500 (or even more in some cases) on a new mesh system that would handle the number of devices, what else could I use that would also support the features I wanted?

  • I wanted VLANs so I can isolate IoT devices and restrict the devices they can talk to
  • I needed multiple wireless networks for the various VLANs for some devices that can’t be wired
  • I wanted a nice management UI as I was sick of the slow, laggy, buggy UI from my Orbi system

The New Gear

I’d been eyeing up the UniFi Dream Machine for a while. It did everything I wanted. It was expensive. But I was sick of dealing with constant issues with my home network. So into my cart it went.

I’d need some managed switches to support VLANs for the wired devices. I didn’t need 10GbE, so 1GbE was fine (for now). The Switch Flex Mini seemed a good fit and wasn’t too expensive. I didn’t have any PoE devices so if I needed to upgrade in future, it wasn’t a huge amount spent on the switches.

I wasn’t sure if I’d need another access point, I’d used 2 previously (one upstairs and one at the back of the house in the conservatory).

I checked out the Access Point FlexHD and it seemed like a good fit. It was PoE powered, but comes with a PoE injector and so I didn’t see the need to spend more on a PoE switch yet as the price jumps up significantly for them (they also seem to be hard to get)

With the new equipment bought, I set about getting it up and running.

Setup

I ran the new network alongside my old one. I left the old router connected with that network running so that anything that was connected via WiFi would continue to work with Home Assistant.

I didn’t like that the UDM required an internet connection to set it up. I had to disconnect my Virgin Media modem from my old router to the new one to get it setup.

I moved devices across gradually. I setup the VLANs and as I connected devices, I assigned the port they were connected to on the switch to the appropriate VLANs.

For wireless devices, I setup Wireless networks that connected to the various VLANs for them. I’d worry about the firewall rules later.

I have the UDM in my living room on my media unit, that’s where my ISP connection comes in and I didn’t want to run more cables around everywhere. That UDM is connected to 3 switches. 2 on the media unit for devices there that need connectivity, and 1 in my office via the cable I ran earlier for my computers in there. I’d like to run just 1 switch for the devices on the media unit but 2 of the 5 port switches were cheaper than I could find a single 8 or 16 port switch for anyway right now!

The switch in my office is then connected to the wireless AP I bought to cover upstairs and the garden.

Network topology

VLANs

I took a lot of inspiration from Anthony Ferrara’s post about wiring his home network on how I have my VLANs setup, it seemed like a good starting point, but I didn’t go quite as extreme / granular.

  • 1 - LAN Services
  • 20 - Trusted Devices
  • 30 - Servers & Network-of-Things (NoT)
  • 60 - Internet-of-Things (IoT)
  • 70 - Guest

LAN services are for the network devices themselves, router, switches, AP

Trusted Devices are phones, laptops, desktops, etc

Servers & NoT are things like my NAS, my Home Assistant server, my home server running portainer, and other “Network of Things” devices. I have some Tasmota plugs for example, they send data via MQTT to my home assistant server, but don’t need internet access. So I run them in this VLAN with a firewall rule to restrict their internet connectivity by internal IP address. I also control CCTV cameras in a similar way, they sit on the same VLAN as the server that runs the CCTV software so I don’t have to run half a dozen video streams across VLANs and put extra load on the router.

IoT are things that don’t need to talk to other devices on the network necessarily. Especially not my trusted devices, but they need an internet connection, so they still get that

Guest has access to nothing on my local network. They still get internet access though.

You’ll notice that IDs 40 and 50 aren’t in a list that suggests they’d be there. Originally I had them as more granular home automation / IoT type VLANs but realised they weren’t needed after setting them up.

My VLAN access looks like this:

VLANs setup in the UniFi software

Wireless Networks

  • Trusted
  • NoT
  • IoT
  • Guest

I have these linked to the related VLANs so the firewall rules apply there too.

Thoughts & First Impressions

So far I’m really happy.

It’s been a week and it’s been stable and solid. The web UI is so useful, the traffic and data analytics are great!

I’ll post something once I’ve been using this for a longer period, but it feels like money well spent so far.

Let’s hope that continues!