It’s been a year since I wrote here, and now I hope I’m back. It’s been a busy time so now that I have a big home infrastructure project, I figure it’s a good time to write some more.
WiFi
I have long had a nagging feeling in the back of my head that my house’s WiFi isn’t what it could be, especially since I live in a 2500 sqft house and I have to use 3 Netgear APs to get somewhat spotty coverage. A large part of this is that my house was built in 1934, and it has plaster walls, and an addition in the back that is separated from the rest of the house by the original brick back wall of the rest of the house. Even with 3 APs, we have iffy coverage, and the Netgear equipment, while generally very good, isn’t really meant for this use.
Also, my network has grown a lot since I originally designed it, and I’m not sure it does all it ought to.
It is fortuitous, then, that I read Lee Hutchinson’s article (arstechnica.com) on his 3 years using Ubiquiti Unifi products. It was like he was speaking right to me, and I realized, on navigating to their site and seeing that the intro video is them wiring up a stadium, that this was exactly what I needed.
I read his article more than 10 times, working to tease out all the wisdom about what he had done, and also to see how I would approach a similar problem. I think I’m ready to jump.
My Network
Normally, I would not share any network details with anyone ever. I am naturally somewhat guarded, so sharing network details is usually anathema. When I worked at the White House a while back in their Office of Administration doing IT consulting, their excellent Information Assurance team drilled infosec into us, and I cant’ let go. However, since I’m replacing the majority of my network, I’ll give you, dear reader, the lowdown.
Attached to this are 3 SSIDs (5G, 2.4G, and guest), iPads, laptops, dash buttons, Various IP cameras, printers, media stuff (plex, apple TVs, audio stuff), Dash Buttons, TVs, etc. I’ll do a list when i inventory everything.
The Goals
When I read Lee Hutchinson’s article, I was like ‘That’s my exact same Problem!’, and realized action needed to be taken. My previous project (Ethereum mining) being completed (since the party is pretty much over):
And so now, we move on to the next problem:
- I need good 5G WiFi throughout the house
- I’d like to segment my devices so that not everything is on the trusted LAN
- I’d like to switch to using RADIUS for my authentication my my trusted LAN (I hear this is super-hard)
- I want a LAN segment for the Kids that I can manage separately, and so that they don’t have a WiFi password that they can share
- I’d like to upgrade my cameras, since the Panasonic ones I use now are very discontinued
- I think I need more that a class-C subnet in my house (remember when we had one or tow of those for a mid-sized company?)
- I’d really like to figure out how to get 4 subnets of IPV6 working. It’s currently just doing SLAAC, tracking my Comcast IP, but I’d like to understand it better. I’ve been screwing around with this for years, and I am no closer to understanding how a person is supposed to use this.
- Pull fiber between switches. Why not?
The Plan
So here is my plan, which I’ll cover in subsequent posts:
- Phase 1 (because home projects need phases):
- Inventory my stuff
- Do a site survey using NetSpotPro
- Do A detour into floor plans
- Interpret the Site Surveys
- Install the Unifi controller on my Centos Server and figure out to get it to coexist with other junk there
- Figure out where to install my new APs ( I already bought these)
- Install and test the APs
- Install an SSL certificate for my controller
- Set up Guest, Kids, IoT, and trusted ssids and VLANs
- Migrate old equipment to new infrastructure
- Phase 2:
- Buy Unifi switches, and replace my old switches with nice PoE ones
- Install and configure FreeRadius on my PFsense server
- Switch WiFi to RADIUS
- Switch VPN to RADIUS
- Phase 3:
Next Steps
Inventory and Site Survey!