What's needed for a decent home network?

Archer

Honorary Master
Joined
Jan 7, 2010
Messages
21,717
I will be moving into a new home later this year, so it seems like a good time to think about a long term home network solution. My biggest question is what level of security is really needed for the average Joe consumer? I at least want to separate guests from my network on WiFi (that's easy), but do I really need to go further and add a dedicated firewall or make virtual networks, etc. And are any consumer grade routers capable of this already? My current ISP provides a Zyxel T50 which I hate because of a non sensical interface and dismal wifi performance, I swear the darn thing can only connect one wifi device at a time. Anyway, what other things should an average Joe being doing? And note I don't want the be tinkering with this thing, I'll happily spend a week or two setting it up but after that I want to forget about it

No real preference on hardware, but cost is always a factor. I guess 300-400 Euro is a starting point. I will need at least 2 hardwired APs since the home has three levels, with the floors being reinforced concrete.

We're a family of 4 with about 10 devices I want to keep wired split across all floors (think its 3-5-2 from floor to attic), and then about 20-30 wireless devices, and its only really cellphones and tablets that would have high bandwidth requirements, the rest is smart home / IOT stuff. I don't expect to add cameras or WiFi based smart lights (too far into the Hue ecosystem already).
 

powermzii

Expert Member
Joined
Jun 4, 2007
Messages
4,215
You're on the right track going with hardwired APs - you COULD keep the T50 for routing, turn off the Wifi and supplement it with the APs - have recently implemented Unifi APs here at home and they are pretty easy and just work. In terms of firewalls / VLANs -that's really up to you. I currently do not have separate VLANs but my Mikrotik has a number of firewall rules to limit what traffic goes in etc
 

KevOfGoodHope

Well-Known Member
Joined
Jan 14, 2010
Messages
105
I will be moving into a new home later this year, so it seems like a good time to think about a long term home network solution. My biggest question is what level of security is really needed for the average Joe consumer? I at least want to separate guests from my network on WiFi (that's easy), but do I really need to go further and add a dedicated firewall or make virtual networks, etc. And are any consumer grade routers capable of this already? My current ISP provides a Zyxel T50 which I hate because of a non sensical interface and dismal wifi performance, I swear the darn thing can only connect one wifi device at a time. Anyway, what other things should an average Joe being doing? And note I don't want the be tinkering with this thing, I'll happily spend a week or two setting it up but after that I want to forget about it

No real preference on hardware, but cost is always a factor. I guess 300-400 Euro is a starting point. I will need at least 2 hardwired APs since the home has three levels, with the floors being reinforced concrete.

We're a family of 4 with about 10 devices I want to keep wired split across all floors (think its 3-5-2 from floor to attic), and then about 20-30 wireless devices, and its only really cellphones and tablets that would have high bandwidth requirements, the rest is smart home / IOT stuff. I don't expect to add cameras or WiFi based smart lights (too far into the Hue ecosystem already).
I think Unifi products would be a safe bet, and should be within your budget of 400 Euro.
Just get UDM + 2 AC/WiFi6 APs, you should be covered. The UDM replaces your current Zyxel T50 as a router and Wifi AP for a floor, and the two APs be placed in each of the two other floors.

Unifi Controller interface should be easy enough to configure for your needs:
  • Guest WiFi with bandwidth control
  • Separate VLAN for network segregation
    • Allow IOT device traffic to Internet but blocked/partially allowed to internal network
    • Block Internet for any devices that you do not want to allow Internet traffic and restrain them to local network only, e.g. IP camera
  • Basic firewall setting to block unwanted traffic from outside
I believer most of the members on the forum who uses UBNT equipment can agree that we don't have to tinker a lot once it's been setup (properly), sometimes I almost forget about them because they've been so stable and working properly over the years.
 

HavocXphere

Honorary Master
Joined
Oct 19, 2007
Messages
32,879
do I really need to go further and add a dedicated firewall or make virtual networks, etc. And are any consumer grade routers capable of this already?

Security is a bit like car/computer tuning...first little bit of gains is easy...and every additional gain becomes harder and the payoff becomes less obvious. Diminishing returns. So picking a middle and calling it good is perfectly valid in that regard.

I think Unifi products would be a safe bet

That is indeed the most common middle ground. Worth keeping in mind though: They just tried to cover up all customers being globally exposed for 2 months, are forcing cloud integration (the cloud that just got compromised) and also started placing ads into their management console. I can see the appeal on products...but that company appears to have bought a one way ticket to the dark side.

No easy way of getting the same integrated type system without some tinkering though as best as I can tell.

If up for a bit of tinkering, custom hardware with Openwrt (or pfsense on x86) plus a wifi 6 mesh would work. More control & much better specs...but fiddly.
 

Zophos

Expert Member
Joined
Jun 3, 2017
Messages
1,603
Netgear Orbi Wifi 6

Enough F-ing around... (Just a suggestion)

1617883997603.png 1617884263400.png
 

Archer

Honorary Master
Joined
Jan 7, 2010
Messages
21,717
I think Unifi products would be a safe bet, and should be within your budget of 400 Euro.
Just get UDM + 2 AC/WiFi6 APs, you should be covered. The UDM replaces your current Zyxel T50 as a router and Wifi AP for a floor, and the two APs be placed in each of the two other floors.

Unifi Controller interface should be easy enough to configure for your needs:
  • Guest WiFi with bandwidth control
  • Separate VLAN for network segregation
    • Allow IOT device traffic to Internet but blocked/partially allowed to internal network
    • Block Internet for any devices that you do not want to allow Internet traffic and restrain them to local network only, e.g. IP camera
  • Basic firewall setting to block unwanted traffic from outside
I believer most of the members on the forum who uses UBNT equipment can agree that we don't have to tinker a lot once it's been setup (properly), sometimes I almost forget about them because they've been so stable and working properly over the years.
UDM is 300 bucks all on its own :/ Maybe my question should rather be is there some monumental security upgrade by having a (good) router? For example whats the real difference between a consumer grade router's firewall vs that of the UDM?
 

Archer

Honorary Master
Joined
Jan 7, 2010
Messages
21,717
Security is a bit like car/computer tuning...first little bit of gains is easy...and every additional gain becomes harder and the payoff becomes less obvious. Diminishing returns. So picking a middle and calling it good is perfectly valid in that regard.



That is indeed the most common middle ground. Worth keeping in mind though: They just tried to cover up all customers being globally exposed for 2 months, are forcing cloud integration (the cloud that just got compromised) and also started placing ads into their management console. I can see the appeal on products...but that company appears to have bought a one way ticket to the dark side.

No easy way of getting the same integrated type system without some tinkering though as best as I can tell.

If up for a bit of tinkering, custom hardware with Openwrt (or pfsense on x86) plus a wifi 6 mesh would work. More control & much better specs...but fiddly.
This is partially why I have been considering going with TP-Links Omada system, since connecting to cloud is completely optional. But my understanding is that one can also create a complete Ubiquiti system without any cloud connection although for how long that will still hold is a valid question imo
Nice thing about the Omada range is the EAP235 in wall AP with 3 available network ports, makes the switching part on each floor a bit more convenient. And it's about half the price of the equivalent AP from Ubiquiti
 

HavocXphere

Honorary Master
Joined
Oct 19, 2007
Messages
32,879
one can also create a complete Ubiquiti system without any cloud connection although for how long that will still hold is a valid question imo
Perhaps someone with more practical Ubiquiti experience can chip in but I doubt it frankly given (article linked above):
the company began pushing everyone to use a unified authentication and access solution that makes it difficult to administer these devices without first authenticating to Ubiquiti’s cloud infrastructure.

All of a sudden, local-only networks were being connected to Ubiquiti’s cloud
 

wetkit

Expert Member
Joined
Oct 27, 2003
Messages
1,099
One thing to remember with concrete is that it stops WiFi dead, especially 5ghz.
I am biased towards Unifi so have 4 wired AP's in my house and using a cloudkey to run them.
They can mesh together if a Lan connection fails, but then the overall throughput is reduced.
So far working very well for me.
If you concerned about safety, use a Microtik RB750 router or similar.
 

Rickster

EVGA Fanatic
Joined
Jul 31, 2012
Messages
18,507
The only reason to keep that Zyxel is if you have a bit of rage you can just smash it to pieces but only once.

My unifi experience is great, its just a AP, no controller or cloud key nonsense.

Fibre->Draytek 2135->Unifi NanoHD

Done.
 

lkswan747

Expert Member
Joined
Jun 28, 2017
Messages
1,714
UDM is 300 bucks all on its own :/ Maybe my question should rather be is there some monumental security upgrade by having a (good) router? For example whats the real difference between a consumer grade router's firewall vs that of the UDM?
Stability! I have found that consumer grade routers are not as reliable from a wireless connection point of view. I have been running a Ubiquiti USG3P for two years and had it not been for the constant power interruptions it would be running without a reboot (apart from the necessary security updates). Security is also much more configurable on a prosumer router.
 

Smokey mcpot

Expert Member
Joined
May 28, 2019
Messages
1,214
The only reason to keep that Zyxel is if you have a bit of rage you can just smash it to pieces but only once.

My unifi experience is great, its just a AP, no controller or cloud key nonsense.

Fibre->Draytek 2135->Unifi NanoHD

Done.
The only router worse than that is the dlink dir825
 

KevOfGoodHope

Well-Known Member
Joined
Jan 14, 2010
Messages
105
Perhaps someone with more practical Ubiquiti experience can chip in but I doubt it frankly given (article linked above):
You don't need cloud account to manage Unifi/Unms, I doubt that would change in the future though, makes no sense for cloud only management.
 
Top