[ale] Future-proofing a house for networking -- what to run?

Kyle Brieden kyle at txmoose.com
Wed Sep 13 09:45:22 EDT 2017


It is a little bit of a chicken-and-egg scenario dropping Unifi gear 
into an existing network, but there's actually quite a few solid 
writeups already out there on how to do it effectively with minimal 
downtime.  I actually would like to do my own writeup on it, as well.

It actually doesn't require Windows, just java.  They actively support 
Windows and Linux for the controller.  I have a buddy that runs his 
controller in a Digital Ocean droplet and has had no issues at all.

The config loss is a super weird issue that I'm not really sure I 
understand yet.  Someone out there has to have more context on the 
factors that lead up to it, but typically, once the devices have been 
configured by the controller, they Just Work (TM).  I mostly run the 
controller constantly because it does some really awesome DPI and 
traffic statistics for me, plus it runs a speed check every 30 minutes 
and I can see a report.

Which reminds me... I need to set up that twitter complainer to gripe at 
comcast when I'm getting less than 1/6th my paid for speed...

---
Very respectfully,
Kyle Brieden

On 12-09-2017 15:45, Derek Atkins wrote:
> This seems like it could be a bootstrap problem..  If the VM (I presume 
> it
> requires Windows?) runs on my laptop, but my laptop needs to either 
> access
> the 802.11 AP..  Or I suppose it needs to access the switch, but the
> switch would need to already be working in order for my DHCP server to
> respond...
> 
> I suppose if the only configuration that needs to be configured 
> externally
> would be special features, like LAG, then that's probably okay.
> 
> Losing its mind when it reboots is NOT okay.  I have a TP-Link switch
> right now that I had configured for LAG to my Cisco..  Every once in a
> while the TP-Link would lose its mind and stop routing traffic across 
> to
> the Cisci.  I know it's the TP and not the Cisco because I had to
> re-configure the TP and re-enable the LAG config.   Don't know what was 
> up
> with that, but I just decided that having a single 1G link that didn't
> fail was better than a 2G LAG that would stop sending packets at random
> times.
> 
> -derek
> 
> On Tue, September 12, 2017 3:28 pm, Kyle Brieden wrote:
>> This is mostly correct.  The UniFi devices still run EdgeOS and can be
>> managed via SSH as well.  The problem is that any changes you make 
>> don't
>> get propagated UP to the controller, so they will be lost if a
>> controller provisions the devices.  There's also instances of devices
>> losing configuration on reboot, thus requiring a controller to 
>> provision
>> them on reboot for continuity.
>> 
>> There's methods around that, but I like the controller (which I run on 
>> a
>> VM here), so I didn't get into those.
>> 
>> ---
>> Very respectfully,
>> Kyle Brieden
>> 
>> On 12-09-2017 11:47, Scott Plante wrote:
>>> My understanding is that the UniFi uses a centralized management
>>> software while the EdgeSwitch uses a local individual web/ssh
>>> management interface. It used to be you had more flexibility with the
>>> ssh command line interface but they have been releasing new 
>>> iterations
>>> of the UniFi control software so that may not be true so much 
>>> anymore.
>>> 
>>> We just ordered a 48 port EdgeSwitch, Amazon Warehouse
>>> scratch-and-dent to save money. Supposedly only had a scratched 
>>> finish
>>> on the back but turned out to be DOA. Fans would run but no lights 
>>> and
>>> no switching. The full price version wasn't prime, and we already 
>>> have
>>> a Ubiquity wi-fi using the management software, so I ordered the 
>>> UniFi
>>> 48-port switch--supposed to be here Wednesday.
>>> 
>>> For the UniFi, you can buy a small device (is it a RPi inside?) that
>>> has it running, or install it somewhere locally. At least for the
>>> hotspot, there's no way to administer the device directly, if I
>>> remember correctly.
>>> 
>>> https://hub.docker.com/r/jacobalberty/unifi/
>>> https://www.amazon.com/Ubiquiti-Unifi-Cloud-Key-Control/dp/B017T2QB22/
>>> 
>>> --
>>> Scott Plante
>>> 
>>> -------------------------
>>> 
>>> FROM: "Derek Atkins" <derek at ihtfp.com>
>>> TO: "Kyle Brieden" <kyle at txmoose.com>
>>> CC: ale at ale.org, "Jim Kinney" <jim.kinney at gmail.com>
>>> SENT: Tuesday, September 12, 2017 11:09:20 AM
>>> SUBJECT: Re: [ale] Future-proofing a house for networking -- what to
>>> run?
>>> 
>>> Kyle,
>>> 
>>> Thanks for the info.  I must applogize to you -- I read your reply
>>> before seeing the one to which you were replying.
>>> 
>>> The cameras I plan to get require 12W each (well, the power supply
>>> they
>>> come with is a 12V 1A power supply -- so I'm ASSUMING that it will
>>> want
>>> to draw 12W from PoE).  This means that the 250W swich can only
>>> support
>>> 20 cameras (which *MAY* be sufficient).  So that would certainly save
>>> ~$200 versus the -500W version.  On the other hand part of that 250W
>>> probably needs to power the router itself, so it's probably fewer
>>> cameras than that.  So I might still need to go to the 500W version
>>> for
>>> $523.
>>> 
>>> The Cisco you list below only has 12 PoE ports, which isn't
>>> sufficient.
>>> 
>>> Question:  What is the difference between the UniFi Switch and the
>>> EdgeSwitch?
>>> 
>>> -derek
>>> 
>>> Kyle Brieden <kyle at txmoose.com> writes:
>>> 
>>>> I suppose I could have been more clear.  I was not so much
>>>> recommending the specific gear I have as I was recommending Ubiquiti
>>>> as a brand, and noting the gear that I have as anecdotal evidence to
>>>> support my recommendation.  If you've already got high enough
>>> density
>>>> switching infrastructure, don't change it for sake of having all
>>> your
>>>> gear be the same brand.  Network gear is network gear, and it all
>>>> plays nice together... more or less, anyway.  But Ubiquiti gear is,
>>> in
>>>> my experience, far less expensive than comparably featured,
>>> supported,
>>>> and classed gear from damn near any other manufacturer.
>>>> 
>>>> 
>>>> 24 port managed PoE - $365 -
>>>> 
>>> https://www.amazon.com/Ubiquiti-UniFi-Switch-Managed-US-24-250W/dp/B00OJZUQ24/
>>>> 24 port managed PoE - $385 -
>>>> 
>>> https://www.amazon.com/Ubiquiti-EdgeSwitch-ES-24-250W-24-Ports-Managed/dp/B00LV8Z2V2/
>>>> 24 port managed PoE - $305 -
>>>> 
>>> https://www.amazon.com/Cisco-SG200-26P-Ethernet-Mini-GBIC-SLM2024PT/dp/B004GHMU5Q/
>>>> 24 port managed - $215 -
>>>> 
>>> https://www.amazon.com/NETGEAR-GS724Tv4-24-Port-Lifetime-Protection/dp/B00I5W5EGA/
>>>> 24 port managed - $193 -
>>>> 
>>> https://www.amazon.com/Ubiquiti-Networks-US-24-Unifi-Switch/dp/B01LZBLO0U/
>>>> 24 port managed - $185 -
>>>> 
>>> https://www.amazon.com/Ubiquiti-Networks-Edgeswitch-Gigabit-ES-24-LITE/dp/B013Z21ZJE/
>>>> 
>>>> There's lots of range and options, I was simply saying that I
>>>> recommend Ubiquiti.  Their support is incredibly helpful and
>>>> knowledgeable (in my experience with them), their gear is high
>>> quality
>>>> and easy to deploy, and I've been happy with the products I've
>>>> purchased to date.
>>>> 
>>>> ---
>>>> Very respectfully,
>>>> Kyle Brieden
>>>> 
>>>> On 11-09-2017 15:30, Derek Atkins wrote:
>>>>> Jim,
>>>>> 
>>>>> Yes, I know the US-24-500W is a 24-port switch.  Kyle recommended
>>> an
>>>>> 8-port, which doesn't help me.
>>>>> 
>>>>> The PoE switch is, as I just said, for my PoE IP Camera network.
>>> My
>>>>> main
>>>>> network is separate.  I cannot leverage any open ports on this
>>>>> switch for
>>>>> my main network (and I doubt the IP cameras suppose VLANs).
>>>>> 
>>>>> I've already got a Cisco SG200-50 for my main switch.  For the few
>>>>> additional PoE devices I have (currently: 2) I can just use
>>> standard
>>>>> PoE
>>>>> power injectors.  They cost $17 each, which is much less than the
>>>>> additional cost of a PoE capable switch.  So if I need to add a
>>>>> second AP,
>>>>> I'll happily pay another $17 vs having to spend an additional
>>>>> $100-200 for
>>>>> a (second) PoE-capable switch.
>>>>> 
>>>>> I would also prefer to limit the number of switches if I can to
>>>>> limit the
>>>>> required cross-connects (which of course become bottlenecks).
>>>>> 
>>>>> -derek
>>>>> 
>>>>> On Mon, September 11, 2017 3:16 pm, Jim Kinney wrote:
>>>>>> That's a 24-port 1G PoE switch. It provides power to 24 downstream
>>>>>> devices like phones, small switches and with some hacking,
>>> systems.
>>>>>> That particular switch is pretty useful for being a gateway switch
>>> for
>>>>>> other Ubiquiti WAPs (most all run on PoE).
>>>>>> I have this for home wireless:
>>>>>> 
>>> https://www.amazon.com/Ubiquiti-Networks-802-11ac-Dual-Radio-UAP-AC-PRO
>>>>>> 
>>> -US/dp/B015PRO512/ref=sr_1_1?s=electronics&ie=UTF8&qid=1505157073&sr=1-
>>>>>> 1&keywords=ubiquiti%2BWAP&th=1
>>>>>> Due to a large, sheetmetal duct in the center of the house between
>>>>>> floors, there's a shadow in coverage that's not good. That $130 is
>>> a
>>>>>> low cost way to slap a second unit in the ceiling on the top floor
>>> to
>>>>>> fill in that shadow.
>>>>>> Just search Amazon for Ubiquiti. Lots of toys at very good prices.
>>>>>> On Mon, 2017-09-11 at 14:58 -0400, Derek Atkins wrote:
>>>>>>> Kyle,
>>>>>>> 
>>>>>>> The Unifi US-24-500W is $523 on Amazon.  How is that
>>>>>>> "inexpensive"?  I
>>>>>>> said I needed 16-24 ports, so not sure how an 8-port helps me.  I
>>> do
>>>>>>> admit
>>>>>>> I didn't specify "rackmount" in my OP -- Mea Culpa.  But I'd
>>> rather
>>>>>>> find
>>>>>>> something more in the $200 range for that purpose (a physically
>>>>>>> private
>>>>>>> network of IP security cameras).
>>>>>>> 
>>>>>>> Yes, I do have an Edgerouter for my main router, which replaced
>>> my
>>>>>>> Routerboard because the RB750 couldn't keep up with my Gigapower
>>>>>>> network.
>>>>>>> I mostly like it.
>>>>>>> 
>>>>>>> Honestly I kind of like my DAP-2660 AC1200 AP and see little
>>> reason
>>>>>>> to
>>>>>>> switch.  It's worked quite well for me.
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> 
>>>>>>> -derek
>>>>>>> 
>>>>>>> On Mon, September 11, 2017 2:36 pm, Kyle Brieden wrote:
>>>>>>> > EdgeOS, and absolutely LOVE my ubiquity gear.  I  got the Unifi
>>> 8
>>>>>>> > port
>>>>>>> > PoE switch, Unifi Security Gateway, and the WAP that support
>>>>>>> > 802.11ac.
>>>>>>> > It has literally changed my home networking.  Can't recommend
>>> it
>>>>>>> > enough.
>>>>>>> >   I got all 3 of those seriously high grade boxes for about the
>>>>>>> > same
>>>>>>> > price you pay for a consumer router that supports 802.11ac.
>>>>>>> >
>>>>>>> > HIGHLY recommend.
>>>>>>> >
>>>>>>> > +1
>>>>>>> >
>>>>>>> >
>>>>>>> > ---
>>>>>>> > Very respectfully,
>>>>>>> > Kyle Brieden
>>>>>>> >
>>>>>>> > On 11-09-2017 11:19, Jim Kinney wrote:
>>>>>>> > > On September 11, 2017 10:04:42 AM EDT, Derek Atkins
>>> <derek at ihtfp.
>>>>>>> > > com>
>>>>>>> > > wrote:
>>>>>>> > > > Jim,
>>>>>>> > > >
>>>>>>> > > > On Mon, September 11, 2017 9:51 am, Jim Kinney wrote:
>>>>>>> > > > > 10G multimode with lc connectors.
>>>>>>> > > >
>>>>>>> > > > is it "easy" to build these?  Are there LC connector
>>> keystone
>>>>>>> > > > jacks
>>>>>>> > > > available?
>>>>>>> > > >
>>>>>>> > > > > Unless you _really_ are forward looking and install 100G.
>>>>>>> > > >
>>>>>>> > > > OM3 fiber looks like it will get to 40/100G
>>>>>>> > > >
>>>>>>> > > > > Otherwise install conduit and spare pull strings. That
>>> really
>>>>>>> > > > > future-proofs an install.
>>>>>>> > > > >
>>>>>>> > > > > I would plan for a 1" conduit with a single cat6, one
>>> rg6,
>>>>>>> > > > > one low
>>>>>>> > > >
>>>>>>> > > > voltage
>>>>>>> > > > > line (music) and a pull string.
>>>>>>> > > >
>>>>>>> > > > I'm not sure this is REALLY an option for me.I feel it is
>>>>>>> > > > certainly a
>>>>>>> > > > more
>>>>>>> > > > expensive option vs just running a bunch of cables now.
>>>>>>> > > >
>>>>>>> > > > > Spend money on a distribution center that all these lines
>>>>>>> > > > > start from.
>>>>>>> > > >
>>>>>>> > > > Good
>>>>>>> > > > > 10G switch, powered cable splitter, good remote
>>> adjustable
>>>>>>> > > > > amp for
>>>>>>> > > >
>>>>>>> > > > music
>>>>>>> > > > > control.
>>>>>>> > > >
>>>>>>> > > > Yes.  My current house has a 96-port RJ45 patch panel (2/3
>>>>>>> > > > full).  I
>>>>>>> > > > would
>>>>>>> > > > definitely repeat that.  Similar with audio -- I've got a
>>> 6-
>>>>>>> > > > zone amp
>>>>>>> > > > (although I dont think my current one is remotely
>>> adjustable --
>>>>>>> > > > but I
>>>>>>> > > > just
>>>>>>> > > > adjust via iTunes).
>>>>>>> > > >
>>>>>>> > > > I'm still researching TV/HDMI distribution systems....
>>>>>>> > > >
>>>>>>> > > > Oh, and trying to find a good 16-24-port PoE (10/)100/1000
>>>>>>> > > > switch.
>>>>>>> > >
>>>>>>> > > Look at Ubiquity. They have a selection of PoE switches in
>>>>>>> > > various
>>>>>>> > > port counts and rather affordable pricing. I've got a WAP and
>>> a
>>>>>>> > > 16
>>>>>>> > > port 10G switch from them. Pretty happy with both. Control
>>>>>>> > > software is
>>>>>>> > > closed source. Hardware looks like it may run the open switch
>>>>>>> > > software
>>>>>>> > > whose name escapes me.
>>>>>>> > >
>>>>>>> > >
>>>>>>> > > > -derek
>>>>>>> > > >
>>>>>>> > > > > On September 11, 2017 9:33:47 AM EDT, Derek Atkins
>>> <derek at iht
>>>>>>> > > > > fp.com>
>>>>>>> > > > > wrote:
>>>>>>> > > > > > Hi Alers,
>>>>>>> > > > > >
>>>>>>> > > > > > If you had the ability to future-proof your house
>>> (imagine
>>>>>>> > > > > > open
>>>>>>> > > >
>>>>>>> > > > studs,
>>>>>>> > > > > > so you could run anything you wanted), what would you
>>>>>>> > > > > > run.  Assume a
>>>>>>> > > > > > max
>>>>>>> > > > > > of 6 cables per drop?
>>>>>>> > > > > >
>>>>>>> > > > > > Last time I ran 4x Cat6A and 2x RG6.  However I'm never
>>>>>>> > > > > > using both
>>>>>>> > > >
>>>>>>> > > > RG6
>>>>>>> > > > > > F-connectors, so I figured I could replace that with
>>>>>>> > > > > > something else.
>>>>>>> > > > > > And before you ask, yes, I *AM* using all 4 RJ45
>>> connectors
>>>>>>> > > > > > in some
>>>>>>> > > >
>>>>>>> > > > of
>>>>>>> > > > > > my drops (and in one place I wish I had MORE Rj45).
>>> So,
>>>>>>> > > > > > what else
>>>>>>> > > > > > should I run?
>>>>>>> > > > > >
>>>>>>> > > > > > My current theory is 4x Cat6A, 1x RG6, and 1x Fiber.
>>>>>>> > > > > >
>>>>>>> > > > > > However I'm not sure what kind of "fiber" to run, nor
>>> what
>>>>>>> > > > > > kind of
>>>>>>> > > > > > connector I should use.
>>>>>>> > > > > >
>>>>>>> > > > > > Any suggestions or recommendations?
>>>>>>> > > > > >
>>>>>>> > > > > > -derek
>>>>>>> > > > > >
>>>>>>> > > > > > --
>>>>>>> > > > > >       Derek Atkins                 617-623-3745
>>>>>>> > > > > >       derek at ihtfp.com             www.ihtfp.com
>>>>>>> > > > > >       Computer and Internet Security Consultant
>>>>>>> > > > > > _______________________________________________
>>>>>>> > > > > > Ale mailing list
>>>>>>> > > > > > Ale at ale.org
>>>>>>> > > > > > http://mail.ale.org/mailman/listinfo/ale
>>>>>>> > > > > > See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>>>> > > > > > http://mail.ale.org/mailman/listinfo
>>>>>>> > > > >
>>>>>>> > > > > --
>>>>>>> > > > > Sent from my Android device with K-9 Mail. All tyopes are
>>>>>>> > > > > thumb
>>>>>>> > > >
>>>>>>> > > > related
>>>>>>> > > > > and reflect authenticity.
>>>>>>> 
>>>>>>> 
>>>> 
>>>> 
>>> 
>>> --
>>>        Derek Atkins                 617-623-3745
>>>        derek at ihtfp.com             www.ihtfp.com
>>>        Computer and Internet Security Consultant
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo_______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x89C9D831.asc
Type: application/pgp-keys
Size: 3053 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20170913/52834df4/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://mail.ale.org/pipermail/ale/attachments/20170913/52834df4/attachment.sig>


More information about the Ale mailing list