Modern home WiFi

ok, so in reader's digest layman's terms
how is this mesh / UniFi stuff different than a wifi router and hardwired access points?

So for clarification - UniFi is a brand, sold by Ubiquiti Networks. Mesh is a technology.

The "reader's digest layman's" explanation of mesh would be that it's multiple "base stations" (aka WAPs) that work together via wireless connection in addition to providing a wireless connection to clients, whereas the hardwired access points can communicate via the wires.

My house was wired with cat5 to almost every room and everything home runs back to a closet upstairs.

Wow. If you ever find the person who decided to do that, thank them. If my house was pre-wired with Cat5, this would be a much easier process for me!

The unfortunate thing is that my easy choices for cable modem and router placement are a bit limited. None really put the router in a central spot to cover the whole house.
so I installed a couple netgear wifi access points.
They work ok, and are more or less seamless.... I do get a bit of a hiccup occasionally when moving from one area to another, but mostly that's not really an issue. I have always questioned though if I really have them optimized as good as they could be.... just intuitively seems like the overlap areas could be bad

So here's why the Ubiquiti equipment consistently gets high marks - Fantastic software to go with their excellent hardware. One of the things you can do with their access points (at least the ones I use) is a bandwidth/conflict analysis for all of the different radio frequencies/channels that they can use, so that the right channels can be chosen to maximize throughput. It's pretty cool.

You should have seen the look on my Electrician's face when I asked him to run 2 x 240V/50A cables to the outside front of my house for the sole purpose of running my Christmas Lights...

He actually refused to do it until I proved to him that my power supplies can run on 240V :).

:rofl:

That seems high, I had a singular cable done last year. 50 ft CAT6A solid cable & RJ45 was $20. Install was 90 minutes at $125/hour via the attic. He terminated it with RJ45 on the ceiling (AP then fits over it), I terminated it on the patch panel side. So just over $200 for a 50ft Ethernet cable installed. Obviously running multiple cables at the same time is cheaper.

I suppose high quality speaker cable in itself is far more expensive than CAT6A though.

So you paid $4.15/foot total, but the "via the attic" part isn't in closed walls. Sounds about right to me...
 
Last edited:
The system that I'd like to have would be organized on a standard rack. If I were buying that equipment now, I'd use the Unifo Dream Machine Pro, a Unifi PoE managed switch, and Unifi WAP(s).

We built this house in 2002 and I went with a structured wiring panel that wasn't designed for a standard rack. Lots has changed in nearly 20 years. That panel (tired to) combing video distribution, security cameras, telephone distribution, and network all in one panel. Back then, the video distribution was analog and the security cameras were powered and connected via a single coax instead of the single Cat 5 that we use today.

I did install coax (RG6) and Ethernet (Cat 5+) to every room, though, so I've had the flexibility I needed over the years as standards evolved. There's just no easy way to convert to a standard rack.

One pic shows the panel, with cover installed, and the WAP that covers the entire house. The second pic is older. Before I removed the analog camera and video distribution panel. The wired router is behind the cable modem.

NCC and WAP.jpg NCC.JPG
 
Hmmmm... I wonder how the phone lines in our house are wired. We've never used them, we use cell phones exclusively. There's a slight chance they were wired with Cat5, which could then be re-purposed.

But if not, there's a bunch of Cat3 in the walls, and I might be able to use the Cat3 to pull a couple of Cat6 runs to all the rooms that have phone lines in them now. One could be used for networking, and the other for either networking or wired phone or whatever.

Hmmmmmmmmm...
 
Netgear Nighthawk in the AK house. Works great. Orbi system in the other house. Orbi doesn't work any better, it just covers a bigger area.
 
Larry, your cabinet is a very much nicer version of what they put in my house when it was built in 2007.
In my case they brought all the coax for TV jacks into a power boosted splitter block.
All the old fashioned telephone jacks come into a block and are all cat 5
and every telephone jack is x2 so they can be configured for data or phone.
My big issue other than it looking like a sloppy bird's nest...is that there is normal dual outlet inside for power. Not nearly enough for the TV antenna booster's power, the powered ethernet switches, etc....

and I agree with Kent
Wow. If you ever find the person who decided to do that, thank them. If my house was pre-wired with Cat5, this would be a much easier process for me!
mine could be better but it's generally the way they should all be done.
 
Hmmmm... I wonder how the phone lines in our house are wired. We've never used them, we use cell phones exclusively. There's a slight chance they were wired with Cat5, which could then be re-purposed.

But if not, there's a bunch of Cat3 in the walls, and I might be able to use the Cat3 to pull a couple of Cat6 runs to all the rooms that have phone lines in them now. One could be used for networking, and the other for either networking or wired phone or whatever..
If you're real lucky, they'll be in conduit and not stapled to the studs.
 
Larry, your cabinet is a very much nicer version of what they put in my house when it was built in 2007.
I picked it out, and specced all the wiring, myself. It wasn't something that the builder normally did. They still daisy-chained the phone outlets!

I got most of it right. A couple things I would do differently now are running Cat 5 to the camera locations instead of the RG6 and using a standard rack instead of the panel.

The lack of space for a large router/switch in the panel has not been a problem. I use a few inexpensive unmanaged switches around the house so that I only need one drop from the main panel to each location, even when there are several devices that need a LAN connection. Every location has at least two RG6 and two Cat 5+. That allowed me to do an HDMI-over-Ethernet connection from the living room TiVo to the bedroom TV. I just used an inline RJ45 connector to connect a drop from each location together. That's an application that I never anticipated. At the time, I envisioned video distribution as being over coax, not Ethernet, but the pre-wiring was flexible enough to adapt.

I also wired for zoned-audio but, until recently, never used it. Every time I looked at trimming out the system I'd get bogged down in comparing multi-zone amplifiers, how to provide the different inputs to them, and the remote control systems for use in each zone. Eventually I'd get a headache and put it aside. Then, a couple years ago, I learned of Sonos. It didn't take long before I had Sonos zones in my living room, bonus room, office, deck, and master bathroom. All of the zones are wireless except for the deck. For the deck I used a Sonos Connect:Amp to drive outdoor speakers through the speaker wires that I'd put in when the house was built. I also completely replaced my living room home theater receiver and speakers with the Sonos Playbar, Sub, and two One's (rear channel). That must have eliminated 100# of wires! The system is brilliant and was completely unpredictable when I built back in 2002.

Lastly, lighting control had been through the X10 protocol with PCC devices. X10 has a lot of limitations but it was once the best in the "affordable" class. That's since been replaced with a Lutron Caseta system which is significantly more reliable (I don't think I've ever had a control single fail). Caseta was originally limited to 50 devices but that was recently increased to 75.
 
On the mesh side, I would add they have device mobility designed in - forcing your mobile devices off one and over to the other for a better signal. Otherwise, it up to your device to decide and they typically hold the current WAP tightly. The company I work for does Wi-Fi and the first WAP by the entrance typically handles 50%+ of clients even though there are many more to be had closer.

Ubiquiti and newer platforms do have the mobility designed in but you may need to turn it on and configure it.
 
Here's a pic of the panel prior to being trimmed out (and drywall). You can see why it's not well setup for transitioning to a standard rack.

NCC.JPG
 
So first, a quick rant on wired vs wireless:
I have used a home NAS for many years now and for that purpose I have gigabit ethernet run to most stuff save for devices that are supposed to be portable. Wired is of course faster and has the advantage of generally being bulletproof reliability wise. GB wired is of course faster. However, in all the time I've been playing around with home networking I've only seen two... yes two situations where it's actually mattered. The first is obvious- copying files to/from the NAS, the second was streaming games on steam from my main desktop pc to a home theater computer on my TV- and that only fixed an occasional stutter in the game. I'd say for 99% of the people 99% of the time GB speeds aren't needed. Even you lucky people who have fiber internet service with 100MB or more rated speeds are probably never going to be seeing even half that speed on your local network side. Bottom line here is unless you're doing some heavy duty bit moving, wifi is probably perfectly sufficient.

My home network is... weird and largely put together the way it is due to unique location requirements. We have rural broadband via a directional wireless system, service is 2Mb. Yes, Netflix/Hulu/Amazon/etc all work at that speed but are often limited to 720p. Since the wireless service is line of sight I relocated the antenna up to the roof of my barn/shop which sits at a much higher point than the house. When it was on the house, the signal had to go through trees which resulted in the internet going down every time it rained. Having it up there gets me above the treeline and avoids that issue. As a result the router- a ubiquiti edgerouter is up in the barn. Barn is networked to the house via a 300' shielded cat6 cable run. I have unifi APs in both the house and barn and have just added another outdoor AP out on the roof. I'm soon going to be adding a wireless bridge to another building on property, the eventual goal is to have wifi across the entire 40 acre property which is entirely feasible. The reason this is a big deal is we don't get cell signal here either so wifi calling on our cell phones is our only means of communication. Having coverage in remote parts of the property is a huge safety benefit if nothing else.

I switched to ubiquiti gear last year after finally having enough of finicky consumer routers hodge-podged together and I really like it. Having the mesh network is HUGE when walking around property because I no longer have to deal with hopping between APs. I personally have been very impressed with the range I get from the ubiquity APs. With just the two basic indoor APs I could walk between my barn and house which are 300' apart without my signal even getting weak. YMMV I have one advantage in that being in the middle of nowhere I have no interference to degrade the signal only trees.
 
If you're real lucky, they'll be in conduit and not stapled to the studs.

This is the way.
The 2 houses I've bought have both had crawl spaces and both got hundreds of feet of conduit installed first thing after I bought them. Then I can deal with wiring as needed. The current house also has several runs in the attic as well to provide access on the exterior walls for the Internet connection, cameras and the garage. The only thing not in conduit is the runs to the 2 access points in the main house from a junction box in the attic, those I just lobbed the cable in the general direction of the access points, the attic isn't tall enough to crawl through.

moo11.jpg moo10.jpg
 
Late to the party but if a forever home and cable pulls are possible, ubi hands down. But not their mesh stuff. It’s usually terrible.

No way to pull cable, like here, Orbi is working fine. None of their hideous add ins, and not on the edge. Just dumb APs.

pfSense doing the edge and internal server chores like DHCP, VLAN split, etc.

Bypass the ISPs router always and forever.

For ubi, get a solid PoE switch. Injectors suck. If no VLANs, dumb consumer grade is fine. For VLAN get used commercial quality.
 
Late to the party but if a forever home and cable pulls are possible, ubi hands down. But not their mesh stuff. It’s usually terrible.

No way to pull cable, like here, Orbi is working fine. None of their hideous add ins, and not on the edge. Just dumb APs.

pfSense doing the edge and internal server chores like DHCP, VLAN split, etc.

Bypass the ISPs router always and forever.

For ubi, get a solid PoE switch. Injectors suck. If no VLANs, dumb consumer grade is fine. For VLAN get used commercial quality.

That's the big disappointment of the Dream Machine Pro to me. If those 8 ports just had PoE, it'd be perfect. I find it really odd that they didn't do PoE, since the vast majority of their gear is PoE.

I'm thinking hard about getting it anyway, along with a small PoE switch, and running cameras and WAPs from it. We have some of their highest-end cameras at work and they're fantastic, but way too expensive for home use ($449).

Does anyone have two separate Ubiquiti setups (ie home and work)? Do the mobile apps handle that situation appropriately?
 
Last edited:
That's the big disappointment of the Dream Machine Pro to me. If those 8 ports just had PoE, it'd be perfect. I find it really odd that they didn't do PoE, since the vast majority of their gear is PoE.

I'm thinking hard about getting it anyway, along with a small PoE switch, and running cameras and WAPs from it. We have some of their highest-end cameras at work and they're fantastic, but way too expensive for home use ($449).

Does anyone have two separate Ubiquiti setups (ie home and work)? Do the mobile apps handle that situation appropriately?

Yeah, it's quite a pity of the Dream Machine Pro. Not sure why it has 8 Ethernet ports if they're not going to be POE. I actually preferred the old device model with the Gateway, Cloud Key & Switch as separate devices. A smaller part of the network is affected if something goes wrong with a single-function device, rather than an all-in-one device.

I went from a v1 Cloud Key to a v2 Cloud Key and ran them both for a little while controlling 2 parts of my network. It worked fine - you can add additional controllers inside the app and switch between them. Same with the Cloud Portal - just select the controller you want (work or home), then click Launch, and they're kept separate. So I don't expect separate home + work controllers to be an issue.

Curious - what are those "highest-end cameras" that you have at work?

I find that the POE PTZ camera range still fairly limited. Not a lot of camera manufactures were able to adapt their old PTZ motor control designs to work with POE+ on 25W 802.3at, you have to use a new design. However, now that 60W 802.3bt is more widely available, that's probably enough power to drive most older PTZ designs, but I haven't really seen this materialize into products yet.

At the moment I'm using a bunch of Reolink RLC-423's. They're just ok. The PTZ control is fine, but the low-lightning mode isn't great, even with extra IR Floodlights. I have a couple of Hikvision turrets which run circles around the Reolinks in night mode - but they're not PTZ.
 
Awesome, @MonkeyClaw! That sounds very much like what I'm looking for.

Dream Machine, NOT the Dream Machine Pro, correct?

What specific mesh point did you use? Just one, or do you have multiple?

Sorry for the late reply! Yes, the UniFi Dream Machine (not the Pro). The mesh point I am using is the Dream Machine Beacon. The biggest downside to the Beacon is that is takes up a whole plug on the wall, so if you're wall outlets are at a premium, this won't help.
 
I really didn't look at the UDM Pro much. I don't have a rack and have no interest in getting one. PoE would be great on both the UDM and Pro, although I personally have limited use for it. As to ports (and PoE), I figure I can get a switch to handle them if required. I was trying to keep it simple but robust.
 
Curious - what are those "highest-end cameras" that you have at work?

The G4 Pros. They're 4K, optical zoom, all the bells and whistles, but they're also $449 a pop. Not something I'm going to be buying for home.

Sorry for the late reply! Yes, the UniFi Dream Machine (not the Pro). The mesh point I am using is the Dream Machine Beacon. The biggest downside to the Beacon is that is takes up a whole plug on the wall, so if you're wall outlets are at a premium, this won't help.

Aha, cool. This one, right? https://store.ui.com/collections/wireless/products/uap-beaconhd

If so, I bet I can find a spare outlet...

As good as their stuff is, and as many products as they have, I still can't find what I really want. The Dream Machine seems to lack the NVR capability, and I'd like to be able to replace my current outdoor cameras - Especially the Ring ones. The Dream Machine Pro has the NVR but doesn't appear to have any WiFi built in, plus it lacks PoE which is a major bummer as it pretty much requires another switch to be purchased to run the cameras. Either one would work for me if they had PoE, NVR, and WiFi all in one box. Bonus points if the Pro did actual load balancing and not just failover, because I'm having a ***** of a time with the cable Internet in our neighborhood with everyone working from home and/or watching Netflix at the same time.

But, right now I'm looking at needing the Dream Machine Pro ($379), a PoE switch ($299), a main WAP (say, the nanoHD for $179) and then a couple of mesh points and some cameras... And that's getting into real money.

What I'd really like to see is either a Dream Machine with NVR or a Dream Machine Pro with WiFi, PoE in either case, and then I'd be in good shape - I wouldn't need the switch or the main WAP then, it'd just be the "really a dream machine" with mesh points and cameras.
 
But, right now I'm looking at needing the Dream Machine Pro ($379), a PoE switch ($299), a main WAP (say, the nanoHD for $179) and then a couple of mesh points and some cameras... And that's getting into real money.

Looking at the cheaper options for WiFi only, the Dream Machine ($299) + a pair of BeaconHDs ($129 ea) would work... Or I could simply go with the AmpliFi kit for $340 and get essentially the same thing minus the security gateway and NVR, from what I understand.
 
Bonus points if the Pro did actual load balancing and not just failover, because I'm having a ***** of a time with the cable Internet in our neighborhood with everyone working from home and/or watching Netflix at the same time.

My USG has load balancing, so I assume the Dream Machine Pro has as well. It's not really worth it for a single user.

You can't e.g. split a Netflix stream or a large download across 2 connections unless the server knows how to handle it - which isn't the case for standard internet services.

So the use for the way Unifi does load balancing is only if you have multiple people at home that are all viewed different content.
 
Yes, that looks like the Beacon I have for my mesh setup.

I have to admit, I'm not sure what the point of the NVR is. I have a couple of IP cameras that store directly to my NAS. I can either watch them live from inside the house or via the internet while traveling. I can also view the recordings, but this is a function of the NAS and not the router. Is the NVR requirement based on the camera system? This is the first I've heard of it.
 
My USG has load balancing, so I assume the Dream Machine Pro has as well.

That's a negative, according to this review. :(

https://www.eva.nmccann.net/blog/unifi-dream-machine-pro-review

It's not really worth it for a single user.

It is if that user is ME! :D

You can't e.g. split a Netflix stream or a large download across 2 connections unless the server knows how to handle it - which isn't the case for standard internet services.

So the use for the way Unifi does load balancing is only if you have multiple people at home that are all viewed different content.

My internet is just going up and down all day long. Since Cable is a shared resource, you get too many streamers in one neighborhood and eventually they've chewed up all the available bandwidth for everyone. So I'll load a web page just fine one minute, the next minute it's glacially slow. I'm constantly switching back and forth between the house WiFi/Cable Modem and my phone's personal hotspot. It's really stinking annoying.
 
I have to admit, I'm not sure what the point of the NVR is. I have a couple of IP cameras that store directly to my NAS. I can either watch them live from inside the house or via the internet while traveling. I can also view the recordings, but this is a function of the NAS and not the router. Is the NVR requirement based on the camera system? This is the first I've heard of it.

Well, that would be one way to do it. My understanding is that the Ubiquiti cameras only store to the NVR portion of the CloudKey Gen2 Plus or the Dream Machine Pro. I am planning on putting a Synology NAS on the network eventually anyway, so that could be an option with cameras that support it. What cameras do you use?
 
It is if that user is ME! :D
I mean, it doesn't work for a single user. It load balanced traffic from multiple users, not really from one user. I would be willing to put down quite a bit of money to do.

My internet is just going up and down all day long. Since Cable is a shared resource, you get too many streamers in one neighborhood and eventually they've chewed up all the available bandwidth for everyone. So I'll load a web page just fine one minute, the next minute it's glacially slow. I'm constantly switching back and forth between the house WiFi/Cable Modem and my phone's personal hotspot. It's really stinking annoying.

Actually failover helps better for that scenario than load balancing. When you load balance, the link it use gets commited to at the time you make the request, it can't request one way, try-it, then re-request. So you're basically constantly at the mercy of the worst of the two signals. i.e. You'll speed multiple requests up to multiple servers, but it doubles the chance of a one of them failing.
 
Actually failover helps better for that scenario than load balancing. When you load balance, the link it use gets commited to at the time you make the request, it can't request one way, try-it, then re-request. So you're basically constantly at the mercy of the worst of the two signals. i.e. You'll speed multiple requests up to multiple servers, but it doubles the chance of a one of them failing.

I don't know if failover would work at all, though. The cable connection isn't always entirely going down, it just gets horrifically slow. To my understanding, failover wouldn't help if the connection was slow, only if it goes down entirely.
 
I’ve heard for prosumer trade multi-WAN, PepWave is the way to go.

Don’t own one.
 
I’ve heard for prosumer trade multi-WAN, PepWave is the way to go.

Don’t own one.

I have PepWave in my RV with dual LTE providers. It's awesome but I don't think their failover is necessarily better than UniFi. You always know it when there's a PepWave failover because you have quite a long outage.

A lot of the UniFi failovers I only know about because of log entries.
 
I have PepWave in my RV with dual LTE providers. It's awesome but I don't think their failover is necessarily better than UniFi. You always know it when there's a PepWave failover because you have quite a long outage.

A lot of the UniFi failovers I only know about because of log entries.

Good to know. Was a recommendation from a friend out here in the boonies to back up with cellular.
 
Hey, all you folks with Ubiquiti gear - Can I split different SSIDs onto different channels and/or VLANs so that I can keep, for example, streaming movies separate from my work and prioritize my work traffic? I think that may be half my problem.
 
Hey, all you folks with Ubiquiti gear - Can I split different SSIDs onto different channels and/or VLANs so that I can keep, for example, streaming movies separate from my work and prioritize my work traffic? I think that may be half my problem.

Yes, each radio supports 4 SSIDs which can each be on a different VLAN. Here is how to set it up:

https://help.ubnt.com/hc/en-us/arti...ith-UniFi-Wireless-Routing-Switching-Hardware

PS: Make sure to set up the Network as 'Corporate' - not 'VLAN Only'. 'VLAN Only' is for non-unifi APs.
 
Hey, all you folks with Ubiquiti gear - Can I split different SSIDs onto different channels and/or VLANs so that I can keep, for example, streaming movies separate from my work and prioritize my work traffic? I think that may be half my problem.

Yes but I don’t think the Ubi stuff will do the rate limiting or QoS stuff you want.

I’d do that up in the pfSense box here and don’t know what the Dreammachine can do, but the old server software wasn’t involved in the routing at all.

Something in the actual bandwidth stream would have the throttle for the movie LAN. :)

But it’ll do the VLAN splits up to 4 SSIDs.
 
He actually refused to do it until I proved to him that my power supplies can run on 240V :).
I volunteered on a light show project at a fire station for 10 years. (the park across the street has a long parking lot facing the station and adjacent park, so minimal traffic impact) We had 240v, 50A outlets with in use covers installed on both front corners of the building, and a pair of unistrut racks, each holding a panel with 10 gfci breakers, and outlets with in use covers. You probably could have just told him you were going to plug in commercial spider boxes that delivered the 120 volt legs.
 
Yes but I don’t think the Ubi stuff will do the rate limiting or QoS stuff you want.

I’d do that up in the pfSense box here and don’t know what the Dreammachine can do, but the old server software wasn’t involved in the routing at all.

Something in the actual bandwidth stream would have the throttle for the movie LAN. :)

But it’ll do the VLAN splits up to 4 SSIDs.

You can set up a User Group on a WLAN network (SSID), and then apply a rate limit on the user group. I've actually never tried it, but just gave it a go:

WIthout a User Group:
upload_2020-4-13_23-23-57.png

With a User Group that has a 25/25 limit:
upload_2020-4-13_23-34-51.png

Seems to work fine. Didn't even need to set up a VLAN. Theoretically you don't even need separate SSIDs for that either. You can specify User Groups on a per-device basis. But I can't get it to work immediately this late at night.

You can apparently set up real QoS on the VLAN side as well, but it requires .json-based config, which I don't think is available on the Dream Machines. It's available on the UCM though. In general, I wouldn't recommend doing the .json configs.
 

Attachments

  • upload_2020-4-13_23-35-2.png
    upload_2020-4-13_23-35-2.png
    27.9 KB · Views: 4
  • upload_2020-4-13_23-35-40.png
    upload_2020-4-13_23-35-40.png
    27.9 KB · Views: 4
Ya know, now that you mention it... our guest VLAN has a rate limit. So I should have known that! LOL.

But I didn’t set that one up. I tried to avoid giving guests WiFi. “Bring your own cellular data.”

Especially since most guests are vendors and I’m sure we’re paying them enough to stay off our network. LOL.

But I’m the end the guest network ended up being a nice place for employee BYOD personal junk, too. Attach your 5 year old unpatched phone to the main company VLANs upon penalty of death, firing, or at least torture. Ha. Bad enough you use that junk anyway... :)
 
Well, that would be one way to do it. My understanding is that the Ubiquiti cameras only store to the NVR portion of the CloudKey Gen2 Plus or the Dream Machine Pro. I am planning on putting a Synology NAS on the network eventually anyway, so that could be an option with cameras that support it. What cameras do you use?

Synology is my future plan too. My old Iomega NAS doesn't have enough capacity, is a pain to upgrade if I want to increase it, and I think they stopped supporting it 5 years ago . I have some Y-Cam HD-1080 cameras that I've been using for many years for the interior, saving video to the NAS. I'm actually thinking about moving to the dark side... I have a few Momentum cameras that save to a card and upload to their cloud service. I like the idea of off-site storage in case something happens to the NAS. I've looked for options like auto-upload to Google Drive but haven't really found anything (again, maybe a currently supported, modern NAS would help with that...). Also, I haven't found any doorbell or garage door cameras that allow local NAS storage and my old router was crap at updating my DDNS so when I was traveling I couldn't see the cameras or videos half the time!

For your bandwidth throttling, I have a guest network set up that I can throttle but that's about it. My needs are pretty small. I've heard of others who set up a separate IoT network to keep those devices from having access to the rest of the network but I haven't done it.

This is a great thread, I'm learning a lot!
 
All my important cameras store directly to storage on motion trigger, I don't have a pretty web front end to them but I've rigged up some code for remote access to view the most recent recording. One is a Dahua and one an Amcrest, I think I'll go with Amcrest from here on out, they seem to suck about 5% less. Both are firewalled off from being able to reach the Internet on their IoT network. I'm not sure about a doorbell plan yet, I'm thinking maybe about making my own with a Raspberry pi. Either way it's going to wait until the remodel of the door area so I can drop a POE cable.
 
It used to be that HP jet direct cards were the gaping hole that allowed malware to be installed in your network. More recently, to many peoples chagrin, network enabled security DVR’s popped up as even worse at having unpatched vulnerabilities and being internal pain points. Now HikVision is having issues with Chinese market cameras exported grey market to the US, and hacked up versions of the firmware installed to make them look like US versions. Then they die if you install the current US firmware. I figure that if firewall vendors occasionally get malicious code injected by their outsourced developers, all consumer network hardware is similarly subject. But out of sight things like security cameras, and crowd source things like many IoT solutions are likely particularly bad.

So at home I currently have the security cameras talking to a local blue iris server, and currently dedicated firewall port that blocks the cameras from outbound access, and severely limits the blue iris servers outbound access. In fact, I need to enable rules to allow windows updates or blue iris updates.

I don’t currently have any IoT devices to speak of, but am planning to set up VLAN interfaces on the firewall to separate them from the IP cams, and be similarly least privileges.

On top of that, I’m using pfBlockerNG to minimize the odds of any Command and Control traffic making it out from our general user segment, and any of the limited outbound access on the restricted segments.
 
All my important cameras store directly to storage on motion trigger, I don't have a pretty web front end to them but I've rigged up some code for remote access to view the most recent recording. One is a Dahua and one an Amcrest, I think I'll go with Amcrest from here on out, they seem to suck about 5% less. Both are firewalled off from being able to reach the Internet on their IoT network. I'm not sure about a doorbell plan yet, I'm thinking maybe about making my own with a Raspberry pi. Either way it's going to wait until the remodel of the door area so I can drop a POE cable.

I also have a few Amcrest's and a Duhua (and I also prefer Amcrest). Another cheap brand I would highly recommend is HikVision - their low light (no IR) sensitivity is amazing, I run 3 of my cams without IR and it's like daylight outside during dark moonless nights in places that I can't see 6 feet in front of me with the naked eye. You need IR cameras as well to get face details, but they are a great compliment. I also use a bunch of Reolink cameras because they're pretty much the only PTZ POE Outdoor camera, but not fond ot the image quality. I wish HikVision would do PTZ's on POE.

For an NVR I use 2 PC's running Blue Iris (Intel 8086k and 9900k - Blue Iris only supports Intel UHD GPU's for hardware acceleration) and each of them capture all 20 cameras redundantly. We can view any of the footage or live cams using our phones from anywhere. The Blue Iris license is dirt cheap - $70.

One of the PC's continuously backs the security camera footage up to a Synology NAS (about 250GB of footage per day). Then every month I archive the oldest footage to a 9 TB tape and wipe it off the NAS again.

I used to just archive my NVR footage to Amazon Drive, but you can't actually buy more than 30 TB storage from them. After I discovered that limit the hard way (argh!), it took me over 2 months to copy the whole 30 TB back from Amazon to my NAS. So I decided never again, and instead bought a HPE LTO-8 Tape drive and a 24-cassette robotic library - for a total of 216 TB online using LTO-7 M8. It's not exactly cheap, but it's cheaper than anything else that adds up to 216 TB, and of course I can take tapes out of the library and store them somewhere else.
 
Yes, each radio supports 4 SSIDs which can each be on a different VLAN.

Oooh... I just realized how I'd set it up: Parents, Kids, Guest, and IoT. That way I can keep those pesky IoT devices and all of their security holes locked away in their own sandbox.

I was thinking about audio today as well. I feel like I keep putting a band-aid on the system that existed before we moved in here. Having speakers in the ceilings downstairs is nice, but right now it's mostly being used by Alexa feeding into one of these via Bluetooth: https://www.amazon.com/Pyle-Bluetooth-Amplifier-Streaming-PDA6BU/dp/B01A6ND1LU

I kinda feel like I'd like to relocate things to a rack in the basement for that too. Right now it's all inside a cabinet in the dining room. Previous owner of the house was a really crappy DIYer...
 
I was thinking about audio today as well. I feel like I keep putting a band-aid on the system that existed before we moved in here. Having speakers in the ceilings downstairs is nice, but right now it's mostly being used by Alexa feeding into one of these via Bluetooth: https://www.amazon.com/Pyle-Bluetooth-Amplifier-Streaming-PDA6BU/dp/B01A6ND1LU
Have you looked at Sonos?

Their Amp or, now discontinued but still available on ebay, Connect:Amp are designed to drive existing speakers. Control is through the Sonos App (iOS or Android) or voice (Echo/Google).
 
Back
Top