Home Networking with UniFi

When we built the house I was thinking of getting a Amplify or a Google mesh wireless network. I figured, I’ve lived with pretty low level consumer routers all my life, wireless mesh is as much as I need.

But upon researching a little more, I actually decided to lay Cat-6 cabling. The only regret I have now, I didn’t lay enough cables.

I wired the house for 8 points throughout and seperate cabling for 6 CCTV cameras.Then there were 2 seperate nodes for phones. Schematically I have three seperate networks inside my home.

As the build didn’t have a home office, and only a study nook for me, I ended up terminating the data in the garage and my CCTV wiring terminating inside the house, but under the staircase closet.

Given that I had wired the house for data the mesh network didn’t seem enough So I started researching about possible equipment and set up for a slightly better network. One equipment brand kept coming up, UniFi.

The recommended setup was pretty straight forward.

  • UniFi Security Gateway (USG) was the main component. Think of this as your router. This has a WAN port and one LAN Port and a third dynamic port. So you can essentially create two networks if you require, or you can plug in two WAN’s (this I saw on the one of the discussions). I have configured it to have two LAN’s one for data and one for VOIP.
  • You could run the management software on a VM or a local machine, but I opted for the UniFi Cloud Key (UCK). This is the web based management portal for your network. The UCK can be powered separately or by POE.
  • You will need a wireless access point. Since I didn’t have CAT6 running on to the ceiling I opted for a couple of In-Wall Access Point (IW AP). These are again POE powered and for taking top your network point on the wall it has two network points (one powered and one passive) apart from WiFi.
  • As there were a few components that needed powering, such as the UCK, IWAP’s and any future needs, I opted for a 8 port Managed PoE+ Gigabit Switch with SFP. This was a little overkill for what I had initially but it also gives me some room to grow.

National Broadband Network (NBN) which is the network infrastructure owner in Australia and the type of connectivity you get is dependant on where you live. I had internet through Hybrid Fibre Coaxial (HFC) which was the network laid out for cable TV. The connectivity is decent with 100/40 Mbps.

NBN gives the Network Termination Device (NTD) and the ISP gave me what they called the Gateway Max, which has their PPPOE details pre configured. Also they have a 4G SIM in it so for any reason if the wired internet connection goes down you are supposed to have a 4G back up. Thirdly with NBN your phone line becomes a VOIP phone line and this configuration is also preconfigured in the gateway.

The thing that sucks about that ISP is that they are extremely hesitant to give you the settings for you to configure on your own devices. Their technical support basically acts dump and says they don’t know. Or that they cannot divulge that information. The only advise they can tell is to plug their gateway to the NTD, and to plug the phone and any wired devices to the Gateway.

But scouring though a few tech forums I managed to find the PPPOE information. So my set up was as above:

NTD -> USG -> Switch -> IWAP for Internet.

This has a WAN port and one LAN Port and a third dynamic port. So you can essentially create two networks if you require, or you can plug in two WAN’s (this I saw on the one of the discussions). I have configured it to have two LAN’s one for data and one for VOIP.

Since I couldn’t find the VOIP settings I ended up bridging the Gateway Max and plugging it into the LAN 2. This dibbled the 4G backup option but I was happy with that. The Gateway max also had this thing where your gateway will act as a public hotspot for the ISP’s public hotspot service. Creepy.

By bridging it I avoided all that and just used it to connect to the VOIP network. Which didn’t prove to be very successful as the connectivity will lose from time to time. Thank god I wasn’t relying on the land phones.

Then I had an issue with that ISP a few months down the line. They disconnected my internet, due to an error in one of their systems, and were telling me that they will need 14 working days to reconnect me. Naturally I was pissed off and used this opportunity to Switch to Aussie Broadband. I can’t praise these guys enough. With my previous ISP I was getting about 80% of my capacity; With these guys I get around 90% of my capacity. For the same price I get a static IP as well as tech support that understands and supports our choice of hardware.

When I told them the equipment that I have they didn’t even propose a router. They just gave me the settings to configure into the USG.

The only thing they sold me was a Cisco VOIP to Analog Adaptor (ATA) as my phones were analog. If I had VOIP phones I wouldn’t have needed them. I would love to eventually get some UniFi VOIP phones and get rid of the ATA.

WiFi

The nature of the homes today is that you are going to end up with a ton of devices connecting to your wifi. Phones, tablets and IoT devices. I strive to connect as many devices as possible wired into the network. On my office desk I have an 8-port switch which creates a local network for the devices on my desk and they connect to internet through two network ports on the wall.

Similarly in the lounge room there is another mini switch connecting the consoles, the set top box and Media Player.

But ay any given time I have about 30 devices connected to the wifi network. I have split the load across the two floors by having an access point in each floor.

And the IW-AP is smart enough to keep devices on the best channel. I have relegated some IoT devices to the 2.4 Ghz band to keep the 5 Ghz band more for streaming and computing devices.

Cameras

For the cameras I decided to go with Hikvision dome cameras which were cheaper than the UniFi cameras. To go with them I also got a HikVision Network Video Recorder (NVR) that also powers the cameras through POE. I have 4 TB of hard drives in a RAID config to record the videos are I am in the process of setting up a cloud backup for the video feed. The cameras are set to record on motion detection.

I ended up connecting the NVR to my data network in order to allow remote viewing of the cameras through the Hikvision apps. You can open up just the ports you need though the UCK’s firewall rules.

And you can pretty much control your home network remotely from anywhere as long as the internet connection is active. Because the UCK can be accessed via their portal or via the iOS app.

Switching to SLT broadband

Switching seems to be a recurring topic on my blog these days. Hopefully this will be the last one in this series.

I switched ISP’s last month. As much as I was happy with the consistent service provided by my previous ISP, LankaBell, they were expensive. I was signed up for a 2Mbps connection and I was getting more than 1 Mbps consistently. Consistency is the key here, as my 4Mpbs line at work, doesn’t seem that fast, the speed is volatile and it does have a great impact on the actual throughput when you are using it.

Anyway, I was happy with the service but not with the price I was paying for it. And since SLT came up with their new broadband packages, promising minimum of 2 Mbps and maximum 8Mpbs speeds with a capped monthly usage quota, I was itching to switch. Only thing I wasn’t sure about was whether I would exceed the quota of 20 Gb per month, and whether the stated speeds would be practically available given the fact that this is shared bandwidth.

However, I faced a third dilemma. When I applied for a connection, I was told that the area I was living in was running at full capacity and that I would have to wait, indefinitely until they can activate my connection.

After about a month they did, and I managed to set up my home network using some old equipment that were in possession. Immediately, I faced some volatility issues. My connection kept dropping and it was hard to get anything done. I often kept switching back to my old LankaBell connection, in order to complete my work (I ran both connections in parallel for about a month, until I got the bill from LankaBell for another month!)

Then one day, I just turned off my LankaBell connection, and used the Wireless N router I was using with it as a Wireless N access point, and all my network stability issues vanished).

Now I am completely on the SLT broadband connection. I disconnected my Lankabell connection and they even removed their equipment. Personally for me, my Internet connection is second only to the power connection in terms of need! So far SLT had not let me down. And I am keeping a mobile broadband connection as back  up in case if something goes wrong. I am happiest when I get the bills. This connection costs me only 1/3 of what I was paying before!

SLT filters web access

Sri Lanka Telecom has started to block web sites. I think the idea would have been to block out pornography related web sites as there was a new law which was passed in paliament which banned pornography from computers and mobile devices. But in the process SLT has blocked out access to all the domains I own.

I have a couple of domains of my own and another few I manage on behalf of my clients which are mapped to Google Apps for email hosting. These domains have sub domains mapped to enable web access. And now none of these domains can be accessed through their domain names. Luckily for me, as these are google hosted applications, there were alternate URL’s through which they can be accessed.

SLT’s official position has been that SLT IP range has been blocked out from google. This is a bit hard to believe since there are a lot of non google sites that are non accessible as well.

Whatever they were trying to do, SLT should hve done this move more carefully. If they block out a clients email acces in this manner the losses could mount to collossal amounts. In this day and age, cutting off access is the worst kind of outage that can happen to a business.