I live in a house built in 1938, with thick plaster walls. These walls are remarkably good at stopping wifi. To compensate, over the past fourteen years I have added wifi access points and switches, and run ethernet lines to connect them. The resulting system was like some experiment involving chimps and alcohol in the main switching center of AT&T. Moreover, it barely worked. I had six wifi access points, five switches, and a router that couldn't keep up. Roaming in the house often required turning off wifi in the device and turning it back on again, often multiple times, and sometimes even fast sites loaded slowly. Netflix and Amazon Video would stutter in spite of a 100Mb incoming line. All of these ills have been gradually worsening as I added security cameras and smart plugs and other connected devices. Every family member has a desktop, laptop, tablet and phone and there are two media PCs. Even the sprinklers are wifi connected. All told, there are 57 active devices using an internet connection, wired or wireless, not counting the guest phones on the guest network. That was yet another problem -- the guest network only functioned near the main wifi router. Finally, the AT&T cordless phone often got interference from wifi, in spite of the fact that the phone operated on 1.8GHz, a different band than the wifi.
It was time to start fresh.
I had been eyeing a mesh network for a couple of years and came to the conclusion that a mesh network was the right approach, because it would make roaming seamless. The house is big -- over 100 feet from one end to the other -- with thick plaster walls on a metal lathe that seems to work as a Faraday cage, blocking wifi and cellular phone service. In the end, I chose the Ubiquiti Networks Unifi 802.11ac Dual-Radio PRO Access Point (UAP-AC-PRO-US). These handle both 2.4 and 5GHz and have three antennae in each unit. They look better than many smoke detectors. You can turn off the blue light. They require you to run ethernet cable to them, which means the backhaul is faster than if they try to communicate by wifi. When it is possible to run ethernet to the access points, it is much preferable to do so. The Ubiquiti units have a guest network that isolates your main network. The reviews are excellent. They are probably overkill in my application, but I wanted to make sure that I wasn't replacing them three years from now after another three years of frustration. These access points are powered by power over ethernet and come with their own power injectors. Special POE injectors are necessary because the units use a non-standard voltage; if you buy a commercial power over ethernet switch, it probably won't work with these units. In any case I don't have a significant reason to convert to power over ethernet at this time so was happier doing it piecemeal.
Ubiquiti units with the light off, and the light on
I was looking for access points with 3 antennae, ethernet backhaul, 2.4 and 5GHz, and decent reviews. There are not many options and most of the options are aimed at businesses rather than home use, like these units. These are arguably the best and even the cheapest units with that level of functionality. In contrast, units aimed at consumers typically do not have ethernet backhaul and most have worse reviews.
I started with a sketch of the house and a re-design of the network. The cable comes in at one end of the house, in the home office. This is a sensible place but a long way from the other end of the house. From the cable modem, I had a wifi router connected to a 16 port switch. Previously, an ethernet cable ran from the office switch to a switch in the basement, and that switch was connected to three more switches, to reach our master bedroom, the family room and a closet to which several security cameras and a wifi hotspot are connected. Most of the cables were cat 5. It was not surprising that the network had glitches as essentially I'd created three cat 5 (100Mb) bottlenecks as well as several switch handoffs. Moving files around the network potentially required a lot of hops.
I left the switches in the same locations but connected all four of the remote switches directly to the 16 port in the office, with new cat 6 ethernet cables. This meant a fair bit of crawling around in the crawl space of the basement, which has eighty years of dust and dessicated vermin in it, as well as requiring fishing cables through holes. Cat 6 is a bit easier to fish through a hole because it is quite stiff. In two cases I replaced cat 5e, probably unnecessarily, since it can handle the speed. Since I wound up with exactly 16 ethernet devices in the office, I upgraded the office switch to a TP-Link 24 port switch.
The office has a cable modem, EdgeRouter Lite 3, TP-Link 24 port switch, and Obitalk VOIP box
I did the job in three phases. In the first phase, I replaced six wifi routers with three ubiquiti access points, two at the ends of the house and one in the middle. One of the new Ubiquiti units connected directly to the main switch (although upstairs from the office, which is is downstairs), while the other two connect to remote switches. One of the wifi routers was the main router, and I left that in place in phase 1 to serve as the router, turning off the wifi from that unit. With this phase, I got the mesh networking working throughout the house. Some useful links are
Two important tips. First, don't install the Ubiquiti access point with the right side covered, e.g. by a wall corner, as you need to be able to insert a paperclip into a slot to release the mechanism, which requires a minimum of 2 inches of space. This seems like something that needed bigger print in the quickstart guide, where it is hardly mentioned. You can install them with the slot in any direction, of course. Second, I encountered a failure to add a unit to the network that was caused by a faulty ethernet cable. This was hard to diagnose because the cable let me see that the unit connected; just the management software didn't work. If you get a repeated failure, try a different ethernet cable just in case. In a second problem, I encountered "STUN Communication Failure." These failures just went away after about three minutes, but not before I reset one of the units and generally made a bunch of unnecessary work for myself.
In the second phase, I connected the four remote switches directly to the main switch, using two 100 foot cables and two 75 foot cables, where they had been daisy-chained before. I also replaced the cables to PCs connected by ethernet and to the shared drive using cat 6 cables. I had to order a bunch of shorter cat 6 cables, because I was connecting the power over internet boxes to switches (for which I used 1 foot flat cables), and also a few feet from the POE unit to the access point. It was reasonably delightful to see formerly orange lights on switches turn green, indicating 100Mb connections were now connecting at 1Gb, an in principle 10X improvement.
The back side of the office networking gear
In the third phase, I replaced the combination wifi router with the $50 EdgeRouter Lite 3. Coming from consumer-oriented routers, there was a lot I didn't understand about how to set this router up, starting with how to interact with it, mainly because everyone writing about suggests using a serial cable and a command line interface. For a home setup, though, you just plug an ethernet cable into it and can set it up with a standard web interface like any consumer grade router, accessed by URL 192.168.1.1. Moreover, there is a wizard to configure it for a standard home setup and this just worked. I set it up by connecting it to a PC by ethernet, prior to substituting it for the existing router, so that when I substituted for the existing router, it was already configured and ready to go. On Windows, this requires assigning an IP address to the PC; any address of the form 192.168.1.x will work. (Network and internet settings/status/change adapter options, right click on ethernet connection, choose properties, click on internet protocol version 4, choose properties, and then add an ip address like 192.168.1.100, subnet mask should automatically populate as 255.255.255.0, then set the gateway at 192.168.1.1.) One minor irritation is that if you configure anything, including a new non-default user, the wizards vanish; one must either run the wizard first or reset it to run the wizard. Some useful links:
Both of these make the job harder than it needs to be for a home setup. I just used the wizard and that set up a functioning network in one step!
These changes made a huge difference to wired mobile connections in the house. Many pages load essentially instantly, though of course pages with slow advertising remain slow. File movement to the shared drive (a Zyxel NAS 520, recently upgraded to be 8TB mirrored) runs at least twice as fast as before. Videos played from this drive do not stutter now, where before they occasionally did, enough to be annoying.
Six wifi routers now sit in a box with some cat 5 and 5e cables.
Two access points cover the house when I turn off the middle one, but coverage is strong everywhere, including the yard, when I have all three running. The Ubiquiti access points provide substantially better coverage than the Asus N66U, the TP-Link AC1200, or the Linksys wifi routers I had before. (I also had three MediaTek access points that performed about the same as the other consumer grade routers, not nearly as good.)
The guest network works everywhere as well. A problem with not using a mesh network is that the guest network winds up confined to a single router.
I like to manage the network, to see what is connected, and I missed my old Asus N66U router, which had died after a few years and been replaced by a TP-Link I'd previously bought on sale just to be an extra access point. The TP-Link lacked much in the way of management features, which is acceptable because it was inexpensive. Because I'd put in the Ubiquiti access points, I didn't need wifi in a router -- just router functions, so I spent $50 to get the Ubiquiti EdgeRouter Lite 3, to get a better quality router. A wifi router is a compromise because it combines router functions (sending packets where they need to go), access point functionality (a wifi connection) and a usually switch (4 ethernet connections on the back). In principle, splitting these functions into separate best of breed devices produces better functionality.
I assign static IP addresses to all of the devices that plug in regularly and keep a list of IP addresses, MAC addresses and device names in OneNote. There are now 57 devices that plug into my router through either ethernet or wifi from my family and all have assigned IP addresses. This way I easily check if something unexpected has joined the network. The ERL-3 makes this easy, and moreover, it is easy to do a full backup and restore of the router settings. I assigned about a dozen static IP addresses where existing programs depend on the devices having a specific IP, like security cameras and the printer, before even putting the ERL into use. Then I gradually re-assigned devices to IP addresses. Because I do this in blocks I sometimes had to clear IP addresses, which is done by using the command line interface, available in the web app (CLI). It is a bit klugier than doing the same thing in an Asus or TP-Link router, but not much. We use OpenDNS to help prevent malware and sending all internet traffic through OpenDNS was as easy as with a wifi router intended for the home.
I ran a couple of network security testing programs, like Shields Up and Shodan, to insure that I hadn't inadvertently left a major security hole, and the ERL-3's default (wizard) setting passed them all. Overall this was a great solution to a first world problem.
Posted Jan 5, 2018.