Independent Wifi Setup

Good Day All,

Been waiting for my ZWA-2 to arrive today before making the switch over from Homeseer. Booom, its arrived and, only set up a few Zwave devices so far but, it seems to find devices easily, setup was a piece of cake, and so far happy.

Im running HA on a Dell Optiplex with the HAOS installed.
I have a number of wifi devices as well, so I was wondering if I could get some help with setting up the wifi.

If possible, I would like to setup a separate wifi to my main wifi for a number of reasons 1) Prevent Interference, 2) Better Security, 3) Limit issues if the ISP Wifi goes down, etc.
But I would also like it accessible from outside of my local network, so its going to need to connect to my main router as well some how.

Now, I’m not brilliantly technical with this kind of stuff, so if anyone can help with a fairly concise set of steps I would be hugely greatful…to quote a line from Margin Call “Speak as you might to a young child, or a golden retriever”

Many thanks
Russ

Start by telling you current network/wifi hardware and country

Short answer to your question.

Add wifi router
New router WAN connects to LAN port on old
Connect devices to it
Port forward from old LAN to devices in new router as needed

Thanks for the reply.

So I’m based in the UK
Current network is the standard ISP configuration, which is Virgin as the ISP then the Wifi is provided by there Super Hub 5 router.

I have a couple of spare routers lying around I can use for the HA setup. They just weren’t, 1) ASUS AC3100 and 2) TP Link Archer VR2800. I’ll probably go with the TP Link.

Couple of question on the back of your reply,

1. Do I need to assign an IP address to the HA router or leave as DHCP?
2. Do I need to select specific channels of both the primary router wifi and the HA router wifi to prevent interference (any other settings need adjusting)?
3. Should I turn off 5Ghz on the HA router, or do some devices need it?
4. Does the HA host PC plug in to the secondary HA router or the primary ISP one?

Cheerrs
Russ

Let’s first talk about the reasons:

1). Adding a second wifi can actually create more interference. There are a limited number of WiFi channels and the frequencies these run at over lap with their neighbouring channels. Basically only channels 1,6,11 do not overlap, so if you set your ISP WiFi to channel 2 it will interfere with Channel 1.

2). Just adding a second wifi is not going to change the security as connecting to the WiFi will still just require a password.

3). The ISP WiFi is provided by their router which sits in your premises and hence will not be affected by things happening outside of your home. Yes, the ISP router can fail but so can any other WiFi router / Access point you install.

So, in essence if you have good WiFi coverage from the ISP router in your house then just stick to using that. If you do not have good coverage then you ideally should look at a Mesh system.

With that said, if you really want you can run multiple Access Points on a single network. First, login to the Virgin Hub5 and go to the WiFI settings, set a suitable SSID and Password for your LAN. Ensure the wifi channel is manually set and set it to one off 1,6,11 - I would suggest you use a WiFi analyzer on your mobile phone to see which off those has the fewest access points at the spot where your router is.

Next, configure the TP-Link Archer so that it will be used as an access point. You should disable DHCP and give it a static IP Address for the LAN - you will not be using the WAN port at all so should be able to ignore those settings. Set a suitable SSID and Password for the WiFi and ensure you do manual channel selection choosing a different channel to the Virgin Hub5 but still one off 1,6 or 11. Finally connect one of the TP-Link Archer LAN ports to a Virgin Hub5 LAN port via ethernet.

This will give you a single flat network but with separate SSID’s and Password for connecting devices to. As a side note, you can connect any device to either WiFI, so you could potentially just give them the same SSID and Password which will allow devices to connect to either and is a good way to extend the range of your WiFi cheaply.

If you want to add security then you should look at a VLAN capable router. This can be as simple as OpnSense / pfSense running on a small NUC or Unifi UDM Pro. You should then look for VLAN aware access points creating at least 2 separate SSID’s - one for the LAN and one for IOT. You would need to put the Hub5 into modem only mode which means it will provide the ISP assigned IP address to the router behind it.

Whilst that will work, it will introduce double NAT.

Thank you for the reply.

As I mentioned, I not overly knowledgeable of all things networking/wifi so definitely appreciate the criticism of my plans.

Your comments definitely make sense, so maybe I’m over complicating it (or over worrying about my initial points)

If I stick with a single Wifi network, do users of zwave & wifi home automation suffer any interference issues, or is it pretty stable?

It would certainly make things easier if I stick to the virgin net work.

While on the subject, your right, my house does have some signal issues in its extremities with wifi signal. So I had been looking at maybe getting a mesh system.
Is there one that you recommend that isnt silly cost?

I think the Archer had good range, but I could never get the speeds to be stable when linked with the virgin router (although that was the older Hub 3 that I had tried back then)

Cheers

Russ

WiFi runs in the 2.4Ghz range, whilst Z-Wave use 900Mhz so the two should not interfere with each other. However, neighbours could be running within similar ranges and cause interference.

You seem to like TP-Link, so I’d suggest looking at the TP-Link Deco - look at the X10 which is Wifi 6 and should be fine for your needs. When the price of WiFi 7 drops you can add BE65 devices whilst still keeping the X10’s running.

If you do decide to go with the Deco’s, I would suggest you switch your Hub5 to modem mode and run the Deco in router mode. The Deco’s will allow you to create a separate IOT Network, so you could use that for Home Assistant and all your IOT devices.

The only downside I see with the Deco’s is that you cannot manually specify WiFi channel - although this shouldn’t be a problem for you.

I explicitly do NOT recommend deco because of this fact. It’s hell on Zigbee networks when it auto switches wifi channels unexpectedly. Yes it happens. I’ve fixed three busted zigbee networks in the last year because of that da** router. And to link should be ashamed for not exposing that.

Id pick something that you can pick and LOCK IN the wifi channel. That’s not Deco. I’m not upset about doue nat if voip or gaming aren’t involved. I’d double nat before picking a system I can’t control.

Most everything else I agree with. Just adding a new wifi willy nilly is asking for trouble. I home automation adding something doesn’t necessarily make things better.

I agree the auto-switching can cause problems, hence I mentioned it. However, I have never had a problem creating a robust Zigbee mesh whilst running Deco’s - the key is to see what other networks are visible and set your Zigbee channel to one end of the spectrum (most of the time I just use channel 25 for zigbee).

That’s the problem m in all three I fixed. Someone ELSE moved in with wifi and it switched in response. Nope. Not deploying something that can and has proven it will do that.

Certainly not tied to TP Link, as used Asus in the past as well, so open to what ever is recommended, although I do read TP are pretty robust and stable.

I dont have any Zigbee devices, and dont currently have plans to utilise Zigbee at the moment (weather that changes I can not say)

I can understand not planning zigbee. Neither did the people I helped.

(Yes im really salty about tp-link not providing basic controls they should not saddlenusers with that problem when it’s purely an ‘ease of use decision’ unfortunately that decision os not ‘pretty solid’ I’m ok with the company but whomever made the decision to hide critical functions in wifi needs to be fired. And they need to change thier firmware before I recommend it… Don’t buy a deco.)

I too am salty with TP Link and agree with not buying a Deco.

On a separate note, it feels like the thread has deviated a bit based from the OP’s questions

This is the correct way to do it if you really must. Get a router like the Ubiquiti UCG Ultra and as many Unifi wired access points as you need for your property. You can then set up multiple SSIDs and VLANs on the same radios, so no interference.

If you can put your ISP router in bridge mode (so it works just as a modem) do that to avoid double NAT. It’s not the end of the world if you can’t: my church system has a Sky router (which also does VOIP) then feeding an old USG-Pro-4 router that is the real front-end for my networks.

If you’re not technically inclined and don’t have any interest in learning, I wouldn’t bother splitting it at all. I’m experienced with network setup and have set up VLANs in the past but my home system is all on one network. I’m just careful what I put on there and how the firewall is set up.

Botching it with multiple routers (which are actually gateway + router + firewall + access point all in one) will likely make everything worse and lead to confusion.

Same here! I use a managed network switch and went down the VLAN path. Overkill in my opinion and reverted to one network.

I vlan off my homelab segments. The stuff that’s ‘server’ but my main home segment with HA is flat.

I understand ‘more secure’ with segmentation. But man if you don’t do it right you could end up with something worse than you started with. It’s way easier for me to stay on top of updates, not click random crap, use passkey and have a flat network.

My house does have hard wired CAT6 point in most of the rooms, so that’s useful.

Just looking at both the Asus RT-AC88U (AC3100) and the TP Link Archer VR2800 I have lying around, both seem to support VLAN (the Asus has OpenWRT flashed on it), so could I utilise those or do I need a proper dedicated mesh setuo?

Excellent.

Again, great.

Given the above, why go for mesh? Mesh is a workaround for not having decent wiring. Pop wireless access points in selected rooms connected straight to the router and you get maximum performance.

Agreed, mesh setups can easily throttle the available bandwidth and slow network response times.

OK, apologies for not being up to speed on this. So is a Wireless Access Point different to a mesh?
If so, what do I need to get for an access point?