Private Router suggestions

Hi all
I am building a house and i will use home assistant. I read a lot and listen to many videos. I can say that i was a bit confused so i decide to ask here the experts and start building step by step the automation.
So my first question concern’s the router. My idea is to use a private network for start with 3 or 4 wired access points. I need some ideas with a logic cost.
I will start the electrical wiring by the end of October and untill then through your help i will try to determin what cables are needed. There is a general plan of what i want to do but i don’t want to write everything at once and complicate the post. If additional info are needed for suggestions about the router, please let me know.

No clue on your build size. But if large, get the highest rated mesh system when you are ready to purchase.

If smaller, get the highest rated router when you ready to purchase.

I know you are only five months out and feel it is time to decide. That is great for wood and concrete. Not really for electronics.

But planning ‘how’ to do it works now. That is why I mentioned both mesh and single. You can plan wiring now based on those scenarios. But, not products … in my opinion.

I have a large house +4000 sf. I use unifi dream machine for the router. This comes with 2.5gb Wan connection and 1gig rj45 ports. With a couple of unifi switches and 4 AP. The house came with structured wiring and I have FOTH. The structured wiring all terminates in the basement. I also have a media room in the basement, and this needs to be considered in home assistant as well. The other things to think about are camera placement for visual security and whole home sound.

Also on motion sensors, how will they be powered and where do you want them. I have too many battery powered sensors that require too much maintenance. Also will you mount tablets for control.

Hope this gives you things to think about to make your life easier when you start construction.

The gold standard for home systems these days is the Ubiquiti Unifi line. This is probably overkill for most/many, but if you are looking for a full featured system that will cover almost any home automation scenario (including multiple camera streams) this is worth considering. A step or two down (in my opinion) would be the TP-Link Omada line. Both Unifi and Omada feature access points and switches that are separate from the router itself. The next step down are the commercial systems where the router, switch and access point are all in the same box, though with the capability to add additional access points via mesh technology.

Make sure you have a central networking closet in the home since you are building new and have ethernet (may as well go all CAT6A for that 10Gbps backhaul for devices that can take advantage of it) ran to each location where you will want to have internet. do at least 2-4 cables to each room based on total devices so that you have a backup run and can use smaller unmanaged switches in those rooms for expanding to more wired devices as you need back to the closet.

From there you are looking at having at least 1 cable run via ceiling so that you can install your access points if you go for systems like unifi or omada. (some have options to have wifi AP’s via the wall sockets if you want them more hidden if you don’t want to have one ceiling mounted).

For placement of the APs use the unifi planner tool once you upload your building plan with the rooms so that you can have a better idea of how many and where you will need them.

If you will also be building another smaller place say at the back that is further out then you can also plan for either a fiber run directly to there or use a point to point AP setup to bridge the locations based on distances involved.

Virtually all consumer and ISP-provided routers will crap out after 40-50 clients. It’s a matter of memory limitation.

When my home network (Verizon FIOS) was really getting flaky with somewhere between 50-60 clients, WiFi clients would randomly drop offline and new clients couldn’t connect. I tried two replacement routers because FIOS tech support were clueless.

I decided to scrap Verizon hardware altogether and I selected the TP-Link Omada series of hardware. (Omada is the budget competitor to Ubiquiti- roughly half the price for the same performance.)

My network has been rock-solid for the past year and grown to over 100 clients.

My hardware:
ER-7206 Router
OC-200 Omada Hardware Controller
EAP-610 Access Point (2)
EAP-615-Wall Access Point (2)
TL-SG1210P 8 Port Gigabit PoE Switch
TL-SG1005P 5 Port Gigabit PoE Switch (2)
TL-POE10R PoE Splitter

• There is a cheaper Omada router, but it has the same memory problem that consumer routers had.
• The OC-200 is sort of redundant. I started with running the controller software on a Raspberry Pi, but I needed the Pi for another project, and the OC-200 was cheaper than a new Pi.
• The PoE splitter is for futureproofing.

A big plus is that the Omada users’ group was remarkably helpful explaining things to me. Like the difference from a device and a client.

Do you mean in wall models or the mesh repeaters?

The in-wall units basically mount into a single gang box and connect using POE/ethernet

The mesh repeaters plug into an AC outlet.

I would go with in wall or ceiling unless you plan to move in next 5yrs and want taken with you.

Unifi USG is good router.
The newer Unifi express is also good and integrates an access point and allows expansion.

You should not outgrow either of those 2 router and if you do I would dump unifi as a router and go with opnsense or pfsense. The larger unifi routers are nice, don’t get me wrong, but they are greatly overpriced and Unifi is always on the cusp of vendor lockin and en$$h…you know. Buying the entry routers is easy and their price allows you to walk away at any point. The higher end units lock you in once you buy and honestly you can get a used or new PC for 1/8 the price. Install opnsense and get better or matched performance. You will lose “single pane” ui and there is bigger learning curve but it’s worth it (to me…not for everyone) and unifi switches/APs still function same and use unifi ui.

Havent used Omada because I have unifi switches(locked in) but I hear good things about the brand.

The in wall models that they offer. Really comes down to budget and overall choice to expand with based on whats in stock at the time.

But the backhaul is the more important aspect here with the new home so it can be done the right way from the start.

Hi all
I understand that is difficult to suggest something without having a knowlidge of what i will need so i am posting my concept as detailed as can be done. I just want to let you know that i am electrician with plc and microcontrollers programming knowledge (self learner).

1. In the middle of the house i have a room dedicated for all kind of house installations(water,electrics,media,heating,sun energy)
2. An old laptop will host HA and ESPHome.
3. 2 AP inside the house and 2 outside.
4. About 4 dashboards wired.
5. All switces zigbee or zwave and lights wired straight to the room.
6. Sensors communicate with ESPHome so power wired i want to avoid batteries. I assume few motion sensors, temperature, humidity.
7. Media will be a pair of speakers in 3 rooms, one in kitchen, a pair outside and a system 4+1 in living room for movies.
8. Fire alarm in 3 rooms heat and smoke.
9. Alarm on windows and doors, PIR about 4.
10. CCTV PoE, i think no more than 6.
11. Outside irrigation system wired
12. Garage and sliding entrance door probably PLC?
    This is my plan. I hope is helpfull to help me choose the router and the AP’s. I want to buy it as soon as i can to start playing with the system in my old house to get some kind of knowledge.

Hi thank you. I posted more details about what is my plan.

Unifi AC mesh are trash indoor and outdoor
Unifi Swiss Army Knife work great indoor and outdoor

I used both uncovered in direct sun and had no failure. The AC Mesh just had poor connectivity when meshing. Swiss army knife in same location worked like a champ. Indoor clients had poor connectivity to AC mesh. Again, Swiss Army Knife same spot no issues.

The standard indoor APs all work well.
In wall units are low cost, amazing and have ethernet output that is vlan aware. Great for office.

No clue about other outdoor units

If you have several devices in an area maybe add switch there. Wire has high cost and (x3) 100’ runs cost more than a 8 port pie switch. There’s convenience in having several strategic placed switches

My main 24 port switch is in furthest point of my home. I add (x4) 8 port unit.

• 1 in area with several game console and media device so I can hard wire high bandwidth units and due to fact it was long wire run to very difficult space.
• 1 at central point outdoor. Many outdoor camera, AP and device connect here
• 1 at barn outdoor
• 1 in lower floor area of home. Main switch is not central and best space for gear but worst spot to get wire from lower floor.

In 90s everyone ran coax all over home for home theatre at huge cost. HDMI came and made it useless and WiFi came and made it completely silly. Run highest CAT ethernet you can get but I wouldn’t go crazy. Ethernet to every room may be much if your thinking that.

DO NOT use an all-in one router for the reasons mentioned below. Try not to use cloud based connections within HA integrations, only local. I prefer WiFi only and have avoided zwave and zigbee, although I am stuck with these 2 that are not local:

1. 66 Yolink devices that use LORA and talk to two Yolink hubs I have in the home - mainly because yolink is the only integration for sensors thaty I can find that works with HA that also has a 24/7 monitoring service available, which can be turned on or off by device. For leak and fire, I have the monitoring is turned on all the time, so I get a phone call and then if I do not answer the authorities are called. My wife nuked a potato twice and because of the loud smoke alarms we did not hear our phones - the fire department was at our home in 5 minutes. The yolink hubs must be connected to the internet with a wide-open connection that is not using a VPN. Te connection to their servers uses MQTT with an always open connection to their servers for speed. They do have an experimental local hub (I am a trester for them) that is matter-based but it is still a work in progress.
2. I replaced all of my air conditioning/heating vents (11 of them) with FLAIR vents. The integration unfortunately is cloud based. I cannot find any manufacturer that uses a local - only based integration in HA. There are some DIY solutions but nobody has perfected it in my opinion. A long term home automation bucket list item of mine is to rip one apart (maybe when I am retired and have the time) and replace the guts with an ESP32 or the like to make it local.

Other than the Yolink (66 devices) and Flair (11 vents) I have about 150 WiFi devices (sensors and networking equipment) and my system handles the load with no issue. An all in one router would collapse under that.

I also went with Omada for the lower cost. Although if someone has the funds to do a new build, Unifi would maybe be the way to go, although I heard they have had some disastrous firmware updates in the past. Here is my Omada equipment:

OC300 Controller*
ER707-M2 wired (only) router**
TL-SG2218 Switch***
2 EAP610 WAPs
2 EAP225 WAPs****
2 ES205G switches*****

“*” Go with this instead of the OC200 as there is an option to share the router porocessing load with this controller. The Omada SDN software is fantastic. All of the data and how your network is working is anaylzed to death in every single detail you can image - traffic patttersn, etc. Perfect for tweaking for best performance.
** The 8411 is the next steps up and I would suggest that. Only use a wired, not wireless router. The machine should be dedicated to it’s sole purpose - all in one routers always eventually collapse under the load of trying to do too much at once.
***This has only 16 ports; you may want more
****Get all WAPs in the 700+ series
*****These are very smnall L2 only switches but adhere to the Omada paradigm. I have these in a couple of remote areas at the other end of the network so that I can set a couple of their ports to my IOT VLAN only, for wired devices on that end oif the network. This is very handy. I am not sure if Unifi offers a switch this inexpensive and small that can still be controlled by a central controller (these are with Omada).

Hard wire ethernet CAT6 to every WAP without exception. Mesh works sufficiently in some cases but if you can avoid it always do so.

As you will most likely be getting cameras with your HA setup, go with a NUC for the HA install and be sure not to forget having ethernet wiring going to every place you want a camera as well.

(P.S. For the Omada setup, be sure to set it up so that the controller is NOT connected to the cloud for your external access to it. It is convenient, and Omada is now a US company to try to avoid this, but they used to be a Chinese-based firm and the cloud servers used to be in China (thereby controlled by the CCCP).)

Here is a map of my setup:

image1442×627 91.1 KB

There is one mistake in the above map (but everything is functioning properly), and it is being fixed in a firmware update - the Den EAP610 WAP is actually plugged directly into the router. I do not know if Unifi offers these maps.

A few years back someone tried to steal my identity, so I went a little overboard with security. My internet connection to the outside world for all devices is through a randomly rotating set of a pool of 10 VPN tunnels (5 each from one of two VPON service providers), and I made sure the VPN provider’s headquarters are not in any 15-eyes country, and the cities I pick for each tunnel are also not in any 15-eyes country. Since they are pooled together I do not lose any connectivity if one or more of the tunnels go down. Also countries where there is lack of freedom or the government is non-democratic or corrupt - are avoided as well. I have some devices and some VLANs going to the internet this way, and specific other devices I do not use the VPN. Controlling this centrally has the added benefit that you do not have to have VPN software on any of the devices. The OC300 has MUCH more throughput for VPN connections than the OC200. I am not sure if Unifi can do this.

I am a HUGE fan of Shelly devices. They are outstanding.

DO NOT use the nest thermostat, it is a headache to set up the integration and no matter what it is cloud based so if you try to adjust your thermostat from your phone, no matter how robust your internet is, it is sometimes “offline” (also because of the google servers maybe being down). I use one through local only, it is the Ecobee Thermostat Advanced, model #ECB501. I had to get local control through the HomeKit integration for HA, but it is still local. It has been bulletroof. I bought it through my utility’s online sotre so I got it at a big discount.

I use the HA Adguard integration and that allows me to strip out almost all ads from my internet browsing.

Good luck and report back with the final setup!

The 707, like the 702 that I first used suffers the same limitation of RAM in the gateway.

Unfortunately, the consumer “router” is really a 3-in-1 consumer device that hijacked the name ‘router’. It does three things: gateway, switch and AP. None of them very well.

router781×467 95.8 KB

I try to use the correct terminology, but “Router” = Gateway+switch+AP

A managed switch is WAY OVERKILL for a home network. A segmented network is fine if you want to keep the marketing department separate from the engineering department. In the home a Vlan is more than sufficient, and still a bit of overkill.

this is more of a cost/risk decision.

managed switch allows assigning vlan to port I believe.
without that a device on a port can simply break out of whatever vlan you have assigned it to since it can see all network traffic.

Some areas I used unmanaged simply because its what I had available. Eventually I moved to managed for convenience. I could assign vlan to port and dhcp would put device in desired vlan vs I need to get device mac and assign static IP in correct vlan. Managed switch also gave ability to cycle power on POE port.

I’m a big fan of wired connections. I’d suggest wiring every room and all exterior doors. This will future proof your house. You probably won’t use all of it, but no one can predict the requirements of future technologies. It’s faster and more reliable than WiFi. On a paranoid health note, WiFi is RF energy. While low power, a lot of low power adds up.

Cat 6e cable is less than $300 for 1000’ This is probably enough. Be sure to get solid copper. Copper cladded aluminum is a lot cheaper, but: a) you can’t solder to it; b) it corrodes if there is a nick in the cable; c) doesn’t always make a good connection to the connectors/punch down blocks.

If you’re not going POE or 1Mb, you can use the two spare pair for telephone or window/door sensors, IR-wire-IR extender, etc. Or a future technology

A wired mesh backhaul improves mesh WiFi networks.

All my security cameras are wired and on an air-gapped network. WiFi is more easily hacked than wired.

If you do decide to run ethernet cable, you might also consider running coax, too. I don’t have a good justification for this, it’s just that when you have the walls open, it’s a lot easier to run cable.

There’s a lot of good discussion on routers here. I added a ubiquiti U6plus AP to my network because of the number of WiFi connections (I use a lot of ESP8266’s). It works well, but getting it to work is a bother; I had to load the configuration program onto my computer (which requires and user name and password and soon will be two-factor security) just to set the SSID and password.

I look forward to following your progress.

-OSD

Looking at my usage, the ER707-M2 is only using about 12% of it’s memory - so not sure what you mean?

Agreed, thanks for the correction!

Fair enough, my main reason is for putting separate VLANs onto separate ports (in this case it was one port for ethernet GUEST VLAN only connection, and a couple for the IOT vlan only). It was also at the time the only Omada switch that had enough ports (they are all non-POE in this model). I am using almost all of them. That being said, the ES205G’s are handy little things.

The ER702 only has 512Mb of RAM and the ER707 has 1Gb.
The gateway/router uses RAM for the routing table for each connected device and client. There is some overhead in the RAM usage, but you can guestimate how many clients yours can handle by dividing the RAM used by the connected number of devices and clients, WiFi and Ethernet. This will give you a very rough estimate of how much each device or client requires.

Hi. I am also a big fan of wiring because i feel is safer and if you build from beginning is not a bother.

The only future proof wire is a pull wire. You never know how technology will evolve (though cat cable is pretty flexible in the medium term).
Coax used to be pretty much indispensable when I built my house 13 years ago, so I pulled one to every room. Nowadays, it’s just taking up space and has absolutely no use.

Just make sure you have plenty of space left in your conduits and that you have a pull wire on standby (cheap nylon laundry rope is pretty flexible and quite slippery), and you’ll be covered for the rest of your life.

First you said:

Then you said:

Maybe you think that 1G is not enough in this instance but since I have a large number of devices as shown in the map, and it’s really only using 12% in my case anyway that certainly is not a limitation to worry about.