Home Networking

As you go through your home automation journey you’ll run into lots of devices that you want that you just have to have internet connection for. Unfortunately there are quite a few devices that manufacturers just refuse to add local control for. These devices are also not to be trusted on your network!

If you have a smaller house, a simple Netgear, TP-link, or other home network router may work for you. My place is big enough and has enough walls that I need multiple APs for complete coverage.

My setup

I currently run an OPNSense router, an older tp-link EAP225 AP, a new Ubiquiti U6 Lite AP, and soon a U6 Pro. I don’t like how Ubiquiti treats their employees and their firmware and controller release quality shows the lack of institutional knowledge due to higher than average turnover, but you just can’t beat the devices for a more advanced home network.

  • Ubiquiti APs have more features, such as access to more of the 5GHz bands, than tp-link Omada
  • TP-Link Omada is extremely slow at fixing major bugs
  • Ubiquiti APs aren’t as physically big as tp-link
  • no cloud control required, unlike Aruba Instant On
  • Super simple to setup, for networking equipment at least, or I would’ve considered Mikrotik

I run with 4 wireless networks on these APs. 2 for 2GHz/5GHz personal devices (laptops, phones, etc) and 2 for 2GHz/5GHz dirty devices (all of the home automation items). I recommend doing dedicated 2GHz and 5GHz networks instead of band steering or your devices will likely eventually all end up on the 2GHz bands.

My personal device and dirty device networks are tagged to separate VLANs. HASS runs in the dirty device network and OPNSense fowards mDNS packets to allow a lot of the device discovery work. I also have a lot of firewall rules so that the devices can’t talk to each other unless explicitely needed, such as to HASS.

My router choice was OPNSense or PFSense. At some point I’ll update this with my reasoning for going with OPNSense after I find my comparison notes. Ubiquiti security gateway didn’t have nearly the features that the *Sense products had which is why that wasn’t considered.

Recommendations

  • use VLANs to separate out smart devices from personal devices
  • run separate 2GHz and 5GHz networks
  • use firewall rules to block internet access to devices that don’t need it
  • use firewall rules to block internal network communication that isn’t necessary
  • monitor the network traffic and block access that looks suspicious

Wifi Tips

Wifi tips:

  • with hardwood, don’t expect 5Ghz to travel more than a room, and even then the signal degrades fast
  • Separate out 2.4GHz and 5GHz networks or your devices will always end up switching to 2.4Ghz. If you degrade the signal strength of the 2.4GHz network so it’s below 5GHz like you would on a combined SSID in an office, you’ll need a LOT of APs
  • Don’t use 40MHz wide channels on 2.4GHz, too much room for interference and many devices don’t even support it.
  • It’s ok to max out Tx power on your AP with separate 2Ghz and 5Ghz networks. RF works in weird ways and lots of devices can transmit at 18-20 dBm on 2.4Ghz.
  • Put APs near where you’re most likely to use 5GHz devices

Updated: