Recently, I made the change to fiber optic for internet, boosting my download/upload speeds to 5Mbps/5Mbps. At the same time, I decided that it was time to do some upgrades to the network in my house, in particular a gigabit network and having all computers on a domain. In terms of complexity, of course this is a very small network setup compared to those you get in large companies and campuses, but for a home network, it’s probably more than an average user may have.
Unifi, the service I’m using, provides a combination of Internet, VOIP (Phone), and IPTV in one package. This is achieved through VLAN tagging, in which various services are assigned a VLAN Tag ID so that the packets coming in can be differentiated from one another.
The fiber modem is provided with the service. This is then connected to a provided D-Link DIR615 router. Initially, the router is setup to handle all routing and connections, but since I prefer DD-WRT, I decided to use it solely as a VLAN Bridge (i.e. it removes the VLAN tags from incoming packets, and sends internet packets to Port 3, and IPTV packets to Port 4). In addition, I changed its IP/Subnet to the same subnet as the rest of my network and disabled its DHCP server, so that I can manage it from any computers on my network.
All routing is handled by my main router (a WRT54GL 1.1 running DD-WRT, overclocked to 250MHz with a heatsink mod), and is setup on a 10.0.0.0/255.0.0.0 (Class A) subnet. I made this decision after my previous Class C (255.255.255.0) network became a mess. Now, all IP addresses are nicely organized into the following pools:
10.0.0.1-10.0.0.100: Routers and bridges
10.0.0.100-10.0.0.150: DHCP clients
10.1.0.1-10.1.0.255: Static LAN clients
10.1.1.1-10.1.1.255: Static WLAN clients
10.1.2.1-10.1.2.255: Static clients with Virtual/Other Interfaces
10.2.0.1-10.2.0.255: VPN clients
Thus, for a computer which has both LAN & WLAN, the last digit [octet] of the IP address is the same. It’s LAN address would be 10.1.0.34 while its WLAN address would be 10.1.1.34. If it had a 3rd interface, it would be 10.1.2.34, etc. This makes it much neater. Of course, not wanting to memorize all the IP addresses, I decided to use DNSMasq for DNS services, with the following settings:
strict-order
domain=lan
local=/lan/
expand-hosts
address=/router.lan/10.0.0.1
address=/vpn.lan/10.0.0.2
address=/vlan615.lan/10.0.0.3
This allows me to access other machines by simply adding their hostnames to DNSMasq. This helps a lot for my machines running Web interfaces, so I can just go to http://router.lan/, etc. Provided that all clients use the router for DNS queries, it all works. Also, strict-order
was required because I use Google DNS for my other DNS queries but also keep an ISP DNS server as backup – and this ensures that it uses DNS servers in the order I specified, rather than randomly (?) selecting one or the other.
A 2nd WRT54g router (running DD-WRT) adds OpenVPN support in my network, allowing me to access my network from all over the world. Ideally, my main router would run this VPN service, but as the WRT54g is an old router, it doesn’t have enough RAM (only 16MB) and processing power to achieve all this. In the future, I hope to offload this to my NAS Server.
Finally, my wired ethernet devices are mostly plugged into the last device – an 8 port gigabit switch (HP Procurve 1410-8g). This required the most work, including climbing in the attic to lay Cat-5e cable to various parts of the house (upstairs), as well as plastic channels carrying Cat-5e downstairs. Originally, I was going to get a managed switch (HP Procurve 1810-8g) so that my NAS (File) server would use an aggregated link for 2Gbps of bandwidth, but due to the extra price, I decided to just go with the unmanaged switch.
Having gigabit makes a world of difference – transferring data between various computers is much faster, a feature especially useful when I built my NAS/File server.
Some may say that my routers (WRT54g) are fairly old, and yes, that’s very true. However, in all my internet usage, I haven’t encountered any issues with them, or any internet slowdowns. I was thinking of upgrading to wireless-N, but since most of my devices are already on the wired gigabit network and most clients are only G-capable, I decided that for now, it’s not worth it.
For those wanting to setup unifi, do check out rizvanrp’s Unifi handbook.
Here’s a basic network map of my setup: