Ari Palo

Rack Cabinet ¶

Instead of storing the all the gear hidden into some closet, I wanted to have an exposed rack cabinet visible in the room. Because I like looking at this kind of gear 🤓 The rack is mounted into Ikea Fjällbo cabinet (not sold anymore). The cabinet is actually located behind (me when I sit in front of my desk) giving also a nice background for video calls! I installed one of the 24 port patch panels in the back of the cabinet, so I can easily connect or disconnect the ethernet cables and move the cabinet (for example during cleaning).

Switching ¶

In the rack cabinet I have my main LAN switch with 16x Gigabit PoE RJ45 LAN ports and 2x 1 Gigabit SFP ports. Also in the rack is my “main appliance” with LAN switching for 8x Gigabit RJ45 ports & 1x 10 Gigabit SFP+ port and it also has separate WAN connectivity with 1x Gigabit RJ45 & 1x 10 Gigabit SFP+ ports.

But since this is a three-story house with multiple rooms, I needed some additional switches in couple rooms for which I purchased 3x UniFi Flex Minis. These managed little 5 port switches are powered by PoE and are relatively inexpensive – around 30 euros a piece!

The Gear ¶

Manufacturer/Model	Description
Zyxel LTE7480	4G LTE Outdoor Router, up to 600/100Mbps.
UniFi Dream Machine Pro	Main Network Appliance containing UniFi Security Gateway, CloudKey and Network Management functionality. LAN switching for 8x Gigabit RJ45 ports & 1x 10 Gigabit SFP+ port. WAN connectivity via 1x Gigabit RJ45 or 1x 10 Gigabit SFP+.
UniFi Switch 16 PoE	16 port Gigabit switch with 8x Power-over-Ethernet POE+ IEEE 802.3af/at ports and 2x SFP ports. Used as a main switch.
3x UniFi Flex Mini	5 port Gigabit switch powered by PoE. To provide switching in different rooms.
UniFi AC Pro	WiFi access point, 802.11ac.
UniFi AC-M	2x2 MIMO outdoor Mesh access point, 802.11ac.
Deltaco cable reel	100 meters, Cat6a, F/FTP, LSZH, Awg23.
Deltaco outdoors cable reel	100 meters, Cat6a, F/FTP, LSZH, Awg23 and specifically meant for outdoors usage.
VCE RJ45	Crimping Connector, Cat7/Cat6a, Awg23-26.
SGILE 12-in-1	Tool set including: Crimping pliers, cable stripping tools, cable tester.
KLEIN TOOLS LAN Scout Jr	Better cable tester with a single test status display indicating if wiring is okay (or not): Useful when building long cables that go through walls to different rooms.
StarTech 6HE 19in	Wall Mount Rack for six 19" rack units. Installed inside Ikea Fjällbo cabinet.
2x deleyCON 24 patch panel with Cat6A keystones	I wanted to have patch panel in the back of the Ikea cabinet and then short cables from there to patch panel in the rack unit. Because I was lazy and didn't want to build 24x cables myself, I purchased this keystone patch panel along with some ready-made 1.5m Cat6A cables.
Raspberry Pi 4B	Raspberry Pi 4 Model B 8GB.
Miuzei Raspberry Pi 4 Aluminum Case	Aluminum with power supply and passive cooling. Originally I was thinking about powering the Pi via Power-over-Ethernet, but several people in the interwebs have reported that the PoE hats for Raspberry Pis will run quite hot and/or contain noisy fans, so I decided to use “regular power”.

Cabling ¶

I've been to many LAN-parties when I was younger (and even arrenged them myself) and some 15 years ago I had Linux servers running at my home, so of course I tought that I know all this shit. Little did I actually know about network cabling, since so far I've always used ready-made Cat-cables and this was first time for me actually building the Cat-cables myself from a cable reel with crimping tools etc.

The F/FTP cable ¶

Again, I am not an expert on network cabling at all, but I do know the basics about Cat5 vs Cat6 etc and I know there's cables with different kind of shielding to prevent electromagnetic interference. I decided that I'll build the network with Cat6a cables since I wanted to have a gigabit networking with several Power-over-Ethernet devices, so why not! Then I noticed that the price difference between UTP and F/FTP wasn't that bad, somewhere around 20-30 euros for 100 meter reel, so I decided “what the heck… more shielding sounds better”. And I guess it is, but what I did not realize is that working with cables that have foiling for the whole cable and for each twites pair is really fucking annoying 😅 I am not the most handy person out there, so I ended up shouting “Perkeleen Vittu Saatana Helvetti” out loud a lot during the cable builds - thankfully I live alone here in the middle of the forest so nobody is around here to call the police due to me being a noisy neighbour.

I guess it's safe to say you probably are better off buying UTP cable reel for your home network, where there shouldn't be interference like there would be in some datacenter environment or similar. That's because they're easier to build, fit inside any regular RJ45 connector, are easier to bend and they're also a bit cheaper to buy.

For some people questioning my choice of F/FTP cabling (and righly so), I just answered that the forest I live in is quite mythical and there's a lot of cosmic radiation 😝

American Wire Gauge ¶

Second lesson for me was about American Wire Gauge (or AWG for short) wire dimensions, I did not know anything about them beforehand. I've always thought that all Cat-cables have same size conducting wire and they'll fit any RJ45 connector. Little did I know. I had initially purchased just a batch of random RJ45 connectors from a local store, but during the cable build are realized the conducting wires absolutely will not fit into the RJ45 crimping connector. I pretty much lost faith, since everyone had said that building Cat-cables is simple and I started questioning myself that “do I really suck this bad at anything requiring practical work”. Then a friend suggested - something obvious - that they're probably just too thick wires for the connector. Remember, I've previously thought every Cat-cable has standard sized wires. I decided to cut off and peel one of my existing ready-made Cat5e cables and compare the wiring, lo and behold, the wires in my F/FTP Cat6a cables were a lot thicker - of course. I started digging, and learned about AWG units, checked my cable reel specs which said AWG23 and I then ordered some RJ45 connectors supporting AWG23-26 from Amazon: Rather “surprisingly” they work fine.

T-568A vs T-568B ¶

I had some confusion about what's the difference between T-568A vs T-568B when building straight through cables, but this video clarified it quite well:

Electrons don't care about color.

So if you're building straight through cables ensure both ends have the same pinout - either T-568A or T-568B, it doesn't matter which. And of course, if you're building crossover cable, you need to have T-568A on one end and T-568B on the other.

Now I've memorized the T-568B pinout.

Internet connection ¶

I live in the middle of nowhere, which means the internet connectivity options are limited (compared to living in a city). Currently the options are either to use pricey & slow ADSL over landline, 4G LTE or pay a big chunk of money for the ISP to dig & deliver an optical fiber to my house. Since 5G isn't available for my location yet, using 4G LTE is the only sane option. Which is exactly what I have used already for several years, but the connection speeds have been usually peaking at 60/20Mbps with ping ranging from 30ms to 50ms and often the performance isn't stable (using the shitty cheap ISP provided indoor LTE routers).

Fortunately there's actually a cell tower quite close to my home, less than 1 kilometer away. I've considered buying external antennas, but then I read some good reviews about Zyxel LTE7480 outdoor LTE router, so I decided to give it a try. And I am glad I did, since it resulted in 109/46.3Mbps connection speed with 23ms ping! Initially I only had speeds around 70/25Mbps when using automatic LTE band selection, but once I locked the Zyxel modem into using B3 frequency band of my closest cell tower I was able to achieve that 109/46.3Mbps.

I still remember when I was a kid growing up here and surfing with 56Kbps dial-up modem connection, I couldn't even dream about these speeds! That being said my current internet connection is specified for 300/100Mbps – as I do have that cell tower in sight within distance of 600 meters – and Zyxel LTE7480 support speeds up to 600/100Mbps, so it's somewhat dissapointing in that context. I even checked with my ISP - Elisa as their “reception map” shows my location with 300/100Mbps supported, but they just said the usual generic execuse of “the nominal speed is not guaranteed”… 🤷‍♂️

Network Topology ¶

Networks ¶

Devices in IoT network can't access other networks and devices in Guest networks can only access internet, but no other network and not event other devices within the network.

Network type	WiFi 2GHz	WiFi 5GHz	Visible SSID	Password Policy	Bandwidth limitation	Intended usage
Guest Default	✓	✓	✓	medium	20/10 Mpbs	Guest devices (friends & family)
VIP Guest High Speed	✓	✓		medium	50/30 Mpbs	Guest devices (specific users)
IoT	✓			strong		Security Cameras, sensors...
Private		✓		strong		Everything else (my devices only)

Guest WiFis ¶

Some might wonder the need for specific guest WiFis, but I often have friends & family staying over for extended time; During the pandemic I've even had few friends over here who work/study remotely (while I'm also working remotely), so I want to provide a faster network connectivity to them. Consider them as “VIP guests” 😎

DNS ¶

I installed Raspberry Pi with Ubuntu Server configured with automatic patch updates, Pi-hole and Unbound as recursive DNS server. Once installed, I configured Unifi UDM Pro to use the Raspberry Pi as the primary DNS server for the whole network, resulting in network level ad-blocking.

And yes, I know the irony, I work for a company that has multiple products that rely on advertisement money! But, I don't consider myself as a person who makes that many purchase decision based on seeing an ad, so I think it's fair. When I need to see the ads for work, I can always enable the company VPN which bypasses the network DNS setting!

FAQ ¶

Some reasoning behind this project and answers to questions that several people have already asked:

• Was all this setup effort and cost necessary for a home network?

  No, Absolutely not! I just wanted to set things up like this just for the fun of it and to learn a bit more about networking during the process.

• Do you really need Gigabit ethernet and enterprise-class IDS/IPS etc in the internal home network?

  No, Absolutely not! But I say “why not?” - At least it'll cover all my networking needs for years to come and anyway the whole project pretty much can be summed up with “anything worth doing is worth overdoing”.

• Why 4G LTE internet connection? Why not fiber?

  Cost. My home is in quite remote location: I did ask the local ISP - Elisa - an offer for optical fiber connection, they waited two weeks and replied that the installation would cost 10 000€ (almost $12 000), so that was a “bit” too steep price for me…

• Why not wait for 5G?

  Currently one can get 5G connections about 10km out of my place, but since my home is truly in the middle of a forest, I suspect the cell tower in our village won't get 5G in next couple of years and also one can't buy good 5G outdoor router like the Zyxel NR7101 yet, at least in Finland at the time of writing this, so again, I decided not to wait and instead improve the situation with current tech for next few years. Since I'm probably going to spend next few years pretty much working from home due to the pandemic.

• Why bother with this Gigabit local network since the internet speed via 4G is a limiting factor?

  Future-proofing. I suspect hope in couple of years I'll have access to 5G or you never know if someday there might be fiber connection available with slightly reasonable pricing.

• Why not WiFi6 – i.e. why Unifi AP Pro and not AP U6-LR?

  When I started this project, the WiFi6 enabled U6-LR wasn't available from Ubiquiti yet. I decided not to wait for it and instead go with the AP Pro, since huge majority of the client devices in my network do not support WiFi6. I may purchase U6-LR later to enable WiFi6 and to cover few WiFi blindspots (this is a somewhat big house with a big outdoor area around it).