Ubiquiti sells GPON ONTs at almost 50 a piece, and that gives you 1x Ethernet on the other side.
If distance allows for Ethernet over copper, it sounds cheaper to go with switches (and it makes everything easier to configure for someone who’s never worked with GPON before).
Considering this is not a datacenter network, I wouldn’t bother with stackable or blade switches, unless there’s an option to get them recycled. Regular el-cheapo Ubiquiti es-48-lite switches have 10Gbps uplink ports that can be used as a very narrow backplane. They also support 802.1x for staff and management network.
WiFi is kind of interesting, you don’t want to advertise a large number of SSIDs, you don’t want to bother residents with 802.1x, … you can match up residents mac addresses with residents VLAN, but admin-ing that continuously is going to be a pain.
Presumably there’s a turnkey web app out there that’s a radius frontend that you can give to someone on site who’d be able to manage this without knowing about VLANs or radius. Spin up your radius server + frontend on a small machine in the cloud somewhere and done.
If you go with Unifi instead of Edge hardware, you can manage everything from a unifi-ed interface. If you go with Edge hardware (slightly cheaper), then yeah you have to manage it all individually. There is a central management thing called UNMS but it’s still in beta.
I’d put an aggregation switch in both rooms (closets?) and then run redundant fiber lines to connect the rooms. You don’t get to use the 10GBaseT at all, but with only 5 switches, you won’t even use all of the SFP+…
I agree, although I think you’ll want an SSID for each unit’s vlan so that they can use wired and wireless peripherals without gumming up shared wifi or having issues trying to connect to their stuff because their wired and wireless broadcast domains are separate… idk though, that is a bigger admin lift.
Edit
In case this wasn’t obvious, I’m not proposing that each unit’s SSID be available across the whole campus, just in the specific units.
Something to keep in mind is Cisco will likely have ongoing costs as it usually requires a support contract to be able to get updates (including security updates) if i remember right.
Both Cisco and Ubiquiti you might need to consider end of life replacement costs as well, depending on their ask.
Juniper is another option, unlike cisco i don’t think they require a support contract to get security updates. (need to verify that)
Also you need to consider on going support from you, who’s configuring and maintaining it all? Do they have experience with Csico? Juniper? Ubiquiti? Ubiquiti is probably going to be the easiest to support as if you want to you can support it remotely nicely from anywhere. That’s a little less nice to do with Cisco. Ubiquiti essentially has easy monitoring and management built in, Cisco i don’t think has any, if they do it costs extra unless you build your own.
This is likely more down to what the place offers residents. Generally assisted living is in one of a few forms, either a room in a complex, a house in a housing complex (or flat), or assisted living in their own home.
I’m assuming its a room on a complex considering the single network, as the others are generally regarded as independent housing.
Unless its part of their package that they get their own independent completely separate space, generally utilities are shared, that includes networking. It might be worth asking about and bringing up, but i wouldn’t put any work into it unless its a requirement for the complex.
This sounds like something to get a solid answer on as that might obviously change how you implement a lot of stuff.
pfSense will incur a cost for commercial use. On top of that (not that the cost matters in this case) there’s on-going support and maintenance for it that you’ll need to consider.
Worth noting that Ubiquiti equipment usually only has a 1 year warranty. I’ve had DOA units, but never one that died after just a year. From what I hear, the POE switches are the most likely to die first (PSU issues).
This is true for Unifi, but Edge hardware can be tedious to manage if you have more than a few units. Also, there is no such thing as proper/paid Ubiquiti support. You only have the forum. You are the support. This is the fundamental difference between Ubiquiti and a lot of other network companies (Cisco for instance).
Also worth noting, you will lose a lot of Unifi functionality if you don’t go with a Unifi router. However, you could use pfsense as a gateway/firewall with a Unifi router behind that.
Yeah these are definitely things that need to go on the list. Cisco might be more expensive and might be a little harder to manage (in theory its not if you have the right stuff), but the support should be there if anything goes wrong.
Not sure how good they are with smaller companies, with us they are pretty good to work with.
In any case, I think Cisco is overkill for this. Even if a switch blows up, it’s not like anyone’s losing thousands of dollars per hour of downtime or anyone’s safety/life will be in danger.
Thanks for your input. I am the most versed with Ubiquiti and already have 25+ sites in my UNMS and UniFi controller. And yeah, time is the only thing I bill for. I have never up-charged for hardware. I have been and still am leaning towards Ubiquiti because I know it in and out already.
At this point I am thinking of proposing that they make a space where residents can just go and use a big multi-function printer and call it a day, just split up the copper connections by VLAN and Wi-Fi be strictly for Internet. Should be talking with these people again this week.
It’s pretty cool, not much functionality to it yet configuration-wise but right now you can upgrade firmware, backup configs, restart, and get email notifications for all your stuff. That to me alone is worth a lot. They also released a beta UI for the switches that you have the option to use.
It’s probably better if you let them use WiFi for their own lan stuff, than encourage them/steer them to install their own individual wifi routers. The only downside is how you end up managing their own wifi devices into their (users) respective VLANs.
If you don’t already have a solution for that, you could let them email you a photo of the device/mac address they want connected (or, android/iOS/laptop/Chromebook/windows screenshots), and let them wait one working day for processing (for you to add their mac to whatever spreadsheet/database/thing you want to use)
Yeah I have been playing with that. Managed to completely disappear a LAG somehow and had to reset the switch, so I’m sticking with the legacy UI for config, but it’s way better for just seeing what’s going on.
I may be confused but correct me if I’m wrong… so there is a way that I can confine a device on Wi-Fi to their room’s VLAN while using the same Wi-Fi network for everyone? So Guest would be isolated, Resident would not be isolated globally but rather the device you want to use has it’s MAC ID input and then is assigned to the VLAN I choose?
I know you can assign a VLAN to an SSID on UniFi stuff but I don’t want 109 SSIDs and you can only have 8 per site in UniFi anyway
Space-wise, how many living units would a single AP cover? I think ideally, you’d have a large shared SSID and then one SSID per unit, but only on the AP(s) that actually cover the physical space of the unit (so there’s not 500+ SSID’s across the whole complex). That said, if a single AP is covering more units than it can have SSID’s, then that obviously won’t work, and you’ll have to do vlan/mac address stuff. Unit-specific SSID’s is more work up front but you’ll have less to deal with later as residents can deal with their devices without registering their mac addresses.
That’s basically what I expected. In general, I try not to touch anything of theirs until it’s been around for at least a year.
So I visited the site Friday. In these closets, all of the buildings power panels and shit are in there. I’m assuming this would be a high noise environment and to use shielded jumpers and patch panels… but I’ve never really had to deal with this problem before.