Seeking advice for multi-home networking setup

Hello everyone,

I’m looking for some advice on setting up a multi-home networking setup. I have two neighboring homes within 150-175m of each other. Currently, one of the homes has a 1 GbE internet connection, and I would like to cancel the internet service in the other home and share the one connection. I plan to bury fiber optic cables between the two houses.

Additionally, I want both homes to have separate mesh wifi networks.

My current plan is to run fiber from the house with the 1 GbE internet connection to the home with a server room with a NAS, router, switch, and other necessary hardware. I want both homes to be able to access the NAS, and I want to run piholes across all the networks. I assume I will need a switch with SFP+ at the house with the WAN so I can run fiber to the server room, so will I need to run another line back to the WAN house? Also, can I get by with just one router? If so does the fiber coming from the house with the WAN plug into the router first or another switch in the server room first?

I also want to ensure that the PCs in each home should not be able to join the networks of the other homes or communicate with one another without VPNing into one another.

Finally, I will start with two homes, with the potential of adding a third home in the future. The goal is to split the cost of the internet subscription with my neighboring family members.

What would be the best way to set up this multi-home networking system? What hardware do I need to purchase, and how should I configure the network? I have some basic networking knowledge, but I am not an expert, so any tips or advice would be appreciated.

Thanks in advance for your help!

Welcome xHyperElectric!

Not the network export myself, but let’s start untangling some things.

First, I recommend separating physical wiring needs from general network connectivity requirements. VLANs help setting up isolated networks (e.g. one for each household).

I didn’t hear any requirements about fancy in-house connectivity requirements (e.g. 10gbit or higher connectivity). But I heard the intend to use mesh wifi technology (separate for each house) - presumably to easily connect devices without having to run cables.

I agree with the choice of fibre as medium for network connectivity between homes. It does not cause issues in case of lightning.

Equipment needs:

  • A “box” in each house that contains at least one port capable or using fibre
  • Generally, it may be possible to get away with cheaper, but older SFP technology, but SFP+ is relatively cheap and common and offers 10gbit connectivity. Let’s try to use that.
  • Each “box” should be VLAN capable.
  • There should be a router connected to the ISP providing a firewall to the outside and setting up VLANs, etc. The location for such a box is typically in a basement that is not really suitable for any sort of wifi connectivity, so maybe make that a separate box from your mesh wifi products for that house. Run a cable from the router to the closest instance of your mesh devices. I don’t really see a way for this router (doesn’t have to be a physically large box) to live in the server room in the other house.
  • There should be a switch in the other house (server room) to receive fibre from the router and connect the NAS, to the other mesh wifi network, maybe some other devices. This switch needs to be VLAN capable.
  • Having VLAN-capable mesh devices would be nice, but is not strictly necessary.

Let’s look for options to these technical requirements…

I think the minimal and techy solution would be to pick up two Microtik CRS305-1G-4S+IN (~ $160 each on Amazon). One can run router OS, the other switch OS, they are very capable, but require the necessary technical knowledge to set them up (securely) and keep them secure over time. You’ll need a pair of optical transceivers ($20 each) and the fiber cable to run between the houses. You’ll need additional RJ45 tranceivers ($50 each) and basic cat5/6 cables to connect to your mesh devices. Rough cost estimates: ~$500 total w/o mesh devices.

There are more user friendly options, e.g. in the form of TPLink’s Omada line of products. There are other vendors with simiar product lines, you can also mix and match. I am hoping for others to chime in with more suggestions.

1 Like

Hey, welcome,
as a counterpoint to the DYI but very technical solution posted by @xHyperElectric I am following a different route, one that requires less tech savyness and more budget.
Caveats:
What you want to do is technically doable in a bunch of different way and at a bunch of price points depending on how much you want to learn and how much you just want it done to save some ISP money and get along with everything else in your life.

My solution uses all Ubiquity gear (execpt the NAs that I assume you will already have … in the design it doesn’t really matter)
Because of keeping prices real I have chosen the budget line from Ubiquity, that will limit the speed of the switches to 1GBit/s, they have more expensive gear that you can use to connect everything at 10Gb/s if that’s what you need

I have not sized the homes correctly, but the first image should give an idea of the solution


You will need:

  • Home1:

    • A gateway/router to aggregate all your home LANs that is able to implement multiple VLAN (virtual lan sections) between your home, the second home, and the server LAN, to which you can then add firewall rules to allow access to the NAS and block Home to Home traffic. The router also has a 1Gb WAN port for the uplink to the ISP router. The router has two SFP+ ports that can be used to link up to two homes using fiber
    • A POe switch to power local devices and the access points
    • Two or more Wifi APs to cover properly your house
  • Home2:

    • A POe switch to power local devices and the access points
    • Two or more Wifi APs to cover properly your house

Network Topology:

The port mapping is wrong for the second house link (the Unifi designer doesn’t let me chose an optical port)

Router:

Local Switch:

Remote Switch:

List price cost of the equipment


Prices are inline with good quality other brand systems for the APs and the switches, given the connectivity options they have and POE support, the router’s price is a lot more than the Mikrotik’s but you gain the ubiquity centralized management UI that will let you create separate LANs, separate Wifi networks, multiple aggregation options through a very intuitive UI (that is not the case with Mikrotik) so you exchabge some money for ease of use.

That may or may not be your goal, only you will be able to tell us …

1 Like

If the one home has 1gb internet and your NAS and other main gear is in another house then I would just move those to the house where internet comes in and have your router there. Having a switch directly attached to your ONT and converting to fiber again for a run to a different house doesnt sound good to me. If someone plugs a device in at some point to that switch it will be exposed to the internet and not work properly since it is in front of the router.

I would use a single main router located where the internet comes in. This should be a router with a lot of options, not a basic consumer router. You will want to be able to set up VLANs, static routes, and forwarding rules. You will want a L3 switch in each of the other homes to handle the VLAN traffic routing for that house, otherwise between VLAN traffic must go all the way back to the router first. The good news is that most L3 switches tend to have SFP ports on them already as the L3 requirements are actually the harder thing to find in a switch.

I would set up each home as its own VLAN. So where the router is, the devices would be on would be 192.168.10.1, the 2nd home is 192.168.20.1, the third home is 192.168.30.1, and the network hardware and management LAN could be 192.168.100.1. Set up 2-3 wireless access points in each house and give them each their own SSIDs. If you want you can also have them all broadcast an additional SSID that is common to them all so you also have an additional wifi network that goes across all the homes.

Set up traffic rules where all devices from one VLAN can access the NAS IP specifically, and then set up rules where the VLAN traffic is blocked from the other VLANs. The earlier allow rule for the NAS will have priority and be allowed while other traffic will not because of the block all rule.

I do like Ubiquiti for “advanced home installations” as it is a big step up from Asus and Netgear consumer junk, allows easy configuration for home users, and performs well. It isn’t full Enterprise level, but you get good options and ease of use for a lot cheaper than true enterprise gear from Cisco or Juniper. For your setup here I would say use UniFi Enterprise 8 PoE switches at each home for the L3 switch. This gives you poe ports for your wifi access points and gives you 2.5gb network capability at each home and is decently cheap for an L3 switch. The model is “USW-Enterprise-8-PoE”. If you go with Ubiquiti for your router as well (would integrate nicely with the switches and make VLAN config of it all easier) you will have to get either the “Unifi Dream Machine Pro” or the UDMP-SE models because the standard Unifi Dream machine tops out around 700mbps for internet speed when you turn IDS/IPS settings on. The Pro model is, unfortunately, rackmount form factor only, but it does have about 3.5gbps internet throughput with IDS/IPS turned on. It isnt the best way to do this, but if you don’t want a rack you can always stand the UDMP up on its side laying against a wall. Kinda ghetto but it does function.

Just as an example layout of the network for how I would do it:

2 Likes

Thanks everyone for the suggestions so far, I should probably give a little more background information. Upon further thought I don’t see any reason why I can’t just cancel the other internet subscription and have the internet come into the same home with the server room. Let’s call that H1. Initially I will connect just one additional home (H2) and in the future possibly H3. I have a server rack; I’m not sure exactly how large it is but it’s probably about 22U. It was previously used for audio equipment (at a mobile radio station van interestingly) so it doesn’t have a rear rack mount which I may need to add.

I’m quite tech savvy and eager and willing to learn new things. In the past 6 months I started out with an old office computer as a NAS running TrueNAS Core just for Plex and quickly transitioned into a more powerful Dell Poweredge server running TrueNAS Scale with approximately 20 self hosted applications at the moment with plans for more. It likely won’t be long before I want a more powerful NAS too, but that’s besides the point. I have also been diving deep into learning Linux as well. So I have a little bit of knowledge of FreeBSD from TrueNAS Core and a fair bit of Linux knowledge. I’m not afraid to dive into documentation and would be willing to learn something like pfSense or OpenSense. I’m okay with, and interested in, learning something new to save some money.

Currently I have a 24 port keystone patch panel, and a Dell PowerConnect 5524 24 port gigabit switch with two SFP+ modules. My plan would be to either use direct burial fiber between the houses, or trench a tubing such as HDPE to run the fiber. Depending on pricing I may just use 1 GbE transceivers, but ideally I’d prefer 10 GbE between the houses (if not now, then I’d swap the transceivers in the future). Also in the future I plan to add a few (3-5) cameras at H1, likely powered via PoE. I know my PowerConnect isn’t PoE, I figured I could plug a small PoE switch into it.

For mesh wifi, currently my ISP provides 1 eero for free with our wifi subscription (per house but I’m canceling all but one subscription). It is an eero Pro 6E. I’m not set on using eeros, but I’ve liked them so far. I’m up for eeros, or TP-Link Decos, or any other suggestions.

I assume the router in the server room of H1 will not be an AP, so I’ll just have the mesh AP’s provide the WiFi.

H2 and H3 will not need complicated networking equipment, just at least an 8 port switch in each house (I assume with SFP+ for the fiber connection back to H1).

Questions:
Do all the AP’s have to be wired to the switch at each house, or is there any way they can be wireless? For example, I know if 1 eero is wired, the others can be wireless to that eero.

I like the idea Enigma mentioned, about having a 4th SSID that all the APs share across the houses. This is not necessary, but very interesting as the three houses are all family and we frequently walk between the houses. I assume for that, you would just change your phone to the 4th SSID? Would this allow devices to connect back to the individual home’s SSID’s? I assume not but I’m curious.

Do I need a PiHole for each home? Or just in the server room?

In summary, the important things are that each home has its own VLAN (and maybe even three, one for guest, and one for IOT devices), every home should have direct access to the NAS for Plex and other services. The NAS also will be serving self hosted services and applications through cloud flare zero trust tunnels to my domain. I currently have and will continue to have a Static IP unless I figure out how to serve Plex without one (my ISP has CGNAT).

Thank you everybody, I appreciate the advice and help

10gb SFP+ transceivers are pretty cheap, you can definitely do them now if all your switch gear is 10gb capable:

I would bury conduit/tubing, and choose something 1"-1 1/2" size so that you can get 4-6 fiber lines through if you want to expand or have backup lines as well as running some standard copper Eth lines if you want/need to. Additionally, consider if you want runs out to some shed or detached garage or whatever. You can plan out now and have a junction box or two during the conduit run that allows you to split off some other direction.

This depends on the mesh APs you have. Many, like the eero, can do wireless backhaul. Just make sure you get ones with a dedicated backhaul radio and not shared with the main radio. Or you can get access points that connect back over a wire. I prefer wire, as then they can run over poe and I know it will be nice and stable. But nothing really wrong with wireless mesh backhaul devices.
You can buy more Eero’s off Amazon and set them up yourself, don’t need to get more “wifi subscriptions” from your ISP. Or go with TP-Link Omada or Deco, or Netgear Insight APs, or Ubiquiti Unifi APs.

If you connect to the 4th wifi network being broadcast and set it to connect automatically to that it will always try to stay on that. Or you can connect to each of the single wifi’s for a house and say connect automatically to them and it will work similarly, by trying to join that wifi network as it goes out of range of one and into range of another house. Either way is fine really.

Id just do 1 at the server room since all traffic will route through that one spot to get to the internet.

Yep, just like you said here. Definitely want to stay away from GC-NAT and stick with a static IP even if it costs more for your server needs.

I was thinking about it more, and I guess you don’t really need a layer 3 switch at each house. I had suggested that because a VLAN must go to a l3 device when moving across vlans, but in your setup if it is moving across vlans it will already be going to the main house anyway and the router is a single hop away at that point. So the extra expense and setup of a layer 3 switch at each house probably isnt worth it.

1 Like

Depending on the size of the house one AP per house might be sufficient. My uncle has a 1600sqft 2 story house that is serviced by a single TP LInk AP. Depends on the level of service you need.

Better than direct burial, you can do multiple fibers, might be cheaper than multiple switches in some circumstances.

10G is cheap and there’s tons of equipment, 25G/100G has also come down in price tremendously. (e.g. MikroTik Routers and Wireless - Products: CRS504-4XQ-IN)

1 Like

Okay, I would definitely get 10 GbE between houses as it is affordable.

Thank you risk:

And thank you EniGma1987:

So do I need any special switch at each house? Or just one that has SFP+?

Currently, H3 only has 1 eero, but H2 has 2 eeros because the house shape is odd. 1 AP would work in H2 but you have pretty slow areas.

Just any managed switch with SFP+

1 Like

Unifi, engenius, and other more “prosumer”/commercial AP’s have significantly more reach and reliability imo. I have ripped out several eeros and replaced them with Unifi and the customers have been much happier.

2 Likes