[SOLVED] Guidance sought - first office network

[eszed556]

Hello all,

I need advice on internet connectivity and networking for a ~1,800 sq ft office (Canada).

The type of work includes video calls (4-5 max simultaneously), VOIP calls (2-3 max simultaneously) and the basic office work. We don't have a server, data center or anything close to that which requires a sophisticated network.

This is my first office so I'm researching and need help.

Useful info:

• We're a team of 6 and will grow until we're 12-15
• There are about 18 Ethernet ports in the walls
• At a given time there could be 15 wireless devices connected
• We'll opt for Bell Fibe 1GB. Bell will provide a Modem with a built-in Router
• All our storage is on the cloud
• I am an IT and DIY enthusiast, not a professional

Questions:

• Is Bell's installation limited to getting connectivity until the network closet?
• The office does not have a Switch or a Hub. I believe I need a Switch, right?
• In order to get strong WiFi coverage, I intend to place the ISP's router at one end and another 3rd party router in one of the room's via Ethernet. Does this make sense?
• I've put together a diagram of how I see things, please let me know if I'm on the right track? Image uploaded here: https://ibb.co/6vsRz0q
• Any best practices?

Thank you

 

[bill001g]

VoIP has a lot of very specialized requirements. Your upload rate from your ISP is going to be important mostly for the video calls. I will assume you are not making video calls between employees in a tiny office like this.

Pretty much you just place a switch in the main room and then place AP not a router remotely. You can run a router as AP but a actual AP maybe better. They tend to be mounted on the ceiling where power is hard to get in a office. Real AP tend to be powered over ethernet.

Wireless should be limited to device that have no ability to be wired. You have limited radio bandwidth so you do not want any unnecessary traffic on it. VoIP and especially video conferencing so not be used on wifi. You have little to no ability to do QoS on wifi. It mostly depends how high a quality your users will accept.

 

[kanewolf]

Hello all,

I need advice on internet connectivity and networking for a ~1,800 sq ft office (Canada).

The type of work includes video calls (4-5 max simultaneously), VOIP calls (2-3 max simultaneously) and the basic office work. We don't have a server, data center or anything close to that which requires a sophisticated network.

This is my first office so I'm researching and need help.

Useful info:

• We're a team of 6 and will grow until we're 12-15
• There are about 18 Ethernet ports in the walls
• At a given time there could be 15 wireless devices connected
• We'll opt for Bell Fibe 1GB. Bell will provide a Modem with a built-in Router
• All our storage is on the cloud
• I am an IT and DIY enthusiast, not a professional

Questions:

• Is Bell's installation limited to getting connectivity until the network closet?
• The office does not have a Switch or a Hub. I believe I need a Switch, right?
• In order to get strong WiFi coverage, I intend to place the ISP's router at one end and another 3rd party router in one of the room's via Ethernet. Does this make sense?
• I've put together a diagram of how I see things, please let me know if I'm on the right track? Image uploaded here: https://ibb.co/6vsRz0q
• Any best practices?

Thank you

I would recommend you utilize the wired infrastructure to add WIFI access points and DISABLE the WIFI on the ISP router. A single brand of WIFI hardware will provide the easiest setup and management.
For both VOIP and access points a POE switch is the best answer. A 24port POE enabled switch will cover everything.

I use and recommend Ubiquiti UniFI hardware -- https://www.ui.com/products/#unifi The FlexHD access points and a 24 port 250W POE switch will handle everything. You don't HAVE to have one, but it does make managing easier, get a cloudKey Gen2 also. The APs are about $175 each, the switch is $400 and the cloudkey is about $175. -- About $1000 to setup a managed system that gives you a single dashboard to setup multiple SSIDs, VLANs, etc.
An implementation like this is really the only way to get fully isolated guest network and other features that a business should have.

 

[eszed556]

@kanewolf:

We don't have any processes that require me to manage, prioritize or segregate networks.

Its pretty much PnP - would I still need a managed switch?

I can appreciate disabling the ISP's router but given the office layout, I will need 2 routers/APs.

This is an option https://www.amazon.ca/NETGEAR-24-Port-Gigabit-Ethernet-Unmanaged/dp/B07Z8P4JZ2

@bill001g:

Bell upload via Ethernet is 940Mbps. We're good.

I'm researching the benefits of an AP over a regular router.

 

[kanewolf]

@kanewolf:

We don't have any processes that require me to manage, prioritize or segregate networks.

Its pretty much PnP - would I still need a managed switch?

I can appreciate disabling the ISP's router but given the office layout, I will need 2 routers/APs.

This is an option https://www.amazon.ca/NETGEAR-24-Port-Gigabit-Ethernet-Unmanaged/dp/B07Z8P4JZ2

@bill001g:

Bell upload via Ethernet is 940Mbps. We're good.

I'm researching the benefits of an AP over a regular router.

I don't believe that an office that will have 15 people doesn't have any need to have guest WIFI or the need to segregate everybody's personal cellphone from the business hardware. You are not thinking of the risks. But I will stand down.

Your switch might be sufficient. It would depend on your VOIP equipment. Many VOIP phones need a special DHCP server. Different from your regular DHCP server. And THAT requires VLANs. An unmanaged switch won't do VLANs.

 

[eszed556]

I don't believe that an office that will have 15 people doesn't have any need to have guest WIFI or the need to segregate everybody's personal cellphone from the business hardware. You are not thinking of the risks. But I will stand down.

Your switch might be sufficient. It would depend on your VOIP equipment. Many VOIP phones need a special DHCP server. Different from your regular DHCP server. And THAT requires VLANs. An unmanaged switch won't do VLANs.

I misunderstood.

There is certainly a need to have a separate guest WiFi network. But currently I have achieved this using the ISP's router by creating a guest network within it. Your post suggested achieving this through the managed switch? I will read up on managed vs un-managed switches.

At the moment I have this Netgear switch that the VOIP sets works fine with https://www.amazon.ca/gp/product/B00KFD0SEA

The vendor told me I just need an active Ethernet connection to make them work. Is it safe to assume that the VOIP sets will hence work on an un-managed switch?

Please keep it coming, this is helpful.

 

[kanewolf]

I misunderstood.

There is certainly a need to have a separate guest WiFi network. But currently I have achieved this using the ISP's router by creating a guest network within it. Your post suggested achieving this through the managed switch? I will read up on managed vs un-managed switches.

At the moment I have this Netgear switch that the VOIP sets works fine with https://www.amazon.ca/gp/product/B00KFD0SEA

The vendor told me I just need an active Ethernet connection to make them work. Is it safe to assume that the VOIP sets will hence work on an un-managed switch?

Please keep it coming, this is helpful.

The ISP router may have a secure guest network, but you said you needed wider WIFI coverage. To achieve that, you have to have business class WIFI hardware and a managed switch.

I can't comment on the VOIP equipment. Were you planning on using a dedicated ethernet port for the phone and a separate port for a wired connection for docking station/PCs ? OR does your VOIP handset have a pass-through ethernet port ?

 

[eszed556]

I will dive into managed switches to understand their capabilities, at this point I am not learned enough to proceed.

Yes, I do need greater coverage but based on this diagram https://ibb.co/6vsRz0q I was planning to achieve it through strategically locating the ISP's router and a solid 3rd party router (or AP) to get maximum coverage.

Then I'd activate the Guest Network on the ISP's router and the Work Network on the 3rd party router/AP.

The VOIP set does not have a pass-through Ethernet port. I currently use a dedicated Ethernet connection for the VOIP set and dedicated Ethernet connection for the PC.

 

[eszed556]

After researching I am sold on the benefits of a managed switch and a business grade AP. Below is a selection:

Switch: https://www.amazon.ca/JGS516PE-Rackmount-Power-over-Ethernet-Lifetime-Protection/dp/B00GG1ADLS

OR https://www.amazon.ca/dp/B07C58VKPN/ref=emc_b_5_t

AP: https://www.amazon.ca/Ubiquiti-UniFi-2-4GHz-802-11-support/dp/B016XYQ3WK

Budget may not allow a Ubiquiti Switch.

Here is a layout of the office with markings of what I have in mind https://ibb.co/Zz5dsjg

I plan to use PoE for this AP (the Ethernet pass-through is nice). Given that I'll be using the ISP's router as well, would an additional AP be sufficient? This office won't have more than 15 employees.

Can the Netgear Switch provide PoE to this AP? Both product's data sheets have 802.3af listed so I think that's a yes.

The VOIP sets consume 4W each, we will have 6. Along with the AP and perhaps 2 cameras, there's enough power (100W) for the Switch to power more devices in the future.

Please let me know your thoughts.

 

[kanewolf]

It looks like either of those switches will support the Ubiquiti AP it uses standard 802.3af POE.
Mixing Ubiquiti APs with a non-Ubiquiti switch will require more manual configuration for VLANs. It should work, it just won't be as simple as an all Ubiquiti implementation.

 

[eszed556]

Update:

• Finalized office layout is now https://ibb.co/h8bwCsg
• I've marked the network closet and AP locations
• VOIP phones have been retired. We'll be using Skype Phone or Zoom Phone or similar
• Ubiquiti switch and AP are selected
  • https://www.amazon.ca/UBIQUITI-US-16-150W-Networks-Managed-16-Port/dp/B01E46ATQ0
  • https://www.amazon.ca/Ubiquiti-UniFi-2-4GHz-802-11-support/dp/B016XYQ3WK

Questions:

• What are my options for Security Cameras? I won't need more than 3. I would need 60 days footage.
• I've selected this Network Cabinet https://www.primecables.ca/p-362735...nt-network-server-cabinet-rack-9u-primecables Are switches and cabinets made to universal standard measurements?

Thanks

 

[kanewolf]

Update:

• Finalized office layout is now https://ibb.co/h8bwCsg
• I've marked the network closet and AP locations
• VOIP phones have been retired. We'll be using Skype Phone or Zoom Phone or similar
• Ubiquiti switch and AP are selected
  • https://www.amazon.ca/UBIQUITI-US-16-150W-Networks-Managed-16-Port/dp/B01E46ATQ0
  • https://www.amazon.ca/Ubiquiti-UniFi-2-4GHz-802-11-support/dp/B016XYQ3WK

Questions:

• What are my options for Security Cameras? I won't need more than 3. I would need 60 days footage.
• I've selected this Network Cabinet https://www.primecables.ca/p-362735...nt-network-server-cabinet-rack-9u-primecables Are switches and cabinets made to universal standard measurements?

Thanks

Yes, hardware and cabinets are standard size. You want the 22 inch wide version. You need 19 inch space between the mounting rails.

There are a couple of tools I will recommend you get to help your installation --
https://www.amazon.ca/PoE-Detector-IEEE-802-3-Passive/dp/B013P3DBQS

Klein Tools VDV526-52 LAN Scout Junior Tester: Amazon.ca: Tools & Home Improvement

Klein Tools VDV526-52 LAN Scout Junior Tester: Amazon.ca: Tools & Home Improvement

www.amazon.ca

Those will provide you will the ability to trace wires and verify basic connectivity.

IF you are starting down the Ubiquiti path, they do have cameras and network video storage.

You can also get a commercial NAS (network storage unit) that will be a digital video recorder plus provide shared storage and many other features.

I DO recommend using IP based cameras.

 

[gggplaya]

In case you overlooked it as mentioned earlier, make sure you get a cloudkey or a dedicated PC(free unifi software) to manage the access points. Ubiquity access points are meant to be server managed.

 

[kanewolf]

In case you overlooked it as mentioned earlier, make sure you get a cloudkey or a dedicated PC(free unifi software) to manage the access points. Ubiquity access points are meant to be server managed.

There are benefits to having a cloudkey. For config only, you can use a laptop running the software. The second generation cloud key is available in a plus version which provides a disk for camera storage. The second generation is also rack mountable. First generation cloud keys are not recommended because they can become corrupt if the power is unstable.

 

[eszed556]

Appreciate the prompt responses. I'll proceed with the selected switch, AP and cabinet.

There is a 2nd wired laptop which I've kept aside for surveillance and managing the network.

However, this CloudKey Gen2 sounds interesting but I don't know what it does beyond storing surveillance footage and I don't know where it fits. It seems the CloudKey is a remote interface into my entire Ubiquiti network and peripherals?

Be right back after watching some videos.

I've identified this camera as an option https://www.amazon.ca/UVC-G3-BULLET-3-UniFi-Video-Camera-Pack/dp/B07THLX74K

I will manage this facility by my self. While conscious of funds, I do need a reliable setup and turnkey solution.

@kanewolf - why do you recommend IP based cameras?

 

[kanewolf]

Appreciate the prompt responses. I'll proceed with the selected switch, AP and cabinet.

There is a 2nd wired laptop which I've kept aside for surveillance and managing the network.

However, this CloudKey Gen2 sounds interesting but I don't know what it does beyond storing surveillance footage and I don't know where it fits. It seems the CloudKey is a remote interface into my entire Ubiquiti network and peripherals?

Be right back after watching some videos.

I've identified this camera as an option https://www.amazon.ca/UVC-G3-BULLET-3-UniFi-Video-Camera-Pack/dp/B07THLX74K

I will manage this facility by my self. While conscious of funds, I do need a reliable setup and turnkey solution.

@kanewolf - why do you recommend IP based cameras?

I recommend them just because they are the current generation and beyond. Coax based cameras are old technology.

The Ubiquiti cloudkey is a management station for Ubiquiti UniFI devices. It provides a one-stop-shop for all UniFI management. Want to add a new SSID to the 5 access points you have ? A dozen clicks or so in the Ubiquiti management software, running on the cloud key and you have a new SSID. Want to know how much traffic each AP is generating? The cloud key keeps those statistics. It is the turn-key approach. You can use a laptop, or a Raspberry PI. The cloud key is just the simple way to do it.

To run the Ubiquiti "protect" software, you have to have the CloudKey Gen2 Plus.

I will also say that I do run Ubiquiti networking at my home. I have 3 access points, 5 switches and the USG Pro4 router. I had a gen1 cloud key but I retired it and replaced it with a Raspberry PI running the controller software and DNS filtering software called PI Hole.

 

[eszed556]

I'm having difficulty interpreting the data sheet.

Does this mean I can only connect 4 devices that are 802.3at/at compatible and no more?

PoE Interfaces:
PoE+ IEEE 802.3af/at (Pins 1, 2+; 3, 6-)
24VDC Passive PoE (Pins 4, 5+; 7, 8- )

And that if I connect a 802.3at/at compatible device to Pins 4,5,7,8, the device will not work?

I was under the impression all 8 PoE ports were auto-sensing and essentially I could use all 8 for 802.3at/at compatible devices.

 

[kanewolf]

I'm having difficulty interpreting the data sheet.

Does this mean I can only connect 4 devices that are 802.3at/at compatible and no more?

PoE Interfaces:
PoE+ IEEE 802.3af/at (Pins 1, 2+; 3, 6-)
24VDC Passive PoE (Pins 4, 5+; 7, 8- )

And that if I connect a 802.3at/at compatible device to Pins 4,5,7,8, the device will not work?

I was under the impression all 8 PoE ports were auto-sensing and essentially I could use all 8 for 802.3at/at compatible devices.

Assuming you are still talking about the 16 port 150 W switch -- I believe you could have 16 POE devices as long as the total power was less than 150W.
That switch can be configured to support 802.3af (48V) or passive POE (24V). I believe by default the ports are 802.3af. (I don't have that switch) Neither of those POE methods prevent any of the 8 wires in an ethernet cable from carrying data. You can also completely disable POE on the ports.
My three access points use around 4W each. I don't YET have any Ubiquiti cameras. I have Panasonic cameras currently.

 

[eszed556]

Are you saying these switches provide the flexibility to configure PoE ports as needed? i.e. disable power or change PoE interfaces?

x---x---x

So here's what I've put together based on budget and (needs minus wants). I think this meets my business needs, but would greatly appreciate secondary look. Any best practices or future proofing?

1. UBIQUITI US-24-250W switch.
2. UniFi UAP-AC-PRO access point.
3. Unifi G3 Flex Camera x 3 w/ ceiling mount. I only need to cover access points.
4. UniFi Cloud Key Gen2 Plus. May upgrade to 2TB or hope Unifi Protect has scheduled recording. I've been reading the Protect platform needs to improve, but has come a long way.
5. 9U Network Cabinet to house the above + ISP equipment.

I've got Cat5e pre-installed in the walls and have Cat 7 for extras (cameras, AP). Cable ties too.

Edit: Though I'm yet to experience a power failure, policy does require backup power.
Are there small UPS systems that can fit into the cabinet above? I'm calculating I'll need less than 500W.

 

[kanewolf]

Are you saying these switches provide the flexibility to configure PoE ports as needed? i.e. disable power or change PoE interfaces?

x---x---x

So here's what I've put together based on budget and (needs minus wants). I think this meets my business needs, but would greatly appreciate secondary look. Any best practices or future proofing?

1. UBIQUITI US-24-250W switch.
2. UniFi UAP-AC-PRO access point.
3. Unifi G3 Flex Camera x 3 w/ ceiling mount. I only need to cover access points.
4. UniFi Cloud Key Gen2 Plus. May upgrade to 2TB or hope Unifi Protect has scheduled recording. I've been reading the Protect platform needs to improve, but has come a long way.
5. 9U Network Cabinet to house the above + ISP equipment.

I've got Cat5e pre-installed in the walls and have Cat 7 for extras (cameras, AP). Cable ties too.

Edit: Though I'm yet to experience a power failure, policy does require backup power.
Are there small UPS systems that can fit into the cabinet above? I'm calculating I'll need less than 500W.

Yes, Ubiquiti switches can have the POE disabled on a per-port basis. IF the switch datasheet says it supports passive POE then each port supports both passive and 802.3af POE.
There are rack mount UPS -- https://www.apc.com/shop/us/en/prod...CD-RM-2U-120V-with-SmartConnect/P-SMT750RM2UC

You still HAVE to have a router of some kind. It can be the ISP router, a Ubiquiti router or a different brand, but you have to have one.
If you have an ISP that will provide a modem ONLY, then it is pretty easy to use any brand router.

 

[eszed556]

Yes, the ISP will provide a modem router.

I'll gain possession of the premises in 3 weeks and I hope to go live on 2/1/2020. For now, I'm ordering the Networking equipment.

Thank you kanewolf, insightful discussion and plenty of learning along the way.

 

[SamirD]

Sounds like you've got a solid plan. I know where to get UPS units cheap, especially rack mount ones so let me know how much you'd like to spend on it. Rackmount ups capacity is usually well over 500W so you'll have some headroom as well.

 

[eszed556]

Update.

While assembling I realized the network cabinet is too shallow for the UPS. Complete oversight.

I haven't mounted the cabinet as yet and its too late to go through returns. What are my options?

Could I get a heavy table and place it close to the cabinet? Any special considerations on placing the UPS since its essentially meant to be racked?

Edit: Grounding, interference, static concerns?
Shelf with rubber mat? I imagine racked UPS have some form of shielding built-in since they're stacked close to other equipment.

 

[SamirD]

Put the ups on top of the cabinet or under it. I even have one that's on its side and it's fine. As long as the fans are clear and it's not overheating and has proper power connections, I don't think orientation matters, but I would double check the manual.

 

[eszed556]

Thanks. No room on top of the cabinet due to 2 exhausts. May place it on a makeshift table until I get a vertical wall mount.