03/07/2016
Campus Residential Overhaul
Description

I run IT for what can be described as a small college campus. If you have ever heard of Youth With a Mission, it's a YWAM base located in Northwest Montana. In fact, to date, this particular campus is one of the largest in existence. Nearly half of the organization's developed property is residential housing for families. To be exact there are 27 houses and 2 cabins that make up the family residential portion of the campus. There are quite a few other buildings on the other half of the campus, but for the most part those are all interconnected through a fiber backbone so getting service to those facilities is not much of a challenge.

 

The family residential  area has for the most part been serviced with internet connectivity through the cable company, which worked well for awhile. Our original contract with the company was a bulk contract that allowed us to get reasonable internet for a fraction of what it would have cost for individual standard contracts. However over the years the cable company was bought out, and changed hands several times making the paperwork, billing, and troubleshooting a nightmare. A year ago we finally got the notice that our bulk plan would be expiring which would place all of our housing on a standard plan, nearly quadrupling the price of servicing all of the homes.

 

To solve the problem we started looking into utilizing our completely undeveloped water tower on campus. The tower pretty much sits in the middle of campus, perfect for creating a wireless backbone to get our network to those hard to reach places. Ubiquiti Networks ended up topping our list in terms of bang for buck so we started figuring out what all we would need. We wanted to guarantee a fairly large amount of bandwidth to each house at any given time, so to achieve that we distributed all of the homes between 3 sectors/rockets.

 

IMG_4038.jpgIMG_4035.jpgIMG_4031.jpg

 

So we installed the infrastructure on the tower. And ran all of the necessary cable in each of the houses to hook up the Nanobeams. The area we were broadcasting into sits at the base of a mountain that is used for quite a bit of WISP'ing, so surprisingly, even in the middle of Montana, the air wasn't super clean. That said, we ended up broadcasting all of the sectors on a channel width of 20Mhz, and as low of an output as we could go while still maintaining a good connection with all of the Nanobeams.

 

Screen Shot 2016-03-07 at 8.15.18 PM.png

Screen Shot 2016-03-07 at 8.12.30 PM.png

Screen Shot 2016-03-07 at 8.11.05 PM.png

 

At this point we had created a way for our backbone to reach each of the 29 homes, but now we needed a way to transform the output into a usable wireless internet connection, while also providing each house with 1 wall port to plug something in if need be. The Unifi AC-Pro model access point was perfect for the job. We powered the access point with one cable into the "main" port, and provided network access to a wall port from the "secondary" port. The extra cost of the pro model over the lite model was covered by not having to buy a switch for one wall port. This also simplified the maintenance aspect of the installation due to the fact that most 8 port switches for under $50 will need to be power cycled every now and again. Using the AP as a "soft switch" allowed us to bypass that altogether, and actually save a couple bucks.

 

In order to keep each house on it's own private network, we set up a VLAN for each house and piped it all the way back to our router, and bridged the LAN0 (untagged LAN traffic) with the tagged traffic from each specific house's VLAN. This allowed us to direct all traffic from within the house onto the proper VLAN, and keep residents off of the management VLAN.

 

While this configuration created a great deal of security for us, and for the residents of each home, this posed a problem for all of our APs and the adoption process. Each AP would not only be on a separate subnet from the controller, but on a separate VLAN as well. The only way to administer them would be to open the necessary ports on the firewall so that it could communicate with the management VLAN. And that would be after someone set the inform option, and worst of all, allow management traffic through the Nanobeam onto the LAN of the home. Our best option was be to move our local controller into the cloud, with a public IP address. That way, as long as the AP had an internet connection, it would be able to communicate. Using DHCP option 43 within our Sophos UTM, we were able to skip the "set-inform" process of each AP as well. The only loophole to whole system is that the AP now resides on the residential VLAN, so if a resident wanted to they could attempt to hack into it, but we would know when one of our APs went missing. It's a compromise I could live with, and frankly the likelihood of that happening is extremely low.

 

With everything set up my team and I were able to install the access points in each home over the course of 2 months. All of the drops terminate into a Leviton panel located in either the garage, or an attic storage unit making each install pretty clean and unobtrusive.

 

IMG_0070.JPG

IMG_0072.JPG 

 

The final step was to create WLAN groups within our Unifi controller, and assign them to their respective residence. The only other alteration we made to the configuration was to bump the channel width of the 5Ghz band down to 20Mhz to achieve slighter longer distances through the houses and even bleed out into the yards a little bit. The loss of bandwidth doesn't really have an effect due to the Nanobeams only really being capable of 140Mbs on a perfect day.

 

Screen Shot 2016-03-06 at 9.54.38 PM.png

 

So far the system has been solid as a rock. All 29 residences are up, running, and kicking out solid service with a smile. Since installing the system we have had nothing but rave reviews on the new quality of service and how much better it is in each home. Thanks to Ubiquiti Networks for making affordable gear that performs incredibly well and is easy to install, we'll definitely be back for more.

Campus Residential Overhaul

by ‎03-07-2016 07:46 PM - edited ‎03-07-2016 07:59 PM

I run IT for what can be described as a small college campus. If you have ever heard of Youth With a Mission, it's a YWAM base located in Northwest Montana. In fact, to date, this particular campus is one of the largest in existence. Nearly half of the organization's developed property is residential housing for families. To be exact there are 27 houses and 2 cabins that make up the family residential portion of the campus. There are quite a few other buildings on the other half of the campus, but for the most part those are all interconnected through a fiber backbone so getting service to those facilities is not much of a challenge.

 

The family residential  area has for the most part been serviced with internet connectivity through the cable company, which worked well for awhile. Our original contract with the company was a bulk contract that allowed us to get reasonable internet for a fraction of what it would have cost for individual standard contracts. However over the years the cable company was bought out, and changed hands several times making the paperwork, billing, and troubleshooting a nightmare. A year ago we finally got the notice that our bulk plan would be expiring which would place all of our housing on a standard plan, nearly quadrupling the price of servicing all of the homes.

 

To solve the problem we started looking into utilizing our completely undeveloped water tower on campus. The tower pretty much sits in the middle of campus, perfect for creating a wireless backbone to get our network to those hard to reach places. Ubiquiti Networks ended up topping our list in terms of bang for buck so we started figuring out what all we would need. We wanted to guarantee a fairly large amount of bandwidth to each house at any given time, so to achieve that we distributed all of the homes between 3 sectors/rockets.

 

IMG_4038.jpgIMG_4035.jpgIMG_4031.jpg

 

So we installed the infrastructure on the tower. And ran all of the necessary cable in each of the houses to hook up the Nanobeams. The area we were broadcasting into sits at the base of a mountain that is used for quite a bit of WISP'ing, so surprisingly, even in the middle of Montana, the air wasn't super clean. That said, we ended up broadcasting all of the sectors on a channel width of 20Mhz, and as low of an output as we could go while still maintaining a good connection with all of the Nanobeams.

 

Screen Shot 2016-03-07 at 8.15.18 PM.png

Screen Shot 2016-03-07 at 8.12.30 PM.png

Screen Shot 2016-03-07 at 8.11.05 PM.png

 

At this point we had created a way for our backbone to reach each of the 29 homes, but now we needed a way to transform the output into a usable wireless internet connection, while also providing each house with 1 wall port to plug something in if need be. The Unifi AC-Pro model access point was perfect for the job. We powered the access point with one cable into the "main" port, and provided network access to a wall port from the "secondary" port. The extra cost of the pro model over the lite model was covered by not having to buy a switch for one wall port. This also simplified the maintenance aspect of the installation due to the fact that most 8 port switches for under $50 will need to be power cycled every now and again. Using the AP as a "soft switch" allowed us to bypass that altogether, and actually save a couple bucks.

 

In order to keep each house on it's own private network, we set up a VLAN for each house and piped it all the way back to our router, and bridged the LAN0 (untagged LAN traffic) with the tagged traffic from each specific house's VLAN. This allowed us to direct all traffic from within the house onto the proper VLAN, and keep residents off of the management VLAN.

 

While this configuration created a great deal of security for us, and for the residents of each home, this posed a problem for all of our APs and the adoption process. Each AP would not only be on a separate subnet from the controller, but on a separate VLAN as well. The only way to administer them would be to open the necessary ports on the firewall so that it could communicate with the management VLAN. And that would be after someone set the inform option, and worst of all, allow management traffic through the Nanobeam onto the LAN of the home. Our best option was be to move our local controller into the cloud, with a public IP address. That way, as long as the AP had an internet connection, it would be able to communicate. Using DHCP option 43 within our Sophos UTM, we were able to skip the "set-inform" process of each AP as well. The only loophole to whole system is that the AP now resides on the residential VLAN, so if a resident wanted to they could attempt to hack into it, but we would know when one of our APs went missing. It's a compromise I could live with, and frankly the likelihood of that happening is extremely low.

 

With everything set up my team and I were able to install the access points in each home over the course of 2 months. All of the drops terminate into a Leviton panel located in either the garage, or an attic storage unit making each install pretty clean and unobtrusive.

 

IMG_0070.JPG

IMG_0072.JPG 

 

The final step was to create WLAN groups within our Unifi controller, and assign them to their respective residence. The only other alteration we made to the configuration was to bump the channel width of the 5Ghz band down to 20Mhz to achieve slighter longer distances through the houses and even bleed out into the yards a little bit. The loss of bandwidth doesn't really have an effect due to the Nanobeams only really being capable of 140Mbs on a perfect day.

 

Screen Shot 2016-03-06 at 9.54.38 PM.png

 

So far the system has been solid as a rock. All 29 residences are up, running, and kicking out solid service with a smile. Since installing the system we have had nothing but rave reviews on the new quality of service and how much better it is in each home. Thanks to Ubiquiti Networks for making affordable gear that performs incredibly well and is easy to install, we'll definitely be back for more.

Comments
by
on ‎03-08-2016 12:17 AM

wOw~! Excelent Man Very Happy

by
on ‎03-08-2016 05:14 AM

Excellent example of a professional job. Thanks for sharing your work!

by Deleted Account
on ‎03-08-2016 06:40 AM

Wow, great story! Kudos!

by
on ‎03-08-2016 06:56 AM

This is a great setup!

by
on ‎03-08-2016 07:45 AM

Awesome setup and install.

by
on ‎03-08-2016 08:54 AM
This is great. It's nice to see that you could actually get on a tower for your backhaul link.
by
on ‎03-08-2016 01:47 PM

Awesome job. That's one slick install.

by
on ‎03-08-2016 01:54 PM
by
on ‎03-08-2016 03:06 PM

What is the in wall encoluser that your using in the houses? I have never seen them before in austraila.

by
on ‎03-08-2016 06:33 PM

Fantastic setup.