Login

u/Amselmann

▲ 82 r/Ubiquiti

Hi everyone,

I’m planning my first UniFi installation for a new house and would really appreciate a sanity check before I start mounting racks and buying the rest of the hardware.

As you can see in the attached diagram, my main challenge is keeping noisy equipment out of the attic, which is a large open room that also includes a bed.

Current Situation

I have 24 CAT7 runs throughout the house. All of them (except doorbell -> basement) terminate in the attic and are currently punched down to CAT6a keystones by the electrician.

The main electrical panel is in the attic, and the ISP fiber from Telekom Germany also terminates there.

My problem:
I originally planned to put the main network rack in the attic. However, I’ll be running UniFi Protect with a spinning HDD. A UDM-Pro, possibly an NVR, HDD noise, and case fans would probably be too loud for a bedroom area.

My idea / solution:

Luckily, I have two dedicated Ethernet runs going from the attic down to my 1st-floor office. My plan is to move the noisy gateway / recording hardware down to the office and use the two runs to loop the connection.

Attic / main patching location

  • Telekom fiber modem / ONT
  • USW Pro Max 24 PoE
  • Patch panel for all 24 house runs
  • APs, cameras, room ports, basement connection

1st-floor office / "noisy" zone

  • UDM-Pro or Cloud Gateway Fiber
  • Work PCs / office devices
  • Possibly future storage / NVR hardware

Connection between attic and office

Run 1: WAN down Run 2: LAN back up
Telekom fiber modem / ONT in the attic→ dedicated Ethernet run→ WAN port of the UniFi gateway in the office LAN / SFP+ LAN port of the UniFi gateway in the office→ dedicated Ethernet run→ USW Pro Max 24 PoE in the attic→ house distribution

So the simplified topology would be:

Telekom fiber modem / ONT
        ↓ dedicated WAN Ethernet run
UDM-Pro or Cloud Gateway Fiber in office
        ↓ LAN / preferably 10G uplink
USW Pro Max 24 PoE in attic
        ↓
APs, cameras, room ports, basement connection

As far as I understand it, the UniFi gateway has to sit between the Telekom modem / ONT and the internal LAN, but it does not physically need to be in the attic as long as WAN and LAN are kept on separate dedicated runs, right?

planned / owned Hardware

Already owned:

  • UDM-Pro
  • Cloud Gateway Fiber
  • 3 × U7 Pro APs

Planned:

  • USW Pro Max 24 PoE
  • 2–3 UniFi cameras
  • Possibly a G6 Pro Entry doorbell
  • Maybe more UniFi devices later

(I know that the UDM-Pro and Cloud Gateway Fiber do not really make sense together, so I will probably sell one of them later - bought it on black friday while FOMO kicked in 😅)

My questions

  1. Topology: Does this physical WAN/LAN split across floors make sense, or am I missing a major flaw? Is it perfectly fine to dedicate one attic-to-office Ethernet run purely as WAN from the Telekom modem / ONT to the UniFi gateway?
  2. Gateway placement: Is there any downside to having the gateway in the office and the main PoE switch / patching location in the attic?
  3. Office switch: I wasn't sure if I actually need a dedicated smaller switch in the office, or can I simply use the built-in 8-port switch on the UDM-Pro for my office devices? I understand those ports are only 1G, so for the main uplink back to the attic switch I would probably use the UDM-Pro’s 10G SFP+ LAN port instead.
  4. 10G uplink over existing cabling: Since one of the two attic-to-office runs would be used as dedicated WAN, the second run would be the LAN uplink back to the attic. Does it make sense to use SFP+ RJ45 modules between the UDM-Pro and the USW Pro Max 24 PoE for a 10G uplink over my existing CAT7 cabling? Could the CAT6a keystones cause issues at 10G speeds, or should this generally be fine if the termination is good?
  5. Gateway choice / Protect storage: Since I need UniFi Protect and HDD storage for the cameras, would you keep the UDM-Pro and sell the Cloud Gateway Fiber? Or would you rather use the Cloud Gateway Fiber and add a separate UniFi NVR later if needed?
  6. Basement doorbell: The front doorbell cable unfortunately only terminates in the basement, not in the attic. The basement can get slightly damp, so I’d prefer to keep active hardware there to a minimum. Would you just run the basement connection back to the attic switch and use a small non-PoE switch plus PoE injector for the G6 Pro Entry? Or would you use something like a UniFi Ultra / Switch Lite 8 PoE in the basement?
  7. Last but not least: Are there better approaches I should consider before installing everything?

My main goal is to keep the attic bedroom quiet while still using it as the central patching location for all 24 house Ethernet runs.

Thanks a lot for your advice!

Disclaimer: Picture was AI generated

u/Amselmann — 12 days ago