Network Design for a large Fraternity House

Hello All,

Recently our campus is getting rid of their service where they provide internet/hardware to greek life. The recent pandemic has hit our budget hard, so instead of having a local IT service come in and design/maintain the network, it will have to be a chapter effort. So I have been put in charge of designing and implementing our new infrastructure for the chapter house since I have had co-op experience and am studying to become a network engineer. This has been somewhat of a challenge thinking about what I need to do configuration wise since we are talking about a house full of engineering students, since they love to tinker and push the limits with everything.

Here is what I have planned so far. I have not committed to anything and this does not need to be fully implemented until the summer so I am open to any advice/opinions.

A little bit about my environment:

• House Capacity is about 70 members
• We have a lot of thick walls and cinderblock walled rooms, so Wireless is a challenge
• Every Room in the house is wired up with 2-3 Ethernet Ports
• We have access points littered around the hallways that will be easy to replace
• Lots of ethernet clients that will need to be able to talk between each other. Raspberry Pi's, 3D Printers, Generic Printers, etc.
• The internet that campus is giving us is unknown. Some get 300mbps, some get 100mbps, access points get us about 20mbps per device

Before I get to the gear, I will answer the "Why Ubiquiti?" Question. I wanted an interface that was easy for someone who was not studying network engineering or IT to be able to look at after I graduate. I have already committed to being responsible for the upkeep of the network since I will probably be local when I graduate, but for easy fixes I feel their UI suits the need.

The gear I am planning on using. I have roughly $8000 to spend on pure equipment, then about $2000 for cables, tools, rack, etc.:

• 1G Business Fiber Connection
• Ubiquiti Dream Machine Pro
• 3x Ubiquiti 48 Port Switches. One dedicated to access points and IP cameras, and the other two dedicated for room Ethernet ports
• A mixture of UAP HD's and 6 Lites depending on the area of the house. I bought a few flavors of access points from ubiquiti to do some real world testing when it comes to signal strength. So my number of access points around the house is not solid yet.
• Unifi In wall AP's for cinderblock rooms with poor RF penetration

Now here is where I am stuck. The company I worked for everything was already pre planned configuration wise. So it was typically just edit a cisco/nokia config to the standards and then deploy the equipment. I am starting from scratch here and am looking for advice if there is anywhere in my plans below that could be improved/modified.

Vlans:

• 10 - Chapter House Members Only
• 20 - Guest Network. No access other than internet.
• 30 - IP Cameras
• 40 - Future Local NAS / Game Caching

Network Design:

• I don't really think I can do auth other than just keeping the wireless passwords to only a few people, and changing the password every semester. I am open to options for this. I was thinking about a RADIUS server of some sort but I do not know if that will be worth having to teach someone about every year.
• Guest Network will be secured using the voucher system offered with unifi.
• Members will only be allowed access to VLANS 10 and 40.
• I was thinking about using Unifi Threat Management to block common things like TOR, torrenting, etc. but from my research it seems like it only works sometimes.
• Members will be required to sign an acceptable use policy which will be written up in the upcoming months.

Any advice is greatly appreciated! I am really excited to get this project started, since this will be a learning experience for me and all of the other network engineers in the house.