Network Layer Integration
Switching, Wireless & System Configuration
Bal Harbour, FL 33154
Contents
We will bring your network infrastructure to life — connecting every device, securing every connection, and delivering seamless wireless coverage throughout the entire property.
The structured cabling backbone (proposed separately under BSL-2026-0516) provides the physical foundation — 120 terminated and certified cable runs across two racks. This proposal adds the active intelligence: the switches that direct traffic, the gateway that protects the network, the wireless access points that blanket the home in WiFi, and the configuration that ties it all together.
We propose a Ubiquiti UniFi network platform — a unified ecosystem where the gateway, switches, and wireless access points are managed through a single interface. The architecture uses a three-tier design with a dedicated 10G aggregation backbone and redundant fiber paths for maximum reliability.
Architecture
- A USW-Aggregation switch serves as the dedicated 10G SFP+ backbone connecting the gateway to all distribution and access switches
- Redundant fiber paths between the MDF (1st floor) and IDF (2nd floor) — if the primary link fails, traffic automatically reroutes via Spanning Tree Protocol (STP)
- All inter-switch connections run at 10 Gbps over SFP+ DAC cables (within the MDF rack) and OM4 multimode fiber (between floors)
Security & Redundancy
This network is designed to protect a property with 16 surveillance cameras, access control on two entry points, and high-value AV distribution. Security is built into every layer:
- Network segmentation — six isolated VLANs ensure that security cameras cannot be accessed from the guest WiFi, IoT devices are contained from the main network, and AV traffic has dedicated bandwidth without competing with web browsing or downloads
- Enterprise firewall — the UDM Pro Max runs intrusion detection and prevention (IDS/IPS), monitoring all traffic for threats in real time at up to 5 Gbps throughput
- Redundant backbone — the aggregation switch creates multiple paths through the network. If any single switch or fiber link fails, the remaining paths continue operating automatically with zero manual intervention
- Battery backup — UPS units at both the MDF and IDF keep the entire network, cameras, and access control running during power outages for 30+ minutes, giving the generator time to start or allowing a graceful shutdown
- Encrypted remote access — the homeowner can securely monitor cameras and manage the network from anywhere via VPN, without exposing the system to the public internet
Network Segmentation (VLANs)
All traffic is separated into isolated network segments for security and performance:
| VLAN | Name | Purpose |
|---|---|---|
| 1 | Management | Network infrastructure devices only (switches, APs, controllers) |
| 10 | Data | Computers, phones, home office devices |
| 20 | IoT | Smart home devices, Lutron, pool controller, thermostats |
| 30 | Security | AXIS cameras, NVR, intercoms, access control — isolated from all other traffic |
| 40 | AV | Crestron NVX, whole-home audio, TV distribution |
| 50 | Guest | Guest WiFi — internet only, no access to internal systems |
Gateway & Firewall
- Ubiquiti UDM Pro Max — enterprise gateway with built-in firewall, IDS/IPS threat detection, 2.5GbE WAN port, VPN server for secure remote access
- All 6 VLANs configured with inter-VLAN routing and firewall rules
- DHCP server for all network segments with static reservations for infrastructure devices
Network Switching
- USW-Aggregation — 8-port 10G SFP+ aggregation switch, dedicated backbone for all inter-switch traffic
- USW-Pro-48-PoE — 48-port PoE++ core switch serving all 1st floor devices directly from the MDF
- USW-Pro-HD-24-PoE — 24-port PoE++ access switch at the IDF, serving all 2nd floor devices
- All switches connected via 10G SFP+ uplinks (DAC cables within the MDF, OM4 fiber to the IDF)
Wireless Coverage
- 10x Ubiquiti U7 Pro Max (indoor) — WiFi 7 access points, positioned for complete interior coverage across both floors
- 2x Ubiquiti U7 Pro Outdoor — weatherproof WiFi 7 for the pool terrace and motor court
- Seamless roaming (802.11r) between all APs — no drops as you move through the home
- Band steering to push devices to the fastest available frequency (6 GHz / 5 GHz)
Battery Backup
- MDF UPS (1500VA) — rack-mount, pure sine wave, 30+ minute runtime. Keeps gateway, switches, cameras, and access control running during power outages.
- IDF UPS (1000VA) — rack-mount, keeps 2nd floor WiFi and devices online during outages.
Configuration & Commissioning
- All VLANs configured and tested
- Firewall rules between segments (security isolated, guest internet-only, IoT contained)
- WiFi SSIDs configured (Home, Guest, IoT)
- All access points adopted, positioned, and RF-optimized
- ISP handoff configured at the UDM Pro Max
- Remote access configured (Ubiquiti cloud + VPN)
- System handed over with credentials and documentation
The diagram below shows how all network components connect — from the ISP through the gateway, aggregation backbone, and distribution switches down to every endpoint in the home.
Equipment
| Item | Cost |
|---|---|
| Ubiquiti UDM Pro Max — gateway, firewall, IDS/IPS, VPN | $599 |
| Ubiquiti USW-Aggregation — 8-port 10G SFP+ backbone switch | $269 |
| Ubiquiti USW-Pro-48-PoE — 48-port PoE++ core switch | $1,099 |
| Ubiquiti USW-Pro-HD-24-PoE — 24-port PoE++ IDF access switch | $999 |
| Ubiquiti U7 Pro Max (10x) — WiFi 7 indoor access points | $2,790 |
| Ubiquiti U7 Pro Outdoor (2x) — WiFi 7 outdoor access points | $558 |
| UPS MDF — APC Smart-UPS 1500VA, 2U, pure sine wave | $894 |
| UPS IDF — CyberPower 1000VA, 1U, pure sine wave | $727 |
| SFP+ DAC cables 0.5m (4x) & SFP+ 10G multimode modules (4x) | $128 |
| Equipment Subtotal | $8,063 |
Labor
| Description | Cost |
|---|---|
| Switch installation, rack mounting, SFP+ connections, fiber patching | $1,500 |
| Gateway configuration — VLANs, firewall rules, DHCP, inter-VLAN routing, ISP handoff | $2,000 |
| WiFi deployment — mount 12 APs, adopt, configure SSIDs, RF optimization, roaming | $2,500 |
| UPS installation and configuration | $500 |
| System testing, documentation, and handover | $1,000 |
| Labor Subtotal | $7,500 |
Total
| Equipment (see attached BOM) | $8,063 |
| Labor | $7,500 |
| Estimated Project Total | $15,563 |
| Phase | Crew | Duration |
|---|---|---|
| Equipment procurement (after approval) | — | 5–10 business days |
| Switch installation & rack patching | 2 technicians | 1 day on-site |
| Gateway & VLAN configuration | 1 engineer | 1 day on-site |
| WiFi AP deployment & RF optimization | 2 technicians | 1–2 days on-site |
| System testing & commissioning | 1 engineer | 1 day on-site |
| Documentation & handover | — | Within 3 business days |
| Total: approval to handover | ~3 weeks |
Pricing & Payment Terms
Fees are defined in the applicable estimate or invoice.
- 50% deposit due prior to commencement of work
- 30% due upon substantial completion
- 20% due upon system sign-off
Invoices are due within 7 days after project completion. Taxes, permits, fees, expedited shipping, and unforeseen site conditions are not included unless explicitly stated.
Warranty
- 1-year workmanship warranty on all installation and configuration
- Manufacturer warranties — Ubiquiti (2-year), APC/Tripp Lite UPS (3-5 year)
- 30-day configuration support — post-handover adjustments to WiFi, firewall rules, or VLAN settings at no charge
Scope Exclusions
- Structured cabling — see Physical Layer proposal (BSL-2026-0516)
- Security cameras — see AXIS proposal (BSL-2026-0515)
- ISP service fees, home automation programming, AV content distribution
Acceptance
Sign to accept this project:
Client Signature:
Name / Date
Baltic Service LLC:
Authorized Representative / Date
