Thanks in advance for your advice. Every time I come on this forum I get nothing but great help.
I’ll try to keep this one short for today. I own a company based in a ~35000 SQFT Warehouse and I need wifi.
Right now i have 5 ASUS RT-AC88U routers with fantastic range and between them almost all of my space is covered. The only problem is that they all work independently. None of them talk to each other and are limited to their own unique SSID and network. For stationary devices this is fine but for devices like laptops and mobile work stations this poses a problem.
So my initial thought is some kind of Wi-Fi Mesh. I want everyone to be able to connect to 1 of 3 different Wi-Fi networks (3 different Vlans) and seamlessly transfer between different zones as they walk around. I do not want communication done between each node through Wi-Fi, I have the infrastructure to wire each with ethernet separately.
My question is, what’s the best solution to this? Ideally I want to add 2 to 4 more nodes to make sure all areas are covered with a strong connection. I am open to buying dedicated hardware but I want to spend less than ~$1500 on this. I am willing to do a DIY solution with my own routers or go with some other premade implementation.
I’ve done a decent amount of research so far and it seems everyone is head-over-heels for direct node to node communication through a Wi-Fi based backhaul, but I want to free up my Wi-Fi by only using an ethernet based backhaul and I’m having a lot of trouble finding resources for this.
I already have a UniFi Access system setup for our doors, along with the rackmount dream machine. I’ve heard really mixed reviews about Ubiquity and only used the Access portion of their systems because it was really the only choice in that space. I’ve heard everything from, “Ubiquity saved my life”, to “My Dream machine reformatted itself and now I’m going to die”. I would prefer a homebrew setup using something like OpenWRT, but it’s hard to find resources on the performance of such a setup.
Essentially the way corporate wifi works is that you have multiple access point devices running on different non-overlapping channels with same SSID and encryption settings, hooked up to that same wired lan, and it’s up to client devices to snoop around and look for a decent signal strength alternative access point.
Client devices only have a single radio that can only work on one channel at any given time (unlike cellular networks), so there’s always going to be some disruption when doing “background scanning” or when switching APs.
There are some protocols that make reconnections to a different access point slightly simpler, but there’s never zero impact. (FT-BSS)
Some access points allow themselves to be configured with minimum signal strength allowed for clients, and they’ll chase away clients that mistakenly remain connected to a low signal strength access point.
I’ve been using a pair of unifi u6-lr in my home for the last year and a single u6-mesh in the garden for about 3 months, and they’re really solid access points. I haven’t used the u6-pro. To use unifi stuff, you need the controller software (that’s used to configure your access points) on your laptop for testing and initial setup… long term you can spin up a container somewhere in the cloud or and have that cloud VM or container VPN-ed to whatever router you’re using so access points would talk to it.
I also use a pair of their switches mixed in with my own, but I use my own router.
Given my prior experience with Mikrotik, Aruba, and OpenWRT, I’d really recommend Unifi wifi access points over those others - it’s fuss free and relatively speedy once set up. (I get decent 700+ Mbps from my phone whenever and only time I’ve had trouble was with radar on DFS channel and a simple access point reboot fixes that).
I am not already running OpenWRT, Just stock on those routers. So what you’re saying is that the wireless device needs to manage swapping between devices? The Mesh does not instruct the device on what to do?
But with Unifi, i can have ~10 access points and have them all show up as the same SSID then, which would be ideal. Does Unifi allow you to have 3 different SSIDs that have different Vlans?
Anything that isn’t QCA or the older Atheros stuff (ath9k, ath10k) and Mediatek (mt76) as far as radio’s goes are a dead end using OpenWrt. That Asus model uses Broadcom…
The word “mesh” is used to describe setups where one WiFI AP has ethernet, and the rest forward frames from clients back to the main AP. What you’re interested in here is WiFi roaming.
As another poster has said, roaming choices are entirely upto the client - which makes things quite simply for you. Just configure the same SSID with the same PSK on multiple APs, and it will just work.
However there are some gotchas. Channel selection is one, all APs should be using different channels. The “Channel: Auto” setting on each AP should be enough to resolve this. Another issue is that APs can be too powerful, leading to overlapping areas. Clients may get stuck to an AP and not roam properly. The solution to this is to turn down transmit power on each AP.
So to summarise just configure the same SSID/PSK on all APs, use Channel: Auto, and consider turning down AP transmit power if clients get “stuck” on another AP.
APs backed buy a controller can have features which help client roaming. But you only really need this when you have more then a few APs.
Okay that’s interesting. So i don’t really Neeed a proprietary solution. In theory i could do what I’m doing now just change all the SSIDs and channels.
Is there a specific controller i can get for Wifi Roaming with different brands of APs? Does using the Unifi ecosystem count as a controller and it will help with roaming?
I will be using up to 10 APs so a dedicated controller might be necessary. Ideally i’d go with a complete Ruckus based solution but between the APs and the controllers it could cost over 10K.
On the cheap end you have UniFi and Tp-Link Omada, going up a bit Cambium and Arbua. Ruckus are good but their price has gone up a lot over the years.
Controllers are fully propriety, you need the APs from the same Vendor. The controllers mostly make management of the APs a lot damn easier, plus give visibility. You definitely want to stick with one vendor, if not one model.
I just need to ask though, how important is this WiFi to your business? If you plan on running your scanners / warehouse equipment on the WiFi, it might be worth investing some money into getting a professional to come in. They have software that can model your building and work out the best AP placement. Plus they can do a wireless survey after the fact and resolve any issues.
Though if you don’t mind experimenting and trying things out then you should be able to get something decent by yourself. Just do some research so you can learn from others mistakes.
I’m a DIY type of guy (kinda why I’m here). Wi-Fi is not critical to our infrastructure. We have extensive ethernet wiring around and everything that is important is hard wired. The Wi-Fi is only for certain devices that somehow are not able to get a wire to them or small IOT devices that don’t have ethernet ports. That’s why i want a solution with multiple SSID networks and Vlans so I can make an IOT specific network with no internet access.
I also have the occasional time someone needs to roam around with a laptop and just having a proper roaming Wi-Fi setup would just make things easier. 35000 SQFT is a lot and I will walk around the place dozens of times a day doing my job. If I can setup some kind of roaming Wi-Fi for under 1K then it’ll be well worth my time and money.
It seems with the information I’ve gathered from you fine folks in the thread is that I should buy 2 more of the routers I already own and simply make a generic and simple Wi-Fi roaming setup by overlapping SSIDs on different channels. Some optimization will be in order but I’m sure I can figure it out. When business is booming hopefully within a year or two I’ll drop some serious money on a proprietary setup, either Unifi, or TPlink or maybe even Ruckus if business is doing well.
Thanks again, I have learned a lot today. Now to figure out the Vlans… I recognize their importance but I hate Vlans.
Correct. There’s 802.11i/k/r that altogether do something like: " hey client, here’s a list of access points you can switch to with simpler authentication", but that’s all optional and lots of clients don’t support it and it’s mostly minor improvements. Expect anything between 50ms and 500ms hiccup and some dropped packets, regardless of whether devices support these or not.
Yes. You can have 3 SSIDs on each of the 10 access points (or perhaps have subsets for whatever reason) and then assign each SSID to a VLAN.
No. All “controllers” are always tied to the vendor, unifi controller is just a webserver that lets you configure all access points in the same place, it “helps with roaming” by making it easy not to screw up individual device configs. Additionally, it can coordinate automatic firmware updates, and APs can send metrics to it, so you can see pretty graphs and statistics. The controller doesn’t even have to be on the same network to “adopt” devices, but it helps.
Some other brand controllers (Mikrotik/Aruba/Ruckus/Meraki) can also optionally tunnel traffic from APs back to controller so that your wired switches FDB (forwarding database) doesn’t need to update when client stations move between APs, and it also provides additional encryption over ethernet, IMHO this requires more maintenance and unless you’ve several staff taking care of your network systems, and keeping this kind of controller online as a single point of failure is a burden you probably don’t want. With Unifi, your controller can go offline and basic networking will still work.
Unifi APs don’t support 802.1x on ethernet, someone with physical access to ethernet cable can mitm your traffic. If this is a real concern for some reason you need to look elsewhere. (generally with pervasive TLS/HTTPS and everything in the cloud anyways, folks mostly don’t care these days). They do support RADIUS auth, so you don’t have to give everyone the same wifi password and can make accounts instead.
Could also get a mid-tier MikroTik Router (just to act as a controller, search term is “CAPsMAN”) and MikroTik APs to go with it.
Setup is a well documented, IMO easier than on Cisco.