After finally getting fiber internet installed, I can get going with the final steps in my network rebuild.
I have my OPNSense box ready to go, but I don’t have a WAP yet.
I’ve been digging around a bit, but I’ve found that the most popular brands tend to either phone home or require cloud functionality to work.
What does it have to do:
Currently there are only about 10 devices (mostly IoT stuff) that connect to it.
Multiple VLANs
Multiple SSIDs (for guests, and my printer doesn’t like WPA3, or combined WPA3/WPA2 so it needs to have an SSID for itself, I’d wager)
PoE would be nice, even though I don’t have a PoE switch as of yet (next project). So both PoE and cord would be ideal.
It doesn’t have to be the most powerful beast out there; my provider-router can cover the whole house, so I would think any dedicated device would crush that.
Probably other fun things that I can’t think of right now.
The only devices that are WiFi only, are my phone and the IoT stuff. I don’t use my phone for a lot of heavy stuff, just mail/chat and the occasional video. The rest is wired.
I can’t put my provider-router in bridge mode, that is blocked.
Can anyone advise me, or push me in the right direction? I tried to search for topics on this, but I couldn’t really find recent ones that cover my needs. (or I need my eyes checked)
I know Ubiquity (Unifi) has both a local controller (just your own network) and cloud-based controller software. I find the Unifi network system so much easier to use than PfSense or Opensense.
As noted, Unifi controller can run locally in a docker container or installed in a VM (or a docker container, in a VM; i digress), and the container and the AP’s can be put into an IoT doghouse firewall rule (on pfsense).
Being able to do so doesn’t necessarily make it a desirable option (in my case expedient, I admin the same at work and was just too lazy to look at omada when the time came; I find ubiquiti a lot more dubious than I once did). However it’s a more or less good portal with a lot of function available.
But if you have limited wifi performance if not configuration needs, can not an old wifi router do what you need, in an AP only bridge mode (something supporting OpenWRT from ebay, perhaps).
For UniFi, I think it when you do a block on port 8443 from the internet you remove the controller and network hardware’s ability to have cloud access right?
I don’t know if blocking port 8443 would remove cloud access from any unifi unit. I have always been not worried that Ubiquity could control my network equipment. Right now, the fact Ubiquity can control my network equipment is the only way I can manage or look into what is going on with my network. Currently, the local access portal won’t let me log into my local unfi equipment.
MikroTik does not have a “cloud” option, either the WAP is its own master or it talks to some other MikroTik device on your network (Capsman) for control.
Ubiquity can be made to be local only
Lancom has Stand-Alone mode, or local Controller, or Cloud, is pricey though!
I just bought a Ubiquiti U6-LR for my parents. I didn’t want to bother with their apps/controllers/VMs/entire ecosystem. I just wanted a wireless AP to replace the one they had already (older Ubiquiti AP). I flashed openwrt to it and now it behaves like a normal AP. If you have more of them, I think you can set up 802.11r/v/w? for fast transition, etc.
I think the U6 series is all mediatek and very flashable. The U7 series might be broadcom and I would personally hold off until I know it’s supported, if you decide to go the Ubiquiti route.