I am near enough to the end of a "renovation from hell", where I am going to literally start nailing some final pieces together.
First off, I am not a networking or OS newbie of any kind. What I lack is real-world experience with the range and performance of various wireless networking gear. I understand the physical principles, but that avails me little in the face of actual working hardware and its performance.
House: 2,600 square feet, two above ground levels (1,800 ft^2 total), one basement (800ish ft^2)
Directly adjacent: ADU ("Granny flat"): Single story 400 ft^2 with a 240 ft^2 mezzanine above (potentially usable by someone willing to climb the "fireman's ladder" to get to it).
There is OM3 and Cat-7 running between the basement of the house and ADU. In what seemed a very aspirational move, I proactively purchased two MikroTik switch-routers to have on hand. Remember, supply chains were looking heavily wobbly back then, so I wanted to be "prepared".
Mikrotik CRS326-24G-2S+RM is installed in the house.
Mikrotik RouterBOARD RB2011UiAS-2HnD is installed in the ADU. I am open to replacing it if I must, but the space for a replacement is small, if I'm to to tuck it away out of sight behind a little access panel.
I have SFP+ and SFP modules, and have confirmed that both the Cat-7 and OM3 cables are fully functional between the two buildings. I would lash the two switches together via SFP. While the ADU is not rented out, I will configure to be on the same broadcast domain as the house. If/when it is rented out, it will be segregated and tied off at both ends, only able to reach the outside Internet no matter which VLAN is used from that link, though my preference is to NOT "share" connectivity at all with the renter under any circumstances.
Historically, I've not used wireless networking where I live, having wired previous apartments and houses with Cat-6, sometimes with multiple segments to a given room. I maintain about 80TB of dual Gig-E delivered storage for the house+ADU, 60TB of which can be upgraded to dual SFP+, which may happen sooner than later. (10-drive zRAID2, with NVMe L2ARC + ZIL, I built in 2017).
But times have changed, and mobile devices don't even have an ability to use wired networking even if you wanted to.
I want wireless APs that will simply provide authenticated bridging, so as users move from one AP to another, there will be no risk of obtaining a new IP#, thus breaking existing connections upon the 'handover'. I'm going to setup a RADIUS server on the main house server (Linux based fanless industrial PC) to provide easier mechanisms to retire/change authentication credentials, as well as provide some limited mechanisms for differential access controls when attaching wirelessly. I carry prejudices against wireless networks in general, perhaps too many days running AirCrack & other tools in the past.
Anyway:
APs under consideration: Ubiquiti U6 Professional or Enterprise and the MikroTik cAP XL ac for the house and ADU interior AP(s).
Are any Asus, Netgear, Linksys APs worthwhile for this application? Most of them seem like opaque blackboxes full of features and stuff I don't want or need, with baroque Crapp/Web-based configuration tools. And they're EXPENSIVE for what they are, it seems. While I have a realistic expectation of how secure MikroTik's RouterOS is, it does have a fairly small attack surface. compared with these ugly consumer brands.
But if they deliver the goods, I'm open-minded, and can put up with their configuration b.s. (I am a "lazy geek" - I'll spend more time upfront to do it correctly, with an eye towards not revisiting things unless I change the layout/architecture.)
I have a good idea of how quickly WPA2 authentication occurs, but ideally I'd like these devices to perform at least as quickly as hostapd does on a 1GHz VIA C3 CPU "network router PC" running Linux 5.5. I am mainly hoping to avoid breaking any long-running connections when a user crosses from one AP to another.
I would like to see if I can get away with one AP on the main (ground) floor of the house, with one in the ADU. I have found that the CenturyLink 2.4GHz wireless AP (basement) signal makes it all of the way up to the second floor of the house, so I might get lucky with something better installed on the main floor.
RB2011UiAS-2HnD has only 2.4GHz support, so I need one in the ADU as well, alas. I have one VoIP phone (an old Cisco thing that works well) for the ADU, which this MikroTik supports well enough.
I would most likely set these up with the same SSID on both bands, with channels on the opposite end of the range. All APs will be wired (Cat-7) to its corresponding local switch-router. I want to be able to attach "guests" to a different VLAN from the appliance VLAN, with all of the hard-wired devices having two other VLANS, depending on their location. I am content with the configuration flexibility with the MikroTik where that's concerned. I can't seem to find any setup manuals or documentation on the Ubiquiti stuff, just "installation guides", and recurring mentions of additional hardware controllers or "Crapps" I will never download or use. But they do mention the devices can be setup via "web gui".
The interior APs will be ceiling mounted so they can't be completely hideous. Most of the consumer stuff looks horrible, alas.
I am not interested in extending wireless range to the extremes of my property, aside from perhaps the gap between the house & ADU. I know from testing the feeble wireless solution I've deployed in the ADU, that this is not a worry.
Priorities: configurability-to-suit, range, and performance in decreasing order of importance.
I am fully open to having my proposal critiqued and poked apart, so don't worry about offending me.
Regards,
=Robin=
First off, I am not a networking or OS newbie of any kind. What I lack is real-world experience with the range and performance of various wireless networking gear. I understand the physical principles, but that avails me little in the face of actual working hardware and its performance.
House: 2,600 square feet, two above ground levels (1,800 ft^2 total), one basement (800ish ft^2)
Directly adjacent: ADU ("Granny flat"): Single story 400 ft^2 with a 240 ft^2 mezzanine above (potentially usable by someone willing to climb the "fireman's ladder" to get to it).
There is OM3 and Cat-7 running between the basement of the house and ADU. In what seemed a very aspirational move, I proactively purchased two MikroTik switch-routers to have on hand. Remember, supply chains were looking heavily wobbly back then, so I wanted to be "prepared".
Mikrotik CRS326-24G-2S+RM is installed in the house.
Mikrotik RouterBOARD RB2011UiAS-2HnD is installed in the ADU. I am open to replacing it if I must, but the space for a replacement is small, if I'm to to tuck it away out of sight behind a little access panel.
I have SFP+ and SFP modules, and have confirmed that both the Cat-7 and OM3 cables are fully functional between the two buildings. I would lash the two switches together via SFP. While the ADU is not rented out, I will configure to be on the same broadcast domain as the house. If/when it is rented out, it will be segregated and tied off at both ends, only able to reach the outside Internet no matter which VLAN is used from that link, though my preference is to NOT "share" connectivity at all with the renter under any circumstances.
Please note, that I am not particularly wedded to MikroTik, though it's iptables-like functionality and deep feature set appealed to me, not to mention the hardware accelerated performance at its price point. I am a long-standing Linux network and developer, much more at ease with text file/command line scripts than Web GUI (or worse, Crapp-based stuff).Historically, I've not used wireless networking where I live, having wired previous apartments and houses with Cat-6, sometimes with multiple segments to a given room. I maintain about 80TB of dual Gig-E delivered storage for the house+ADU, 60TB of which can be upgraded to dual SFP+, which may happen sooner than later. (10-drive zRAID2, with NVMe L2ARC + ZIL, I built in 2017).
But times have changed, and mobile devices don't even have an ability to use wired networking even if you wanted to.
I want wireless APs that will simply provide authenticated bridging, so as users move from one AP to another, there will be no risk of obtaining a new IP#, thus breaking existing connections upon the 'handover'. I'm going to setup a RADIUS server on the main house server (Linux based fanless industrial PC) to provide easier mechanisms to retire/change authentication credentials, as well as provide some limited mechanisms for differential access controls when attaching wirelessly. I carry prejudices against wireless networks in general, perhaps too many days running AirCrack & other tools in the past.
Anyway:
APs under consideration: Ubiquiti U6 Professional or Enterprise and the MikroTik cAP XL ac for the house and ADU interior AP(s).
Questions
I am open to other brands and models of course. I have prejudices against the stuff you see in Best Buy/J&B Hifi/etc. I'm no stranger to OpenWRT and have built and installed hardened (Grsecurity) kernel + userspace versions (patched & built myself) for various low-end "USB-powered wireless gateway" devices like the gl.INET's various little boxes.
Are any Asus, Netgear, Linksys APs worthwhile for this application? Most of them seem like opaque blackboxes full of features and stuff I don't want or need, with baroque Crapp/Web-based configuration tools. And they're EXPENSIVE for what they are, it seems. While I have a realistic expectation of how secure MikroTik's RouterOS is, it does have a fairly small attack surface. compared with these ugly consumer brands.
But if they deliver the goods, I'm open-minded, and can put up with their configuration b.s. (I am a "lazy geek" - I'll spend more time upfront to do it correctly, with an eye towards not revisiting things unless I change the layout/architecture.)
I have a good idea of how quickly WPA2 authentication occurs, but ideally I'd like these devices to perform at least as quickly as hostapd does on a 1GHz VIA C3 CPU "network router PC" running Linux 5.5. I am mainly hoping to avoid breaking any long-running connections when a user crosses from one AP to another.
I would like to see if I can get away with one AP on the main (ground) floor of the house, with one in the ADU. I have found that the CenturyLink 2.4GHz wireless AP (basement) signal makes it all of the way up to the second floor of the house, so I might get lucky with something better installed on the main floor.
RB2011UiAS-2HnD has only 2.4GHz support, so I need one in the ADU as well, alas. I have one VoIP phone (an old Cisco thing that works well) for the ADU, which this MikroTik supports well enough.
I would most likely set these up with the same SSID on both bands, with channels on the opposite end of the range. All APs will be wired (Cat-7) to its corresponding local switch-router. I want to be able to attach "guests" to a different VLAN from the appliance VLAN, with all of the hard-wired devices having two other VLANS, depending on their location. I am content with the configuration flexibility with the MikroTik where that's concerned. I can't seem to find any setup manuals or documentation on the Ubiquiti stuff, just "installation guides", and recurring mentions of additional hardware controllers or "Crapps" I will never download or use. But they do mention the devices can be setup via "web gui".
The interior APs will be ceiling mounted so they can't be completely hideous. Most of the consumer stuff looks horrible, alas.
I am not interested in extending wireless range to the extremes of my property, aside from perhaps the gap between the house & ADU. I know from testing the feeble wireless solution I've deployed in the ADU, that this is not a worry.
Priorities: configurability-to-suit, range, and performance in decreasing order of importance.
I am fully open to having my proposal critiqued and poked apart, so don't worry about offending me.
Regards,
=Robin=