What's new

Looking to finish a wireless deployment I started with MikroTik switch-routers

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

LordNikon

New Around Here
I am near enough to the end of a "renovation from hell", where I am going to literally start nailing some final pieces together.

First off, I am not a networking or OS newbie of any kind. What I lack is real-world experience with the range and performance of various wireless networking gear. I understand the physical principles, but that avails me little in the face of actual working hardware and its performance.

House: 2,600 square feet, two above ground levels (1,800 ft^2 total), one basement (800ish ft^2)
Directly adjacent: ADU ("Granny flat"): Single story 400 ft^2 with a 240 ft^2 mezzanine above (potentially usable by someone willing to climb the "fireman's ladder" to get to it).

There is OM3 and Cat-7 running between the basement of the house and ADU. In what seemed a very aspirational move, I proactively purchased two MikroTik switch-routers to have on hand. Remember, supply chains were looking heavily wobbly back then, so I wanted to be "prepared".

Mikrotik CRS326-24G-2S+RM is installed in the house.
Mikrotik RouterBOARD RB2011UiAS-2HnD is installed in the ADU. I am open to replacing it if I must, but the space for a replacement is small, if I'm to to tuck it away out of sight behind a little access panel.

I have SFP+ and SFP modules, and have confirmed that both the Cat-7 and OM3 cables are fully functional between the two buildings. I would lash the two switches together via SFP. While the ADU is not rented out, I will configure to be on the same broadcast domain as the house. If/when it is rented out, it will be segregated and tied off at both ends, only able to reach the outside Internet no matter which VLAN is used from that link, though my preference is to NOT "share" connectivity at all with the renter under any circumstances.
Please note, that I am not particularly wedded to MikroTik, though it's iptables-like functionality and deep feature set appealed to me, not to mention the hardware accelerated performance at its price point. I am a long-standing Linux network and developer, much more at ease with text file/command line scripts than Web GUI (or worse, Crapp-based stuff).

Historically, I've not used wireless networking where I live, having wired previous apartments and houses with Cat-6, sometimes with multiple segments to a given room. I maintain about 80TB of dual Gig-E delivered storage for the house+ADU, 60TB of which can be upgraded to dual SFP+, which may happen sooner than later. (10-drive zRAID2, with NVMe L2ARC + ZIL, I built in 2017).

But times have changed, and mobile devices don't even have an ability to use wired networking even if you wanted to.

I want wireless APs that will simply provide authenticated bridging, so as users move from one AP to another, there will be no risk of obtaining a new IP#, thus breaking existing connections upon the 'handover'. I'm going to setup a RADIUS server on the main house server (Linux based fanless industrial PC) to provide easier mechanisms to retire/change authentication credentials, as well as provide some limited mechanisms for differential access controls when attaching wirelessly. I carry prejudices against wireless networks in general, perhaps too many days running AirCrack & other tools in the past.

Anyway:

APs under consideration: Ubiquiti U6 Professional or Enterprise and the MikroTik cAP XL ac for the house and ADU interior AP(s).

Questions
I am open to other brands and models of course. I have prejudices against the stuff you see in Best Buy/J&B Hifi/etc. I'm no stranger to OpenWRT and have built and installed hardened (Grsecurity) kernel + userspace versions (patched & built myself) for various low-end "USB-powered wireless gateway" devices like the gl.INET's various little boxes.

Are any Asus, Netgear, Linksys APs worthwhile for this application? Most of them seem like opaque blackboxes full of features and stuff I don't want or need, with baroque Crapp/Web-based configuration tools. And they're EXPENSIVE for what they are, it seems. While I have a realistic expectation of how secure MikroTik's RouterOS is, it does have a fairly small attack surface. compared with these ugly consumer brands.

But if they deliver the goods, I'm open-minded, and can put up with their configuration b.s. (I am a "lazy geek" - I'll spend more time upfront to do it correctly, with an eye towards not revisiting things unless I change the layout/architecture.)

I have a good idea of how quickly WPA2 authentication occurs, but ideally I'd like these devices to perform at least as quickly as hostapd does on a 1GHz VIA C3 CPU "network router PC" running Linux 5.5. I am mainly hoping to avoid breaking any long-running connections when a user crosses from one AP to another.

I would like to see if I can get away with one AP on the main (ground) floor of the house, with one in the ADU. I have found that the CenturyLink 2.4GHz wireless AP (basement) signal makes it all of the way up to the second floor of the house, so I might get lucky with something better installed on the main floor.

RB2011UiAS-2HnD has only 2.4GHz support, so I need one in the ADU as well, alas. I have one VoIP phone (an old Cisco thing that works well) for the ADU, which this MikroTik supports well enough.

I would most likely set these up with the same SSID on both bands, with channels on the opposite end of the range. All APs will be wired (Cat-7) to its corresponding local switch-router. I want to be able to attach "guests" to a different VLAN from the appliance VLAN, with all of the hard-wired devices having two other VLANS, depending on their location. I am content with the configuration flexibility with the MikroTik where that's concerned. I can't seem to find any setup manuals or documentation on the Ubiquiti stuff, just "installation guides", and recurring mentions of additional hardware controllers or "Crapps" I will never download or use. But they do mention the devices can be setup via "web gui".

The interior APs will be ceiling mounted so they can't be completely hideous. Most of the consumer stuff looks horrible, alas.

I am not interested in extending wireless range to the extremes of my property, aside from perhaps the gap between the house & ADU. I know from testing the feeble wireless solution I've deployed in the ADU, that this is not a worry.

Priorities: configurability-to-suit, range, and performance in decreasing order of importance.

I am fully open to having my proposal critiqued and poked apart, so don't worry about offending me.

Regards,
=Robin=
 
"though my preference is to NOT "share" connectivity at all with the renter under any circumstances."

The only way to do this without issue is to have the ISP drop a line to the ADU and demarc there for independent service.
As soon as you are "providing" connectivity through your ISP drop/service, i think you assume some liability if that is what your concern is. Not sure how hotels do it, but many seem to have contracted with a third party to provide all the service aspects rather than roll their own. i expect the "contract" at the hotel is between the renter and the 3rd party rather than the hotel.
 
I am fully open to having my proposal critiqued

Unnecessary overcomplicated mix and match equipment turning you into the only home sysadmin who knows what's goin on there. Why? Just go straight UniFi or Omada with central management of everything. They have routers, switches, access points of whatever you want type all VLAN capable and guaranteed compatible with future expansion options wired or wireless. You can manage the system remotely, if you're not there. You can manage multiple sites from a single control panel, if you want to. Your enjoyment in DIY is someone else's nightmare after - user or maintainer.
 
The only way to do this without issue is to have the ISP drop a line to the ADU and demarc there for independent service.
As soon as you are "providing" connectivity through your ISP drop/service, i think you assume some liability if that is what your concern is.

There is an ability for the local provider to drop a line directly to the ADU. For a long-term renter situation, that would be my preference. Yes, liability is the main issue I have with any sharing arrangement.

Unnecessary overcomplicated mix and match equipment turning you into the only home sysadmin who knows what's goin on there. Why? Just go straight UniFi or Omada with central management of everything.

At the moment, it's just two router-switches, with everything on the same broadcast domain. DHCP is issued on only one device: the house firewall. Now that I'll be actually living in the house, I'm ready to put real APs in the house and ADU. Omada is TP-Link's solution, yes? These all need controllers in addition to actual switches and routers, I imagine? I guess I'm asking for what's likely to work better as wireless APs, given I need them both (or more) to provide just authenticated bridging via RADIUS to the wireless clients.
 
Tech9, there is no magic. Only reasonably well documented technology that provides reliably functional operations that reflect said documentation. When people start to tell me something is magic, I begin to question what they're trying to sell. I know you're not directly trying to sell any particular item, per se. But it's strongly unlikely a controller is going to turn a limp wireless AP into a better one. Again, I don't need scalable management pills for this application.

For my purposes, a wireless AP is just a radio, antenna, and whatever DSP exists between that and the CPU to provide a datastream with some reliability. "Work better" in my world is a device with a spherical signal footprint that is both selective (within its band), noise-rejecting (without data-tossing), such that I get L2 packets out of it on a copper wire (ideally GigE or better). That's all I'm asking for advice about, I suppose. Given that I can't find any real documentation from Ubiquiti about what its wireless APs can or cannot do, vis-a-vis, configuring authenticator sources, VLAN functional (and mapping), etc, etc, and I am forced to assume the worst about all of these devices that lack coherent documentation, hence my earnest reaching out for some real-world information.
 
I only have experience with business APs working in groups/clusters and with full functionality added by network controllers, including roaming technologies and wireless mesh options. This is how they are designed to work. I operate 3 business and 2 residential multi-AP networks with total of 28 APs. I can't recommend you any stand alone solution or single access point capable of covering 2600sqft of unknown environment. Sorry.
 
Last edited:
Check out CISCO APs with a POE switch. They have a small business line that’s at your same price point.

Your solution sounds way over engineered for such a small home. I run one AX86U in AP mode to cover a 2700 sqft ranch.

I’d start with a single AP and then use hardware/software to analyze, where I’m having issues and add APs to those areas. You need tools to identify actual issues, rather than guessing.
 
Your solution sounds way over engineered for such a small home.

Maybe. @LordNikon hasn't told us anything about what the interior walls are made of in the main living space, so I'm hesitant to assume that one wireless AP can cover that whole space well. Also, there's a separate set of concerns about how much to isolate the ADU from the main space.

I agree with the idea that getting your ISP to run a separate line to the ADU will be the least problematic answer in the long run. If you're renting the space to your granny, sure there's not likely to be big problems, but if you want to rent to somebody you don't trust so much, give them a fully independent connection. Keep in mind the renter might not want to trust you 100% either.
 
The interior walls are all Douglas fir, as per standard Pacific Northwestern standard. Soft wood, unaged, slightly resinous, etc. No steel, no ceramic, glass, or concrete, except the basement floors + walls. The ground floor finish is all white oak, with the top floor (all bedrooms), done in 120 year old Douglas fir (very soft, again). Aside from the gypsum covering the interior framing, it's a wooden house, aside from one large steel I-beam running down the medial spine for basal reinforcement. Ground floor has 9.5-10' foot ceilings, with the top floor averaging 9' - the roof line intrudes the vertical clearance on the sides of the house. (See: humble Craftsman designs of the early 20th Century.)

The ADU for the "renter" situation is settled, I think. Unless they're family or very close friends, they get the luxury of choosing their own provider. Anything else is suicidal insanity. If they want to torrent the Universe, I'll let them eat the DMCA takedown/shutoff notices.

I guess I was hoping that someone's done a "bake-off" of wireless networking radios, with definable attributes of selectivity, sensitivity, and range. I don't care about management consoles or which mobile devices are supported by their toolchain. Just an "x metres of dBm in a spherical pattern, with y dB of noise rejection from frequencies outside of its set channel".

These devices to me are just radios that transceive packets at the end of the day. I don't trust them with anything more than that, aside from following baseline RADIUS authentication protocols via wire-based connections.

Wireshark VPN functionality, packet-inspecting security, and ad/tracker-filtering proxies are something I'll have done by far more capable and supportable hardware + software.
 
The interior walls are all Douglas fir, as per standard Pacific Northwestern standard. Soft wood, unaged, slightly resinous, etc. No steel, no ceramic, glass, or concrete, except the basement floors + walls. The ground floor finish is all white oak, with the top floor (all bedrooms), done in 120 year old Douglas fir (very soft, again). Aside from the gypsum covering the interior framing, it's a wooden house, aside from one large steel I-beam running down the medial spine for basal reinforcement. Ground floor has 9.5-10' foot ceilings, with the top floor averaging 9' - the roof line intrudes the vertical clearance on the sides of the house. (See: humble Craftsman designs of the early 20th Century.)

The ADU for the "renter" situation is settled, I think. Unless they're family or very close friends, they get the luxury of choosing their own provider. Anything else is suicidal insanity. If they want to torrent the Universe, I'll let them eat the DMCA takedown/shutoff notices.

I guess I was hoping that someone's done a "bake-off" of wireless networking radios, with definable attributes of selectivity, sensitivity, and range. I don't care about management consoles or which mobile devices are supported by their toolchain. Just an "x metres of dBm in a spherical pattern, with y dB of noise rejection from frequencies outside of its set channel".

These devices to me are just radios that transceive packets at the end of the day. I don't trust them with anything more than that, aside from following baseline RADIUS authentication protocols via wire-based connections.

Wireshark VPN functionality, packet-inspecting security, and ad/tracker-filtering proxies are something I'll have done by far more capable and supportable hardware + software.
This is why I suggested looking at Cisco APs. They offer autonomous mode without needing a controller. But you’re going to have to pay up a little and learn to configure it properly.


As for the number you’ll need, you’re going to have to measure it. I’d start with one centrally located. Measure the performance around the home and then add to where there are issues. Maybe go to one a floor. Maybe you’ll need more. You won’t know until you start installing and testing. My significant other set up APs at a government building and ended up needing one in practically every room because of interference caused by the huge metal roof. She used Cisco APs and switches and is happy with them
 
The Cisco small business wireless CWB150AX APs are fairly cheap and don't require a controller as it is built in. More than likely they will support RADIUS. I have 2 of them running and plan to add a third one. My house is on the tax rolls is 3288 sq feet one story. It is a long rectangle with 3 bathrooms running down the middle, so they block radio signals.
 
My only thoughts are a Radius server is going to be a lot of work at home for little benefit. I am retired now, and I don't want to work that hard. I don't even run a Microsoft domain anymore. My server rack is turned off.

I can see it if you are using it at work and it is a good practice place.

I run Cisco small business switches and wireless APs because they are easy. They have a web interface that is easy to follow, and the code inside is reliable. There is no licensee needed to run the Cisco small business equipment. You get support for the life of the product.
 
Last edited:
My only thoughts are a Radius server is going to be a lot of work at home for little benefit. I am retired now, and I don't want to work that hard. I don't even run a Microsoft domain anymore. My server rack is turned off.

I can see it if you are using it at work and it is a good practice place.
Why are you replying again to a post from ten months ago that you also replied to six months ago?
 
Somehow I got on it. It would be nice to know what he did.

I don't think it could be the wine I am drinking.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top