Need a multi-AP system that (primarily) works

[Jure Erznožnik]

Well, for me it's a necessary evil, the lot. And it usually works, on the consumer level, until you need something more. Then one needs stuff like we're discussing here instead of a "simple" consumer-level router. Makes life complicated

 

[coxhaus]

There is a lot of info on Pfsense out there. Google. Make it easy on yourself and use a PC with a dual port Intel NIC. I recommend a low wattage Intel CPU with an SSD. This will keep the power draw down. Older hardware is safer but not too old. I would say gen 6 or newer. I would not recommend one of those mini PCs. Some of them have issues and you cannot change the NICs.

 

[sfx2000]

Pfsense is probably going to be your best router.

pfSense is a bit of a hair shirt for most folks...

 

[coxhaus]

pfSense is a bit of a hair shirt for most folks...

I had to look that one up. It could be. But you have to say Pfsense seems to be the most flexible setup for a GUI you can run at home for cheap money. Having all those options can be intimidating.
I find it quite snappy if you use a high clock rate CPU performance wise.

 

[Jure Erznožnik]

Well, I went for Omada. It's irritating as hell, but it works, which was my primary goal.

Coverage is a bit weak, though: I'm going to have to add another AP to cover a section of the house that was previously just fine. My wife complains and that's never a good thing

 

[Jure Erznožnik]

Also, I'm keeping Mikrotik for the office setup: the hAP ax2 units are working well for me and the configuration is still something I love with them. Would be a waste to just discard it all...

 

[tgl]

Well, I went for Omada. It's irritating as hell, but it works, which was my primary goal.

I'd be interested to hear what you like and don't like about Omada. I considered that before jumping to UniFi, and I keep wondering if the grass is any greener over there.

Coverage is a bit weak, though: I'm going to have to add another AP to cover a section of the house that was previously just fine. My wife complains and that's never a good thing

You'd likely have run into that with any SMB-grade equipment: they're generally designed to have more APs running at lower power, whereas in consumer gear cranking the AP up to max legal power is the usual thing. But lower power is better because it discourages clients from hanging onto distant APs --- max power results in an imbalance between whether a client can hear the AP and whether the AP can hear the client, with ensuing bad results. Once you've filled in enough APs and adjusted their Tx power settings, you'll be happier than you were.

 

[Jure Erznožnik]

I'd be interested to hear what you like and don't like about Omada. I considered that before jumping to UniFi, and I keep wondering if the grass is any greener over there.

The likes:
it works. I ultimately found every setting I needed and every setting does what it needs to do.

The not so liked stuff:

• Controller software is clunky: the installer is HUGE and then I have to install Java & DB server on top of that
• Running the controller software is clunky as well: it closes to system tray, but opening a new instance just fails instead of opening the existing instance
• Adding new APs is really trivial, but you have to go to "unrecognised devices" pane to add it. Clearly it was developed with huge sites in mind, but the target audience are home and SOHO...
  • Really, I need to emphasise how easy extending my network coverage is now: You just connect a new AP. A minute later it's in the "unrecognised devices" list and you just click "adopt". Ta-da!!!
  • I'm wondering if I could just as easily add a wireless-only range extender? I'll need to look that up because I really can't get a PoE cable to that particular location all that easily...
• Configuring devices is clunky: it opens a side bar approx one third of screen width wide. But that side bar then contains multiple tabs and subsections. Really it would require to be full-screen, but for some reason they leave the list showing while it's practically useless, except for opening another device, which then replaces content of the already opened side bar.
• Configuring port forwarding is done somewhere three levels deep in the menus. I had to ask the Allknowing about where I might find it. And then it had three subsections I never heard about yet, so I wasn't sure I succeeded until it actually started working. Started in the wrong section, of course.
• Static DHCP leases are also not handled in a single list, but for each individual device. I managed to mistype the IP C-segment once. Took me an hour of debugging why that printer wouldn't connect... With a special list of issues constantly nagging about this and that, there might have been an entry saying I might have mistyped a static IP there too?
• etc, etc. The software is built with a completely different mentality than anything consumer-based I used since my WRT54GL. And it's completely different from Mikrotik's "pro" design. I quote pro because I really don't know, but I'm also using Cisco's 300 series managed switches that practically mirror MikroTik, TP-link's managed switches, Ubiquiti managed switches, etc. Well, maybe this design matches most the Ubiquity design - also with a separate controller and stuff. So it would seem there are (so far) three different approaches in configuration design. And I just stumbled upon the one that I dislike the most - I never liked Ubiquity configuration either. I just don't see why a separate controller software would be necessary when all of these devices are already running the stuff... I also should have bought the controller box - it was really offputting installing java on my windows again. Maybe I should have installed it on the ubuntu server, but I had a hunch it's a visual thing and I would have had issues with that since my server is headless... I'll never know: if I ever need to move this, I'll buy the box first... Or use a RPi for it...

Anyway, so far so good. I'm happy with my choice. I'll check if I can get 2.4 GHz cover the lacking spots any better and then just move my wife there. Otherwise, I'll see about a range extender...

 

[Andrew LB]

I took a look at this pfsense. They look like a mini PC. Seems to me, they are defined by software, not a particular brand of router? Not sure if I dare go this way? Is there a site explaining basic operation of this?

I've been using PfSense for nearly 2 years now after spending way too much time and money screwing around with temperamental consumer grade routers. Tonight i rebooted my PfSense router for the first time in 6 months due to an update. It's just that reliable. I run mine on a Lenovo ThinkCentre M900 Tiny. It's 7"x7"x1.5" and runs a quad core Intel i5-6500T, 8gb ram, SSD, and an added NIC... all of which cost me about $130

One great thing about PFsense is you can run some third party applications like "Snort" intrusion detection, Wireguard VPN, and NTOPNG which allows you to fully monitor all traffic.

 

[Tech9]

The software is built with a completely different mentality than anything consumer-based

The target market is different. Omada is a business oriented system.

Well, maybe this design matches most the Ubiquity design

This is not a coincidence. Ubiquiti is their closest competitor on the market.

 

[tgl]

I've been using PfSense for nearly 2 years now after spending way too much time and money screwing around with temperamental consumer grade routers. Tonight i rebooted my PfSense router for the first time in 6 months due to an update. It's just that reliable. I run mine on a Lenovo ThinkCentre M900 Tiny. It's 7"x7"x1.5" and runs a quad core Intel i5-6500T, 8gb ram, SSD, and an added NIC... all of which cost me about $130

What kind of routing performance do you get out of that? I'm a little dubious that cheap off-the-shelf hardware could sustain anywhere near Gbps rates. Sure your CPU is better than what's in a typical router, but you don't have the custom routing ASICs that they use.

 

[Tech9]

This mini PC is perhaps limited by the NIC only. The CPU can process >Gigabit. I was running something similar years ago. It was doing full Gigabit with Suricata.

 

[glens]

- it was really offputting installing java on my windows again.

I'd imagine using java is the easiest way for them to make the software cross-platform (got to include those pesky Windows users... .

 

[RacerX330]

The best price/performance system, actually.

Strongly considering replacing my existing Zyxel setup with TP-Link Omada. I HATE the cloud mgmt model, and Omada can be managed with a LAN controller.

 

[RacerX330]

The likes:
it works. I ultimately found every setting I needed and every setting does what it needs to do.

The not so liked stuff:

• Controller software is clunky: the installer is HUGE and then I have to install Java & DB server on top of that
• Running the controller software is clunky as well: it closes to system tray, but opening a new instance just fails instead of opening the existing instance
• Adding new APs is really trivial, but you have to go to "unrecognised devices" pane to add it. Clearly it was developed with huge sites in mind, but the target audience are home and SOHO...
  • Really, I need to emphasise how easy extending my network coverage is now: You just connect a new AP. A minute later it's in the "unrecognised devices" list and you just click "adopt". Ta-da!!!
  • I'm wondering if I could just as easily add a wireless-only range extender? I'll need to look that up because I really can't get a PoE cable to that particular location all that easily...
• Configuring devices is clunky: it opens a side bar approx one third of screen width wide. But that side bar then contains multiple tabs and subsections. Really it would require to be full-screen, but for some reason they leave the list showing while it's practically useless, except for opening another device, which then replaces content of the already opened side bar.
• Configuring port forwarding is done somewhere three levels deep in the menus. I had to ask the Allknowing about where I might find it. And then it had three subsections I never heard about yet, so I wasn't sure I succeeded until it actually started working. Started in the wrong section, of course.
• Static DHCP leases are also not handled in a single list, but for each individual device. I managed to mistype the IP C-segment once. Took me an hour of debugging why that printer wouldn't connect... With a special list of issues constantly nagging about this and that, there might have been an entry saying I might have mistyped a static IP there too?
• etc, etc. The software is built with a completely different mentality than anything consumer-based I used since my WRT54GL. And it's completely different from Mikrotik's "pro" design. I quote pro because I really don't know, but I'm also using Cisco's 300 series managed switches that practically mirror MikroTik, TP-link's managed switches, Ubiquiti managed switches, etc. Well, maybe this design matches most the Ubiquity design - also with a separate controller and stuff. So it would seem there are (so far) three different approaches in configuration design. And I just stumbled upon the one that I dislike the most - I never liked Ubiquity configuration either. I just don't see why a separate controller software would be necessary when all of these devices are already running the stuff... I also should have bought the controller box - it was really offputting installing java on my windows again. Maybe I should have installed it on the ubuntu server, but I had a hunch it's a visual thing and I would have had issues with that since my server is headless... I'll never know: if I ever need to move this, I'll buy the box first... Or use a RPi for it...

Anyway, so far so good. I'm happy with my choice. I'll check if I can get 2.4 GHz cover the lacking spots any better and then just move my wife there. Otherwise, I'll see about a range extender...

Why are you doing port forwarding on the WAPs? Or did I miss something?
And sorry why is DHCP being managed on the WAP instead of at the router?

 

[RacerX330]

What kind of routing performance do you get out of that? I'm a little dubious that cheap off-the-shelf hardware could sustain anywhere near Gbps rates. Sure your CPU is better than what's in a typical router, but you don't have the custom routing ASICs that they use.

I run my pfsense box on a retired Dell Optiplex SFF i5-6500 with 16gb of RAM and a 256 NVMe v3, and it doesn't even think about breaking a sweat routing 1-gbit. I could throw a 10-gbit NIC in there and it wouldn't care. I've seen some folks add Intel QATs usually one of the 8760-series to make VPNs sing. It runs pfblockerng, several openvpn servers, and 1 openvpn client, and some light traffic shaping. pfsense is built on FreedBSD so Intel NICs are usually the MOST compatible.

 

[Jure Erznožnik]

Why are you doing port forwarding on the WAPs? Or did I miss something?
And sorry why is DHCP being managed on the WAP instead of at the router?

Where did you get an idea for either of those? This is of course NOT the case. Stuff like that is managed on the router. APs are just APs.

 

[RacerX330]

Where did you get an idea for either of those? This is of course NOT the case. Stuff like that is managed on the router. APs are just APs.

The likes:
it works. I ultimately found every setting I needed and every setting does what it needs to do.

The not so liked stuff:

• Controller software is clunky: the installer is HUGE and then I have to install Java & DB server on top of that
• Running the controller software is clunky as well: it closes to system tray, but opening a new instance just fails instead of opening the existing instance
• Adding new APs is really trivial, but you have to go to "unrecognised devices" pane to add it. Clearly it was developed with huge sites in mind, but the target audience are home and SOHO...
  • Really, I need to emphasise how easy extending my network coverage is now: You just connect a new AP. A minute later it's in the "unrecognised devices" list and you just click "adopt". Ta-da!!!
  • I'm wondering if I could just as easily add a wireless-only range extender? I'll need to look that up because I really can't get a PoE cable to that particular location all that easily...
• Configuring devices is clunky: it opens a side bar approx one third of screen width wide. But that side bar then contains multiple tabs and subsections. Really it would require to be full-screen, but for some reason they leave the list showing while it's practically useless, except for opening another device, which then replaces content of the already opened side bar.
• Configuring port forwarding is done somewhere three levels deep in the menus. I had to ask the Allknowing about where I might find it. And then it had three subsections I never heard about yet, so I wasn't sure I succeeded until it actually started working. Started in the wrong section, of course.
• Static DHCP leases are also not handled in a single list, but for each individual device. I managed to mistype the IP C-segment once. Took me an hour of debugging why that printer wouldn't connect... With a special list of issues constantly nagging about this and that, there might have been an entry saying I might have mistyped a static IP there too?
• etc, etc. The software is built with a completely different mentality than anything consumer-based I used since my WRT54GL. And it's completely different from Mikrotik's "pro" design. I quote pro because I really don't know, but I'm also using Cisco's 300 series managed switches that practically mirror MikroTik, TP-link's managed switches, Ubiquiti managed switches, etc. Well, maybe this design matches most the Ubiquity design - also with a separate controller and stuff. So it would seem there are (so far) three different approaches in configuration design. And I just stumbled upon the one that I dislike the most - I never liked Ubiquity configuration either. I just don't see why a separate controller software would be necessary when all of these devices are already running the stuff... I also should have bought the controller box - it was really offputting installing java on my windows again. Maybe I should have installed it on the ubuntu server, but I had a hunch it's a visual thing and I would have had issues with that since my server is headless... I'll never know: if I ever need to move this, I'll buy the box first... Or use a RPi for it...

Anyway, so far so good. I'm happy with my choice. I'll check if I can get 2.4 GHz cover the lacking spots any better and then just move my wife there. Otherwise, I'll see about a range extender...

 

[Jure Erznožnik]

Without derailing the topic with discussion on semantics, I don't see how that translates to managing this stuff on the APs themselves. But the UI IS actually made such that you have to open a device (AP in this instance) and set its static IP from its configuration subpage. That doesn't mean that its IP is set on the AP itself. It may or may not be done that way and this can only be verified by actually accessing the router and AP in question on their local configuration pages to see how it's actually implemented. You just wouldn't care: it is the controller's job to make it happen and it happens. Also I don't know if the controller-managed devices would even let me access their configurations individually. I would expect them to reject me and point me to the controller (except if I user the master password, which would expectedly throw them out of the controller)... Also, it's most definitely being done within the Omada ecosystem for my other devices, so there's that. I'm assuming it's the routers static leases list that's doing the work...

As for port forwarding, I have made no mention of individual devices, just the "menus deep".

Hopefully this clarifies it?

 

[Jure Erznožnik]

Well, yesterday, for the first time, my phone wouldn't connect to one of three SSIDs in the network. Nothing special about it, just one of three equal SSIDs.

And so it begins...