Recommendation for an AP that supports multiple VLANs different SSID's

IsaacFL

Regular Contributor
My current configuration is that I have a pfsense router with an 2 different interfaces each attached to an wifi AP with different SSIDs.

One is for IOT devices such as thermostats, tv's, etc and it is located in the front of the house.

The other is setup for "trusted" wifi devices which has our iphones and ipads and it is located at the back of the house. It should be noted that it is ipv6 only network also.

I am using an Asus AC-1900P setup in AP mode for my trusted wifi and it is working pretty well, just could use better coverage in the front of the house.

The IOT AP is an old Netgear WNDR3400, and it is the one that is starting to have issues after I installed a Ring doorbell, so I want to replace it with an new AP.

I would like for the new AP to be able to support VLAN's so I can also extend my "trusted" wifi to the front of the house.

Any recommendation or advice? I have seen that a lot of people like UniFi AC Lite but also TP-Link EAP225.
 

Trip

Very Senior Member
First off, get some wired backhaul into your house in some way if you can; ethernet is the first choice, MoCa 2.0 over coax with Actiontec or Motorola adapters is the second, powerline AV2 the last. This will give you much better client bandwidth and lower latency over a purely wireless mesh.

For the product, I'd avoid home-focused mesh products, as they likely won't be configurable enough, and they're less robust overall. Here's a run-down:

----------------------------------------

TP-Link Omada looks appealing, but IMHO is too half-baked. For your use-case in particular, see this recent blog post on complications with IPv6 and VLANs. I realize that's a sample of only one, and I assume they'll address it and other issues at some point, but overall, I'd avoid for now.

UniFi's value is best realized as a "full stack" for the management benefits, ie. all-UniFi for gateway, switch and APs. A separate controller is also required for setup, management and reporting, either as a CloudKey or server/workstation/VM. No controller-less option. It still lacks true seamless roaming across the product portfolio, which is disappointing after several years of promises, and is still a bit bug-prone in the more fringe-feature areas, but probably not a big deal to most home users. Overall, a decent product, but not the end-all-be-all it's purported to be by those who may not know any better.

Then you have products with a switch-based controller; the premise being you buy at least one switch to run up to 50 or so APs. I'm primarily thinking of EnGenius Neutron and Zyxel Nebula. I'd look at EnGenius first, as their offering is more mature and probably more reliable. That said, it only received mesh capability recently, and the approach is a bit clunky. It probably works well enough, although I haven't tested to confirm.

As @degrub mentioned, Cisco has their "easy connect" WAP100/300/500 series, with the controller built into each AP, nice for redundancy and auto-healing. They allow for up to 8, and in some cases 16, APs in a mesh "cluster". Price point is around or just slightly above UniFi. The product is fairly-well stabilized, although multi-node clustering and seamless roaming aren't as developed as you'll find with full Aironet, but we're talking 1/3 and less the cost here, so perhaps its justifiable.

Beyond that, you're pretty much in big-boy land with Cisco Aironet, Aruba, Ruckus, Aerohive, Meraki, etc. Most of this stuff is rock-solid, but you'll pay through the nose (you're paying for the dev hours, for sure). Sometimes you can find serious price breaks on the gear on Amazon, even refurb/working-pull off eBay if you shop carefully enough. There are very slick controller-less solutions to be had with these as well, such as Aruba Instant or Ruckus Unleashed. I prefer Ruckus for their superior radio tech in high-density and/or obstacle-prone environments, and Aruba for for their software and integration with their switches.

----------------------------------------

In closing, if not having perfect seamless roaming isn't the biggest deal in the world, I'm sure UniFi would suffice. Otherwise, Cisco WAPs, or maybe EnGenius if you don't mind the switch-based controller. If cost is no object and/or you just want an immediate and complete solution, go straight to Ruckus, Aruba or Aironet.
 
Last edited:

IsaacFL

Regular Contributor
I forgot to mention that I am using a wired backhaul vs a wifi mesh. Currently I am using powerline adapters, which while not ideal I am able to get about 80Mbit thru.
 

IsaacFL

Regular Contributor
It looks like the TP-Link is out if it is allowing Router Announcements to "leak" across VLANs. So glad I asked about that. If it is leaking that I wonder what else is leaking?

The Cisco 371 is about $200 on BH Photo, so now looking back at the UniFi AC Lite at $76.

I would assume, if I am still using the Asus AC1900P as an AP in the back of the house I am not going to get "seamless" transition but would it actually be worse than it is now?
 

Trip

Very Senior Member
Excellent re- the powerline adapters. If they're lower-rated models, you may be able to get 200+ Mb/s with higher-end Broadcom-based units like the Extollo LanSocket 1500, Zyxel PLA5456, etc. Usually <$100 for a pair. Otherwise, if 80 Mb/s is enough, then you can leave as-is.

Before answering your other questions, what about another Asus AiMesh model, or two, to create your mesh? The functionality is likely not as high-level as the enterprise products, or possibly not as stable, but if its good enough for your needs, that might be the route to go. Otherwise, perhaps better going with a dedicated product.

Re- Asus/Netgear wifi being left on while a separate mesh product is running: only wifi from the mesh product itself would be seamless (to the extent it supported 802.11k/v/r). Additionally, unless you envision using the Asus and/or Netgear for backup wifi or out-of-band management, they would be needlessly occupying 2.4/5 Ghz channels, leaving less unused airspace for the mesh system. So, probably a good idea to disable their wifi, or switch to a wired router like a Ubiquiti ER-X, and do all your wireless from the mesh APs only.

As for choices at your budget, the WAP371 isn't bad. Cheaper on Amazon at ~$150 each. I see mixed feedback in reviews regarding stability. Probably a try-and-see scenario there. Seems EnGenius Neutron doesn't fair much better. Besides the Asus AiMesh option, you may actually be best off with UniFi, albeit no real seamless roaming. For the best roaming per dollar, I like working-pull N-class Ruckus off eBay. 7982 APs for <$50 each, ZD1100 controller for <$100.
 
Last edited:

IsaacFL

Regular Contributor
Before answering your other questions, what about another Asus AiMesh model, or two, to create your mesh? The functionality is likely not as high-level as the enterprise products, or possibly not as stable, but if its good enough for your needs, that might be the route to go. Otherwise, perhaps better going with a dedicated product.
If I could get the asus to support separate VLANs aimesh would be a good option, but it doesn’t seem to support that. I have pfSense firewall rules to allow the IOT subnet out but no local connections. My trusted WiFi is allowed to connect to IOT net.
 

coxhaus

Part of the Furniture
I bought 3 Cisco WAP371 wireless APs for less than $150 off ebay. But that was a while back before I talked them up. I think most of the people having issues were under powering them. You need POE+ power.
 

Trip

Very Senior Member
Not a bad move. Grab that, factory default it, load newest firmware, then configure it up and put it through its paces. If it falls on its face, flip it on eBay. If it passes, buy 1 or 2 more. :)
 

IsaacFL

Regular Contributor
I won the auction. It does not have the mounting bracket, so no one else bid on it. $20.50 + $19.95 shipping.

Hopefully it works. It always makes me nervous with eBay.
 

IsaacFL

Regular Contributor
Not bad for $40.45 delivered. Let us know how it works out for you.
I received it today and after bit of learning curve, it seems to be working as I wanted.

It has Virtual APs that you can set up with different SSIDs on different VLANs.

Now I am wondering whether I should replace my Asus with another Cisco for the back of the house also. Although the asus works pretty well, it only has the one SSID.
 

coxhaus

Part of the Furniture
I bought my Cisco WAP317 APs off ebay also. If you buy more than 1 you can use single point setup on an Ethernet back haul. Single point setup uses clustering and is very simple to setup. With the second unit you just logon to the second WAP371 and tell it to cluster. The second unit gets all its info from the cluster so there is no real setup for the second unit.

The only issue I had was making sure I had POE+ power. It will run on lower power but I had lock ups on iPhones.

When you add more units make sure the signal does not overlap too much or you will have trouble with roaming. I never solved using both 2.4 GHz and 5 GHz well with roaming so I turned off 2.4 GHz and only use 5GHz. It was a lot easier to get the overlap signals setup for roaming using 5 GHz only. My wife can walk from the back yard to the front of my house without dropping a FaceTime call.
 
Last edited:

IsaacFL

Regular Contributor
I was wondering about the POE injector that mine came with. It is 48V at .35 Amps. Is there a regular Ac adapter you can use as I have an AC receptacle less than 2 feet away so don’t need POE?
 

coxhaus

Part of the Furniture
I use 1 AC adapter on the WAP371 at my entertainment center. The plug is very close and I use a Cisco SG200-8 switch at my entertainment center. I need another wire so I can run POE+ power. My AC adapter is the Cisco one recommended by Cisco. I will have to go offline to get more info as I have to unplug it to read the bottom of the plug.

PS
There is not much info on the plug. I need to look for the box. I am back up.
Here is a Cisco unit.
https://www.amazon.com/dp/B00L0L0H7Y/?tag=snbforums-20
 
Last edited:

coxhaus

Part of the Furniture
I setup my old WAP321 APs at my daughter's house to see if she liked them. I set them up on 5 GHz only using an AT&T router. I plan to buy newer Cisco APs for me and give my daughter my WAP371 units. I probably need to give her a router also.
 

IsaacFL

Regular Contributor
Does the range improve with the AC adapter?

My devices are only in the 2.4G band and I finding I had better signal with my old netgear router.
 

Trip

Very Senior Member
Assuming power levels on the broadcast are fully supplied by PoE, the range likely won't improve with the AC adapter. In the rare case, it sometimes does, but I find that to be less and less the case these days.

Despite the AC-1900P and the WAP371 using almost identical set of wifi chips (Broadcom BCM4360 and BCM43460), the radio and amplification architecture, plus power level and firmware tuning on the 1900P, probably give it the better outcome in single-radio setups (ie. most of the scenarios it's marketed and designed for). This is somewhat to be expected, whereas the WAP371 is meant to be multiplied as part of a cluster to solve range issues; ie. more, lower-power radios, versus fewer higher-power ones. Long story short, you'll likely need to purchase a second, and possibly a third, WAP371.

Alternatively, you could flip the 371 and move on to a single WAP561/71/81 and see if it has any better with range. Otherwise, at a similar price point, switch to UniFi.
 

IsaacFL

Regular Contributor
I was able to improve the signal a lot by taking it off of the ceiling at 8ft, and mounting it on a shelf directly below at about 5.5ft. I think the radiation pattern must be a disk shape and was shooting over the heads.

My signal strength at my ring doorbell went from RSSI -77 to -66, which is acceptable.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top