Which should I go with- multiple Commercial wireless APs, or consumer-grade wifi mesh kit?

[astones153]

Below is the current floor plan drawn out with the help of the UniFi Design Center. ONT+Wifi Router that's on one side of the house, and planned areas for placing mesh units/wireless APs.

Right now I'm on the Starhub 1gbps plan that's connected to the ONT, then routed to a TP-Link Archer AX73 at the ONT+Router table over on the right of this floor plan. The house was never built with a proper network infrastructure in mind, so there's no patch panels or anything to connect via Ethernet to other devices anywhere else in the house barring powerline adapters.

Later this year I basically want to replace the whole thing with a more DIY/homelab-ish solution. Planning to grab a pfSense box from either Lazada or Taobao (one of those fanless PCs with i225/i210 NICs), a bunch of cable trunking and 30m or so of Cat 6a ethernet cables. Also planning to get a PoE 1gig desktop switch (probably 5 to 8 ports) and place it in the planned area, which will be connected to the pfSense router that will still be on the right of the floor plan, basically gonna line all the cables along the walls.

I have two ideas for what I want to do for my wireless infrastructure. Either I just keep the AX73 and grab a Deco unit to extend the wifi coverage for the Main Bedroom+Bedroom 3. The main downside is that it cannot be powered over PoE, and there is no AC wall outlets near Areas A and B to power them on. I can't wall mount the wifi 6 deco units either.

Option 2 would be to get 2 Wireless APs from any one of the manufacturers (Engenius/Netgear/Ubiquiti/etc.) and then mount them to areas A and C to maximize coverage throughout the house. The biggest pro is that I can power them through POE, and since I'm already planning to line the cables up along the walls anyway with the cable trunking. The downside to this is that I'm not at all familiar with managing these commercial-grade APs, I'm unsure if they will function in the similar way to consumer wifi mesh networks (especially in terms of handling the network traffic to whichever AP is nearer). I also do not know if this solution seems overkill for my home. Fundamentally it's partly me wanting to dabble more into home networks and DIY routing, but I also want to get better wifi coverage in the areas currently furthest away from the ONT+Router corner (particularly bedrrom 3, main bedroom, and the bathrooms).

I plan to slowly get all the gear over time on whatever discounts I can scrounge up, then get to work putting it all together sometime later in the year, or maybe even next year. Thoughts?

 

[xiaofan]

SInce you want to dabble more into home networks and DIY thingy, pfSense router + Ubiquiti switch and APs seem to be the best combination. Two uits of U6 Lite or U6 LR will be more than sufficient.

Both pfSense and Unifi are pretty user friendly and there are lots of tutorials in Youtube and various forums.

 

[astones153]

SInce you want to dabble more into home networks and DIY thingy, pfSense + Ubiquiti seem to be the best combination. Two uits of U6 Lite or U6 LR will be more than sufficient.

Both pfSense and Unifi are pretty user friendly and there are lots of tutorials in Youtube and various forums.

Will the Ubiquiti AP be able to function like consumer-grade wifi mesh kits? And how necessary will it be for me to buy into their ecosystem (managed switches, cloud key licenses etc.)?

 

[Mach3.2]

Below is the current floor plan drawn out with the help of the UniFi Design Center. ONT+Wifi Router that's on one side of the house, and planned areas for placing mesh units/wireless APs.

Right now I'm on the Starhub 1gbps plan that's connected to the ONT, then routed to a TP-Link Archer AX73 at the ONT+Router table over on the right of this floor plan. The house was never built with a proper network infrastructure in mind, so there's no patch panels or anything to connect via Ethernet to other devices anywhere else in the house barring powerline adapters.

Later this year I basically want to replace the whole thing with a more DIY/homelab-ish solution. Planning to grab a pfSense box from either Lazada or Taobao (one of those fanless PCs with i225/i210 NICs), a bunch of cable trunking and 30m or so of Cat 6a ethernet cables. Also planning to get a PoE 1gig desktop switch (probably 5 to 8 ports) and place it in the planned area, which will be connected to the pfSense router that will still be on the right of the floor plan, basically gonna line all the cables along the walls.

I have two ideas for what I want to do for my wireless infrastructure. Either I just keep the AX73 and grab a Deco unit to extend the wifi coverage for the Main Bedroom+Bedroom 3. The main downside is that it cannot be powered over PoE, and there is no AC wall outlets near Areas A and B to power them on. I can't wall mount the wifi 6 deco units either.

Option 2 would be to get 2 Wireless APs from any one of the manufacturers (Engenius/Netgear/Ubiquiti/etc.) and then mount them to areas A and C to maximize coverage throughout the house. The biggest pro is that I can power them through POE, and since I'm already planning to line the cables up along the walls anyway with the cable trunking. The downside to this is that I'm not at all familiar with managing these commercial-grade APs, I'm unsure if they will function in the similar way to consumer wifi mesh networks (especially in terms of handling the network traffic to whichever AP is nearer). I also do not know if this solution seems overkill for my home. Fundamentally it's partly me wanting to dabble more into home networks and DIY routing, but I also want to get better wifi coverage in the areas currently furthest away from the ONT+Router corner (particularly bedrrom 3, main bedroom, and the bathrooms).

I plan to slowly get all the gear over time on whatever discounts I can scrounge up, then get to work putting it all together sometime later in the year, or maybe even next year. Thoughts?

Conventional wisdom is to avoid APs in hallways in multi-AP setups.



APs wise, the usual suspects you listed should work, but there's also the new Aruba InstantOn line that you can check out if you're not already aware they exist.
Their switches seem to be way cheaper than Ubiquiti, at least for the 24 port PoE switches w/ 10GbE SFP+ uplnik. (USW-Pro-24-PoE vs JL683A)

Edit: Aruba InstantOn switches also have limited lifetime warranty too as compared to the 1 year for ubiquiti switches.

 

[Mach3.2]

Will the Ubiquiti AP be able to function like consumer-grade wifi mesh kits? And how necessary will it be for me to buy into their ecosystem (managed switches, cloud key licenses etc.)?

Ubiquiti APs support 802.11k/r/v which helps with roaming, but of course the power settings must be correctly dialed in to prevent sticky clients.

No need to go with their routers and switches if you decide to go with ubiquiti APs. In fact I'd straight up tell you to avoid ubiquiti routers since it's poor value. pfsense/opnsense is just superior in every aspect imo.

 

[astones153]

Ubiquiti APs support 802.11k/r/v which helps with roaming, but of course the power settings must be correctly dialed in to prevent sticky clients.

No need to go with their routers and switches if you decide to go with ubiquiti APs. In fact I'd straight up tell you to avoid ubiquiti routers since it's poor value. pfsense/opnsense is just superior in every aspect imo.

So there is a way to configure the APs to just tell the client to receive data from a nearer AP if they're receiving less than a specified amount of signal/dBa? That eases my concerns somewhat

 

[astones153]

Conventional wisdom is to avoid APs in hallways in multi-AP setups.



APs wise, the usual suspects you listed should work, but there's also the new Aruba InstantOn line that you can check out if you're not already aware they exist.
Their switches seem to be way cheaper than Ubiquiti, at least for the 24 port PoE switches w/ 10GbE SFP+ uplnik. (USW-Pro-24-PoE vs JL683A)

Edit: Aruba InstantOn switches also have limited lifetime warranty too as compared to the 1 year for ubiquiti switches

Ah crap if thats the case than I'm not sure where else to place the 2nd AP. I really don't want to drill through any of the doorways to place an AP in a room. I also saw you should try to mount APs on the ceiling and not on the wall, only place I can do that is at area C.

 

[TanKianW]

Below is the current floor plan drawn out with the help of the UniFi Design Center. ONT+Wifi Router that's on one side of the house, and planned areas for placing mesh units/wireless APs.

Right now I'm on the Starhub 1gbps plan that's connected to the ONT, then routed to a TP-Link Archer AX73 at the ONT+Router table over on the right of this floor plan. The house was never built with a proper network infrastructure in mind, so there's no patch panels or anything to connect via Ethernet to other devices anywhere else in the house barring powerline adapters.

Later this year I basically want to replace the whole thing with a more DIY/homelab-ish solution. Planning to grab a pfSense box from either Lazada or Taobao (one of those fanless PCs with i225/i210 NICs), a bunch of cable trunking and 30m or so of Cat 6a ethernet cables. Also planning to get a PoE 1gig desktop switch (probably 5 to 8 ports) and place it in the planned area, which will be connected to the pfSense router that will still be on the right of the floor plan, basically gonna line all the cables along the walls.

I have two ideas for what I want to do for my wireless infrastructure. Either I just keep the AX73 and grab a Deco unit to extend the wifi coverage for the Main Bedroom+Bedroom 3. The main downside is that it cannot be powered over PoE, and there is no AC wall outlets near Areas A and B to power them on. I can't wall mount the wifi 6 deco units either.

Option 2 would be to get 2 Wireless APs from any one of the manufacturers (Engenius/Netgear/Ubiquiti/etc.) and then mount them to areas A and C to maximize coverage throughout the house. The biggest pro is that I can power them through POE, and since I'm already planning to line the cables up along the walls anyway with the cable trunking. The downside to this is that I'm not at all familiar with managing these commercial-grade APs, I'm unsure if they will function in the similar way to consumer wifi mesh networks (especially in terms of handling the network traffic to whichever AP is nearer). I also do not know if this solution seems overkill for my home. Fundamentally it's partly me wanting to dabble more into home networks and DIY routing, but I also want to get better wifi coverage in the areas currently furthest away from the ONT+Router corner (particularly bedrrom 3, main bedroom, and the bathrooms).

I plan to slowly get all the gear over time on whatever discounts I can scrounge up, then get to work putting it all together sometime later in the year, or maybe even next year. Thoughts?

Option 2 will be the way to go. If you want to dabble.

Once you are on commercial APs and set it up "properly", you will not look back at consumer grade APs/routers. I am still on AC (wave 1) APs in my home, but never enticed to upgrade to Wifi6. The stability, consistency, reliability and durability is just on a different scale. Speed is not everything, but most fails to realise that. And the higher initial cost will last you for a problem-free time for many years to come.​

You can consider Ruckus and Aruba too. Ubiquiti will be the more affordable and seamless option.

Thoughts? Do more reading and research. If you have not been a networking person, there are quite a lot to cover. Can watch more setup videos from Lawrence System, Mactelcom, Crosstalk, etc..basic network foundation can watch free CCNA course subjects (Eg. ARP, IPv4 & 6, VLAN, ICMP, etc...)​

 

[firesong]

Another vote for Aruba InstantOn too. They work similarly to Ruckus Unleashed, so there's no need for a controller. It frees you up to get your own PoE Switch (or just get Aruba, cos it's relatively cheap enough compared to Ruckus), and consider a good router. pfSense comes to mind, as many of us here can vouch for it.

If you're open to it, consider getting from offices that are closing/clearing out. You might get some pretty decent deals. It softens the adoption blow if you can get some pretty good deals. Also, it allows you to upgrade later when Wifi 7/8 comes around without feeling the pinch so much. Current Wifi AC wave 2 is somewhat dated now, and even AX without 6E is limited.

 

[astones153]

Option 2 will be the way to go. If you want to dabble.

Once you are on commercial APs and set it up "properly", you will not look back at consumer grade APs/routers. I am still on AC (wave 1) APs in my home, but never enticed to upgrade to Wifi6. The stability, consistency, reliability and durability is just on a different scale. Speed is not everything, but most fails to realise that. And the higher initial cost will last you for a problem-free time for many years to come.​

You can consider Ruckus and Aruba too. Ubiquiti will be the more affordable and seamless option.

Thoughts? Do more reading and research. If you have not been a networking person, there are quite a lot to cover. Can watch more setup videos from Lawrence System, Mactelcom, Crosstalk, etc..basic network foundation can watch free CCNA course subjects (Eg. ARP, IPv4 & 6, VLAN, ICMP, etc...)​

Yea I've been digging deep into the networking stuff, I actually initially wanted to virtualize my pfsense using a spare itx mobo I had from a prior Ryzen build. Later change my mind once everyone on reddit tell me how troublesome maintenence can be. So far I've mostly looked at the NetworkChuck free ccna and LearnLinuxTV proxmox tutorial.

 

[astones153]

Another vote for Aruba InstantOn too. They work similarly to Ruckus Unleashed, so there's no need for a controller. It frees you up to get your own PoE Switch (or just get Aruba, cos it's relatively cheap enough compared to Ruckus), and consider a good router. pfSense comes to mind, as many of us here can vouch for it.

If you're open to it, consider getting from offices that are closing/clearing out. You might get some pretty decent deals. It softens the adoption blow if you can get some pretty good deals. Also, it allows you to upgrade later when Wifi 7/8 comes around without feeling the pinch so much. Current Wifi AC wave 2 is somewhat dated now, and even AX without 6E is limited.

I would like to get used office gear, but I have no connections or any bearing as to how to get in touch with offices that are closing down haha, just a Uni dropout here.

 

[Mach3.2]

So there is a way to configure the APs to just tell the client to receive data from a nearer AP if they're receiving less than a specified amount of signal/dBa? That eases my concerns somewhat

There is such option for the Ubiquiti APs but I don't use it since manually tuning the AP radio transmit power works for me.
Radio transmit power tuning should always be first thing you look at to ensure proper roaming of client devices. Only if you really can't get things to work then you use the above mentioned feature.

If you have iDevices at home this will be very helpful.
https://support.apple.com/en-us/HT203068

 

[TanKianW]

Yea I've been digging deep into the networking stuff, I actually initially wanted to virtualize my pfsense using a spare itx mobo I had from a prior Ryzen build. Later change my mind once everyone on reddit tell me how troublesome maintenence can be. So far I've mostly looked at the NetworkChuck free ccna and LearnLinuxTV proxmox tutorial.

If you are looking at pfsense, you will not miss video tutorials from Lawrence Systems.

You can find most of his videos on my thread too. Check it out.​

https://forums.hardwarezone.com.sg/threads/starting-pfsense-for-new-users.6390714/page-49

Since you thinking to dabble. Can check out my TrueNAS thread if you want to set up a DIY NAS.​

https://forums.hardwarezone.com.sg/...nas-core-truenas-scale-for-new-users.6480129/

Looking for 10G home network? Can also check out my past 10G home network journey....though it has "upgraded" quite a bit since I started that thread.​

https://forums.hardwarezone.com.sg/threads/upgrading-your-hdb-home-network-to-10gbe-project.6341518/

Have fun.

 

[Mach3.2]

Yea I've been digging deep into the networking stuff, I actually initially wanted to virtualize my pfsense using a spare itx mobo I had from a prior Ryzen build. Later change my mind once everyone on reddit tell me how troublesome maintenence can be. So far I've mostly looked at the NetworkChuck free ccna and LearnLinuxTV proxmox tutorial.

I virtualised my pfsense router and I don't really have any issues with it. I think the reddit guys dwell too much on the downsides of a virtualised pfsense instance.

Commonly talked about downsides are you won't have internet connection if you reboot your hypervisor, and you can't get into your hypervisor for management if your router VM goes down.

But as someone who actually runs a virtualised pfsense setup, I can say don't reboot my hypervisor often.
Even updating the hypervisor should only cause less than an hour of downtime, plus I do my reboots in the middle of the night when everyone is sleeping so it's really a non-issue.

Next, redditors also like to say you can't get into your hypervisor for management if your router VM goes down, but you get around this by assigning static IP addresses as one should do for such devices anyway.
This way you can always reach your hypervisor if you're on the same LAN, and you're not dependant on a DHCP server handing out IP addresses.
Since I have VLANs, I have a "last resort" in-band management vmkernal interface on my ESXi box with a static IP in the APIPA range, this way I can always get back into the hypervisor even if my router VM blew up.

With that out of the way, there are a lot of advantages to a virtualised pfsense instance.
It's trival to backup VMs with backup solutions like Veeam Backup and Replication, they have homelab licenses which doesn't cost any money.
For pfsense, this advantage is easily negated by backup your config files regularly, but it's still way easier to backup all my VMs weekly using Veeam's software.
If something goes wrong it's trival to restore from backup.

You can also live migrate the VM onto different host machines if you have a cluster.


A lot of the "chicken and egg" gochas can be worked around if you plan ahead like I did.

I should also mention I have a baremetal install of pfsense on a mini-pc ready to go in case I blow up my esxi box, that's my final backup option.

Edit: Relevant Netgate documentation regarding virtualised pfsense instances.

 

[astones153]

I virtualised my pfsense router and I don't really have any issues with it. I think the reddit guys dwell too much on the downsides of a virtualised pfsense instance.

Commonly talked about downsides are you won't have internet connection if you reboot your hypervisor, and you can't get into your hypervisor for management if your router VM goes down.

But as someone who actually runs a virtualised pfsense setup, I can say don't reboot my hypervisor often.
Even updating the hypervisor should only cause less than an hour of downtime, plus I do my reboots in the middle of the night when everyone is sleeping so it's really a non-issue.

Next, redditors also like to say you can't get into your hypervisor for management if your router VM goes down, but you get around this by assigning static IP addresses as one should do for such devices anyway.
This way you can always reach your hypervisor if you're on the same LAN, and you're not dependant on a DHCP server handing out IP addresses.
Since I have VLANs, I have a "last resort" in-band management vmkernal interface on my ESXi box with a static IP in the APIPA range, this way I can always get back into the hypervisor even if my router VM blew up.

With that out of the way, there are a lot of advantages to a virtualised pfsense instance.
It's trival to backup VMs with backup solutions like Veeam Backup and Replication, they have homelab licenses which doesn't cost any money.
For pfsense, this advantage is easily negated by backup your config files regularly, but it's still way easier to backup all my VMs weekly using Veeam's software.
If something goes wrong it's trival to restore from backup.

You can also live migrate the VM onto different host machines if you have a cluster.


A lot of the "chicken and egg" gochas can be worked around if you plan ahead like I did.

I should also mention I have a baremetal install of pfsense on a mini-pc ready to go in case I blow up my esxi box, that's my final backup option.

Edit: Relevant Netgate documentation regarding virtualised pfsense instances.

I also wanted to do virtualized pfsense so I could have another instance of virtualized EZMaster from Engenius in the proxmox hypervisor, I'll look a little deeper into it.

 

[astones153]

If you are looking at pfsense, you will not miss video tutorials from Lawrence Systems.

You can find most of his videos on my thread too. Check it out.​

https://forums.hardwarezone.com.sg/threads/starting-pfsense-for-new-users.6390714/page-49

Since you thinking to dabble. Can check out my TrueNAS thread if you want to set up a DIY NAS.​

https://forums.hardwarezone.com.sg/...nas-core-truenas-scale-for-new-users.6480129/

Looking for 10G home network? Can also check out my past 10G home network journey....though it has "upgraded" quite a bit since I started that thread.​

https://forums.hardwarezone.com.sg/threads/upgrading-your-hdb-home-network-to-10gbe-project.6341518/

Have fun.

Yea haha ive read through several of these threads but I highly doubt my family will ever utilise the 10gbe bandwidth, a bigger concern rn is just network latency and being able to actually hit the 1gbe throughput.

 

[xiaofan]

I also wanted to do virtualized pfsense so I could have another instance of virtualized EZMaster from Engenius in the proxmox hypervisor, I'll look a little deeper into it.

As long as your host is powerful enough I do not see issues. PVE is pretty user friendly. ESXi is also not bad.

I am using a lower end Intel J4105 (with 4 x Intel I211 NICs) and PVE7.1, then I run virtualized pfsense -- I can not get full 1Gbps in this case. Not an issue for me as I have another seperate network which can fully utilize the 1Gbps home network. You should use more beefy hardware (Intel 4th gen Core i5 or better).

I actually run virtualized pfSense and OpenWRT alternatively (say a few months each, but more on the pfSense side), just to play with both of them. I will say pfSense is easier to use than OpenWRT. But the virtualized OpenWRT instance takes less resource and has no problems to fully utiilize the 1Gbps bandwidth.

With PVE, it is so easy to play with different things (including other router OS like ipfire and OPNsense, Linux VMs/Containers and BSD VMs). I also run an LXC container running Pi-hole+Unbound for my other network (Asus RT-AX82U).

Take note I have two seperate networks at home (thanks to a special feature of Singtel ONT), so if any of them is down I will still have no issues.

 

[astones153]

As long as your host is powerful enough I do not see issues. PVE is pretty user friendly. ESXi is also not bad.

I am using a lower end Intel J4105 (with 4 x Intel I211 NICs) and PVE7.1, then I run virtualized pfsense -- I can not get full 1Gbps in this case. Not an issue for me as I have another seperate network which can fully utilize the 1Gbps home network. You should use more beefy hardware (Intel 4th gen Core i5 or better).

I actually run virtualized pfSense and OpenWRT alternatively (say a few months each, but more on the pfSense side), just to play with both of them. I will say pfSense is easier to use than OpenWRT. But the virtualized OpenWRT instance takes less resource and has no problems to fully utiilize the full 1Gbps.

With PVE, it is so easy to play with different things (including other router OS and Linux VM/Containers). I also run a LXC container running Pi-hole for my other network (Asus RT-AX82U).

Ultimately my choice of hardware is between a j4125 box with 4 x i225 2.5gbe ports for pfsense baremetal, or a 4650g+auros b550i ax with an add-in 4 port 1gbe NIC for proxmox virtualization. My network is almost certainly not gonna use 10gbe, but an option for 2.5gbe would still be nice for a future plex media server I have in mind.

 

[xiaofan]

Ultimately my choice of hardware is between a j4125 box with 4 x i225 2.5gbe ports for pfsense baremetal, or a 4650g+auros b550i ax with an add-in 4 port 1gbe NIC for proxmox virtualization. My network is almost certainly not gonna use 10gbe, but an option for 2.5gbe would still be nice for a future plex media server I have in mind.

Yes it makes sense to run J4125 pfSense bare metal. Only issue is how stable the pfSense with the I225. I do not see the mentioning of I225 support in the changelog of pfSense 2.6.0.
Ref: https://docs.netgate.com/pfsense/en/latest/releases/22-01_2-6-0.html

If you decide to go with the Ryzen 5 Pro 4650G -- that is very powerful and you should be fine.

 

[TanKianW]

I also wanted to do virtualized pfsense so I could have another instance of virtualized EZMaster from Engenius in the proxmox hypervisor, I'll look a little deeper into it.

My take. Hope the guys here don’t flame or egg me. I will go with a bare-metal (main) pfSense set up.

Wanna test, play and mess around with VMs, do it at your homelab layer (mine operates at L3)

Run all your POC, VMs and containers (or just fun) on a dedicated hypervisor rig. Your family members will thank me later.

Just to be clear……I love VMs too.​