The best 802n wireless accesspoint?
-
VLANs occur on layer 2 and if setup properly create separate virtual infrastructures. Subnets divide the IP space.
-
VLANs occur on layer 2 and if setup properly create separate virtual infrastructures. Subnets divide the IP space.
This is a very helpful remark (as I am trying to figure out what I need to do with VLANs and subnets and my appliances and don't understand a thing about how to do it. So subnets are within VLANs?
-
the ubiquity ones have a bulky power brick, i wonder y they dont make direct socket powered access point or atleast make use of modern power adapters which r tiny and very light
-
the ubiquity ones have a bulky power brick, i wonder y they dont make direct socket powered access point or atleast make use of modern power adapters which r tiny and very light
Not sure what you mean. I use standard PoE switches with their inline "Instant 802.3af" adapters. The more expensive "Pro" model doesn't need them.
-
does any1 know of any AP similar to the below in size etc, probably with option to add rubber duck antenna. size is important for me, i dont want those big and bulky AP, minimum b/g and if possible n but not compeltely necessary
Ubiquity Rockets of Bullets should do what you need, and they should support PoE also.
-
i dont have a poe switch but where i plan to install this AP is next to a switch and a power socket so i was looking for something more simpler like power adapters connecting to AP directly to power it up rather than go through bulky power units or adapters etc in between
-
i dont have a poe switch but where i plan to install this AP is next to a switch and a power socket so i was looking for something more simpler like power adapters connecting to AP directly to power it up rather than go through bulky power units or adapters etc in between
You could always get a POE injector. Also most things that support PoE can also use a regular power brick.
-
im trying to avoid the power brick, y dont they make power adapters similar to those tp-link switches, where the plug has a digital AC to DC converter and then the wire which plugs into the switch, same with the linksys ATA i have, its more convenient and lighter than the traditional transformer based power bricks, the nexus 10 power adapter is one example, if u can produce 2A out of something so light then y make traditional power bricks
-
Thank you again for all your helpfull suggestions ;D
I will try to thoroughly digest it all.
As to the remarks about it being overkill, I do respect you all very much for all you know, but there are quite some articles on the net, people in other fora, that seem to disagree when it comes to Radius. I am lost in the middle :-[
My thoughts on this matter were:
- I will have wired LAN, and a wireless part, WAP.
- I will use Radius voor the wired LAN. I could perhaps dismiss Radius for the guest network, so that people can go in there freely with only a user name and a password. But they won't be allowed to go on the LAN since they can not Radius-authenticate.
- From what I've understood sofar (but I am most probably wrong ;D) it would require two VLAN's; one for the LAN and one for the wireless. The switch then decides where to send a user to, based on the signal it gets from the Radius server (or something like that, it is not quite clear to me). As in: a user connects to the WAP: the WAP asks the Radius server for authentification. The Radius says 'I dunno that guy' ( ;D) put him in VLAN2 (being the WAP-area).
Wouldn't this make sense/be smart to do? Because even if you are able to 'hack into my WAP' you didn't authenticate with the Radius server to get into the LAN, so all you can do is stay where you are, you ugly hacker: in the WAP-area.
Thank you again for all your valuable suggestions, I will study your previous remarks thoroughly :P
-
@Hollander:
As to the remarks about it being overkill, I do respect you all very much for all you know, but there are quite some articles on the net, people in other fora, that seem to disagree when it comes to Radius. I am lost in the middle :-[
[/quote]That made me chuckle… Wait till you manually configure your first Freeradius Server ;D
My thoughts on this matter were:
- I will have wired LAN, and a wireless part, WAP.
- I will use Radius voor the wired LAN. I could perhaps dismiss Radius for the guest network, so that people can go in there freely with only a user name and a password. But they won't be allowed to go on the LAN since they can not Radius-authenticate.
- From what I've understood sofar (but I am most probably wrong ;D) it would require two VLAN's; one for the LAN and one for the wireless. The switch then decides where to send a user to, based on the signal it gets from the Radius server (or something like that, it is not quite clear to me). As in: a user connects to the WAP: the WAP asks the Radius server for authentification. The Radius says 'I dunno that guy' ( ;D) put him in VLAN2 (being the WAP-area).
Nearly… The setup should really look like Wired Lan, Wireless to your LAN, Wireless Guest.
Assuming that your switch can do dynamic vlan assignment, the idea would be that 'unknown' clients/computers are put into the guest area or some other vlan away from your own lan (not the WAP area connected to your lan).
The idea of having Radius authentication for guests on wireless is undesirable. It will possibly require the manual installation of certificates on the device each time someone wants to use your guest network with a new device. (Your guests and yourself are already familiar with X509, aren't they?) This is where the captive portal is generally used to allow web based "zero configuration" username/password authentication with a Radius backend, or just with vouchers. -
if u can produce 2A out of something so light then y make traditional power bricks
What country are you in xbipin? That's probably going to be your answer.
Years ago most stuff used to have the power supply inside it and be connected directly with a mains cable. When manufacturers started selling worldwide it became much cheaper to move the power supply outside the product so that they could make a single identical model (of what ever) and use a different power supply for each country. Those are often locally sourced, particularly if you have some odd AC outlets. It then comes down to what's cheapest and for small numbers a transformer based power supply can be cheaper/quicker to produce especially if its output is a bespoke voltage.I suspect that a large proportion of Ubiquity customers never use a power supply directly, is it possible to buy their products without the power supply?
Steve
-
That made me chuckle…
My pleasure ;D
Nearly… The setup should really look like Wired Lan, Wireless to your LAN, Wireless Guest.
Assuming that your switch can do dynamic vlan assignment, the idea would be that 'unknown' clients/computers are put into the guest area or some other vlan away from your own lan (not the WAP area connected to your lan).Ok, so I was guessing more or less right this would need to be how it should work ;D
But for this:
the idea would be that 'unknown' clients/computers are put into the guest area or some other vlan away from your own lan (not the WAP area connected to your lan)
This does mean there should be multiple VLANs, right? (I ask because in the above there were also remarks about multiple VLANs not being necessary which confuses me ???).
Related, by the way: I do understand that the wireless accesspoint I ordered caters for a guest network, but I'd rather go the very solid way of using PFS (and my HP switch) to handle this, knowing it is safe, than simply relying on the software of the WAP-manufacturer, which might turn out to have (closed source) bugs.
The idea of having Radius authentication for guests on wireless is undesirable. It will possibly require the manual installation of certificates on the device each time someone wants to use your guest network with a new device.
I fully agree, this why I was thinking of having some sort of setup where on the wireless there is no Radius, but only when you want to move into to the wired LAN (from the WAP) there will be Radius. By the way, this is not my own invention: a network engineer of one of my customers told me it was setup according to this logic (being a multinational, I was sort of assuming they have thought about it ;D).
This is where the captive portal is generally used to allow web based "zero configuration" username/password authentication with a Radius backend, or just with vouchers.
I have to admit, 'captive portal' is a complete blackbox for me sofar. But you write captive portal does use Radius?
Thank you again for helping me ;D
-
@Hollander:
I'd rather go the very solid way of using PFS (and my HP switch) to handle this, knowing it is safe, than simply relying on the software of the WAP-manufacturer, which might turn out to have (closed source) bugs.
What you would be relying on here is that the wireless access point correctly tagged packets with the appropriate VLAN tag for the SSID it was received on. If this was broken you would have many things that didn't work, not just a security problem. Ubiquity will have many, many customers using this feature. If they produced a firmware (which is probably Linux based) in which this wasn't reliable they would have more complaints than they know how to handle!
This in no worse than trusting the firmware in your switch if you used that for VLANs.
Steve
-
This does mean there should be multiple VLANs, right? (I ask because in the above there were also remarks about multiple VLANs not being necessary which confuses me
If you understand how each physical network interface on your pfsense works & how you can use rules to manage traffic across each one, then a vlan is exactly the same ethernet interface but without requiring a physical ethernet port on the back of the machine for each network. If you had a requirement for 10 different networks, then you would need a machine with 10 or more ethernet ports (rare & expensive). Alternatively, 1 port on your pfsense and a 10+ port vlan capable switch (cheap & easy).
I have to admit, 'captive portal' is a complete blackbox for me sofar. But you write captive portal does use Radius?
The captive portal prevents a user from using the network/internet resources until they have authenticated with either a username & password or simple voucher (through a web interface, nearly anyone can use). If you had a large number of users, you would need to connect your captive portal to whatever is storing those users (database, ldap server, MS Active Directory, Samba, plain text file etc..). A Radius server is the link between the captive portal and the user store which makes this possible. Replace captive portal with wireless access point/switch/other device (collectively known as Network Access Server/NAS) and you see where radius fits in.
-
@Hollander:
This is a very helpful remark (as I am trying to figure out what I need to do with VLANs and subnets and my appliances and don't understand a thing about how to do it. So subnets are within VLANs?
Kinda. Think of it this way. Subnets are logical divisions of a network, VLANs are a virtual physical separation of a network. Imagine each VLAN as replacing a separate physical cable. On different VLANs you can run separate DHCP servers for example and there is some level of security between VLANs.
-
I suspect that a large proportion of Ubiquity customers never use a power supply directly, is it possible to buy their products without the power supply?
SteveI just bought their EdgeRouter LITE (let me tell ya, i'm impressed!), it does come with a brick.
Yes, i think some Bullets come w/o PoE module…. -
Hi,
because I found this thread just now and its not mentioned yet:
We use CISCO AP541N (with 1GiBit connection on LAN side) and they are just fine and not expensive and works great in a self-managed cluster up to 16/20 devices:
http://www.cisco.com/cisco/web/solutions/small_business/products/wireless/ap_500/index.htmlWe have setup a "big" cluster with 2,4 GHz nodes and a "small" cluster with 2-3 5 GHz ones.
There is also a bigger modell (Aironet 1250 series?) with can use 2,4 + 5 Ghz at same time but costs more as two single devices so we decide to use "only" the small ones.The interesting thing for growing companies is that these APs can later easily added to a big CISCO cluster management system so you do not have to buy double…
-
I forgot to report back here: I bought the Ubiquity UAP-PRO some time ago, and it is indeed rock- and rock stable.
So thank you to all of you who so kindly recommended it to me; her majesty (my wife ;D) is happy and so I am happy :D
-
For wireless AP I go with a DDWRT linksys E2000. They can be had for dirt cheap, its always been solid for me, all the ports are gigabit, so you also end up with a 5 port gigabit wired router. I've been running them for years. They also make excellent portable clients to your pfsense VPN if you have one.
-
For wireless AP I go with a DDWRT linksys E2000. They can be had for dirt cheap, its always been solid for me, all the ports are gigabit, so you also end up with a 5 port gigabit wired router. I've been running them for years. They also make excellent portable clients to your pfsense VPN if you have one.
This:
I use a WRT610N (basically the same as E2000 and E3000) with DD-WRT, now is a powerful managed switch + access-point with multiple SSID and VLAN..
