Access Point deployment



  • pfsense 2.1.3
    Radius
    Squid Proxy

    I have 200-300 users who connect daily. I am using around 40 TP-Link access WA901ND points with multi ssid. Not specifically a pfsense question but more of a wireless question.

    In concentrated areas where wifi is heavily used, what is the best method of deploying AP's. Let's say I have 3 deployed in a canteen as an example. I could add more but I only use channels 1,6 and 11 (I read this for uk wifi) but if I wanted to add another 3 AP's I would start to get channels overlapping.

    My concern is that I am getting 20-30 people connecting to one AP and the throughput will be terrible. If I had a load more AP's in the same area, this should alleviate that problem.

    What is the best way to deploy lots of AP's in the same area without running into channel issues?



  • Use expensive managed APs with a good controller. 
    Aruba for example allows you tot import building schematics and auto-tune your wifi



  • @heper:

    Use expensive managed APs with a good controller. 
    Aruba for example allows you tot import building schematics and auto-tune your wifi

    Ahhh, Tell me there is another option. I deployed pfsense after getting an extortionate quote for a Meraki install/setup. That was much cheaper and works very well in terms of management of users.

    I have heard about these controller based AP's. I'll have a look.



  • Ubiquiti does as well, for cheaper. Now the Aruba/RUCKUS stuff is better, but you pay for what you get. I needed 12 Ubiquiti UAP in comparison to 5 RUCKUS Access Points. The biggest difference for us was the $4,000 dollar cost. Of course, my controller is on a Windows VM, and I allow pfSense to do all the heavy lifting. Once I figure out how to use the Captive Portal commands to build my own Captive Portal page, I will be fully deployed.

    I have two SSID on the ubiquiti UAP using two VLANs (one for guest and one for staff)
    Here's an image of my Ubiquiti Layout. Maybe someone has insight on a setup error in my layout… :)




  • good stuff newburns

    It's funny you should mention the Ubiquiti brand. I have just ditched 2 Tp-link wa7210n outdoor antennas for a couple of Ubiquiti's.

    That's a cool image showing the coverage.



  • I've had awesome luck so far with the Unifi line. Reliable, fast, inexpensive.



  • @insurin:

    good stuff newburns

    It's funny you should mention the Ubiquiti brand. I have just ditched 2 Tp-link wa7210n outdoor antennas for a couple of Ubiquiti's.

    That's a cool image showing the coverage.

    Keep in mind that the coverage map is complete BS.  It is based on theoretical distances in a very specific environment.  Practically, indoors, you won't get a decent signal anywhere near where they say you will because walls, furniture, etc. all cut your signal.

    That said, if you do some legwork, get a cheap tablet and toss inSSIDer on it, you can do a site survey of your own and make a pretty nice environment with the dirt-cheap UBNT gear.  I've got about 20 of their Pro APs in my buildings and am pretty happy overall.



  • Almost true, however, the image shows that there are roughly 10 walls that intersect signal in separate locations. Everything else is fairly open. So the map is pretty close to coverage.
    And the VLAN stuff does work. I saw it posted somewhere that VLAN routing in Ubiquiti is trash. This is not true. I did have an issue using VLAN 5 & 6 for guest & staff respectively, but now that I use 5 & 60, I haven't had any issues. Pretty sure the number relation has nothing to do with it. Probably just the restart that was done afterwards is what was needed.


  • LAYER 8 Netgate

    Ruckus 7372 or 7982 with a zone director 1100 and don't look back.  I've had hundreds simultaneous users with over 100 associations on one radio and it just works.  When the density increases you have no choice but to start reusing 2.4GHz channels.  Try to space them out as best you can and let the controller deal with reducing the signal strength as necessary.  APs capable of this kind of density per radio decrease the number of overlaps necessary to achieve your goals.

    Avoid the temptation to use anything but 1,6,11.  It's better to have two radios on the same channel than radios on, say, 1 and 3.  When they're both on 1 they can demodulate each other and work together as best they can.  If they're on overlapping channels they just appear to each other as noise.



  • @Derelict:

    Ruckus 7372 or 7982 with a zone director 1100 and don't look back.  I've had hundreds simultaneous users with over 100 associations on one radio and it just works.  When the density increases you have no choice but to start reusing 2.4GHz channels.  Try to space them out as best you can and let the controller deal with reducing the signal strength as necessary.  APs capable of this kind of density per radio decrease the number of overlaps necessary to achieve your goals.

    Avoid the temptation to use anything but 1,6,11.  It's better to have two radios on the same channel than radios on, say, 1 and 3.  When they're both on 1 they can demodulate each other and work together as best they can.  If they're on overlapping channels they just appear to each other as noise.

    If he's looking to keep things inexpensive, Ruckus is not at all the way to go.


  • LAYER 8 Netgate

    If he's looking to keep things inexpensive, he's getting the performance he can expect.

    There really is a difference.

    Ubiquiti is nice but their "controller" doesn't even remotely compare to a zone director.

    And when you start needing two or three APs to get the same user density, the cost savings start to blur.  When you throw 2.4GHz channel reuse because you have five radios in a space instead of two into the mix, along with needing to provide service over a myriad of BYOD "access points" the money spent starts to really be worth it.

    Ruckus: Set it and forget it.



  • @Derelict:

    And when you start needing two or three APs to get the same user density, the cost savings start to blur.

    Yeah, not so much. A Ruckus 1125 is going to cost at least $3000, more around $4000. Add in 25 access points (we'll go with $700 each, that's about the area you pay for Ruckus APs), and you're looking at $21,000+ for a pretty rudimentary configuration with no redundancy whatsoever. The controllers in Ruckus configurations are essential, and if it goes down, the APs stop working - plain and simple.
    Unifi APs do not require a controller unless you're using the captive portal. In my experience, Ruckus' controller interface is okay for some things, but doesn't do anything spectacular that the Unifi interface can't do. Assuming UAP-PROs, you can get double the amount of access points for around $12k - and when you want to add more, you're not at the mercy of limitations in your controller.

    Once a Ruckus product goes EOL, good luck trying to get them to honor their "lifetime warranty." They'll pester you for support contracts even when there is literally no advantage to them. I'm currently running dual ZD1025s along with 25 ZF2942s, and when I asked what the support contract would do for us (since our last available firmware update was sometime last year), I was told it'd provide RMAs. Then I asked if the lifetime warranty doesn't already do that, since everything is well within 5 years EOL, and got 3 different answers from 3 different people. This is on gear that, at the time we bought it, was an over $40k installation.
    Once a Ubiquiti product goes EOL, they're inexpensive enough to just plain replace without batting an eye. Ubiquiti themselves are also pretty good on RMAs - but it's good to have a couple spares in stock just in case they can't do a timely replacement. Again, inexpensive enough where this isn't a problem.

    Ruckus offers quality kit, Ubiquiti offers quality kit. If you're the type of organization who's willing to throw money into very nice gear and don't mind refreshing every couple of years, then Ruckus is probably great for you. If you're the type of organization who tries to get the most bang for your buck and IT has a starved budget, Ubiquiti is more in line with what will work as an all-around solution.
    I've currently got both running in my infrastructure, and the Unifi system has proven to work as well or, at times, better than the Ruckus system. To each their own, but as far as overall cost to reliability ratio goes, Ubiquiti wins hands-down.



  • Ubiquiti Unifi UAP-Outdoor+

    will get you 100+ concurrent users without a hick up.. and it will cost you 200 bucks


  • LAYER 8 Global Moderator

    Get my vote for the unfi stuff as well.. I recently got their AC indoor AP, and run the controller software on a linux vm..  Not saying their 3.x version of the software is perfect yet..  But they are making great progress.  Update of the controller software and firmware on the AP is simple apt-get upgrade and then click upgrade on the firmware to update your APs.. Be it you have 1 or 100 of them.

    For the budget minded – clearly the way to go.  This was only for my home setup - so the the $300 cost of the AP might be on the high side for some home users..  But I like to play with the current stuff - this gives me something to play with in the AC world, while picked up a pce-AC68 3x3 card for my pc to play with..

    So you currently managed your 40 AP all my hand??  That would suck ;)  I would really look into the unifi stuff for the doing it in an enterprise way while on a soho budget ;)


Log in to reply