AP with Pfsense



  • Hi Guys,
    i am looking for Access point to use with Pfsense,
    any suggestions which one to use ?

    thank you so much


  • LAYER 8 Global Moderator

    Big fan of the unifi stuff, the AC lines are very reasonable priced..  89 to 149 I believe for the lite, LR and Pro..

    https://www.ubnt.com/unifi/unifi-ap/



  • @johnpoz:

    Big fan of the unifi stuff, the AC lines are very reasonable priced..  89 to 149 I believe for the lite, LR and Pro..

    https://www.ubnt.com/unifi/unifi-ap/

    Than you John
    do they have a good range without antene ?
    does it has a web internface to configure the SSID and WPA ?



  • If you're not in a big hurry there is a new line of AC access point by Ubiquity coming out around the first of the year that have very attractive pricing.

    https://www.ubnt.com/unifi/unifi-ap-ac-lr/



  • @Jailer:

    If you're not in a big hurry there is a new line of AC access point by Ubiquity coming out around the first of the year that have very attractive pricing.

    i am not on a big hurry, have the ISP router which is sucks and driving me crazy !
    those things has a web internface to configure or everything goes through the command line.



  • Web interface via downloadable software.

    Others have installed the controller software in pfsense and got it to run but for a home user who needs to set up a single access point IMHO it's overkill. Set it up, install it, rejoice.



  • @Jailer:

    Web interface via downloadable software.

    Others have installed the controller software in pfsense and got it to run but for a home user who needs to set up a single access point IMHO it's overkill. Set it up, install it, rejoice.

    i have ISP router which is sucks , Wifi is killing me . besides i am not the only one who is facing this problem. like the whole country does.
    i wanna disable the wifi of the router and use a AP behind the router to have a good wifi.



  • I would stay away from the Unifi AC product line. I have extensively tested out the UAP-AC v1 and v2 and the best that I can state is that Wi-Fi performance is mediocrity personified. There is no evidence – of whatsoever nature -- that the newer Unifi AC models have done anything to improve on the performance metrics -- the only advantage the newer models have is dramatically reduced prices in their AC lineup.

    I would however suggest that you consider a Netgear R7000 configured as an Access Point --- AP mode is a configurable option on the R7000 --- Wi-Fi performance for the R7000 is outstanding. Or I can also suggest the ASUS RT-AC68U configured as an Access Point --- AP mode is a configurable option on the ASUS RT-AC68U -- in my experience with this model in AP mode the Wi-Fi performance was very good but not as good as the Netgear R7000 especially at longer ranges.

    You can check out some of my stuff on the UBNT Unifi forums
    http://community.ubnt.com/t5/user/viewprofilepage/user-id/173303


  • LAYER 8 Global Moderator

    Unlike mozerd here our new 1 post wonder that has no experience with the new unifi line, I was lucky enough to be selected for beta testing and got a lite and LR model free.. Which I am running along with with my ACv2

    I have had NO issues with performance both in the ACv2 model or the new line - and yes they have made lots of improvements in the new models and drastically reduced the cost..

    That R7000 retails for what 220-240$  you could get 3 of the lite models for about the same price point.  And place them appropriately around the property for best wifi coverage.

    While those devices might make good home routers with wifi, they are not really designed to be AP.. They are not POE, so kind of hard to properly place them in the ceiling or walls where AP should actually be placed.  They do not have a controller that allows you monitor and manage multiple devices.

    I suggest you look here for other users of pfsense and unifi AP and their experience, along with the forums on unifi.  They have very active development of the firmware of the AP and the controller software (free and can run as vm, or runs on windows, linux or mac.  they are coming out with new cloudkey device that will run controller software as well.  Or if you want you could even run the controller on amazon or other cloudbased hosters).  And you don't have to actively run the controller software if you don't want to.  But it does give you nice insight into clients connected, bandwidth used, speeds they are connected at, etc. etc..

    If you plan on sitting the AP on the shelf somewhere, then sure go with a soho wifi router used as AP..  BTW any wifi router can be used as just AP does not have to have a "feature" to do so.  You turn off its dhcp server and connect it to your network via one of its lan ports.  There you go AP..  If you want to run not your typical home wifi and properly mount your AP in the best locations for coverage of your property then I would suggest the unifi line - it seems to be the best bang for the buck if you ask me.  I have the v2 mounted in the ceiling in my hallway center of the house, and the LR model I placed near my patio door to give better 5ghz coverage in the kitchen and my outside patio..  They also have band steering, min rssi in the gui and rf interference monitoring all being actively worked, zero handoff, etc…  I would also love to mount the lite I got, but with the size and layout of my home I have no need for another one.. Just have played with for testing purposes and testing of wifi uplink, etc.

    If you want some actual numbers of performance of the new AC line, join the unifi fourms and request beta access, many people posting up their performance numbers there - myself included.



  • Hi

    i use some TP-Link with Openwrt as AP (2x 1043ND & Archer C7)
    WLAN's are  bridged to vlan's so i have a privat/guest wlan  seperated and the Router itself  has only one IP at the  managment vlan.
    All Ip's are given via DHCP from the pfsense.
    I also need the lan ports with vlan's so it is the best option for me
    Price depends on requirment / type.
    The best think is; it make fun to setup it in this way.



  • I guess this is bush league, but because my primary computer is an iMac I have an Apple AirPort Express.  Very friendly to set up and configure.  In bridge mode with my pfSense appliance as the DHCP server, the AirPort Express is ideal for letting guests access the internet without getting too crazy.



  • @johnpoz:

    Unlike mozerd here our new 1 post wonder that has no experience with the new unifi line, I was lucky enough to be selected for beta testing and got a lite and LR model free.. Which I am running along with with my ACv2

    I have had NO issues with performance both in the ACv2 model or the new line - and yes they have made lots of improvements in the new models and drastically reduced the cost..

    That R7000 retails for what 220-240$  you could get 3 of the lite models for about the same price point.  And place them appropriately around the property for best wifi coverage.

    While those devices might make good home routers with wifi, they are not really designed to be AP.. They are not POE, so kind of hard to properly place them in the ceiling or walls where AP should actually be placed.  They do not have a controller that allows you monitor and manage multiple devices.

    I suggest you look here for other users of pfsense and unifi AP and their experience, along with the forums on unifi.  They have very active development of the firmware of the AP and the controller software (free and can run as vm, or runs on windows, linux or mac.  they are coming out with new cloudkey device that will run controller software as well.  Or if you want you could even run the controller on amazon or other cloudbased hosters).  And you don't have to actively run the controller software if you don't want to.  But it does give you nice insight into clients connected, bandwidth used, speeds they are connected at, etc. etc..

    If you plan on sitting the AP on the shelf somewhere, then sure go with a soho wifi router used as AP..  BTW any wifi router can be used as just AP does not have to have a "feature" to do so.  You turn off its dhcp server and connect it to your network via one of its lan ports.  There you go AP..  If you want to run not your typical home wifi and properly mount your AP in the best locations for coverage of your property then I would suggest the unifi line - it seems to be the best bang for the buck if you ask me.  I have the v2 mounted in the ceiling in my hallway center of the house, and the LR model I placed near my patio door to give better 5ghz coverage in the kitchen and my outside patio..  They also have band steering, min rssi in the gui and rf interference monitoring all being actively worked, zero handoff, etc…  I would also love to mount the lite I got, but with the size and layout of my home I have no need for another one.. Just have played with for testing purposes and testing of wifi uplink, etc.

    If you want some actual numbers of performance of the new AC line, join the unifi fourms and request beta access, many people posting up their performance numbers there - myself included.

    Thank you so much John for your explanation.
    i'v tested the R7000 Netgear the range doesn't get far as my ISP crap router, so i brought it back because it wasn't a cheap router.
    so i am gonna wait till the Christmas probably there will be something better with high range.


  • LAYER 8 Netgate

    @Jamerson:

    @johnpoz:

    Big fan of the unifi stuff, the AC lines are very reasonable priced..  89 to 149 I believe for the lite, LR and Pro..

    https://www.ubnt.com/unifi/unifi-ap/

    Than you John
    do they have a good range without antene ?
    does it has a web internface to configure the SSID and WPA ?

    You are not going to see much difference between APs due to antennas until you get into directionals for longer range or high-end like Ruckus BeamFlex.  And just because there isn't useless crap hanging off the AP doesn't mean it doesn't have antennas.  Antennas on consumer routers are pretty much marketing chrome.

    The unit you buy either has a good radio in it or it doesn't.

    Be sure your expectations are in line with reality.  Two or three walls - especially at an oblique - and your wifi is going to be kaput.  Especially 5GHz. Depends on the construction too.


  • LAYER 8 Global Moderator

    Without antenna?  As Derelict mentions those big things sticking out of your soho devices are mostly for show ;)

    Yes I have good range to answer your question directly, but as Derelict also points out a wall or 2 and your 5ghz is going to be shit..  Another mistake in working with wireless is how much power a AP puts out in thinking that really helps..  Does not matter if my client could see the signal from mile away if its xmitter is crap ;)

    5ghz works best with more AP in areas that are not obstructed..  Which is part of the reason I placed one near my patio door, while I could see and use the 5ghz signal on my patio before from the Ap in the center of the house.. It was no where close to optimal, once I place an AP in that area I see a -50 signal and screams, I max out my internet connection..

    If really wanting to have the best wifi you can have, you need to take into account the layout and size of your house, the wall material, etc.  US is pretty easy with very thin walls vs some countries with 1 foot Brick walls (like a freaking bomb shelter).  You would then place the appropriate number of AP to give you coverage every where you want it.  Keep in mind that a client at the very edge of getting a signal it can work, but can be a hit on every other client on that same AP even with good signals.  This is why with good setup you take into account min rssi and tell your AP not to let clients with low signal talk to it - have them move to a better signal AP.

    If your location is multiple levels placement of AP on each floor will be very helpful, etc.  You rarely see good placement of a wifi router, its quite often on the floor under a desk in the corner of the house.  And they wonder why signal on the other side of the house is no good, and they have lots of devices all on the same AP.. Wifi bandwidth is half duplex and shared among all clients.  And they think if they get a more powerful wifi router its going to help, when that has nothing to do with the xmit of the clients..  Having full bars on your wifi doesn't always mean its going to be good.  I run the power setting on mine at low for 2.4 and med for 5ghz and have no issues.



  • A few general pointers for WiFi that will help you out …
    As some of the other people that have responded in this thread have mentioned some of these points, I've collected them here:

    • Signal strength at BOTH ends is important.  How well you see the AP is only half the puzzle.  If the AP doesn't see the client equally as well, then its not going to work well.  Remember that an AP doesn't have the physical limitations of an antenna that'd you'd find on a tablet, meaning the AP's antenna probably works better than the tablet's.

    • Signal attenuation is a killer: walls, crappy antennas, etc.  If you have any way of measuring the signal, you want at least -70dBm (yes it will still work, but poorly at -80dBm) from the AP at the client and vice-versa.  Also don't run your APs without antennas.  The radios inside are impedance matched to the antennas, disconnecting them generally makes it not work beyond a few feet.

    • Interference is a killer: Make sure you are on your own channel, in 5Ghz, that's possible, but avoid DFS channels (52-144) since by law the AP must switch off and find a new channel if it detects radar.  As an additional point, if you run custom firmware in your AP, it may be tempting to select certain non-standard channels, just be prepared for a visit from law enforcement agents, big fines and equipment seizure especially if you're near an airport!

    • Most people have no clue about 2.4GHz: Stick to channels 1, 6 and 11 (or whatever is standard in your country).  Otherwise you're just creating unintelligible noise for your neighbors, which is far worse than interference on the same channel, which can at least be understood and respected by all parties.

    • Please for the love of God don't run 802.11n 40MHz in 2.4GHz, you're just being a pig since there's only 1 usable non-overlapping 40MHz wide channel in 2.4GHz.

    • More power != better performance; in fact in many cases more power = worse performance.  Think of how you'd want to install speakers in a whole home audio system.  One super powerful speaker in a central location, or many smaller speakers scattered throughout for a pleasing uniform sound level everywhere.  You can also use the same analogy for lighting.  Same thing applies to WiFi, RF waves are like light waves, only they penetrate somewhat the obstacles.

    • Don't forget WiFi is a half-duplex medium:  The radio can only send or receive, it can't do both at the same time AND each and every wireless packet has to be acknowledge or retries occur.  Consequently, your expected performance will be about half the connection rate, if that.

    • Consider using iperf to validate your throughput.  Run iperf in both directions to ensure you're getting what you're expecting.

    In the end, unless you have the budget for Enterprise grade wireless, you have to work within with the above realities.

    –A.


Log in to reply