End of the story. (for now) -
I got a second ZyXel NWA3560-N WAP up and running in the house. I already had a second unit anyway, but it had been in use in another building. I upgraded the firmware on both WAPs, which greatly improved the functionality of them, as now I can provide a truly isolated, ring-fenced, L2-firewalled guest BSS. (See other thread re the WAPS’ so-called “L2 Isolation” / “Layer 2 Isolation” feature, which I discovered by accident, completely out-of the blue, after it was unexpectedly added by the WAP firmware upgrade. This new capability is in fact completely undocumented in the WAPs’ help file, although it is at least mentioned in the release notes, and is visible in the web UI if you dig enough, but is in both cases without any explanation.)
With the two WAPs deployed in the house now in much better locations - very central, one upstairs and one downstairs - I get far better coverage and much, much faster speeds. I'm using 802.11n only. One WAP is using 2.4 GHz and 5 GHz, 40 MHz-wide bonded channels both. The second WAP has a similar setup, but its two radios are both on 5 GHz. I'm very pleased and surprised that these WAPs are so flexible in this respect. I just assumed that each of the two radios was dedicated to a band, but quite by accident I spotted that you can assign a radio to either band. All channel assignments are non-overlapping. There is one radio on channels 1 + 6 bonded, and channel 13 is free for Bluetooth or any future uses. The other three radios (in the remaining 1½ WAPs) are all on distinct auto-assigned 5 GHz, 40 MHz-wide channels.
The WAPs are set up with several VAPs on each one, and the SSIDS match between them. Because the SSIDs match, stations can roam between WAPs. The SSIDs are something like "Main", "Main 5GHz" and "Guest". The “main” service sets have whitelist MAC filtering set up, and are published on one 2.4GHz radio and three 5GHz radios across two WAPs. “Main 5GHz” has an identical setup but is not one a 2.4GHz radio, so clients can choose to stick to 5 GHz only. The “guest” service set is currently on one WAP only, although this may change and is also 2.4GHz-only, and I haven't decided firmly yet whether to keep it this way. I'm thinking of preventing guest users from contending with main users for WLAN bandwidth, so restricting them to 2.4GHz only keeps them away from the 5GHz radios where almost all the main users live. Each Guest’s internet traffic is throttled / bandwidth limited individually in both directions by rules within the firewall-router (a Firebrick), although this is currently not done properly because I haven't written the rules correctly and I don't cover IPv6 traffic, only IPv4. But I'm not at all sure how to proceed here without creating something very inelegant and making a maintenance nightmare. I can think of other possible avenues too, but they are pretty desperate and more costly.
Apple devices seem to roam well enough, but infrequently because the signal strengths heard from one WAP is usually good enough to mean that it won't really need to roam to the other, or else neither is audible, which is the case in the add-on large porch at the front of the house, which is outside the main >6 ft (true) thick stone gable-end wall. Unfortunately, if one or both WAPs are rebooted, whichever one is up or comes up first takes all the stations as clients, and they tend to stay like that. So there is no guarantee of anything like proper load balancing, as although these models claim to have some feature along these lines, the design of it doesn't make sense to me, at least from the (very poor) docs. One good thing at least is that the Apple kit seems to prefer 5 GHz effectively, although I'm not sure exactly what Apple iOS’ policy is.
These WAPs don't support 802.11r or k or any of these other sexy standards addenda. But I don't do VoIP with the mobile devices much, and not while wandering around anyway, so the lack of Fast Transition capability when roaming doesn't matter too much, and in any case they tend not to roam as they don't really need to, as I mentioned earlier.
So I'm pretty pleased with the current setup, and don't need to upgrade hardware right now. Coverage sorted, largely. Roaming does work, but doesn't happen too often which is healthy. And the guest network security thing is sorted and tested. Very high throughput of 802.11ac isn't an issue at the moment. And I haven't had to spend any money at all. Mrs Weaver is a lot happier with the new coverage. She is running long CAT7 S/FTP cables for me from the main LAN switch in the upstairs office to the top of the stairs for the upstairs WAP, and a second cable down to the kitchen for the downstairs WAP which is on a very tiny wooden high shelf. It turns out that I don't currently need POE for either of these units where they are at the moment.
If I do upgrade at some point it will be some Cisco future model, as I do like the 1850 and 1830 devices and I've found some prices that are nowhere near as scary as I thought. At ~£350 for the 1830 or ~£460 (VAT?) for the 1850, they aren't a lot more than I paid for the ZyXel devices roughly five years ago. I was expecting something like 50% more than that, at least, for anything Cisco that is not just a load of crap with the brand name on it.
I will need to do something about outside coverage too now. Not entirely sure what at the moment.
Author
Topic: My new current WLAN, following non-upgrades of WAP hardware (Read 1347 times)