Wireless (WiFi) Access Point Rec?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

matt_garman

Active Member
Feb 7, 2011
212
40
28
I'm in the market for a wireless access point, looking for some recommendations.

First, I only need an access point, not a full-on router. Routing duties are handled by a separate pfSense system.

This is for residential home use. I try to do wired whenever possible, certainly for anything with high bandwidth requirements and/or in a static location. So the WiFi is really for "transient" devices: smart phones, tablets, laptops, etc.

Currently I'm using an Asus RT-N66U. I realize this is a full-on router, but I'm using it in Access Point mode (Merlin firmware). This actually works pretty well; at times I wish it was a bit faster. I don't really need a new WAP, but I'm in the process of setting up the infrastructure on a new house. Original plan was to not have wireless at the new house until we actually move. But now I'd kind of like to have WiFi in the new house sooner than that, and it also gives me an excuse to upgrade. (I'm sure many here suffer from upgradeitis. ;)) Plus I can donate the Asus to my parents when we move.

This is a large-ish house, basement and two stories, about 1800 square feet per level. The old house is a bit smaller, maybe 1200 square feet per level; the Asus doesn't seem to have any coverage issues. The new house does have a huge 200-foot deep yard, so coverage out to there would be nice, but isn't worth any added cost.

Being powered by POE, 802.3af in particular, is ideal, but not a hard requirement. I have a closet in the middle of the house with a Cat6 drop, so aesthetics aren't important---it will be hidden no matter what. That makes POE convenient, but an AC adapter not a big deal either.

Given that long rambling intro, my main question is: should I get a typical consumer-level device, or step up to the low-end enterprise grade products? Looks like I can get POE-powered 802.11ac WAPs from the likes of Netgear, Linksys, TP-Link for $100 or less. On the other end of things, I see lots of love here and other places for Ruckus, specifically the R310 looks ideal for my situation, but at $350 or so.

In general, I've never been able to really understand the difference between the higher-end consumer stuff and the entry-level enterprise stuff. I know the latter often comes with "enterprise features", which I really don't need; I'm good with MAC address filtering and WPA2 PSK. So is the hardware that much better? I suppose mesh capabilities would be nice if a single WAP won't cut it; but I'm hoping I don't have to go there. I know with the consumer-grade wireless routers, the firmware is notoriously flaky. Many, many years ago I ran DD-WRT on a Buffalo router to avoid junky stock firmware. But the Merlin firmware on my Asus RT-N66U has been surprisingly stable (I don't think I've ever had to reboot it). Either way, I would think being a basic access point "should" be easier to get right than full-on routing functionality.
 

ttabbal

Active Member
Mar 10, 2016
743
207
43
47
I'm using an Asus AC router as an AP and it works well. It seems the firmware issues are mitigated a lot by not expecting them to actually route anything. I'm using the stock firmware, the only reboots are when I mess with the wiring.

Please post when you select something. I'm curious to see what's out there that's reasonably priced that might be a better fit.
 

RyC

Active Member
Oct 17, 2013
359
88
28
The Ubiquiti Unifi AP series sounds like it would work well here
 

Blinky 42

Active Member
Aug 6, 2015
615
232
43
48
PA, USA
I got a pair of Ubiquity UAP-AC-PRO's to replace my random collection of off the shelf WiFi gear after folks keep mentioning they like them in STH forums & irc.
I have to say they are quite nice so far (~ 4 months) and have fixed the spotty coverage and speed issues in my house. There is a lot of congestion in the ISM band in my area from every house in the area having all sorts of cheap routers and IoT crap and the old wifi gear wasn't cutting it against the noise. I got the first one @ the local Microcenter to see how well it worked and after I saw immediate improvement I ordered the second one online so I have 2 for even more robust coverage throughout the whole house.
 
  • Like
Reactions: wildchild

britinpdx

Active Member
Feb 8, 2013
367
184
43
Portland OR
The Ubiquiti Unifi AP series sounds like it would work well here
I'm in process of moving from Asus products (AC66R wireless router + WAP) to a supermicro LGA1155 pfSense solution with HP 1910-24G-PoE switch and Ubiquiti Unifi AP's. I was fortunate to be able to pickup a couple of the UAP AC-IW devices from the Beta store, and so far they are working well.

We also have a larger multi level home ( 2 main levels + basement + attic so 4 effective levels), I have one AP on the lower level South side of the house and one AP on the upper level North side of the house. Coverage on 4 levels is good enough.
 

Deslok

Well-Known Member
Jul 15, 2015
1,122
125
63
34
deslok.dyndns.org
Another vote for the UAP-AC-PRO at 130 each on amazon i've deployed 6 to date and am putting 5 more in(new building) in enterprise environments they're cheap and good over the past year or so for the first ones i deployed
 

Patrick

Administrator
Staff member
Dec 21, 2010
12,511
5,792
113
I personally do the pfSense + Ubiquiti.

I have installed a pfSense + eero solution for a friend. He loves it. Setup via a mobile app.
 

Drewy

Active Member
Apr 23, 2016
208
56
28
54
Another vote for pfsense and ubiquiti. Got 3 ap pros in the house and will be adding a few more outside to cover all the garden.
I ensure coverage overlaps a little and then you can even upgrade the firmware on the things without clients taking an outage. Well chuffed so far.
 

matt_garman

Active Member
Feb 7, 2011
212
40
28
Please post when you select something. I'm curious to see what's out there that's reasonably priced that might be a better fit.
I haven't selected yet, but after reading all these responses, it'd be hard not to give Ubiquiti some serious consideration!

However, based on everything I've read, Unifi doesn't give me the warm fuzzies I was hoping for. It appears that, behind the scenes, it's the same commodity chipsets that all the consumer stuff is using (i.e. Broadcom or Atheros). To be fair, the chipset is only a small piece of the overall system (e.g. great software can turn a mediocre chip into a great product).

The other thing that bugs me is the need to run the controller software on another device. Based on what I've read, this doesn't need to be run all the time. In fact, for most deployments, it sounds like you can install the software once, get everything set up, then blow away the software. From a cost standpoint, this sorta makes sense, as they can save money on the hardware itself. But I like to use MAC filtering, so any time a guest comes over and wants to use my Wifi, I assume I'll have to re-install the controller software (or just leave it running all the time). Looks like they only have Linux packages for Ubuntu/Debian; I'm sure I can hack a way to run it under CentOS, but that's one more thing I have to do. I have an always-on Linux server, so not a big deal, except that my WAP is now somewhat coupled to another system (versus a true standalone device).

On the flip side, it's hard to argue with success, and there's no shortage of recommendations for Ubiquti here and other sites; and FWIW the UAP-AC-PRO dominates in terms of Amazon reviews. As appealing as the Ruckus stuff looks, it's really hard to justify the 3x price premium for the R310 Unleashed over the UAP-AC-PRO. Is the Ruckus really 3x better? Possibly. But even if so, will my rather pedestrian use-case benefit from a 3x better device? Unlikely. As the engine guys like to say, "there's no replacement for displacement", and from that perspective, to normalize on price, I'm pretty sure three Unifi devices will likely beat out a single Ruckus.

I'm in no hurry, so I'll think on this some more. If I was forced to make a decision now, I'd probably go with the Ubiquiti. It does seem to generally be a good product, and my complaints are more nit-picks than actual deal breakers.

That said, I am somewhat curious to do some testing of the UAP-AC-PRO versus my Asus RT-N66U. That alone might push me to buy something sooner than later. :) Although, time is my biggest hurdle to doing something like this.
 

pyro_

Active Member
Oct 4, 2013
747
165
43
The other option you can do for the controller with ubiquiti is get one of their cloud keys to use as your controller. However that does add another 80$ to the cost of the system
 

cheezehead

Active Member
Sep 23, 2012
723
175
43
Midwest, US
I'm still running a Netgear AC1900 box in AP mode for now but will be moving to Ubiquiti next time I refresh.

It appears that, behind the scenes, it's the same commodity chipsets that all the consumer stuff is using (i.e. Broadcom or Atheros). To be fair, the chipset is only a small piece of the overall system (e.g. great software can turn a mediocre chip into a great product).
It's not what's in the box, it's the band. There are only a few different physical chipsets out there, it's the software/firmware behind it that makes or breaks it.
The other thing that bugs me is the need to run the controller software on another device.
There are mobile apps for stand-alone administration (iOS and Android) as well, otherwise just run it off a laptop/desktop when you need to make changes. Installing it and running the service 24x7 has some enhancements from what i'm seeing but in most cases just set it and forget it.

Depending on what kind of AP density you need and if there are any outbuildings, Amazon also sells the AC Pro's in 5-packs at a slightly better price per AP ($10 off per unit).
 

ttabbal

Active Member
Mar 10, 2016
743
207
43
47
MAC filtering is almost useless from a security perspective. You might consider setting up a guest network with a different SSID and password instead. You can even rotate the password once in a while, booting all the old guests. :)
 
  • Like
Reactions: Rain

Rain

Active Member
May 13, 2013
276
124
43
But I like to use MAC filtering, so any time a guest comes over and wants to use my Wifi, I assume I'll have to re-install the controller software (or just leave it running all the time).
Save yourself the trouble: VLAN a guest network with an easy to type password for your guests. You're already using pfSense, just block access from the VLAN the rest of the network. Ubiquiti APs (along with most non-consumer APs) support broadcasting multiple SSIDs on different VLANs. Don't screw around with MAC filtering; it's a pain and can easily be subverted anyway...

Edit: Ninja'd by @ttabbal
 
  • Like
Reactions: PigLover

wildchild

Active Member
Feb 4, 2014
389
57
28
I haven't selected yet, but after reading all these responses, it'd be hard not to give Ubiquiti some serious consideration!

However, based on everything I've read, Unifi doesn't give me the warm fuzzies I was hoping for. It appears that, behind the scenes, it's the same commodity chipsets that all the consumer stuff is using (i.e. Broadcom or Atheros). To be fair, the chipset is only a small piece of the overall system (e.g. great software can turn a mediocre chip into a great product).

The other thing that bugs me is the need to run the controller software on another device. Based on what I've read, this doesn't need to be run all the time. In fact, for most deployments, it sounds like you can install the software once, get everything set up, then blow away the software. From a cost standpoint, this sorta makes sense, as they can save money on the hardware itself. But I like to use MAC filtering, so any time a guest comes over and wants to use my Wifi, I assume I'll have to re-install the controller software (or just leave it running all the time). Looks like they only have Linux packages for Ubuntu/Debian; I'm sure I can hack a way to run it under CentOS, but that's one more thing I have to do. I have an always-on Linux server, so not a big deal, except that my WAP is now somewhat coupled to another system (versus a true standalone device).

On the flip side, it's hard to argue with success, and there's no shortage of recommendations for Ubiquti here and other sites; and FWIW the UAP-AC-PRO dominates in terms of Amazon reviews. As appealing as the Ruckus stuff looks, it's really hard to justify the 3x price premium for the R310 Unleashed over the UAP-AC-PRO. Is the Ruckus really 3x better? Possibly. But even if so, will my rather pedestrian use-case benefit from a 3x better device? Unlikely. As the engine guys like to say, "there's no replacement for displacement", and from that perspective, to normalize on price, I'm pretty sure three Unifi devices will likely beat out a single Ruckus.

I'm in no hurry, so I'll think on this some more. If I was forced to make a decision now, I'd probably go with the Ubiquiti. It does seem to generally be a good product, and my complaints are more nit-picks than actual deal breakers.

That said, I am somewhat curious to do some testing of the UAP-AC-PRO versus my Asus RT-N66U. That alone might push me to buy something sooner than later. :) Although, time is my biggest hurdle to doing something like this.
Actually, it's about the same chipsets that meraki, cisco, ruckus and zebra use too.
I swapped zebra out for unifi, and so far real happy with it.

In fact we're testing to see if we can replace our corporate zebra deployment of 2600 ap's on 37 different global sites with unifi too.

The poc ran great, and the cost saving would be monsterous, given ac-hd pro's are a third of the zebra's and no further licensing is required
 

Cheddoleum

Member
Feb 19, 2014
103
23
18
MAC filtering is almost useless from a security perspective. You might consider setting up a guest network with a different SSID and password instead. You can even rotate the password once in a while, booting all the old guests. :)
My Zyxel NWA1123-AC AP has an interesting raw "Layer 2 Isolation" feature. It allows you to populate a table with the MACs of select devices on your network and restrict the wireless clients on one or more SSIDs to communicating with only those. It's somewhat limited in that there's only the one table -- not an arbitrary number of named tables -- which you can enable (or not; by default not) on any given SSID. But if you're not using it for any other purpose does make setting up a guest network simple: I define only one MAC, that of the gateway, and enable this list on the Guest SSID. Because it's a list, if my gateway and DHCP server were different devices I could enter both macs.

It's essentially the reverse of MAC filtering and as such not vulnerable to spoofing. I don't claim to have done a real security analysis on it but it solves the guest network problem internally without any need to fiddle with any other devices on the network.

This doesn't constitute a recommendation: I haven't used enough other standalone APs to confidently recommend anything over any other. But I've been using this AP for almost two years and it checks all the right boxes of performance and SOHO-level feature/complexity tradeoff for my day-to-day purposes.
 
Last edited:

tullnd

Member
Apr 19, 2016
59
7
8
USA
I also am running the Unifi setup. AC Pro HD and a few AC IW's for my home. I currently run the controller for myself on my Ubuntu server, but I just installed a few AC Lite's at a friend's house and another friend just purchased a new, sprawling ranch that will require 2-3 units to cover the home and his pool/garage area.

I picked up a Raspberry Pi 3 to test out running the controller on that. They do make a version of the controller for that distro. If it runs as well as everyone suggests, I'm going to recommend my friends pick one of those up to use as a controller if they want something that needs it, like some of the portal options and such. It's slightly cheaper than a Cloud Key and if the performance is good, could be used for other options as well possibly.
 

matt_garman

Active Member
Feb 7, 2011
212
40
28
Alright, I'm convinced. I even get next-day delivery with Amazon, so tomorrow I should have a Ubiquiti UAP-AC-PRO in my hands. Hopefully I can find some time to do a little testing.

I picked up a Raspberry Pi 3 to test out running the controller on that. They do make a version of the controller for that distro. If it runs as well as everyone suggests, I'm going to recommend my friends pick one of those up to use as a controller if they want something that needs it, like some of the portal options and such. It's slightly cheaper than a Cloud Key and if the performance is good, could be used for other options as well possibly.
Yeah, one of the Amazon reviews I read mentioned using an RPi for the controller. I might do that, or just make a systemd-nspawn container on one of my Linux systems. Ubiquity should make an "unleased" version of their WAP which has something like an embedded ARM chip (like an integrated RPi), to support running the controller software. I'd pay an extra $50 for that.