Thoughts on a wifi issue? Can't believe I don't know how to do this...

[Marc_G 95]

Hi folks,

 

Could you please tell me the correct solution to this problem, and recommend hardware if you've got a suggestion?

 

Basically, an area of my house is served by gigabit Ethernet and there's an open switch port available, but that area is far from both my primary router and a secondary access point, so from a wifi perspective it's a bit of a brown zone. I'd like to get an access point / wifi extender over there.. Sounds simple enough, but:

 

That area often has guests using wifi devices. Guests don't get to access my main network; I've got the primary router set up for a guest wifi login that provides internet but no access to the computers of my main network. So, what I think I want to do is get an access point that will propagate the "guest" wifi network as well as the "household" wifi network.

 

Since the "guest" network is something put out by my main router (Netgear N750 / WNDR4300), I'm not sure how to have an access point connected on the hard gigabit line replicate that. Am I missing an option? Or  would the router have some configuration I haven't found yet to support serving the guest network over Ethernet to a specific other device, along with the household network?

 

The secondary access point I have is an old Belkin N+ router, which was very difficult to get running as an access point, and didn't play nicely with the "household" wifi network... had to rename the ssid "household2." It isn't putting out any guest network either, since it's just acting like a dumb access point, but the area it serves doesn't need to support guest access.

 

I'm sure there are simple solutions, and would appreciate any help you folks can provide.

 

Thanks!

 

Marc

Edited December 8, 2016 by Marc_G

[mastrmind11 722]

Hi folks,

 

Could you please tell me the correct solution to this problem, and recommend hardware if you've got a suggestion?

 

Basically, an area of my house is served by gigabit Ethernet and there's an open switch port available, but that area is far from both my primary router and a secondary access point, so from a wifi perspective it's a bit of a brown zone. I'd like to get an access point / wifi extender over there.. Sounds simple enough, but:

 

That area often has guests using wifi devices. Guests don't get to access my main network; I've got the primary router set up for a guest wifi login that provides internet but no access to the computers of my main network. So, what I think I want to do is get an access point that will propagate the "guest" wifi network as well as the "household" wifi network.

 

Since the "guest" network is something put out by my main router (Netgear N750 / WNDR4300), I'm not sure how to have an access point connected on the hard gigabit line replicate that. Am I missing an option? Or  would the router have some configuration I haven't found yet to support serving the guest network over Ethernet to a specific other device, along with the household network?

 

The secondary access point I have is an old Belkin N+ router, which was very difficult to get running as an access point, and didn't play nicely with the "household" wifi network... had to rename the ssid "household2." It isn't putting out any guest network either, since it's just acting like a dumb access point, but the area it serves doesn't need to support guest access.

 

I'm sure there are simple solutions, and would appreciate any help you folks can provide.

 

Thanks!

 

Marc

Hmm.  Assuming you set up your N750 guest network in "isolation" mode (I think thats the term they use) to keep guests off your LAN, then I thnk the simplest way to get this to work would be to get another (same) router, connect it to the wire, turn off DHCP and set it up in "isolation" mode as well.  You could even set it up using the same SSIDs as your main router so devices will hop to the strongest signal as they move around your house.  I don't believe any consumer grade extenders are capable of this.  The other approach would be to reconfigure your network to use subnets, but I doubt you'd want to get into that mess.

[Marc_G 95]

So, get another router like the N750, turn off DHCP so that the main router is serving addresses, and otherwise set router2 with the same household and isolated guest Wi-Fi networks?

 

I guess I didn't realize I could do that. Makes a lot of sense. Thanks.

[PenkethBoy 2068]

couple of things to try

 

1. Use Vlan's to separate the guest from the main network

2. Use the main router on say 192.168.1.1 and the guest router on 192.168.2.1 - guess cannot see 1.1 but 1.1 can see 2.1

 

But Vlan's are definitely the way to go. You can set your wireless router that offers multiple SSIDs and VLAN Tagging (802.11q). Then setup your router with 2 SSID's. Assign a VLAN ID to each of the SSIDs. Have the router provide DHCP on VLAN2 (SSID2) and setup VLAN1 (SSID1) to be on the network you are using. That way the server still provides DHCP and DNS for people on SSID1, but people on SSID2 will get DHCP from the wireless router.

[mastrmind11 722]

couple of things to try

 

1. Use Vlan's to separate the guest from the main network

2. Use the main router on say 192.168.1.1 and the guest router on 192.168.2.1 - guess cannot see 1.1 but 1.1 can see 2.1

 

But Vlan's are definitely the way to go. You can set your wireless router that offers multiple SSIDs and VLAN Tagging (802.11q). Then setup your router with 2 SSID's. Assign a VLAN ID to each of the SSIDs. Have the router provide DHCP on VLAN2 (SSID2) and setup VLAN1 (SSID1) to be on the network you are using. That way the server still provides DHCP and DNS for people on SSID1, but people on SSID2 will get DHCP from the wireless router.

Problem w/ VLAN setups is that most consumer grade routers (including the OPs) have little to no VLAN support.  He could technically flash his router to use DD-WRT which has the support, but I get the impression that he doesn't want to get into completely reconfiguring his network.

[Marc_G 95]

Looked into DD-WRT once, at that time my router wasn't supported, would prefer simpler solution.

 

If buying another of these routers ($75) for the remote area solves the problem then that's good. I might think to invest a bit more in an AC router to use as main and move the N750 to the remote location.

 

Will go into router settings some more tonight and poke around to see what's there.

 

Also any further thoughts gratefully accepted.

[PenkethBoy 2068]

use the ip solution no need for vlan's

 

a good router that does support vlans is the LinkSys wrt1900ac(s) for a little more and might have the power to cover you "brown" areas without the need for vlan's and ip tricks

[mellomade 141]

Alternatively instead of cobbling together a fix you could look into setting up a mesh network with access points.  I use 3 of these Ubiquiti Unifi access points to cover 5000 sq ft plus an outdoor/backyard area and they work great.  Because it is a mesh network your mobile devices can seamless wander between access points - and the controller software even has the ability to set thresholds on signal strength so you are always connected to the ap with the best signal.  

 

Keep in mind this is enterprise grade hardware/software - you have the ability to set up a guest portal using a secondary SSID so you never have to worry about separate hardware for your guests.

 

If you don't need 600ft range you can use the AP AC Lites - which run about $80/ap.

 

https://www.ubnt.com/unifi/unifi-ap-ac-lite/

 

https://www.amazon.com/Ubiquiti-Unifi-Ap-AC-Lite-UAPACLITEUS/dp/B015PR20GY

Edited December 8, 2016 by mellomade

[mastrmind11 722]

Alternatively instead of cobbling together a fix you could look into setting up a mesh network with access points.  I use 3 of these Ubiquiti Unifi access points to cover 5000 sq ft plus an outdoor/backyard area and they work great.  Because it is a mesh network your mobile devices can seamless wander between access points - and the controller software even has the ability to set thresholds on signal strength so you are always connected to the ap with the best signal.  

 

Keep in mind this is enterprise grade hardware/software - you have the ability to set up a guest portal using a secondary SSID so you never have to worry about separate hardware for your guests.

 

If you don't need 600ft range you can use the AP AC Lites - which run about $80/ap.

 

https://www.ubnt.com/unifi/unifi-ap-ac-lite/

 

https://www.amazon.com/Ubiquiti-Unifi-Ap-AC-Lite-UAPACLITEUS/dp/B015PR20GY

Holy crap these things have come down in price!  Thanks for the heads up!

[Marc_G 95]

Great continuing discussion all! I knew I came to the right place.

[PenkethBoy 2068]

@@Marc_G

 

give us some more info to work with - how big is the brown out area?

 

what do you wan to pay - if anything - are you up for fiddling or not?

 

etc

[Marc_G 95]

Hi guys!

 

My home is nothing special. No giant mansion or anything. Here's a Google maps satellite view, showing the area where the office is with the router, and noting the area where there is weak coverage. All rooms relevant to this discussion are on the main floor level.

 

Scale: As shown here I think the house is about 60-75 feet in this direction <------------->

 

It's worth ~$100 or so to fix this. Maybe a bit more for an elegant solution or something that would offer improved functionality overall.

 

Now, I know well that if I were to mount the main N750 router centrally in the kitchen, not under a desk next to the garage-facing wall in my office, that I would get a LOT better coverage from it. That wouldn't cost me anything, as I have plenty of cable to run and so forth. However, Putting it where it belongs would effectively end my marriage. Visible router in kitchen won't pass the WAF.  Also, there's the consideration that I have a UPS in the office that handles my cable modem, router, office Ethernet splitter, one of my tuners, and one computer. I stay online about 40 minutes into an outage, which means I only lose power to the network components once every couple years, on average.  There's another UPS downstairs near the HTPC/Emby server covering it, another tuner, splitter...

 

 

I'll catch up reviewing all the great info above over the next day or two. Totally wiped out right now though! Thanks again, and don't hesitate to pipe in with any further thoughts...

Edited December 9, 2016 by Marc_G

[Koleckai Silvestri 1154]

The Ubiquiti access points are great for WAF. They look similar to a smoke detector and can easily be mounted high on the wall or ceiling. So they are out of the line of sight. The mesh access points like Eero, Google Wifi, and Plume also take their appearance into consideration. Though, they incur a heavier cost.

 

Personally, I'd just stick a $50 AC1200 router in bridge mode in the brownout area. Especially since you mentioned you already had an Ethernet port there. If you need a switch for that location, you can get one for around $20. At least at US prices.

Edited December 9, 2016 by Koleckai Silvestri

[Marc_G 95]

 

Makes sense (relatively low cost router in bridge mode). May try this soon. I do have a gigabit switch there with two open ports, so I've got room to grow. Actually now have an unused 5 port gigabit switch because I just swapped out a 5 for an 8 in another area due to need for more ports.

[Marc_G 95]

The Ubiquiti access points are great for WAF. They look similar to a smoke detector and can easily be mounted high on the wall or ceiling. So they are out of the line of sight. The mesh access points like Eero, Google Wifi, and Plume also take their appearance into consideration. Though, they incur a heavier cost.

 

Personally, I'd just stick a $50 AC1200 router in bridge mode in the brownout area. Especially since you mentioned you already had an Ethernet port there. If you need a switch for that location, you can get one for around $20. At least at US prices.

 

Was too tired last night to think this through. If I go the AC1200 in bridge mode... will it let me set up the guest wifi network separate from the household wifi network? My (older) routers only seemed able to do this when they were also the DHCP server. I would think the bridge mode router would need to be talking to the main router in order to negotiate this. How does it work?

 

And I looked at the Ubiquiti product. Looks awesome, but was reading how you have to have control software running on a PC if you are doing anything more than a simple use case, and I'm afraid that my use case (guest + household wifis) might require that.

 

Clearly I'm not experienced enough yet... but it's fun to learn this stuff!

[mellomade 141]

And I looked at the Ubiquiti product. Looks awesome, but was reading how you have to have control software running on a PC if you are doing anything more than a simple use case, and I'm afraid that my use case (guest + household wifis) might require that.

 

The control software is absolutely not required to be running to access the APs.  It is only used to configure and save options to APs.  Since these are APs and not a router - there is no built-in web server running on them which is why you need controller software.  Once you've set them up you are done.  If you need to make changes to the configuration you will need to use the controller software - but it can be run from any machine.  

 

What you hear often times is people running the controller software continuously so you'll have access to some of the advanced management features remotely.  In an enterprise environment this is essential but this can also be good, for example, if you want to use Ubiquiti's iOS or Android app from your phone to configure anything or monitor who is on your APs.  There are some options that are available with the controller running only.  However things like monitoring who is on your network (and even blocking them) is available from the app without the controller software running.

 

This is one reason why they are so inexpensive - having such functionality built-into the hardware is overkill when all you need is APs for access to your network.

Edited December 9, 2016 by mellomade

[Koleckai Silvestri 1154]

Was too tired last night to think this through. If I go the AC1200 in bridge mode... will it let me set up the guest wifi network separate from the household wifi network? My (older) routers only seemed able to do this when they were also the DHCP server. I would think the bridge mode router would need to be talking to the main router in order to negotiate this. How does it work?

 

It would depend on the router used. 

[Marc_G 95]

It would depend on the router used.

I guess my question comes down to: given my primary existing router is the Netgear N750, how does an access point interface with it to do the household and guest WiFi access? I need to learn more about how these things come together...

[JeremyFr79 228]

Bridge mode is not what you're looking for.  In all reality your best bet would be to use an extender or repeater mode if offered.   In this mode your AP will wirelessly communicate with your existing WiFi networks and then repeat/extend to the area it covers.

 

Otherwise getting more than one AP to have the same networks will typically require VLANS etc to work best.

 

Personally in my home I run pfSense for routing and have 2 Engenius AC AP's running several SSID's on seperate VLANS, 1 AP upstairs and 1 Downstairs.  This setup work's amazing plus the Engenius are POE so they only require an Ethernet cable to run as long as you have a good POE switch.

[Marc_G 95]

Hi guys! I've decided to table this issue until I get some other techie things sorted out. I'll revisit it over the holiday break. Thanks for all the input so far. I will digest all of this and let you know what I figure out to do!

[Heckler 147]

Consider yourself lucky... My ISP provide a router/modem and it's a POS... single band 2.4ghz, no guest access, not even gigabit and it's barely even 802.11n and forget about using your own or any other DNS servers as they're locked in regardless of where you try to route them from the individual system on the network... Unless you use a VPN, and you can't setup VPN access through the router.

 

Once xmas is out of the way, I'm gonna get a decent router and use that for everything... will locate that upstairs in my office and then simply connect that to the ISP provided router. At least them I'll have dual band wifi up to ac and gigabit lan.

 

Put it this way... the fastest I can connect to my router over wifi is 130Mbps with a 600Mbps capable dongle and forget trying to stream more than one high bitrate item at a time of a 10/100 Lan.

 

My contract with my ISP is up in March/April... I'll either switch or use switching to get a better deal, so that can pay for the upgrade to my home network.

 

and like you... having the cables and current router sat in the lounge is not GF friendly... but that's where the  phone line is.

[PenkethBoy 2068]

Sky by chance?

[Heckler 147]

Sky by chance?

 

What gave it away?  The fact that they're the ONLY ISP that provide such a POS router/modem.  

 

Oh and avoid TalkTalk as an ISP... not only have they suffered from data breaches in the last 12 months... where it was discovered that they didn't even encrypt personal customer data... their routers have now been compromised and default passwords and SSID's are available to anyone who wants to get them... and their advice to customers is to reset them to default settings... which resets their SSID/Password to the default ones that have been compromised.

 

If you're with Talk Talk.... leave ASAP... Sky may provide a POS router, but at least it's not been compromised (as yet) and at least their unlimited service really is unlimited (I average more than 500GB a month)

Edited December 13, 2016 by Heckler

[PenkethBoy 2068]

Yes - a friend was having problems and i was asked to have a look - arrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrh!

 

at least BT and Virgin allow you to use your own router etc i.e. set their router to modem mode

Edited December 13, 2016 by PenkethBoy