Multiple WiFi routers, 1 SSID.

Freek

A friend of mine asked me to renew the wireless network infrastructure at his company. He currently has one 802.11b (11Mbps) access point. He used to have two, with two different SSIDs (Company1 and Company2), but one broke down. I (obviously) want to replace the current hardware with faster/more up to date hardware and also install more access points to extend the coverage. I also want to enable a guest network, so that guests can check their mail or download their presentation, without getting access to the private company network, which is connected to the file server etc (ofcourse, password protected, but still). Since 2 SSIDs doesn't look very professional, I want to have 1 SSID accross all routers. I have tried this before in the past, but I haven't been able to get it to work properly. It could be due to the choice of wrong hardware, so I am now looking at Draytek accesspoints which have a WDS function. This enables to extend the coverage of your WiFi network using the same SSID. However, this not exactly what I want. WDS enabled access points basically are 'range extenders' and do not need an own ethernet connection to extend the signal. It's basically a wireless bridge.... which is going to the painfully slow at the other end of the shop. How is this feature called non-wirelessly? Better yet, how can this be achieved?

I was looking into Draytek products, because I've used them in the past and they are very customizable. A TP-Link router with OpenWRT might also be an option, but since this is being used in a business environment, I prefer stability above saving a couple of bucks.

This could also come handy in my own house. In the attic the WiFi signal is very poor, so I installed a second router, which also has a second SSID...

Thanks :)

bdtech

Set Router A to SSIDA and channel 1; Set Router B to SSIDA and channel 11. Use the same encryption and then you're in business

Freek

@bdtech said: Set Router A to SSIDA and channel 1; Set Router B to SSIDA and channel 11. Use the same encryption and then you're in business

Thanks for the quick reply. I remember that I've tried this in the past, but my laptop (and other wireless devices) would now switch to the other access point as soon the other AP was out of range...?

KuJoe

DD-WRT as a wireless extender. I have 2 setup in my house, 1 SSID and the device switches to the one with the strongest signal without dropping connection.

bdtech

@Freek Weird. What OS? Have an option similar to allow inter-access point handover?

Maounique

Same here, DD-WRT rocks for quick and dirty setups when you dont want to lose time. If you dont have a liniar space, put the main router up some place and the range extenders to connect to it. M

Freek

@KuJoe Ah yes, I meant DD-WRT. I now see that I wrote OpenWRT. Silly me. That's an option too yes. But what about the stability? Is the firmware stable enough to use in a business environment?

@bdtech I was reading this article: http://www.hanselman.com/blog/ConfiguringTwoWirelessRoutersWithOneSSIDNetworkNameAtHomeForFreeRoaming.aspx And I may have chosen two channels that are too close to each other. I believe I hand picked Channel 1 and 2 back then. Might not have been the smartest move. I'll try it this weekend. I have a bunch of routers at home to test with. All are different brands, so it should be fun :)

KuJoe

@Freek said: Ah yes, I meant DD-WRT. I now see that I wrote OpenWRT. Silly me. That's an option too yes. But what about the stability? Is the firmware stable enough to use in a business environment?

I've run DD-WRT at home for over 7 years and I have a DD-WRT router in our cabinet for SD.

As for the channels discussion, I always set my DD-WRT routers to "Auto" for channel selection.

Freek

@KuJoe said: I've run DD-WRT at home for over 7 years and I have a DD-WRT router in our cabinet for SD.

As for the channels discussion, I always set my DD-WRT routers to "Auto" for channel selection.

Alright, thanks :) About the channels discussion: The channels need to be non overlapping, so 1 6 and 11 are candidates. What if you have 4 or more routers? You have to hope they are far enough apart so that you can use a free channel again?

bdtech

@Freek Correct, I recommend http://www.metageek.net/products/inssider/

Freek

@bdtech said: @Freek Correct, I recommend http://www.metageek.net/products/inssider/

I frequently use inSSIDDer, or WiFi Analyzer on my phone. I even own a WiFi Spy ;)

But seriously. If they overlap, you are pretty much screwed?

Maounique

No, they usually cover the range, i would recommend setting the overlapping ones not only far from each other, but also separated by an obstacle such as a building. You are safe as your device picks another emitter inbetween when you travel in range. The real problem with Wi-Fi is the reflections, you must plan very well then placements, reflections can interfere and nulify signal in places, it is more than art, it is luck :) M

MikHo

I'm going out on a thin thread here, bit if its a company, why not get company equipment? I'm sure that dd-wrt will probably solve the problem at this moment but,....

Where I work we usually use a fortinet firewall and their fortiAP when customers want a company wireless and one guest. They support roaming and are very easy to manage.

Downside? They cost more then dd-wrt but on the good side, less then cisco.

Maounique

I guess you can do a vlan of sorts with basic hardware or vms running apps like pfsense to separate public from private. Never done it but dont see why wouldnt work. M

Wintereise

What MikHo said, deploying consumer solutions at corporate environments is usually deemed a bad move.

Freek

@MikHo said: I'm going out on a thin thread here, bit if its a company, why not get company equipment?

@Wintereise said: What MikHo said, deploying consumer solutions at corporate environments is usually deemed a bad move.

I was thinking about using Draytek routers, like said in my OP. They are semi-professional and should suit the job. However, they do not support DD-WRT. So if the channel scenario works out well, I'll go with the Draytek routers. Else, I think I am going with TP-Link routers with DD-WRT.. yes, consumer hardware... and here's why: The price of 1 fortiAP is equivalent to 5 Draytek or almost 9 TP-Link routers here in my country. I am not sure if my friend has budgeted 2000 euros for wireless routers, but I will mention it to him of course! Still appreciate the headsup warning tho :) !

@Maounique said: I guess you can do a vlan of sorts with basic hardware or vms running apps like pfsense to separate public from private. Never done it but dont see why wouldnt work. M

The Draytek routers have this functionality builtin. You can have 2 SSIDs with different VLANS on the same router :)

Maounique

@Freek said: The Draytek routers have this functionality builtin. You can have 2 SSIDs with different VLANS on the same router :)

I see, but the idea was to have only one SSID ? M

pcan

You basically have two main options to build a professional Wi-Fi system with multiple access points. The expensive one is the only real way if the area to be covered is large: you need special access points, with mesh capabilities and/or a central controller. MikHo mentioned the Fortinet solution, a centrally managed network. I had good results with Motorola AP5131 access points; central controller is not strictly needed and installation is very simple; they are rugged, too, and can be used as wireless bridge. I like rugged APs even in regular office installation because they can be abused by maintenance crew without breaking. This way no one will call you after a while because "your" wireless network does not work anymore, maybe because some water leakage ruined the AP, or the AP was poorly installed and fell from the ceiling on the ground.

If your budget is small and the area to be covered is a single office space, buy two (or maybe three) access points with multiple SSID support and some enterprise funcionality; HP M200 for example. I strongly suggest you to select a 5 GHz capable access point, because the ability to use this band can save you from nasty interference issues on 2.4 GHz band. On 2.4 GHz band, configure all the APs with the same SSID and manually force the radio channels: typically the first AP on channel 6, the second on channel 11 and the third AP on channel 1. Configure two SSID on each AP: the regular one with AES encryption, and the second one open for guest use. Many SMB access points have a internal firewall to keep the two network separate; failing that, use a external firewall. You could use regular home/consumer hardware, some cheap acces points are good, but it is a guessing game. I will rather stick on the safe side and select something that works for sure now and and will keep going for years.

Freek

@Maounique said: I see, but the idea was to have only one SSID ?

Correct, but I do agree with you that I am making it hard ;) The idea ws 1 SSID accross multiple routers, but also a second SSID so that guests can connect to a guest WiFi network.

MikHo

@Freek said: The price of 1 fortiAP is equivalent to 5 Draytek or almost 9 TP-Link routers here in my country.

1 FortiAP is useless unless you get the firewall Fortigate 60C or better ... All management is done in the firewall.

Meaning you will have more then what you initially asked for. But at a higher cost :)

Freek

@MikHo said: 1 FortiAP is useless unless you get the firewall Fortigate 60C or better ... All management is done in the firewall.

Meaning you will have more then what you initially asked for. But at a higher cost :)

Ah, I didn't know that. Summing all costs up, I think my friend will go with the cheaper option ;)

But I do appreciate all comments and tips! It can never hurt to learn something new. Thanks guys!

MikHo

It's still cheaper then Cisco gear :)

Freek

@pcan Sorry, I totally forgot to thank you for your excellent write up. Thanks once again :) !!

Windy

Since we're on the topic, what about for a cheap solution for multi-story homes where 1 wireless router/AP is just not strong enough to penetrate the floors? Is it possible to setup multiple wireless routers/APs so that 1 SSID works AND you don't get disconnected if you reconnect on another wireless router/AP?

IIRC, if you set the SSID the same but use two different far-apart channels, you will still be disconnected, just that you will reconnect automatically.

Maounique

@Windy said: IIRC, if you set the SSID the same but use two different far-apart channels, you will still be disconnected, just that you will reconnect automatically.

Yes, if you setup them the usual way. If you put them in range-extending mode they will take over from one another. M

Windy

But.. is it possible for the wireless router/AP to "handover" the currently opened connections to the other wireless router/AP so all existing connections are maintained?

MikHo

You need AP that supports roaming, otherwise it wont work.

bdtech

@MikHo Not in my experiecence. It will work fine if setup properly

http://superuser.com/questions/122441/multiple-access-points-for-the-same-ssid

MikHo

@bdtech Quoting the webpage "roaming is invisible to the user" Yes it is, but its not "true" roaming. If you place for instance a laptop in the middle between two AP's without proper roaming you, as a user will wonder why your battery runs out in less time then usual.

This id because your laptop sees both AP's and will jump between those AP's.

This is one thing that will work properly with hardware that are managed and fully supports "true" roaming.

bdtech

@MikHo It varies by device and OS. Windows 7 runs great with AP handover. What AP do you recommend with this feature for home users?

MikHo

@bdtech Theres no product that is in a acceptable pricerange for home users. Most, I estimate 99,999% home users will not notice that their AP's doesn't support "true" roaming.

It's not the model of your AP thats important, its where you place them and how they overlap eachother.