# Business class Wireless Access Point hardware?



## DonK (Jul 1, 2020)

What's your favorite business class Wireless Access Point?

Do you know of any good Wireless forums or mail lists?

Thank you in advance.


----------



## usdmatt (Jul 1, 2020)

I’ve been pretty happy with the unifi access points recently and have an ac lite at home.

I have a freebsd vm in our data centre running the controller software for about 30 different sites.


----------



## a6h (Jul 1, 2020)

Anything that is not headed exclusively to the Asia/Russia market and/or not manufactured in China.
For example, I can mange to connect to the internet, with a decade old US Robotics 56K dialup modem, but most of rubbish manufactured by TP-Link don't even work in Linux Mint. You asked for "your favourite", I replied by my anecdotal experience. others may have different experience. And I know you asked about "Wireless Access Point", but I prefer to generalize about all network equipment.


----------



## recluce (Jul 2, 2020)

Depends on what you need. If you want cheap, very functional and an available management server on FreeBSD, ubiquiti unifi products are a good choice. The story may be different if you need to cover a football stadium with 50,000 connections or similar...


----------



## pboehmer (Jul 2, 2020)

Add me to the list of Ubiquiti Unifi equipment users.  Roaming/switching between access points is seamless, performance is good, and you can't beat the pricing.  The Java based management system is also in ports.


----------



## sko (Jul 2, 2020)

We've been using aruba for ~3-4 years now and I wouldn't trade them for anything... UBNT has some nice flashy UIs, but when it comes to functionality at the same price point aruba IHMO is the better choice. You don't even need a dedicated controller for smaller installations, as the APs form a virtual controller (IIRC even the cheaper ones now have the virtual controller feature) and new APs are automagically configured and added to the swarm. Also the ability to dynamically switch between wired and over-the-air uplink modes is very convenient - up to 2 hops can be bridged via radio e.g. if a switch or its uplink fails or if you want to get WLAN coverage at a remote part of the building without pulling cables. 

Back when I got 'green light' to replace the patchwork of pesky linksys-toy-APs and trusty, but old, cisco AIR-CAPs, we compared the AP303 to the UBNT AP-AC-M-Pro and IMHO ubiquiti didn't come even close to aruba...
We had much better overall (stable!!) reception with aruba than with UBNT - ubiquity might have shown as a stronger signal on shorter distances on the clients, on longer distance and/or through walls the signal strength was more or less the same,  but due to what seems a lower sensitivity or poorer SNR on the receiving side, connections to the UBNT APs dropped much earlier and much more frequent. Getting somewhat stable reception in the workshop basement (= thick concrete/steel floor and some metal shelves in between ) was only possible with the aruba APs, the UBNTs already dropped out during authentication.
We also never got seamless roaming with ubnt whereas with the arubas it worked out-of-the-box after enabling it. Also the band-steering caused several disconnects with UBNT as they pushed clients to 5GHz even if they were way out of range for 5GHz reception. (This was a known bug then, so I suspect this has been fixed since...)

But talking about reception an signal strength: both solutions couldn't compete with the old cisco gear on 2.4GHz - the sensitivity and connection stability on those is just outstanding. So if you don't need 5GHz and any fancy new features like meshing or a colorful UI, get yourself some EOL cisco APs (and controller if you like) and call it a day. These things are indestructible and they will always deliver what their spec-sheets advertise - no beautified numbers or 'theoretical best case rating if deployed in a vacuum'. They are kind of power-hungry by today's standards though and they might get quite warm, but basically the whole housing is a huge aluminium heatsink, so its nothing to worry about.
I personally still use 2 old Cisco AIR-CAP1142 at home. With 50-70cm thick outer walls made of rocks/stone/brick/mortar and whatever they could find back in ~1900 I won't get 5GHz reception on my balcony or on the yard anyways, but their 2.4GHz reception is always stable where any other AP i've tried often had to capitulate. I've given the Aruba AP-303 a try and apart from getting 5GHz inside (which I really don't need at home b/c everything that needs actual bandwidth is wired...) they gave me no real benefits. UBNT and FS.com APs both failed in delivering stable reception on the balcony or the yard, the FS even struggles through the wet-wall to the bathroom. aruba at least worked for the balcony, but also failed for the yard.


TL;DR - by far the "best bang for the buck" enterprise-AP hardware (and other networkig gear) for home use IMHO is 'old' cisco gear. This stuff is dirt-cheap when it gets near/surpasses its EOL date and when it comes to performance and especially reliability, nothing comes even close for the same price tag.
If it has to be current hardware with the latest features, I'd go with aruba.


----------



## DonK (Jul 2, 2020)

My thread pertains to business use and not home use.

Cisco's toy RV130W bit me yesterday. Keeping my various 1142 infrastructures in place sounds heavenly, except for the End of Life devil in the details. (It's old technology that fails compliance tests.) Is there any way to enhance 1142 security? Can it be run as a LWAPP with a FreeBSD controller? Or is that barking up the wrong tree?


----------



## kpedersen (Jul 2, 2020)

I always assumed wifi was a consumer technology. I cannot recall a business I have ever dealt with that wasn't using wired.

I do agree with sko if you can get hold of any business surplus networking hardware from Cisco, then this will be your best bet. If anything, because it is the only kit I see that is well documented.


----------



## DonK (Jul 2, 2020)

We're probably talking apples and oranges. Although wireless WAN is the only available option open to businesses that operate in remote areas, this thread pertains to commercial Wireless Access Points used in LANs of businesses that typically connect to the Inet with a cable (T1, Fiber Optic, coax, ...)

The commerical WAPs supported by me must be HIPAA and/or PCI compliant.


----------



## sko (Jul 2, 2020)

DonK said:


> My thread pertains to business use and not home use.


Then it would have been nice to know about that from your initial post  As well as e.g. what size of deployment and available budget we're talking about... Is it e.g. a small startup with limited budget or a huge multi-site university campus where money doesn't really matter?
For the latter - just ask for a proper site-survey and offering from the main players (cisco, aruba/hp and maybe juniper). When you cross a certain price point, their solutions usually don't differ that much any more - neither in performance nor features. So it mostly boils down to personal preferences and/or which sales rep bought you the nicer lunch...


----------



## DonK (Jul 2, 2020)

These WAPs will be deployed to dozens of unrelated companies, some of whom operate multiple and/or multi-state facilities. About a half a dozen WAPs are at the largest facility.

Cisco 1142 class WAPs gave me a lot of mileage over the decades, but they're long in the tooth now. And the Cisco RV130W class WAPs are toys.

It seems the contenders are Aruba, Ubiquiti, and FreeBSD friendly Juniper. Needless to say, I'm leaning towards the last.


----------



## sko (Jul 2, 2020)

For deployments where you have only a single or handful of APs in many branch offices, which need to connect to/through a central network, the aruba "hospitality" variants might be of interest. They are especially designed to provide remote/branch access (via WLAN and dedicated LAN-port(s), depending on the model ) via VPN (e.g. IPSec) while offering central management. The remote sites can be in their completely seperated network or bridged to the local network(s).
The "normal" variants already support some of these features, but the "hospitality" (indicated by "H" behind the model number) versions also have dedicated "downlink" ports and some more refined configuration for such deployments...


----------



## Jose (Jul 2, 2020)

kpedersen said:


> I always assumed wifi was a consumer technology. I cannot recall a business I have ever dealt with that wasn't using wired.


I wanna work where you work. I've had to whine, bitch, moan, and beg for a wired connection at every place I've worked at for the last 5-10 years, and sometimes even that doesn't work. One place refused to let me go wired even after I brought down the office's crappy Meraki AP testing a logging framework I was working on.

FWIW, the last time I was in an office (it's been a couple of years now), we used Ubiquiti. They're OK. I didn't super love their management "cloud key" stuff.


----------



## msplsh (Jul 2, 2020)

UniFi equipment.  I deploy it wherever people are like "I'm tired of crappy WiFi."

Don't use old Cisco gear.  Access to updates is draconian.

New Cisco gear... I don't know anybody who "likes" dealing with the company.

Never seen Juniper gear in the wild.

People seem to like Aruba.  I never found it as easily available or as cheap as Ubiquiti.


----------



## usdmatt (Jul 3, 2020)

> Then it would have been nice to know about that from your initial post



To be fair it does say business class in the first post.

Obviously this comes down to personal preference to an extent. The Aruba APs look pretty good, especially with the ability to run controllerless. I expect they are higher quality than ubiquiti, but will likely cost more (Can't tell if there's a free software controller, or if one can manage multiple independent sites?).

I do not personally see the benefit of running old Cisco gear. It's enough hassle to maintain and manage when it's brand new. Granted I'm not a big cisco user but I would expect the management to not be as simple or slick as aruba/ubiquiti for multiple sites.

Have no experience with Juniper at all. Again I expect them to be very "enterprise grade" like Cisco, but probably more expensive and more hassle to manage.

If the cost doesn't really matter, I would expect the Aruba kit to work very well and be pretty nice to manage.

I still think Ubiquiti is a solid choice for anything other than serious "enterprise" deployments - i.e. very large numbers of clients, requirements like 802.1x, etc. (not that unifi doesn't support stuff like 802.1x, I just would expect stuff like cisco/juniper/aruba to have much more solid and tested implementations. The one downside with ubiquiti is that they rapidly add features and don't seem to demand the same level of robustness for new features you'd expect from the big names). A single cloud FreeBSD server running the free controller could centrally manage the entire lot, it even has a fairly slick phone app to go with it.

Meraki is another option. Again it falls into the enterprise features but enterprise pricing category. The cloud-based architecture means deployment and management should be pretty slick. However I'm not a fan of the model of having to subscribe to features and pay more to unlock things, with non-perpetual licenses.


----------



## sko (Jul 3, 2020)

Sure, if you want/need some "pointy-klicky-UI" for all configuration; cisco is definately the wrong choice. If you are familiar with IOS and the cisco ecosystem, it takes little to no effort to get used to the wireless gear from cisco. Just as with catalyst switches: this stuff is a "fire and forget" solution - configure it and it just works forever and doesn't need occasional waving of a sacrificial rubber chicken over the UI.
I never get why networking gear nowadays needs all those bright, flashy browser UI for configuration where deployment gives you arthritic index fingers and takes orders of magnitudes longer to configure than just uploading your (script-generated!) IOS config template. heck - these things can be even managed via chef/ansible/puppet/etc or your home-brew scripts at huge scales without ever touching them. And If I need monitoring, I just poll devices via SNMP and feed it into my $monitoring-solution, I don't need that functionality on the device itself, especially not as an isolated solution that won't talk to anything else and only gives me a pre-configured subset of informations I can't change. And while ranting: The management interface of those devices shouldn't be even accessible from the network where the people sit that need/want those flashy graphs...

Call me old-fashioned, but I really don't *want* all that flashy browser/app/cloud/smartphone/hipster stuff on networking gear, I prefer a well thought-out and documented CLI and SNMP MIB over *any* UI. Those browser-based UIs drag a metric sh*t-ton of other software along with them, which is drastically increasing the load and attack surface. I'm not petting my switches/APs all day long, every day and want to watch pretty graphs going up and down - I want them to *just work* and if they don't I get informed by my monitoring solution and can look there what really happened - across *all* devices and services, because usually the foult is not the device that just vanished from the network and now even cant' show me it's cute graphs to tell me why it is unhappy...

To get back on track from this little rant (sorry about that  ), I completely agree that you sholdn't ever consider meraki - that business model is purely made for beancounters, so avoid it like you'd avoid them...
And regarding access to upgrades: as soon as you have *some* sort of service contract, you get access to essentially all upgrades, even for EOLed gear (although there won't be any updates ofc). Major firmware releases for older devices are usually available for everyone - you just don't get every single minor release and/or variation (e.g. only IP-base for catalyst switches). Since a few years there's usually only a 'universal' firmware and feature packs (what was once called IP-Base, IP services, Enterprise services etc...) are activated via licence.
Yes - licensing and firmware/feature variants have become quite a mess, but usually you only have to deal with that when choosing/buying new gear. And usually you find those arcane and opaque licensing jungles with every vendor - this is not just a cisco specialty...


----------



## msplsh (Jul 3, 2020)

"If you are familiar with IOS"... "it takes little to no effort"

I used Cisco equipment "frequently" with T1 cards and the like and I would say unless your job is to set them up all of the time, you'll never get to the takes "no effort" point, because since it's fire-and-forget, then you'll just... forget how to set them up.  When I look at some statistics to figure out what's wrong, I don't need to be racking my brain for what the third number in an untitled array of text means, because I've _forgotten_ what it means.  I can remember what words like "admin" mean, but not what "privilege 15" stands for.  I've got other things to remember that are more pressing.

Anyway, it's great that you remember that stuff and people hire you to remember it.  For people who can not afford to retain somebody to permanently remember these things, a GUI is helpful for maybe the one to four times a year they go in to have to re-configure something.


----------

