I have about 20 Sophos AP55 Access Points that I will be reprogramming to run OpenWrt. So far I have 2 up and running. Seems to be working when I roam from one to the other. However I want to be sure my setup is ok.
All the access points share the same Wireless network (etc/config/wireless is identical)
The wireless lan (192.168.2XX.0/24) is different than the lan the AP plugs into and I have a firewall rule that prohibits wireless users from talking to devices on the main lan (192.168.100.0/24)
I was thinking of having each AP have a different internal wireless LAN (e.g. AP1 Internal LAN will be 192.168.253.0/24, AP2 will be 192.168.252.0/24) Is that better than say having all access points having the same internal LAN of 192.168.253.0/24? I think it would be best if I had all Access Points on their own VLAN sharing a common dhcp server but will this also be fine?
So it sounds like you have a management network (to which users cannot connect) and a standard lan. With that in mind, my recommendations are as follows:
- The main router should have at least 2 networks defined — one is the management network and the other is the user lan.
- On the main router, the management network and lan will be be trunked (i.e. multiple networks on the same port/cable by means of 802.1q VLAN tags) to the managed switch
- Your managed switch will have trunk ports with the same VLAN configuration for the main router and each of the APs.
- Each AP should have a unique address on the management network, but all on the same subnet.
- The regular user lan should be setup as an unmanaged interface on the APs.
- Neighboring APs should use non-overlapping channels
- Adjust the power levels (lower power) to reduce the amount of overlap area on neighboring APs — you want the smallest possible overlap in coverage while still maintaining good coverage across the coverage area for each AP.
- Use the same SSID + encryption type + passphrase on all APs.
- Do not use 802.11 k/v/r unless absolutely necessary. These will often cause more problems that it solves.