I am on my 3rd access point in a year and I still end up with issues with each and all of them.
My original Archer V900 VDSL started to fail when the device count got to about 20. Memory corruption, dead devices, needed reboot all the time.
I threw some money at the problem and bought an R8000 thinking it was just a better R7800. No. Different chipset. The R8000 works, at the moment, but it's flakey. If you make any mistakes with the Wifi config at all it dies, needs reconfigured and reboot and can be a right PITA.
I decide to buy what I always thought was a "go to" router and bought a LinksysWRT3200. And, then found out it's not actually that good. It's 2.4Ghz has rubbish range and doesn't like ESP8266s and so current only serves about 2 devices on 2.4. I also discovered that I can only have one SSID per radio. If you add a second, it get's disabled.
So I think I will keep the LinksysWRT as a router only and I need a new Access point.
I don't do Ubiquiti, I need good OpenWRT support and 2.4Ghz that doesn't drop ESP and IoT devices. An AP that can handle 50 devices. Not PoE!
IPQ4***-platforms like the Linksys EA8300 or MR8300 works really well in my experience however I do steer away from ESP82** hardware because I know they're not great and kinda flakey. In that case I honestly think you might be just a well off with an old ath9k based router (MIPS) as all you need to connectivity not necessarily speed. The TP-Link TL-WDR3600 or WDR4300 should do fine in such cases and be very cheap at this point. No idea if you can have multiple SSIDs (not sure why you'd want that for a home network anyway) on either device/platform.
get a real AP. Ubiquiti or similar. my isp router can barely get through the walls here. Bought a AC-Lite and now have coverage all over. You can put OpenWrt on Ubiquiti APs. TP-Link EAPs can also be OpenWrt flashed. Draytek also make some nice APs. I was looking at some of theirs before I settled on the AC-Lite.
It can also host 4 different SSIDs (i use a 2.4G and a 5G network)
edit - Curious why you are dead against PoE? Just use a injector for it. You don't require a PoE switch to run these things.
2 SSIDs for each radio so there is GUEST and LAN coverage on 2.4Ghz and 5.8Ghz on each AP. GUEST handles everything that I want to keep out of the network, but have Internet, like smart TVs etc.
The GUEST and LAN networks extend underneath on VLANs.
I have had people recommend the Unifi UP6 LR, it's expensive though. Flashed with OpenWRT does it still work reliably?
The other option I am considering, is selling the Linksys entirely and using one of these as a firewall/vpn/edge router:
That got me to thinking though, I have an AR150 and it hangs onto ESP8266 (and other IoT) devices reliably. They are dirt cheap, I could chuck a few of them (or there larger brother) around the house for the IoT stuff only. As mentioned I don't need speed, just reliably connection. Most of the devices send sensor readings every 5 seconds or respond to REST API calls, so zero requirement for through put.
I'm using the AC-Lite. its one of their Wave 1 devices but i'm using it with their ubiquiti controller off a Pi4.
I'd prefer the NanoHD as its a Wave 2 device and will have much longer support but they have been going for 100+ on ebay. If you can get one in stock get one of their wifi6 devices. https://store.ui.com/products/unifi-ap-6-lite or its bigger brother.
I use a injector (which makes it easier as i can put it in my hallway ceiling and only run a lan cable instead of having to run power as well.)
I believe you can set them up with just the app off the phone now too.
If you are running serious data then you need a "prosumer" device (aka commercial) rather than bottom of the barrel ISP hand outs.
Those two articles i highly recommend reading if you want to get serious on proper wifi. However. Figure out what your NEEDS are. Then spec what you would Require for those needs.
However the bonus of seperate wifi is being able to place it centrally and then run a backhaul back to your router. Thus your coverage will be better.
(edit - It used to be that seperate modem, router, wifi was the way to go. Then ISPs bundled them into one device and it was cheaper. Now with Wifi6 marching towards us. It acutally makes sense to seperate out devices again. I bought a NanoPi 4RS (arm based) which is far more powerful than any consumer router and will handle FTTP (when/if BT ever wire the area). Combined with my AC-Lite it pretty much replaced my old isp router and gave me much improved coverage)
The Brume has more memory (which you don't need here) but otherwise it is a step down from the WRT3200 in every way-- considerably less CPU speed, fewer ethernet ports and no USB3.
Using basic 2.4 1x1 APs for the IoTs does make sense. Ubiquiti makes good hardware for OpenWrt. Though most of their ac models are still Wave 1 ath10k chips and the competing TP-Link APs are wave 2.
For anyone who has the misfortune of trying to figure out ubiquiti charts? This wonderful person did it all for you. I had originally had the intention of flashing my AC-Lite to openwrt but in the end i just updated from the older 4 series firmware to the 5.43.52 and its been working solidly ever since (i think its the 4.20.28 that was the "best" of the older versions as the 5 tree has been bit shaky at times. However 5.43.52 is solid for me.)
True, but the only duties it would be required to do is internet gateway, port forwarding and running an OpenVPN end point. Maybe route53 dyanmic DNS updates (yet to figure that out). The WRT3200 is overkill and I could probably get a few ££ for it if I sold it.
I don't think I have ever used the USB port. Is it useful for anything like a 4G LTE dongle as backup internet? Even then, USB2.0 would do.
My IoT situation is more complicated as it's actually a NoT, network of things. They don't talk with the internet and don't even get a gateway on DHCP. So I bundled them into the LAN. Which is fine from a security point of view, but maybe not a management one. They, of course, all have hardcoded SSID/pass combos and even hardcoded IPs.... on the LAN. I could leave them to that SSID and create new "new LAN" SSIDs for everything else, using cheap 2.4Ghz APs and or repeaters. Not much I can do about the hardcoded IPs, without reflashing them all. However I don't mind them being on the LAN VLAN and being in that subnet. Just the Wifi layer would be good to separate out.
Then run the new LAN ssids on more capable 5Ghz gear, with maybe a 2.4Ghz fall back + Guest network.
Going backwards here but my requirements:
A wired giga ethernet backbone.
Multiple wired VLANs for LAN, GUEST, ADMIN for example.
Internet WAN gateway that support VLANs and OpenVPN etc.
Wifi:
Solid 2.4Ghz reliable with 30+ NoT/IoT devices. No need for speed. Any devices that do want speed on 2.4Ghz like phones or laptops in poor 5G spots are not that important.
5Ghz LAN and Guest SSIDs with no real requirement for high speed either. Anything media related is usually wired. But 5GHz is nice for when you have a laptop temporarily for example. or a guest with one.
Nobody watches Netflix on Wifi in this house. Nobody games on wifi in this house.
In terms of performance you're downgrading from the WRT3200ACM but it is smalller and 64-bit but I doubt that's worth the extra cost and effort to be honest.
As for wifi you can also just assign unknown clients to another netblock or whatever, it's not like you can't figure out the MAC addresses of devices for your own devices. I'm well aware that you can over-engineer this quite a but it's a home/residential network in the end.
OpenVPN will actually perform better on WRT3200ACM simply because it has more processing power per code as OpenVPN is single threaded. OpenVPN is however working on kernel offloading however I have no idea if it will be backwards compatible with 2.x series and in what state it is.
Last time I checked the WRT3200ACM was still good on 5Ghz however I don't think it supports WPA3 but I might be wrong on this one.
Unless you already have payed for a subscription over at route53 I can highly recommend gandi.net and their DNS (and DDNS service).
I would have gone a slightly different route than you in general but that's down to personal preference and the fact that I'm not overly fond of using UCI (..and I'm old enough for value free time over time tinkering with * just to get it to work). =)
I haven't tested multiple SSIDs, but at least with OpenWRT, the TP-Link Archer C2600 handles ESP8266 clients on 2.4 GHz superbly. (About the only things I have on 2.4 GHz are a bunch of Sonoff running Tasmota. No network-related reliability issues at all.)
The WRT can stay as I have a fix for the multi-ssid per radio (as above). I can disable it's 2.4Ghz and buy a few little 2.4Ghz APs like AR150s for the 2.4 mostly IoT stuff.
I have, it seems, touch wood, tamed the Nighthawk R8000. I was watching Netflix over guest wifi last night in the bedroom and through a brick wall I was still happily pulling 70Mbit off it. Managed also to get the LEDs on the way I'd like, although some are miss named and some don't work.
My H/W switches arrive Saturday, so I can off load that part from the WRT and just give it a VLAN trunk to handle for routing.
Swapping the R8000 and the WRT positions might be a wise move as the 2.4Ghz on it seems fine, it's just in the office which is a dead spot from the downstairs wifi, but yet it still handles most of the IoT devices in the house from there anyway. Putting IT downstairs and the WRT up in the office where any use will almost certainly be 5.8GHz.
That either means I reconfigure to swap the configs and use the night hawk as the router, hardware switch in it and all.... or I just bring the WAN VLAN up to the office to the WRT.
I think it depends on what you use the VPN for. My netflix reference was in terms of bandwidth through put on the Wifi, not the load on the router. I've run flat 100Mbit routed through an old Celeron box in 2006, I expect any modern, even embedded chipsets will handle a 80Mbit internet connection.
In terms of the VPN. I tend to use it for incoming LAN access from my phone to view webpages, security cameras, adjust the heating, flash the lights to freak the cat out, you know....
However, I had not considered what if.. what if later on I DO want to use an outbound VPN to an AWS instance in the USofA so I can watch an early Netflix release. It would be a disappointment to have downgraded the CPU in the router and find it just can't do OpenVPN at 10Mbit/s+.
I gave up on Wireless Routers well over a decade ago. Cable comes into the basement in a closet. Modem-Router-APs
Consider a small x86 device These are the PC-Engines boxes in disguise. I ran the older ALIX for about 6 years.
I also ran a TP-Link WDR-3600 as an AP until it died. It was a good dual band for its time but did not cover my 50 x 16 ft 2 story wood frame abode. I have a few GL-inet devices including the AR-150 and the USB-150. I set the USB-150 as a wireless repeater on a USB wall wart. Easy to move where needed when needed, always good to go. The AR-150 was a wired AP in my office. Good for me. Like you if it can be wired, it is.
Got a free Unifi UAP (2.4). It killed the TP-link for range, easy 50 feet or more. Worked on most of my 1/3 acre from inside the house. Retired all the other APs. I was impressed so I got the AC-Lite. The range is less, but it still covers the entire house, deck and front yard, just not the hood, which is good
All the APs have been centrally placed high on the top floor.
Can you turn the AR-150 into an IOT\NOT Hub?
Describe your space please.
Updates to diagram. I have placed a 5 port smart switch in the bedroom, so the Media PC can be on LAN and the Smart TV can be on guest. (Needed as Netflix does not support 4K from Chrome).
On Saturday I am putting an 8 port smart switch where the LS WRT3200 is, freeing up it's location by the modem WAN ethernet, which can be VLANed to it's new location upstairs to provide 5Ghz only. The NG NH R8000 will move downstairs to provide 2.4Ghz and 5.8Ghz and if that doesn't fix it.... another GL150 in the livingroom.
SSID separation for "NoT/IoT" would be nice, as would readdressing the ESP8266 devices, but they are all running custom, hardcoded firmware, including SSIDs, passphrase, and their access server IP. This is a bug bear, I have new firmware that is dynamic, DHCP'd with DNS for finding their MQTT server etc. It also supports Over the air flashing, but it isn't tested enough to move to "prod" and flash all the devices. So... for now, NoT/IoT can remain on the LAN ssid.
I'm toying with creating myself a new LAN VLAN and SSIDs and create it fresh, leaving the old one behind as legacy for those same hardcoded devices.
I originally bought it in the hope it could function as a Wifi<->Wifi bridge on the same SSID. Ie... a client and AP on the same SID added to a bridge. I honestly didn't expect it to work and it didn't. It seems on the AR150 you can't add a client and/or master to a bridge, or you can't bridge two wifi networks on teh same radio. Can't remember, but it wouldn't work. I ended up running a wire to the garage, which I probably should have done anyway. The AR150 is great as an AP. The only issue I have, is not it's problem per-sae, but it has a habbit of picking up devices from inside the house and holding onto them for far too long with rubbish -80db signal.
