Saturday, March 9, 2013


I've played with a load of WiFi access points; from my very first Zyxel 802.11b access point, with its dorky associated PCMCIA card, to the latest/greatest Apple base station, most AP's haven't really differentiated themselves. Off hand, I can think of Proxim, Cisco, Orinoco, Xirrus, Colubris, Ruckus, Linksys, Netgear, Billion, D-Link, TP-Link & Belkin to name a few brands I've had the (dis)pleasure of directly configuring.

 Only four stand out, for different reasons.

  • Proxim, for having the most awesome WiFi meshing, going back more than 8 years. Although you had to connect to each one to configure them, wired or wireless was irrelevant; they would discover each other and backhaul over 5GHz and serve clients over 2GHz, with a single unified SSID. They were almost perfect, except for the price, which was about R5k at the time
  • Linksys, for having the most long-range device, the WAG54G. Solid, dependable, boring as sin but rock solid and worked well in almost any environment
  • Billion, for unarguably having the most rubbish radios and range, and being so unreliable that they're as good as useless
  • Apple, for having the most expensive and least functional devices on the planet. Other than that you can configure them from an iOS device, there is absolutely nothing redeeming about these AP's. Repeat, there is nothing redeeming about Apple AP's as WiFi devices
So, being a schmuck, I ended up with two Apple Airport Extreme devices, both cabled/wired, with two radios; one broadcasting at 5GHz and the other at 2.4GHz. Nope, they didn't speak to each other if they were cabled. Nope, they didn't form/create one SSID. Yes, iOS devices are particularly stupid and want to associate with the BSSID they last connected, not necessarily the one closest.
So, we had what I call the last shining light problem; the last AP the client device connected to, was the one it insisted on connecting to again. Even if there was a closer, faster AP in the same room. With the same SSID. This illustrated to me that you can't leave AP decisions to the client; work on the principle that clients are stupid (gosh, that would be a first!), and leave the intelligence in the network.
One evening, this happened once too many times and I got super annoyed. Quick Google search revealed that what I want to do is surprisingly difficult in the consumer space, and pretty rare even in the enterprise space. What I wanted is referred to as wired open or loose mesh; a mixture of wired and wireless AP's, that communicate with each other, and where an associated AP will kick a client off when a "closer" AP sees the client.
A quick call to Ruckus indicated they can absolutely do what I want; but at a price point I wasn't willing to pay for home. Meraki (now a Cisco division) seem to be able to do what I want, but again, at a price point that seems to be straying quite far from their original roots. I was about to give up, and then discovered Open-Mesh
Seemed ideal; cheap AP's ($60 and $80), cloud-based controller, two SSID's out the box, perfect! Also cheap enough to experiment, so I ordered four. Two were to be wired, two wireless. I expected four would be enough. The first awesome thing was that they told me the MAC addresses of the devices, before they shipped! Excellent, means I could add it to my DHCP-issuing infrastructure, as well as configuring it online, on the Cloudtrax portal. You create a master login, and from there, you can create multiple "child" networks each with their own independent settings.
And before you think you're locked into their AP's, essentially any AP running batman can join and be part of the network.
So how do you configure ? There are three high level decisions;
  1. Do you want to allow guests (i.e. an open network), and if so, what do you want to limit their traffic to ?
  2. Do you want to allow guests to have a premium service ? If so, what are your Paypal details and what rate limit would you like them to have ?
  3. Do you want to run a 2nd "private" SSID and bridge it to your LAN ?
There are a bunch of other decisions, like AP isolation (i.e WiFi clients cannot connect to each other), the ability to report outages via e-mail, but functionally, you have to determine the above 3. I configured the devices, by basically adding them to my network on a Google-backed map with their MAC's (which I had because they gave them to me), and waited.
They arrived, I plugged them in, and 15 minutes later, I had a meshed WiFi network that had two wired AP's, and two additional AP's hanging off them. As promised, network coverage was excellent and more importantly, I could roam from one AP to another with no dropped packets, a slight increase in latency and the ability to review my network from Android or iOS. I've ordered some additional AP's to ensure 150Mbps in every corner of the house, but basically, you could get away with 4 on a two story house for Internet access.
There is no longer a last connected light problem, there is now a shining light network; the closest AP is associated to, network access is full strength and the network is fault-tolerant.
I can highly recommend this service!
Edit: you don't need to tell the devices or network which one is cabled or not, which port is LAN/WAN; it figures it out dynamically.
Edit: it creates a virtual BSSID, and then dynamically remaps the closest AP to a client with that BSSID. It also creates its own DHCP range and NAT's on the guest network, and prevents clients on the guest network access to the LAN.
Edit: I've added three more nodes to the network, and it is highly extensible; here is a view of my home network.