[agentx3r]

Ubiquiti makes great prosumer stuff, if you're willing to pay ~$120 for the 'router', and then another ~$100 for the wireless access point. That's not 'cheap', but it's about on par what you'd pay for a fancy consumer router that looks like a spaceship.

You'll get a great interface, frequent firmware updates with new features and security fixes, and you'll have a good strong signal at your neighbour's house if you're going for a visit.

[ipython]

You can get the EdgeRouter X for ~$50 and that will scale to symmetric gigabit connections, if your needs are simple (ie. you're just doing basic routing & firewalling, not trying to do traffic shaping, etc). Budget AP option then is a UAP-AC-Lite which you can buy off Amazon for ~$80, bringing your total to $130 all said and done.

That's cheaper than most all-in-one routers, and while you won't get the best single-client bandwidth, you will get much better management/configuration options.

[wtallis]

> That's cheaper than most all-in-one routers,

It really isn't. There are plenty of consumer router+AP combos in the $75-90 range that offer equal or better performance to the ER-X + UAP-AC-Lite combination.

[ipython]

I explicitly mentioned that you could beat single stream performance with high end all-in-one routers.

However, no router in that price point gives you the ability to easily expand past one AP, RADIUS VLAN support, the Unifi web interface and so forth.

My last setup was an ASUS N66 dedicated as the router with an Archer C7 as the WAP. Good performance but the configurability and stability (even with ddwrt on the asus) doesn’t compare to the ubiquiti combo I run now.

[wtallis]

> However, no router in that price point gives you the ability to easily expand past one AP, RADIUS VLAN support, the Unifi web interface and so forth.

You must be assuming that the user insists on sticking with broken vendor software, instead of switching to OpenWRT. The only software benefit that you don't get just as easily from OpenWRT is centralized management of multiple APs. Adding and configuring APs one at a time is very easy and since home networks never require more than 2-3 APs the lack of centralized management is not a significant issue. RADIUS and VLANs are fully supported by OpenWRT, and the web interface is fine except for the aforementioned limitation that you're only managing one AP at a time.

I suspect your stability issues with the ASUS router were a consequence of you using DD-WRT hobbled by proprietary WiFi drivers, instead of an OpenWRT-supported router. The DD-WRT "project" is a mess compared to OpenWRT, which actually puts out stable releases and operates more like a proper Linux distribution. Third-party firmware distributions aren't all the same.

[ipython]

As far as I can tell, you can’t do dynamically assigned VLANs on wireless via RADIUS on ddwrt, at least not when I looked a few years ago.

I used Merlin ddwrt which was supposed to be dedicated to ASUS hardware. At some point fiddling with wrt takes more time than the nonexistent price difference with the ubiquiti equipment :)

[wtallis]

I still can't speak directly to your problems with the ASUS router, because I deliberately avoid devices that require Broadcom's proprietary drivers that often prevent you from using a recent kernel, and I don't use DD-WRT when I have the option of using OpenWRT instead. But from what I can tell, the feature you're looking for has been in OpenWRT for years, though I've never bothered to use it myself: https://wiki.openwrt.org/doc/howto/wireless.security.8021x#x...

[copperx]

Such as ...?

[semi-extrinsic]

Not OP, but I've been very happy with a $60 Buffalo N300, running since 2015 with no issues. I run DD-WRT on it, 200 Mbit symmetric fiber uplink, 3 devices connected via ethernet and the rest via wifi covering the whole (wooden) house, and I have port forwards for ssh and https to the server in the garage. Does everything I need and more.

I've been looking for an excuse to go down the Ubiquiti route, but I really can't find one.

[wtallis]

The TP-Link Archer C7 has long been one of the best choices for an 802.11ac-capable wireless router, due to being well-supported by OpenWRT. It's currently $75. The only downside is that the CPU is a bit slower than the EdgeRouter X (though faster than the other EdgeRouters), so I looked on WikiDevi [1] for something with the same CPU as the ER-X. Out of the dozens of options, I picked a recent mid-range D-Link and found it listed for $89.99 on Amazon, though I didn't check for OpenWRT support.

I'm personally using a TP-Link Archer C2600 that was on sale for $70 from Newegg in January.

[1] https://wikidevi.com/wiki/MediaTek_MT7621

[ipython]

I deliberately left the OEM firmware on my Archer C7 because OpenWRT cuts the WiFi performance by ~40%: https://wiki.openwrt.org/toh/tp-link/tl-wdr7500

In the end mucking with open source firmware, while interesting, just wasn’t worth it. I found the ubiquiti solution stable and the UniFi management software (especially their iOS app) are excellent for my needs. Plus mounting my AP in the ceiling means I can cover the entire house from one AP and at the same time keep the rest of my networking equipment stored away in the basement.

[copperx]

I'm ashamed by this Networking 101 question, but what prevents you from connecting the UAP-AC-Lite directly to the ISP's device? (Assuming you don't want a physical ethernet connection at all). Is it for DHCP and assigning IPs to the clients?

[Macha]

Nothing. I do this. I think the AC-Lite even has it's own DHCP, but I'm using the ISP router for that personally.

Usually the ISP router just sucks at wifi, but I have seen ISP routers which have only 100mbit/s uplink ports when the internet connection is higher. In that case you'd want a custom router also. Or if they ship some router with some features you dislike that you can't disable (like public hotspots, unpatchable insecure config interfaces, etc.)

[FredFS456]

I believe that the ER-X doesn't scale to gigabit symmetric, while the EdgeRouter Lite does.

[wtallis]

ER-Lite has a really weak CPU, and can only get close to 1Gbps using its hardware offloads, which limit what you can do to the traffic passing through the router. ER-X has a faster CPU and can get reasonably close to 1Gbps with software packet forwarding for simple rules, and can handle traffic shaping at far higher speeds than the ER-Lite (though neither can shape anywhere close to 1Gbps).

[vvanders]

Another +1 for Ubiquiti. Had a bunch of high end prosumer stuff, ddwrt/tomato, etc. It really is fantastic stuff at least on part with ddwrt and well matched hardware to boot.

Their cloud management stuff is solid(and free with spare PC!) which is great if you help your family set anything up.

Ars did a great deep-dive a whole back[1], it's a pretty good read.

[1] https://arstechnica.com/information-technology/2018/07/enter...

[wyldfire]

Can I use Ubiquiti devices with some kind of slave or WDS mode with my ISP's wifi AP/router?

I just want to extend the range without monkeying with the existing router or running cables. Ideally configuring the slaves to use the existing SSID/WPS config if that's possible.

I don't care (much) about the impact to latency or throughput, it seems like there's excess capacity now.

EDIT: downvoters please join the discussion, seems like an innocuous question to me.

[izacus]

You really want to get rid of any kind of ISP provided router and Wifi as soon as possible.

[wyldfire]

I've been very particular about using my own router and/or wifi in the past, installing one of openwrt/dd-wrt/tomato and tweaking to my heart's content. I would create a DMZ for one or more servers, do the dynamic DHCP, the whole bit.

But now, the ISP provides a single device that is where they terminate the DOCSIS connection and originate the Wifi router. And casual investigation leads me to believe that I "can't" replace this device. I don't want/need a DMZ or my own public servers. Also, I have less patience for tracking down my own breakage these days. The ISP's device works and performs spectacularly. I know of no public vulnerabilities for the provided router.

So IMO no I don't "really want to get rid of any kind of ISP provided router and Wifi".

[Willamin]

You can purchase a modem as a separate device that you could then use with any router. It could save you some money depending on whether or not your ISP charges you for renting their hardware.

[izacus]

Hmm, no idea for your ISP, but most of the ISPs I've used had the option to switch their equipment to so-called "bridge mode", where it just did the DOCSIS/DSL thing, gave you one unfirewalled external IP and let your router do NAT etc.

They usually didn't advertise that though.

[mc32]

How do you like the netgate pfSenses in comparison?

[gonzo]

Well, I like it, but I have obvious bias.