Hello,
I am looking to acquire some MikroTik hardware but I am not sure what to buy. Maybe someone around can give me some guidance. I know that there are some technical details that I am not mentioning below but just trying to keep it simple for now.
What should I consider buying to achieve the goals listed below? Please note that this is for home use, so I’m looking for a low-cost solution that can deliver the basics.
I need to create a Wi-Fi network (802.11ac) in a 4-floor house.
All access points should be powered via PoE.
I only need a single Wi-Fi network/SSID, but I want each user to have their own access credentials (I am looking for an integrated solution. I am not interested in having external authentication servers).
Each user should be able to connect multiple devices simultaneously using their credentials.
Different users may be assigned to different VLANs for isolation purposes.
Also, since the users are not tech-savvy,
I’d like them to simply enter a username and password on their devices—without needing to configure pre-shared keys, secrets, or other advanced settings. Is that possible?
How many ISPs or how may WANIPs will you have and what are the throughputs.
Right now I would look at the hex refresh and two or three wifi7 TP link or zyxel APs.
If the WAN throughput is greater than what the hex refresh can provide I would look at
the RB5009.
If you want to look at using MT wifi, then the hapax3 plus at least two MT APs should potentially meet requirements.
The wifi is hard to assess as it depends on layouts and wall materials etc… Typically one AP per floor is a usual recommendation/starting point.
What is useful is to deploy one wifi device and measure the coverage and then where the coverage is lacking add another AP, to provide adequate coverage where the signal drops from the first one and so on… In this way one only buys what is needed..
I have no experience with using MikroTik WiFi hardwares in their functionality as wireless access points, so I unable to provide recommendations on this matter. However, what you desire is achievable with a MikroTik router and any WiFi systems that support WPA2/3-Enterprise (for instance, devices from UniFi, Aruba, Ruckus, TP-Link Omada, etc…). I am using such combination (RB5009 + multiple APs from UniFi) to provide the functionality you described.
If budget is tight, as you only need 802.11ac and not ax, you may find many devices from the brands above on the second-hand market, in perfect working condition, from enterprises who have recently upgraded their WiFi equipment to WiFi 6.
As MikroTik router, the RB5009UPr+S+IN is a very good candidate with 8 PoE out ports supporting 802.3at. You can install the User Manager package on the router, and it will act as RADIUS server, providing AAA for the WPA2-Enteprise/WPA3-Enterprise SSIDs on the access points.
With this you can give each WiFi user their own username/password, each user can be placed in a VLAN of choice (configurable per User or per User Group), all with a single SSID. You can also control the number of simultaneous sessions per user (but beware that currently automatic disconnection might not be supported with some brands, see below).
However:
On Android devices when first joining the WiFi network the user must not only enter the username + password, but also a domain name!
Most “smart” devices like TVs, printers, cameras, and other IoT devices do not support WPA2/WPA3-Enterprise, which means you’ll still need at least an additional separate SSID for them. If the Wireless APs support Private Pre-Shared Keys (PPSK), and you are ok with WPA2 only (no WPA3) then you can still have one single additional SSID for all the IoT devices, while still being able to put each of them in individual VLANs (each get their own password).
If You go the RB5009 route, the model suggested above is the PoE one. It has a brother that doesn’t do PoE. Make sure to buy the right one, if You decide to go this way.