DD-WRT, WAPs, SSIDs, VLANs, Oh My!

[partner1220]

Hi All,

I have agreed to help out an organization I volunteer for with a wireless network. I have a fair amount of experience with 'basic' networks (single router, switches, multiple access points, etc.) but I want to put my plan out there to see if anyone sees any issues or potential pitfalls here.

The need:
1 - Full wireless coverage for a moderate building (sprawling and 3 stories in some spots), assuming 4 WAPs for full coverage.
2 - Wifi access for employees and other volunteers which has access to all network resources, printers, 'server', digital signage, etc.
3 - 'public' wifi access for guests, visitors, etc. with access only to the internet. Will be WPA2-AES protected, but password will be shared
Having user registration is not a requirement

My plan:
4 x UniFi AP Long Range
1 x SOHO router (TBD) w/DD-WRT
1 x managed switch (already exists in new addition, not practical to home-run additional wires back to router)

Use VLANs and configure 2 SSIDs on WAPs, one going to 'private' LAN and the other going to 'public' LAN.

Has anyone done something similar? Any tips/gotchas? Anything I'm overlooking in the plan? Any router recommendations?
Use OpenDNS to filter all internet traffic.

 

[/usr/home]

I use Mikrotik routers on a few of my public wireless networks. They are awesome for this stuff.

 

[awesomo]

I use Mikrotik routers on a few of my public wireless networks. They are awesome for this stuff.

/usr/home has been touting the amzingness of Mikrotik for years. For whatever reason, I brushed over them entirely and forgot about them as I dove into pfSense for routing/firewall and engenius/ubiquity for wireless gear.

After using that stuff for a while, I found out about every little thing about the products I liked, and disliked. My #1 gripe being the lack of freely available pfSense documentation.

I started looking for a replacement product. I needed to find a more affordable and reliable all-in-one solution and I stumbled across Mikrotik again.

Holy crap, I can't believe I overlooked these guys! They have been making hardware since 2002, and have been around since the mid 90's. They were from a country I never heard of (Latvia) and seemed like a diamond in the rough that no-one ever talked about. I picked up their newest RB2011UAS-2HnD-IN and have been blown away. Their web interface has damn near everything imaginable. AND FOR $129 with built in wireless that is AWESOME.

I quickly dove into the manual to see what this thing could really do. To my surprise, they had a fully functional cli under the hood to completely control this thing ON TOP of their web interface. To my even bigger surprise, they had a freaken AWESOME manual. It is a wiki with everything imaginable. Want a pdf? No problem, you can generate one with everything on the wiki, or just the parts that concern you. I generated the whole wiki and ended up with a 1080 page PDF chalked full of descriptions, examples, comparisons, and general setup knowledge. It gives off a very strong Cisco vibe to me.

Overall, I have been very impressed and depending on my experience with reliability over the next few months, I may switch to Mikrotik solutions completely.

I could see how it may be a little daunting for a beginner, but the documentation is so good, I couldn't recommend Mikrotik enough right now.

That said, what I have used at a few locations in the past, was an alix pfSense appliance such as the Netgate m1n1wall, a managed HP switch, and Unifi gear. With 3.0 just around the corner, Unifi has really turned into a great product and I may continue using them for bigger installs if this seamless roaming works as well as they say it does.

DO NOT USE dd-wrt in a business. PERIOD. I have been using it since the early days and have been checking in on the project every now and again. It is unstable junk and has continued to be unstable junk for the past 3 years on the dozen or so routers I have tried it on.

Edit: YES, I call having to restart a product after two months, unstable.