Should I look for weak WiFi access points?

[Stonelesscutter]

Maybe this is a dumb idea, or maybe it's counter-intuitive, but I'm thinking about putting two WiFi access points in the living room and two bedrooms, meaning six access points in total. The reason for having two per room is that we use a setup with a VPN router which is convenient for media streaming purposes. So, some devices are in "this country" and some devices are in "another country". Actually, the real plan is to put two switches in each room, so whichever devices can be hooked up by cable can benefit from that, and then to connect the WiFi access points to those switches, but that is somewhat besides the point of this question. For wireless connectivity, in each bedroom there would only be a handful of devices making use of it, but in the living room a bit more. Currently I only have the ISP's router as one access point and a tiny little VPN router as the alternative access point, and they are both in the living room. The connectivity in the bedrooms upstairs can sometimes be lacking. I would like to get rid of WiFi issues once and for all for as much as is possible.

 

What I'm wondering is if there are WiFi access points which don't blast their network over a large distance, but can instead be kept mostly confined within a particular room. I don't wish to annoy my neighbors by putting up six WiFi networks which all potentially interfere with their networks. And I would like to avoid my own networks interfering with each other of course. But I suppose maybe it could seem like there are only two networks in total, even though there would be six access points. I have no idea how that would work though.

 

Any thoughts about the setup described above? Maybe suggestions for alternative solutions? Anyone know which access points might best suit these needs?

[Electronics Wizardy]

Most wifi access points can change the power basically doing this.

 

But you can do this without 2 sets of access points using vlans. I have setup many networks where one ap has multiple wifi networks that connects to their own subnets

[Alex Atkin UK]

27 minutes ago, Stonelesscutter said:

Maybe this is a dumb idea, or maybe it's counter-intuitive, but I'm thinking about putting two WiFi access points in the living room and two bedrooms, meaning six access points in total. The reason for having two per room is that we use a setup with a VPN router which is convenient for media streaming purposes. So, some devices are in "this country" and some devices are in "another country". Actually, the real plan is to put two switches in each room, so whichever devices can be hooked up by cable can benefit from that, and then to connect the WiFi access points to those switches, but that is somewhat besides the point of this question. For wireless connectivity, in each bedroom there would only be a handful of devices making use of it, but in the living room a bit more. Currently I only have the ISP's router as one access point and a tiny little VPN router as the alternative access point, and they are both in the living room. The connectivity in the bedrooms upstairs can sometimes be lacking. I would like to get rid of WiFi issues once and for all for as much as is possible.

 

What I'm wondering is if there are WiFi access points which don't blast their network over a large distance, but can instead be kept mostly confined within a particular room. I don't wish to annoy my neighbors by putting up six WiFi networks which all potentially interfere with their networks. And I would like to avoid my own networks interfering with each other of course. But I suppose maybe it could seem like there are only two networks in total, even though there would be six access points. I have no idea how that would work though.

 

Any thoughts about the setup described above? Maybe suggestions for alternative solutions? Anyone know which access points might best suit these needs?

Access Points optimised for "one room" are typically the in-wall kind, these will be directional so to avoid interfering with the neighbours you'd want them on an outside wall facing inwards - so the back of the AP where very little signal will pass is facing the neighbours.

 

You don't need multiple Access Points or switches for this, its exactly what "managed" switches are for.  You setup two different virtual LANs (VLANs) then assign them to ports, or in the case of Access Points you can pass the VLAN tagged traffic to the Access Point and have each VLAN on its own SSID.

 

For example on my LAN I have the main LAN, an IoT LAN and a dual-stack (IPv4 & IPv6) LAN, so I can pick and choose which I want for individual clients.

For VPNs though I don't bother with that as they all run on my pfSense router and I policy route them instead, but VLANs are easier if you want to use several different physical boxes to handle the VPNs and allocate specific clients to them.

Or you could even consolidate the whole thing into a single box by using a router able to run something like OpenWRT. (not necessarily to replace your main router, but to run the VPNs, broadcast their SSIDs and assign specific ports and/or VLAN tags)  But this depends how much bandwidth you need as running VPNs on routers will hit CPU bottlenecks depending on the router.

[Stonelesscutter]

58 minutes ago, Alex Atkin UK said:

Access Points optimised for "one room" are typically the in-wall kind, these will be directional so to avoid interfering with the neighbours you'd want them on an outside wall facing inwards - so the back of the AP where very little signal will pass is facing the neighbours.

 

You don't need multiple Access Points or switches for this, its exactly what "managed" switches are for.  You setup two different virtual LANs (VLANs) then assign them to ports, or in the case of Access Points you can pass the VLAN tagged traffic to the Access Point and have each VLAN on its own SSID.

 

For example on my LAN I have the main LAN, an IoT LAN and a dual-stack (IPv4 & IPv6) LAN, so I can pick and choose which I want for individual clients.

For VPNs though I don't bother with that as they all run on my pfSense router and I policy route them instead, but VLANs are easier if you want to use several different physical boxes to handle the VPNs and allocate specific clients to them.

Or you could even consolidate the whole thing into a single box by using a router able to run something like OpenWRT. (not necessarily to replace your main router, but to run the VPNs, broadcast their SSIDs and assign specific ports and/or VLAN tags)  But this depends how much bandwidth you need as running VPNs on routers will hit CPU bottlenecks depending on the router.

I think this all went straight over my head. If I understood correctly, a managed switch can be set up to be both the regular network and the VPN network. That might be an option for us. One of the reasons we're using a separate router for the VPN at the moment is to avoid certain devices from ever connecting to certain services without going through the VPN first. I don't know if there would be any risk of that happening when using a single switch for both networks. But I would still require multiple wireless access points with this solution it seems. Unless you also meant to set up the wireless access points doing double duty for two networks. If that is the case, then I have the same concern of the VPN temporarily dropping out causing devices to connect to services when they're not supposed to. Or would that not be a possibility?

[Alex Atkin UK]

22 hours ago, Stonelesscutter said:

I think this all went straight over my head. If I understood correctly, a managed switch can be set up to be both the regular network and the VPN network. That might be an option for us. One of the reasons we're using a separate router for the VPN at the moment is to avoid certain devices from ever connecting to certain services without going through the VPN first. I don't know if there would be any risk of that happening when using a single switch for both networks. But I would still require multiple wireless access points with this solution it seems. Unless you also meant to set up the wireless access points doing double duty for two networks. If that is the case, then I have the same concern of the VPN temporarily dropping out causing devices to connect to services when they're not supposed to. Or would that not be a possibility?

A managed switch allows VLANs, that on a basic level means you can split them into multiple "virtual" switches.  This can be done per-port, or using VLAN tags, which allows you to pass those virtual LANs down a single port and split them out elsewhere, such as on an Access Point where it can put them on independent SSIDs.

A single Access Point doing "double duty" is functionally no different to two different Access Points (other than they will usually share the same WiFi channel due to only have one radio on each frequency).  The WiFi network (SSID) you are connecting to are unique, your clients will only connect to the ones you have added on that client and traffic is just as isolated as if they were separate devices.

If traffic can pass without the VPN would be entirely down to the box you have the other end handling the VPN.  If its denied there, the traffic has nowhere to go.