Router/AP recommendation for bigger home network (25 users, 5 story building)

[Kaspar]

Hi!

We are a housing cooperative and would like to have a shared inetrnet connection for all inhabitants. We are based in Switzerland and able to get a 1000/1000 Mbit symmetrical fiber connection by Fiber7. Floors 1-5 of our building are inhabited by in average 5 people and there is a vertical cable box to pass ethernet cables which should house the routers as well. The ground floor does not need to be covered. Total budget should not surpass $500.

My idea (which might not be feasible, so could be simplified without 802.1x and just one network) would be:
- use 2 (or 3 id necessary) Asus RT-AC68u or RT-AC87u or Netgear R7000 (recommendations?) on floors 2 and 4 (or 1,3 and 5) as AP on the same SSID. Most likely Merlin firmware to allow hardware acceleration and extra features.
- one of the routers is connected to a media converter with SFT module and does the routing
- the other one provides a radius server for user authentication
- there is a second "legacy/easy" SSID for devices that do not support 802.1x and guests, secured by WPA2-PSK. This network only provides limited bandwidth (100Mbit?) if this is possible without compromising routing performance.

An alternative would be to drop in an edgerouter lite or X-SFT to do the routing, this would limit the budget to max 2 AP though...

Looking forward to your input!

 

[netwrks]

You will certainly want a router that will sustain wire speeds, from your ISP.
Will you be doing traffic shaping, or will it be a free for all?.. If I was doing this project, I would drop Ethernet into each unit and let them purchase their own wireless router configured as an Access Point. That way you are only responsible to the end of Ethernet cable. If you want reliability Ethernet is the best way.

 

[System Error Message]

you can also look at mikrotik as there is the RB850gx2 and the RB1100AHx2 that are capable of supporting your connecting. They may be more expensive than the edgerouter lite but they perform software NAT at your connection speed which means you can apply firewall and QoS at wirespeed which consumer routers cant.

placing wifi APs in the center of your house would be best. Try place one on the 1st floor and 4th floor and see how far the signal goes than adjust the APs location.

 

[smitbret]

No concern for the insecurity of having everyone on the same network?

This sounds like a bad idea for a multi tenant setup.

I would think you'd be better off dropping a WAN ethernet connection to each residence and letting them be responsible for their own router and LAN.

 

[Kaspar]

Netwrks:
I wasn't planning to do any traffic shaping at the moment. There are reports that AC68u and R7000 support full linespeed, at least without wireless. Cabling each unit is cost- and effort-wise not an option. Also, I am trying to avoid to many networks as this is an inner-city rental house (ie I already see 10+ different networks at any point of the building)
System Error Message:
The Mikrotik routers are unfortunately too expensive if I have to factor in the access points for wireless, casing etc. I will however keep them in mind in case I am struggling to reach linespeeds. Thanks for the AP advice, I wil try!

Any comments on the "simplest" setup I would suggest, do you think that would be sure to work? (2-3xR7000 Asuswrt-Merlin, no QoS, WPA2-PSK)

 

[netwrks]

Netwrks:
I wasn't planning to do any traffic shaping at the moment. There are reports that AC68u and R7000 support full linespeed, at least without wireless. Cabling each unit is cost- and effort-wise not an option. Also, I am trying to avoid to many networks as this is an inner-city rental house (ie I already see 10+ different networks at any point of the building)
System Error Message:
The Mikrotik routers are unfortunately too expensive if I have to factor in the access points for wireless, casing etc. I will however keep them in mind in case I am struggling to reach linespeeds. Thanks for the AP advice, I wil try!

Any comments on the "simplest" setup I would suggest, do you think that would be sure to work? (2-3xR7000 Asuswrt-Merlin, no QoS, WPA2-PSK)

It might work.. Not sure how the R7000 would survive running full wire speed. I think it's close to a gig, but not quite.. Hope no one Torrents.. Too many variables with wireless.. Wireless is a nice to have, but I wouldn't buy into it, without knowing I could actually connect to something via ethernet..

 

[sfx2000]

We are a housing cooperative and would like to have a shared inetrnet connection for all inhabitants. We are based in Switzerland and able to get a 1000/1000 Mbit symmetrical fiber connection by Fiber7. Floors 1-5 of our building are inhabited by in average 5 people and there is a vertical cable box to pass ethernet cables which should house the routers as well. The ground floor does not need to be covered. Total budget should not surpass $500.

I'm assuming this is not a single family type of dwelling - or is it?

Talk to the Provider - it's in their interest to provide safe/secure connectivity to the occupants, and many do have experts that facilitate this very thing.

 

[sfx2000]

And just as a rough estimate - 5 floors/25 full time residents... 3 screens per user, plus at least 2 extra nodes per floor, and guest access (including single and perhaps parties), you're looking at a minimum node count of around 125 to 150 nodes potentially on the network.

You didn't mention what kind of services folks are planning to use, which comes into play, but let's just consider Voice, Streaming Media, standard browser/email, and some gaming, so factor that in...

Even if wanting to put this all on a single LAN, you're well beyond the scope of consumer grade routers, not just in Wireless, but also on the NAT/Firewall.

So again, talk to the provider, they'll likely have experience, and can either provide directly, or recommend consumer premises equipment that'll fit your needs - again it's in their best interest... less support calls for them when things stop working...

 

[System Error Message]

the RB850gx2 costs $120 which is less than what around the cost of the cheapest dual core ARM A9 router and is faster despite the lower clocks. Mikrotik has better user control and what some ISPs do is use their RADIUS server with PPPOE server. If the RB850gx2 is too slow than you'll need the RB1100AHx2 and there are some examples that use scripts for per user generated QoS that is updated everytime they connect.

Since you're using NAT i suggest using RADIUS only. For now if you have 2 AC wifi APs only for the entire building you can use a consumer router with hardware NAT since they wont be able to use more than 1 Gb/s because of wifi practical bandwidth.

Later on you should consider getting a better router like the RB1100AHx2 or CCR1009 or pfsense and wire your building. both mikrotik and pfsense have RADIUS and you can run pfsense of a laptop if you dont mind leaving it open and using its miniPCIe ports to add NICs. I have used a similar method on laptops before to use desktop GPUs with them but they were supported by an ATX PSU. For cost reasons you can just use pfsense on a laptop as web cache and RADIUS.