How to setup a clubhouse wifi
November 16, 2017 7:17 PM   Subscribe

I may or may not have been volunteered to help setup wifi for the neighborhood pool/clubhouse, halp me.

I have set up many folks' home-networks and wireless routers - easy peasy stuff. I know my way around the residential side of the business. But for something where the coverage area goes beyond a house, and the number of clients can be big, I'm a bit out of my element.

I understand we'd need a connection from the FIOS/cable company/DSL/whatevs - not sure securing a cable/drop is my job. I'm hoping I'd show up and there's a modem there, ready to go.

Is there a back of the envelope for how much bandwidth is reasonable ? (ie if there's a swim meet, and we've got 300+ people there checking facebook, streaming the meet, instgramming their kids on the podium, etc what does that translate into ?

Beyond that, we would need to cover a good-sized pool and pool-deck, clubhouse and it's deck/patio. Figure ~200ftx120ft, with the clubhouse taking half that. Or a 200ft radius circle.

Is this something you can put together from best-buy level hardware ? (ie am I looking at a single beefy wifi router, several wifi routers with all but 1 setup as a repeater, 2 or more APs hard-wired to a router ? What should the topology look like ? I'm assuming 1 SSID for the whole setup too)

Security wise, is it better to leave it open, or have a password on it (knowing the password will probably be shared a-plenty) ?

Should there be rate caps so no one can hog all the bandwidth ? (I could see there being summer "pool movie nights" where someone hooks up a projector and their netflix account, so ... )

Are there other things to consider that I've missed ?
posted by k5.user to Computers & Internet (13 answers total) 3 users marked this as a favorite
So I used to be on the board of a private community/neighbourhood pool. We had swim meets with hundreds of people, a small clubhouse, probably about the same size as yours

Honestly most people get great LTE reception since it's basically outdoors that's comparable to the speed of DSL. Our setup was a single consumer-grade router. We had a separate 5 GHz router for the meet computers to network MeetManager during meets. Although if you're going to use networked MeetManager, hardwire the computers as it relies on Microsoft Access which doesn't tolerate poor connections well.

My question to you is how much you really expect people to use your wifi? Ours was a courtesy to members but honestly people didn't really rely on it much. Maybe kids watching videos on ipads when their older siblings were swimming. But there's really no way you can really provision for the actual peak usage with a couple hundred people there vs the other 360 days a year when I assume the pool is mostly empty.

Buy a good consumer-grade router and leave it at that. Enable client isolation if possible to improve security. Rotate the password annually and give it out to people with membership renewal.

If you want to get really fancy get a mesh wifi router (eero, google wifi, whatever) and set it up spaced evenly over the space. But you'll have to get power and weather protection to each unit.

You can get fancy commercial-grade outdoor units but IMO it's overkill and I assume you're relying on a volunteer or a pool manager to take care of it, so I don't think it's practical to think they're going to handle some complex wifi config system.
posted by GuyZero at 8:03 PM on November 16, 2017 [1 favorite]

Don't buy non-mesh routers and put them all on the same SSID though - I've run that setup at home and client deices don't really roam in that config and get stuck on weak APs sometimes. The mesh routers do actual handoff way better.

QoS or bandwidth caps are probably not supported on consumer-grade devices and I don't think it's really a big deal. If a bunch of people stream Netflix they'll fight for it, the Netflix app will switch to a lower bitrate and everything should mostly work out. We never had an issue with it AFAIK.
posted by GuyZero at 8:07 PM on November 16, 2017 [1 favorite]

If you actually expect 300 people to use your wifi, a consumer-grade router will in no way cut it. The good news is that enterprise-grade hardware has come down in price quite a bit. Look into something like Ubiquity's UniFi APs.
posted by signalnine at 8:09 PM on November 16, 2017 [1 favorite]

Look into something like Ubiquity's UniFi APs.

In fact look specifically into Ubiquity's UniFi APs. Pretty much impossible to beat for the money you spend on them, pretty hard to beat full stop. I've chosen them for single-WAP residential installs on price grounds alone.

Plan to hardwire them if possible and power them via PoE. Way fewer surprises that way.

The UniFi APs don't need central controlling hardware and will operate standalone, so if you want to start by deploying just one of them and see how you go, you can do that. Once you've got two or more, though, you'll want to wrap your head around their central management tool. This will run on just about any computer that can host Java 8 and greatly simplifies AP setup, firmware updates, security reconfiguration etc.

Security wise, is it better to leave it open, or have a password on it (knowing the password will probably be shared a-plenty) ?

Better to have a guest SSID that's open to the public but can only connect wifi clients to the designated internet gateway, not to each other (this is easy to set up in the management tool), and a separate WPA2-protected SSID for corporate use. Make sure any corporate client you hand the password to has been properly patched.

Don't bother with rate caps until you're sure you have a problem.
posted by flabdablet at 11:23 PM on November 16, 2017 [2 favorites]

Yeah, you want Ubiquiti APs. Depending on the layout of the area and whether you really need it to deal with 300+ users at a time, you may be able to get away with a single (or maybe one at each corner) non-UniFi AP, which is nice because those have their own web config interface like consumer APs do. I'm not a huge fan of the Unifi controller software. The saving grace is that you only need it to set things up initially unless you're using the captive portal feature. That said, if you really need to support that many people, the only way you're doing it on a reasonable budget without special nonprofit pricing from one of the major vendors and you don't have an intimate knowledge of all things networking, is with the Ubiquiti UniFi line.

For that many people with usable speed you'll need probably at least 4, more likely 6 APs and to enforce minimum signal levels (and maybe even only allowing n+ clients). Otherwise more distant clients will drag the whole network to a crawl. The key is making sure all clients are using the highest reliable data rate possible and forcing them between APs as necessary to achieve that.

Most of the work is done for you by default with UniFi, but there are still tweaks that can make things work a better and obviously having the APs positioned well is necessary for a good result. Keep in mind that you may not want all of them to be omnidirectional and that you may want to turn down the transmit power somewhat on APs where clients are trying to connect from too far away.

There are other options, but they are either far more complex, far more expensive, or both. Some other inexpensive options might be suitable if you were more experienced in networking, but since you aren't, best not to go there.
posted by wierdo at 12:18 AM on November 17, 2017 [1 favorite]

Oh, as far as an Internet connection to support 350ish clients? If you want to give them a decent chance of getting 10Mbps assuming usual(ish) average usage, you'll want around 100-150Mbps. They'd probably be fine with 50-75, but might find it slow, but it could make a decent compromise, especially if a single call speed increase is available from your provider should it prove necessary.

The key, of course, is a decent router. Most consumer routers would choke with that many clients. It's about on the top end of what I'd use one of Ubiquiti's EdgeRouters for, though that may be more conservative than is really necessary. Doing nothing more than NATting the wireless clients it ought to keep up, but if I expected enough video streaming to happen that I'd need QoS to keep it under control I'd want something with more grunt.
posted by wierdo at 12:28 AM on November 17, 2017

I'm not a huge fan of the Unifi controller software.

Me either. Ugly as all get-out, and as fiddly to get going in corner cases as you'd expect from anything Java-based.

But the job it does is a job that needs to be done to make multiple APs work together harmoniously, and though you'll undoubtedly be swearing at it before that happens, it will eventually happen.

The key, of course, is a decent router.

Yes. You want something with enough CPU and more critically enough RAM in it to hold the world together under load.

If you're a roll-your-own-and-learn-as-you-go guy with plenty of time and not much money, it's hard to beat something like an Odroid XU4 with an extra Ethernet port bolted on via USB3, running a stock Debian userland on an Armbian kernel. Setting it up as a router and firewall is the complete opposite of slick in every possible way, but with an 8 core 2GHz ARM CPU and 2GB RAM it's grunty enough to deal with just about any sub-gigabit routing task without breaking a sweat. It's also really, really cheap and runs on a sniff of power.
posted by flabdablet at 12:43 AM on November 17, 2017

I implemented a wireless network at my workplace. I used OpenMesh OM2P devices. They're inexpensive -- about $90 each, if you buy them with the power adapter. There are 14 of these nodes scattered around our building. About half of them are wired-in, and the other half mesh wirelessly. They're easy to manage -- it's done via a cloud-based web panel. We typically have around 100 clients connected at any given time, so our load is lower than what you anticipate with your clubhouse. Our Internet connection gives us about 40 megabits per second down.

The OpenMesh routers work reasonably well, but I had to open a trouble ticket recently, because the whole network had slowed down dramatically. The technician was very knowledgable and helpful. He said that when users move around a lot (which our users do), the network tries to run some kind of optimization algorithm, but then the CPU load maxes-out on the individual units. So the technician made a configuration change that fixed that problem, and we're back in business.

I am slowly going to upgrade the network by replacing all the OM2P units with more-expensive, better-performing A60 models. If I were setting up a new network today, I would probably pay extra for the A60 units and skip the older OM2P models.

Others have provided some more expensive alternatives above. But if cost is a big issue for you, then you might consider OpenMesh (though you might want to find out whether the network could support the number of clients you expect).
posted by alex1965 at 5:58 AM on November 17, 2017

I've got a friend who does WiFi stuff for a living. He'd probably also recommend Ubiquiti gear for you, but the stuff he installs more for his clients is from Ruckus. You probably don't want that, but if you want to present a "gold" option where Ubiquiti gear is the "silver" one, there you go. In any case you almost certainly want wired backhaul from every AP to a switch, and you might as well run PoE while you're at it. Ubiquiti sells a PoE switch that seems pretty decent, but you probably* don't need to stick within the brand.

* Ubiquiti sells some smaller, less powerful access points called the UAP AC Lite. They are, in fact, what I have in my house, because I needed placement more than I needed range. Older UAP AC Lite devices, however, don't support the 802.3af (or any later) PoE standard and instead run on 24V passive power usually provided by injectors. Newer devices than the ones I have apparently will work with 802.3af switches but I had to buy a Unifi switch to power mine. Pay attention to the date code if you end up with UAP AC Lite devices, I guess. I bought mine in November 2016 and still ended up with the older hardware.

Whatever you do don't use consumer gear. When you have more than, say, a dozen devices on your wireless network at once, you'll run into performance and caching issues that will make the network essentially useless.
posted by fedward at 8:46 AM on November 17, 2017 [1 favorite]

I'm 100% in agreement with flabdablet on everything but the router recommendation. If you want to stay in the inexpensive dedicated router space, either the EdgeRouter (the best option for folks with limited networking experience, just buy the expensive one and optimization shouldn't be necessary, it's got enough CPU) or a Mikrotik RB3011. The MT has an easy config mode that would likely do what you want, but it requires more networking knowledge than the Ubiquiti gear to do the more complicated stuff. Ironically, the really advanced stuff is easier on Miktotik's RouterOS, but you shouldn't need that.

If you need web filtering and other advanced gateway features, a PC with a multiport PCIe Ethernet card and Untangle is by far the easiest way to go.

Ruckus is a good option, BTW, but it's most of the way to enterprise pricing so not likely in your budget unless you are technically a not-for-profit and can then qualify for discounts. If you're in that situation, true enterprise gear may be within your budget if you get in contact with the right people. At one point they were talking about going to a subscription model for the controller, also, unless I'm confusing them with someone else.
posted by wierdo at 9:36 AM on November 17, 2017 [1 favorite]

Rather than messing around with the Unifi controller software on a PC or VM like many of us do, there is a Unifi Cloud Key which is basically the controller preinstalled on a tiny appliance. I haven't used this but I hear it is well-liked. Conceptually this is the right way to go if you just want to get it up and don't mind an extra $80.

Also, there's a good alternative to the Ubiquiti EdgeRouter in the Ubiquiti Security Gateway (USG) which is a few dollars more, but is really almost the same device.

The USG offers significantly greater insights into what clients are doing on the network, and that can be helpful. It's pretty clear that they wanted to emulate the capabilities of some of the much more expensive network management devices, and the first tier of capabilities is really pretty good, but once you drill down it is less impressive. Still, it really works nicely out of the box, and giving you some solid basic information on the network is pretty helpful. This and a Unifi AP is what I've been giving out to friends and family, and then hooking them up to the Unifi controller here so that I have some awesome abilities to help identify issues if they call.

There are both smaller and larger versions of both the EdgeRouter and the USG. The smaller one is pretty capable, don't underestimate it.
posted by jgreco at 3:08 PM on November 17, 2017

the stuff he installs more for his clients is from Ruckus.

Ruckus was what I picked for the school I used to netadmin, and it works extremely well. We had a minor issue with the central controller software's location map feature (installation was not long after Google started requiring an API key for Google Maps) and Ruckus Level 1 tech support needed their hands held for a bit before they got on top of it, but once we'd figured out what was actually going wrong, a trouble-free patch was issued very quickly.

Main reason I picked Ruckus over Ubiquiti for the school was that the school had been unexpectedly granted a fairly substantial slab of money for infrastructure upgrades and I was actually having a bit of trouble trying to spend it all on stuff we actually needed; and as fedward says, Ruckus really is the gold standard performance-wise.

The guys from the district-wide tech support department that took over from me after I left the school had previously rolled out wifi to several other campuses, and they were all Ubiquity all the time and had always been happy with the performance. But given the physical size and client count of that particular school, I think the Ruckus APs will end up justifying their higher unit cost because the school won't need as many of them. The Ruckus central management software is also enough less ugly than Ubiquiti's that moderately non-technical staff onsite have a rather higher chance of grappling with it successfully.

The WAPs we used to have before the Ruckus rollout were prosumer-grade things from D-Link. Very low cost for the promised specs, but don't even go there. Just horribly disappointing performance once you get more than a dozen connections per WAP and bugger-all competent tech support.

Also, if you're going the enterprise wifi route, avoid Cisco. They've been coasting on brand name recognition for many years, and their current gear doesn't perform quite as well as Ubiquiti's but will cost you much more than Ruckus's.
posted by flabdablet at 4:11 AM on November 18, 2017

But seriously: if in any doubt at all, pick Ubiquiti. Their gear is at least as reliable as anybody else's, better supported than most, and really really hard to beat on price.

Anybody who is all "pffft, Ubiquiti" at you for going that way is essentially a hipster whose technical opinions you can pretty safely ignore.
posted by flabdablet at 4:19 AM on November 18, 2017 [1 favorite]

« Older Why would an STI clinic ask about prescription...   |   Thanksgiving for Two Newer »
This thread is closed to new comments.