Good mesh network solutions for school?

[panjandrum]

I would like to rollout a mesh network in a single-building school sooner rather than later. This building is the single hardest building to network (in terms of WiFi reliability) that I've ever encountered. It's built out of dense materials (poured concrete floor between levels 1 & 2, plus cinder-block walls, metal out the wazoo, etc.) combined with acres of glass for signal-refraction hell. The obvious solution is move to a mesh-network solution with an access point in every single room.

I've been perusing mesh networking solutions for a couple weeks now, but so far most of the reviews I can find focus on household implementations, and contacting a couple of manufacturers shows that there can be some hidden limitations (one solution, for example, has a 20 device limit per node... WTF???)

Has anyone here had experience rolling-out a Mesh network?

Anyone want to make specific hardware suggestions? (Not the Netgear Orbi, which apparently isn't a true mesh setup).

Thanks!

 

[DJLC]

I've not really heard of any legitimate enterprise mesh options. I'm sure they exist; I just haven't heard of them! That said, I tend to think you'd be better served by getting an adequate number of enterprise grade wireless access points.

I also work for a school — we have two buildings with different needs; our middle school probably most closely resembles yours. It was a JC Penney built in the early 50s, so we've got tons of cinderblock, metal studs in newer walls, concrete floor pads, etc.

We briefly tried some OpenMESH stuff alongside our older access points. But that really wasn't a solid solution. We ended up replacing everything we had with roughly one Xirrus access point per classroom. Those are all wired back to a PoE switch using existing network wiring in the classrooms. Works great! And pretty much any enterprise WAP could slot in to the same setup; AeroHive, Meraki, Ubiquiti, etc. The Xirrus model we ended up buying can handle something like 50-60 clients per WAP.

Also worth mentioning — if you're a public or charter school in the US, you may be eligible for Erate Category 2 funding. We're in the early stages of filing for that funding, which can pay for WAPs, switches, routers, firewalls, network wiring, and pretty much anything else you need for internal network connections.

 

[guzhogi]

I also work in a school. We use Cisco's Meraki access points, and a few Meraki switches. The other switches we have are Cisco (non-Meraki) switches. We have 1 access point per room regular room, 2 for larger rooms (like the library). Unfortunately, I don't deal that much with the network, so I don't know all the inside workings. I'm lucky that my school has drywall inside walls, drop ceilings, etc. so it's easy enough to do the cabling from the networking closet to each room in the ceilings, drill holes, etc.

 

[DJLC]

I also work in a school. We use Cisco's Meraki access points, and a few Meraki switches. The other switches we have are Cisco (non-Meraki) switches. We have 1 access point per room regular room, 2 for larger rooms (like the library). Unfortunately, I don't deal that much with the network, so I don't know all the inside workings. I'm lucky that my school has drywall inside walls, drop ceilings, etc. so it's easy enough to do the cabling from the networking closet to each room in the ceilings, drill holes, etc.

Meraki is great if you have the $$$ and don't need advanced configurations! No-go for us unfortunately, although the dashboard is super awesome.

 

[guzhogi]

Meraki is great if you have the $$$ and don't need advanced configurations! No-go for us unfortunately, although the dashboard is super awesome.

I fortunately live in a fairly affluent community so we have a bit of $$$. As for advanced configurations, like I said in my original post, I don't really get into that stuff. I've installed access points, as in attach them to the drop ceiling, and plug in the ethernet cord. Actual configuration is left to my district's network guy.

 

[hobowankenobi]

Have you looked at Ubiquiti?

Hard to beat the cost, and no on-going licenses or other hard costs. Never used this, but seems pretty cool for buildings also needing public address upgrades.

I have only set up and used their older APs, which were not a mesh system (you could extend a single POE AP to share bandwidth with second wireless–AC power only–in a spot where data cabling was not possible...but sharing bandwidth).

POE to each AP. Very easy to manage, and no complaints. If you go with UBNT POE switches and manage them all from one dashboard. Very slick and easy.

A friend manages about 50 remote offices with UBNT APs and switches, and they have been very happy with them.

I read now they also have true mesh APs. Lots of options. Could be worth a look, and some testing.

The funny part of mesh is...it is easier, faster, and cheaper to pull data cable to an AP, rather than getting power exactly where you need it.

 

[panjandrum]

I've not really heard of any legitimate enterprise mesh options. I'm sure they exist; I just haven't heard of them! That said, I tend to think you'd be better served by getting an adequate number of enterprise grade wireless access points.

Also worth mentioning — if you're a public or charter school in the US, you may be eligible for Erate Category 2 funding. We're in the early stages of filing for that funding, which can pay for WAPs, switches, routers, firewalls, network wiring, and pretty much anything else you need for internal network connections.

Hmmm, interesting tip on the funding. I'll mention it to those in-charge and see if that's something they can manage. Thank you!

In terms of the mesh vs. WAPs, the problem is not the signal-strength, it's roaming problems: We have a total of 8 access points in this building - 1 per 2 rooms, and signal-strength is pretty good throughout, but even with the "joinMode=Strongest" variable set, we constantly see users "stuck" on APs several rooms away with effectively zero real-world throughput. All of our APs are set to less than 100% transmit power - most of them are set all the way down to the minimum setting supported by the hardware, and they are set to 5ghz-only for minimal possible penetration - to force the client computers to lose the signal as quickly as possible as equipment is moved about the school. (Side note, for those APs that are Airport Extremes, I have to keep a VM around with Mountain Lion to run an old version of Airport Utility just to access previously supported features. Bad move Apple!) A significant part of the issue has got to be the signal-refraction from all the glass; we sometimes see a signal from an AP clear at the other end of the building; an AP that can by no-means penetrate the building materials to that distance, still showing up until a window is occluded by, for example, as student walking by (building has large glass panes between rooms and a central 2-story "hallway", plus extensive glass all along the exterior wall of that 2-story hallway...)

My understanding (and I may be wrong) is that (true) mesh-network hardware communicates with all the other mesh-access-points on the network and effectively handles the hand-off from one AP to another at the AP end of things, essentially eliminating the roaming issues that seem to plague MacOS and iOS equipment more than most other devices.
[doublepost=1510255447][/doublepost]

Have you looked at Ubiquiti?

Thank you! I'm looking at it now!

 

[hobowankenobi]

Hmmm, interesting tip on the funding. I'll mention it to those in-charge and see if that's something they can manage. Thank you!

In terms of the mesh vs. WAPs, the problem is not the signal-strength, it's roaming problems: We have a total of 8 access points in this building - 1 per 2 rooms, and signal-strength is pretty good throughout, but even with the "joinMode=Strongest" variable set, we constantly see users "stuck" on APs several rooms away with effectively zero real-world throughput. All of our APs are set to less than 100% transmit power - most of them are set all the way down to the minimum setting supported by the hardware, and they are set to 5ghz-only for minimal possible penetration - to force the client computers to lose the signal as quickly as possible as equipment is moved about the school. (Side note, for those APs that are Airport Extremes, I have to keep a VM around with Mountain Lion to run an old version of Airport Utility just to access previously supported features. Bad move Apple!) A significant part of the issue has got to be the signal-refraction from all the glass; we sometimes see a signal from an AP clear at the other end of the building; an AP that can by no-means penetrate the building materials to that distance, still showing up until a window is occluded by, for example, as student walking by (building has large glass panes between rooms and a central 2-story "hallway", plus extensive glass all along the exterior wall of that 2-story hallway...)

My understanding (and I may be wrong) is that (true) mesh-network hardware communicates with all the other mesh-access-points on the network and effectively handles the hand-off from one AP to another at the AP end of things, essentially eliminating the roaming issues that seem to plague MacOS and iOS equipment more than most other devices.
[doublepost=1510255447][/doublepost]

Thank you! I'm looking at it now!

Yeah, it's all about the handoff between APs. Good systems make it seamless for users, with rare and short dips in throughput. Sounds like you have non-enterprise APs now....which could be the biggest single problem. And no config will truly fix it. That's what makes the enterprise stuff....enterprise.

Oh, and if you are hunting, where I work there are probably 5000+ APs, and they use Aruba. Pricey, but worth it when you have 20K users every day. Probably up in the Meraki $ range. Another premium option is Ruckus. Most of the premium enterprise stuff I am aware of like these brands require a service contract or a license for the controller that must be renewed every year or so. Can be a big, hidden, on-going expense.

But UBNT pricing is sooooo much less, for a good (many say great) product, I don't know of any real competition (bang for the buck). No service contracts, no controller licesnes, nothing hidden or on-going.

If you get a chance, you can get a 3 pack of APs for nearly pocket change and set up the controller software on any spare Mac or PC to test the system. You can set em up and beat the hell out of 'em and see how they fare with the handoff and throughput...in as little as a few hours.

Not aware of any other enterprise brand that does not require a paid ($$$$) controller even to test. Maybe somebody here can add to this if there are other easy-to-test, low commitment options.

 

[panjandrum]

Yeah, it's all about the handoff between APs. Good systems make it seamless for users, with rare and short dips in throughput. Sounds like you have non-enterprise APs now....which could be the biggest single problem. And no config will truly fix it. That's what makes the enterprise stuff....enterprise.

If you get a chance, you can get a 3 pack of APs for nearly pocket change and set up the controller software on any spare Mac or PC to test the system. You can set em up and beat the hell out of 'em and see how they fare with the handoff and throughput...in as little as a few hours.

Yeah, unfortunately cost has been (and remains) a huge issue for much of the education sector, including the school in question. If "good enough" costs $1000 and "correct" costs $2000, we pretty much always have to go with "good enough." We will see about that funding mentioned above though!

I really like what I'm seeing on the Ubiquiti end of things. Price looks doable & feature-set looks spot-on.

Thanks to all for your feedback on this issue, you've been a huge help!

 

[DJLC]

Yeah, unfortunately cost has been (and remains) a huge issue for much of the education sector, including the school in question. If "good enough" costs $1000 and "correct" costs $2000, we pretty much always have to go with "good enough." We will see about that funding mentioned above though!

I really like what I'm seeing on the Ubiquiti end of things. Price looks doable & feature-set looks spot-on.

Thanks to all for your feedback on this issue, you've been a huge help!

I'd definitely look at Ubiquiti if Erate funding isn't an option. Those *should* have pretty good enterprise roaming options.

I know our Xirrus WAPs communicate w/ each other over the wired network and keep track of their close neighbors on the wireless side. Our devices (mostly iPads) move between APs without issue. We did have issues in the past when our APs were from disparate vendors and weren't all enterprise grade kit. FWIW we paid roughly $600 per Xirrus AP, not including the cloud management licenses.

 

[hobowankenobi]

Even with Erate, I would test and consider UBNT. Hopefully you can refresh and manage the entire network (APs and switches) all the way back your router/gateway...with a single dashboard.

UBNT does routers and gateways too, but I don't have any enterprise experience with them. Running a small unit (EdgeRouter X) at home for about 2 years. Rock solid, never needs a reboot. Decent GUI, but aslo CLI Linux box for "real" admins.

 

[hobowankenobi]

Yeah, unfortunately cost has been (and remains) a huge issue for much of the education sector, including the school in question. If "good enough" costs $1000 and "correct" costs $2000, we pretty much always have to go with "good enough." We will see about that funding mentioned above though!

I really like what I'm seeing on the Ubiquiti end of things. Price looks doable & feature-set looks spot-on.

Thanks to all for your feedback on this issue, you've been a huge help!

Depending on needs...I wonder if more low-cost APs (with less throughput each) makes sense in a school-like environment. Assuming a great hand-off, the downside would be more APs to cable, manage, and power (more POE ports...bigger/more switches).

On the upside, fewer users/devices per AP, and lower new purchase costs overall.

The UBNT AC Lite, for example, is only about 80 bucks. Less total throughput than the high-end models, but if there are fewer users/devices...would it be a better overall design, at a lower hardware cost? Can't say for sure. Maybe somebody can. Specs to compare towards the bottom of the page.

Example question:

Would 4 AC-Lite units, one per room, be better than 2 AC-HD units that had to cover 2 rooms each? It Would be much cheaper to purchase, and seems like it would be more flexible (placement options, and ensuring no shadows or dead spots).

Would be interesting to see the two different options tested....performance for users, etc. Sure, you can 200 devices on a single AP...but what is real-world performance like when modern devices are constantly checking in and updating so, so many things. All that runs back to a switch on a single data cable. How much typical device use does it take to saturate a single AP uplink/port? And how many typical (if there is such a thing...) users does that equate to?

I can't say.

 

[panjandrum]

Hey, just wanted to pop back in and say thanks to those who suggested the Ubiquiti line. We put in the time and $ to upgrade every major piece of hardware for the network infrastructure, including a new nanoHD in every classroom. Decided to go with all Ubiquiti due to the reasonable cost and no-contract-necessary business model. Very happy so far.

 

[DJLC]

Hey, just wanted to pop back in and say thanks to those who suggested the Ubiquiti line. We put in the time and $ to upgrade every major piece of hardware for the network infrastructure, including a new nanoHD in every classroom. Decided to go with all Ubiquiti due to the reasonable cost and no-contract-necessary business model. Very happy so far.

Glad to hear it! We're slated to go to Aerohive this year with Erate money from the Feds. But I'm keeping Ubiquiti in my back pocket for the future.

 

[hobowankenobi]

Hey, just wanted to pop back in and say thanks to those who suggested the Ubiquiti line. We put in the time and $ to upgrade every major piece of hardware for the network infrastructure, including a new nanoHD in every classroom. Decided to go with all Ubiquiti due to the reasonable cost and no-contract-necessary business model. Very happy so far.

Glad it is working out.

Did you dedicate a machine to run the controller, or a VM, or something else?

How many APs so far?

Have you spent much time fine-tuning frequency selection, or AP power?

 

[panjandrum]

Glad it is working out.

Did you dedicate a machine to run the controller, or a VM, or something else?

How many APs so far?

Have you spent much time fine-tuning frequency selection, or AP power?

I have several real MacPros (4,1s flashed to 5,1s) that I use for server and management functions, so I just run the controller software on the one that sits under my desk. As far as I can tell our network configuration is simple enough that in theory everything should continue to work even if the controller software isn't actively running.

10 nanoHD APs, so technically far more than should actually need for the number of devices, but due to signal refraction/reflection/penetration issues we really need an AP in every classroom.

The key to getting the laptops and iPads to roam well between APs (instead of clinging to nearly non-existent signals) was the minimum-data-rate controls combined with minimum RSSI settings (and the proper power on the radios, mostly "medium"). I'm using 40hz wide 5ghz channels only for school equipment and have been able to use DFS channels without any problems so far. And yeah, I spent a LOT of time walking the building with WiFi Analyzer setting everything up.

 

[PhoenixDown]

Another fan of Ubiquiti here, albeit my small home deployment isn't much to talk about.

 

[hobowankenobi]

You are correct: controller software is only needed to configure and update...although it is handy to monitor and manage on larger networks to keep an eye on APs, network loads, and client activity.

Good deal. Thanks for the details, may really help others down the line.

Your success has reinforced my own experience and understanding that more lower power access points are better...assuming hand-offs are working well.

Oh, and forgot to ask: You mentioned upgrading other network hardware...what did you pick? Switches? Routers?

 

[panjandrum]

Oh, and forgot to ask: You mentioned upgrading other network hardware...what did you pick? Switches? Routers?

We also needed to upgrade our main switch to handle the increased POE requirements (plus I didn't really like the old Netgear switch's UI - very hard to work with), so got the Unifi 48-port and went with a the Security Gateway Pro also. Just made sense to go all Ubiquiti once I got a good look at the offerings. Working well so far.