Same SSID for 5+ APs to connect slew of Sonoffs?

TriLife

Active Member
Greetings from Colombia.

I haven't posted for a while, because all was working well. My ISP even 20x'ed my fiber connection without asking for a penny more. And that, considering they haven't raised prices in 5 years!

Anyway, i have about 100 Sonoff/Tasmota switches running off a UD ISY/Polisy combo, to 98% controlled by Google voice. All works well most of the time. Google has occasional slowdowns, bit they are manageable.

Now, UD has vastly enhanced the capabilities of the Polisy and we can migrate the ISY994 to it, pending a Z-Wave dongle. It's an involved process, so i want to take advantage of the process and try and streamline/enhance my system.

So here is the first question (there will be more):

1- Currently 5 Access Points controlled by a Mikrotik 3011 Routerboard (assigns all the IP addresses). The APs all have multiple SSIDs and I dedicated one SSID each to IoT. They all have different names, according to zones in the house. This is turning out to be quite the PITA to maintain and manage. Would there be any problem, if I decided to name all of them the same, like MyHouseIoT?

2- the APs are VPN capable. I'm only vaguely familiar with this technology. Could I try to isolate the IoT SSIDs, so they cannot access any of my other devices on the network, except the UD Polisy, which controls them (MQTT)? Or am i opening a can of worms there?

3- follow-up to 2 - my PC (Ethernet cable to Mikrotik) of course would need to be able to connect to them for occasional maintenance as well... Of course I could enable the PCs WiFi and connect to the same VPN l-isolated IoT network.

Cheers!
 

pete_c

Guru
Welcome back to Cocoontech @TriLife

While I still tinker much with OpenWRT I like the Ruckus APs that I have installed.

OpenWRT micro routers are running in the automobiles and at home. At home have a configured TOR WAP OpenWRT router running and installed a tiny OpenWRT router inside of the alarm panel (NO wireless just routing). I have another one that I use for the MeteoHub (Davis weather station). One of OpenWRT routers is running Python / MQTT and doing it well.


They each have two Gb interfaces. I have multiple SSIDs ...IE: use one called Tasmota and another called Alexa et al...

You can configure vlans on them with no issues. Also using a multiple interface PFSense firewall.

They will auto configure themselves if you use more than one WAP. One will be the master and the others are slaves.

Relating to configuration you can do it all via the master WAP.

Relating to ZWave, Zigbee, 433Mhz you can now utilize Tasmota hubs which will work or just an RPi with all three.

I do not have over a hundred iOT devices. That and my Tasmota devices can all be managed via Alexa and or Google.
 

TriLife

Active Member
Thanks for that information @pete_c .

Any comments on whether I can use tue same SSID name across all 5 APs, with out confusing all of my devices? When I initially installed the system, it was set up with a single SSID name , but it ran very unstable. Made many changes, including upgrading from a consumer router/firewall to the 3011, which could handle all of my devices. I never went back to trying it will the a single SSID name.

I'm not looking for a seamless handshake while roving around the house. All of my devices are fixed in one spot. I just am looking for a stable connection once established.

When I cruise around malls in Europe, they seem to have the same SSID for all of their APs. And it seems to work fine.
 

pete_c

Guru
Any comments on whether I can use tue same SSID name across all 5 APs,

Thinking I am at 20 SSIDs and have no issues with Tasmota / Alexa devices connecting.

The Tasmota devices will connect to the SSID with best RF signal.

Remember now that you share the WiFi connections (even with different SSIDs) on one transport. So have GB and multiple radios helps some with the transport.

Way back here working for an Airline...one of the projects back then was doing WiFi for the airports. Each airline owned it's own Wifi SSIDs and hardware. Used Cisco WAPs with one controller back then. (early 2000's) . Today the airports domestically and internationally own the hardware and lease the shared use to the different airlines much like the airlines rent parking spots. Internationally the transport in the EU, Latin America and the pacific rim is managed by SITA / Equant and ARINC. (I think still today). It is all about CUTE (common use terminals) such that any airline can use these.

For home you want stable WiFi to your stationary tasmota devices. 1-2-3 WAPs depending on the size of your home will work fine and can have all of the same SSIDs. I mentioned Ruckus because I switched from Ubiquiti to Ruckus a few years back and am happy with them. I would say that Ruckus is more commercial than residential. You can configure power levels such that you do not saturate your signals. If that happens then there is a degradation of signals (wifi holes).

There is wifi diagnostic software that you can use on your smart phone to check footprint and WiFi usability from one or more access points.
 

TriLife

Active Member
Thanks for the reply. Will try to move to single SSID...

Just checked for a ruckus AP on Amazon, Ruckus R750 Wireless Access Point https://a.co/d/hJrLjmD. $1,800!!! That's more than 20x a Netgear or Ubiquity....
 

ano

Senior Member
You can have a million SSIDs but you are aware there are only three non-overapping 2.4Ghz channels available, and at 5Ghz, there are only really 4 channels without external interference. I'm not sure how big your house is or where you live, but I can guarantee there are neighboring AP's causing interference. At this moment, my router is tracking 230 "rogue AP's" and at least 40 that are at least causing some interference. So I must live in a city, right? Nope, about 35 miles from the city. Today many cars even have access points. Right now I see myGMC BAFO, myGMC, about 8 Porsche' about 6 Audi's, etc. You get the point. There really is no purpose for multiple SSIDs unless you want to segregate by frequency. I the 3 SSID's, one for 2.4Ghz, one for 5Ghz, and one combined. That way you can force a device on one network or another. Many devices only support 2.4Ghz, and some that support 5Ghz only support some channels. Most AP's can automatically load-balance by AP, and by frequency. I limit each AP to 30 devices. WiFi 6 helps, but they REALLY need to allocate more bandwidth to WiFi. Money talks, but WiFi doesn't have the lobbyist groups that cellular has.
 

TriLife

Active Member
Thanks for the information @ano .

Just like you, i live outside the city, but my neighbors are mostly cows. And they don't have wifi, it seems. I just scanned my area networks and only one neighbor's 2.4&5g shows up. All others are mine. Where I am at one extreme of the house, one SSID is at -40db, one at -60db, the rest all below -85db. BUT, they seem to be sitting on overlapping channels, which i will need to fix. Thanks for the heads up. The new TP-Link EAP biz series promises to auto-track that and allows me to control transmit Power.

The house is 6,000sqf, shaped like a boomerang and built of reinforced concrete. The road is far enough away, behind a hill and only sees a couple of cars a day. The signal in my guest-suite drops out going through two walls!
 

LarrylLix

Senior Member
I was advised to use a single SSID by my mesh router system. I tried that with great failures over the years. It turns out that many devices do not like to change APs when you move around and will need to be rebooted or power cycled.

The multiple AP with a single SSID name sounds great but doesn't really work very well for some equipment. I found it simpler to use multiple SSID names and allocate devices to bands where you want them to stay. Now I use 2.4GHz for my home automation bulbs and devices and 5 and 6 GHz for my computer and mobile devices. The WiFi 6 band technique works much better now, even on the 2.4GHz band. It arbitrates devices better so you get clashing of signals and allows much faster comms.
 

TriLife

Active Member
Hi @LarrylLix ,

That's useful information and confirms my experience.

Unfortunately I triggered on the previous post and started converting.

95% of my IoT devices are stationary. In fact they are Sonoff/Tasmotas, which reside within 2-3feet of my APs (all controlled load wires lead to distribution boxes where arrays of 12-18 Sonoffs are mount d side by side). And these SSIDs (b/g/n) are strictly reserved for IoT. I'll be able to dial down the transmit Power too.

I have had a single SSID across my network for my 5ghz devices from quite some time. No issues walking about, while on a Voip call, at least with my Pixel 5a.

This whole conversion is a long process. It takes about 5 mins each to upgrade a Sonoff/Tasmota to latest Rev, change wifi and back up configuration... And because there's a fair bit if typing involved, i can't even have a 🍸 while doing it... And I haven't even started the ISY->Polisy migration, involving all the Z-Wave motion sensors and quad remotes... 😔

Cheers!
 

LarrylLix

Senior Member
Just as a matter of interest..... in my previous home, I was running about 35 RGBCW smart bulbs, all connected to my mesh routers via 2.4GHz. In an effort to improve comms,(reducing device count on each AP), I tried to use an older Netgear router, just for the smart bulbs and other HA devices. Using the same SSID, and password, I thought the devices would just switch over to the newer router as I changed the SSID and password of the mesh system. No such luck! After power cycling routers and devices, none would connect. In the end I had to factory reset every bulb/device individually and reconnect each one to the same SSID name and password before any would connect.

Now, years later when I went to move out of that location, I tried to back off on devices in preparation to shut everything down, for moving away. Those bulbs and other devices would not connect to the same SSID and password on the original mesh router again. I had to factory reset each device and start over again, using the same credentials.

In short there must be some other parameter built into the SSID security system. SSID and password are not the only parameters involved for some devices. Luckily those devices never moved geographic location. They may not have reconnected to different mesh routers automatically.

Eventually I dumped my mesh system and got a better single router system. I found the signal levels dropped significantly once I added the second ASUS router and it created a mesh system. My wife's iPad couldn't reliably pick up the 5GHz band across 15' in the same room after the mesh formed. However the WiFi 6 on the 6 GHz bands could be connected to anway on the acre property. Weird!
 

pete_c

Guru
the APs are VPN capable. I'm only vaguely familiar with this technology. Could I try to isolate the IoT SSIDs, so they cannot access any of my other devices on the network, except the UD Polisy, which controls them (MQTT)? Or am i opening a can of worms there?

Thinking here you meant VLAN capable. Yes you can create a VLAN SSID. It is just management of another subnet.

AP SSID - VLAN 51 ==> L2 switch VLAN 51 ==> Router interface VLAN 51. VLANs are just Virtual LAN. Note that you isolate the LAN but the traffic on the VLAN adds to the LAN traffic back plane of the switch.


Enabling Tasmota on the WiFi devices makes them non iOT as all of the control is local to your Lan. (IE: Broker is on your LAN)

For NTP time here use the IP of the Gateway as PFSense is running NTP. Here have isolated and not passing DNS and NTP through the firewall via PFSense. Rather the PFsense firewall does NTP and DNS to the LAN clients.

I am picky about Tasmota NTP time so configured one and copied configuration to reset of my Tasmota devices.

To isolate these devices from the main LAN you utilize an iOT SSID (same one..here calling it Tasmota).

Google devices need to access the WAN such that then you would add the Google devices to same said iOT SSID

Furthermore you would then create a VLAN for same said iOT devices as you mentioned.

Baby steps here...first put all of the Tasmota's on the same SSID. You can manage all of them using the Tasmota Admin app on Home Assistant which will show them all and status on one page. Not sure what 100 devices will look like but I use it today to manage my Tasmota devices. You can issue one command in the Tasmota Administration GUI that will update the firmware on all of your devices. Here pushing the implementation of Home Assistant which you can run on an RPi just to manage your Tasmota Devices.

Here is a picture of the Tasmota Admin GUI Note that each device shows WLAN signal strength. Home Assistant is free and runs nicely on a RPi. You can continue to utilize your existing Tasmota management / automation stuff and just use the Tasmota Admin program as a monitoring and update utilitiy.

tasmotaadmin.jpg

For the guest house - area with poor signals you can now purchase a powerline combo network WLAN extender. I am testing a couple of new ones that work and provide up to a Gb via powerlan.

Test Google for functions this way.

Then afterwards create a new iOT SSID...calling it say TasmotaIoT with an isolated VLAN to your firewall.
 
Last edited:
Top