Sunday, May 3, 2020

Tips for implementing a secure Mesh WIFI setup

Since we are required to stay home more during the current COVID19 outbreak, decided to take the opportunity to inform of a MESH WIFI network (link to Wikipedia) I have setup in my home to eliminate WIFI blind-spots and simplify connectivity for the home (as well as the Android audio-video box for internet radio).

For most of the us, the following would be the typical home WIFI setup.

From Google ... why re-invent the wheel?

However the typical home WIFI setup is not ideal - the signal weakens the further you are from the WIFI router, irregardless of whether you are trying to access the old 2.4Ghz or newer 5Ghz channel(s).

You could add WIFI Repeaters into your WIFI setup but that means you need to switch to a different SSID for every different repeater you need to access (at different parts of the house). 

Furthermore, the fast WIFI Repeaters are quite costly - especially if you require a few to provide decent WIFI coverage in the house.


MESH WIFI was introduce to address the above issue(s).  In theory, with a MESH WIFI setup you can be communicating seemlessly via WhatsApp video chat and walk to all corners of the house without issues - WIFI signal strength will be good anywhere in the house.

The following would be the typical setup for a MESH WIFI network in your home. Number of nodes or slaves requirement would depend on the size of your home.

Image CUT&PASTE from TP-LINK 

Sounds to good to be true, right?

Well, yes and no. 

WIFI coverage will be good and speed will depend on the specifications of the MESH wifi you purchase.

You will lose many of the security facilities normally available on the "run-of-the-mill" WIFI wouters. For instance, most MESH WIFI will have only very basic firewall facilities (some don't). In addition, some MESH WIFI actually run slower when the security facilities has been enabled. Others may have some limitations if you require to run them in certain configurations.

Furthermore, most of the MESH WIFI units lack any decent (or any) "Quality of Service(QOS)" facilities which are bundled with most of the current "run-of-the-mill" routers.

No problemo ... there is a solution - please refer to the pix below.

CUT&PASTE from Google

As per the above pix,  I repurposed my existing WIFI router to became the "gate keeper" with all the security and QOS facilities enabled. Hence best of both worlds via the old and new WIFI routers.

NOTE - Some MESH WIFI routers will need to be setup in Bridge Mode in order to function properly when configured as per the last pix


Been using the above setup for more than a year now. No performance or security issues .... so far.


FYI:- I am not using TP-Link or Google WIFI products, the above pix are for illustration purposes only as I Google-d for configuration illustrations for the discussion


Posted by at 1 comment:
Subscribe to: Posts (Atom)