Why the ISP router never cuts it
The router your ISP gives you is a combined device: modem + router + basic switch + WiFi + ONT in one. Fine for a small home with 5 devices. With more users, thick walls or two floors, problems appear:
- Weak and badly placed antennas: the unit sits at the home entrance, not in the center.
- No real roaming: your phone sticks to the first-floor WiFi even on the second floor with minimal signal.
- Few simultaneous clients supported: ISP firmware handles 15-20 devices well. At 30 it starts choking.
- Limited or absent 5 GHz: cheaper models broadcast only on 2.4 GHz, which is saturated in any urban area.
- No WiFi 6 or 6E: they say "high-speed WiFi" but many are still WiFi 5 (802.11ac).
The fix isn't another "more powerful" home router — it's separating functions: let the ISP deliver internet, and let a dedicated access point handle WiFi.
What an access point really is
An access point (AP) is a device whose only function is to broadcast WiFi. It doesn't NAT, doesn't route, isn't a modem — it just takes Ethernet from the router/switch and turns it into WiFi. Sounds restricted but that's exactly what lets it be very good at one thing:
- More powerful and better-designed antennas.
- Dedicated processor for wireless connection handling only.
- Many more simultaneous clients (typically 100-200 per professional AP vs 15-25 on a home router).
- Powered via PoE (Power over Ethernet) — a single cable for data and power. Mounts on ceiling, not desk.
- Proper seamless roaming between multiple APs sharing the SSID.
- Multiple SSIDs with different VLANs (employee net, guest net, IoT net — separated).
- Centralized management of many APs from one web console.
Best practices for good WiFi
1. Place the AP on the ceiling, not the desk
WiFi propagates down and sideways, not up. A ceiling AP covers twice the area of the same unit on a desk. If ceiling isn't possible, at least wall-mount 2.5m high.
2. Less power, more APs
Classic mistake is buying "the most powerful one" and using it alone. Better: several APs at moderate power well distributed. That gives better coverage, better roaming and less inter-channel interference. Rule of thumb: one AP per 100-150 m² of office, or one AP per large room/area at home.
3. 5 GHz as primary, 2.4 GHz only for IoT
2.4 GHz has only 3 non-overlapping channels (1, 6, 11) and is saturated by microwaves, Bluetooth, neighbors and old devices. 5 GHz has 20+ channels and far less noise. Configure a separate SSID for 2.4 GHz only for IoT devices that don't support 5 GHz (cameras, sensors, smart plugs).
4. Enable WPA3 (or WPA2 + AES minimum)
Never use WEP or WPA1. If your AP supports WPA3, use it. Otherwise WPA2-AES with a strong password. Keep WPS disabled — it's a known attack vector.
5. Separate guest network
SSID "Guests" on an isolated VLAN, no access to the rest of the network. The customer dropping by for coffee shouldn't be on the same broadcast as your file server or your IP camera. On most business APs this is 2 clicks.
6. Wired where possible
Desktops, printers, NVR, large TVs — anything that doesn't move goes wired. WiFi is reserved for laptops, phones and tablets. This frees spectrum and improves everyone's experience.
7. Site survey before buying
In large offices, before installing APs blindly, do a site survey with a test AP moving around and measuring real signal with apps like Ekahau, NetSpot or WiFi Analyzer. Avoids buying 2 APs too many or 1 too few.
8. Update firmware
APs, like any network gear, get security patches regularly. Review and apply quarterly.
If WiFi is slow only in certain zones: coverage problem → more APs. If slow everywhere with many users: capacity problem → bigger or more APs. If only sometimes, especially at night: internet problem (ISP, not WiFi) → see residential vs dedicated internet.
Brand and model comparison
| Model | Standard | Approx price | Best for |
|---|---|---|---|
| Mercusys MR70X | WiFi 6 | US$ 30 | Small home, minimum budget (router, not pure AP) |
| TP-Link EAP610 | WiFi 6 AX1800 | US$ 70 | Small offices, integrates with Omada controller |
| TP-Link EAP670 / EAP683 | WiFi 6 AX5400 / AX6000 | US$ 130-190 | Medium offices, hotels, restaurants |
| Ubiquiti UniFi U6-Lite | WiFi 6 AX1500 | US$ 100 | Large homes, small offices, best app |
| Ubiquiti UniFi U6-Pro / U7-Pro | WiFi 6 / 6E / 7 | US$ 180-310 | Medium-large offices, UniFi ecosystem |
| Aruba Instant On AP22 / AP25 | WiFi 6 AX1800 / AX5400 | US$ 150-260 | SMBs valuing branded HPE support |
| MikroTik cAP ax | WiFi 6 AX1800 | US$ 90 | Existing RouterOS / MikroTik admins |
| Cisco Meraki MR36 / MR46 | WiFi 6 AX | US$ 500+ plus annual license | Corporates with strict compliance |
By brand: what to expect
Ubiquiti UniFi
Modern SMB standard. Excellent app, full ecosystem (APs, switches, gateways, cameras), no recurring licenses. Moderate learning curve. What I most recommend for 10-200 person companies wanting a professional network without subscriptions.
TP-Link Omada
Great cost/performance. Free software (hardware controller OC200/OC300 or software), no licenses. Solid WiFi quality. The most affordable alternative to UniFi.
Aruba Instant On
HPE Aruba for SMBs. Very polished management app, branded HPE support. Pricier than UniFi/Omada with similar features, but some companies require the brand for corporate contracts.
MikroTik
Extremely powerful, engineer-level configurable, but with a steep learning curve. If you already have MikroTik routers and know RouterOS, the ecosystem is consistent. If you're starting from scratch, UniFi is friendlier.
Cisco Meraki
Pure enterprise. Excellent, but requires per-device annual licenses. Only worthwhile for large enterprises with recurring budget. For a normal SMB it's costly over-engineering.
Mercusys and budget brands
Useful for small homes with limited needs. Not pure access points — they're all-in-one routers. Fine for basic home use but don't expect to solve serious problems with them.
Recommendations by scenario
Home 80-150 m²
1 UniFi U6-Lite or 1 TP-Link EAP610 ceiling-mounted in the center of the house. If two floors, one per floor.
Large home (200+ m², 2 floors)
2-3 UniFi U6-Pro with Cat 6 cabling to the rack + PoE switch. Roaming across APs, single SSID, mobile-app config.
Small office (5-15 people)
1-2 TP-Link EAP670 or UniFi U6-Lite/Pro with controller (hardware or software) + PoE switch.
Medium office (15-50 people)
3-6 UniFi U6-Pro or TP-Link EAP683 + hardware controller UDM-Pro or OC200/OC300 + branded PoE switch + VLAN segmentation.
Hotel, restaurant, cafe
UniFi U6-Pro or U6-Mesh distributed. Separate SSID for guests with captive portal (email or social login). Important: keep 2.4 GHz active because guest devices vary widely.
Warehouse, industrial plant
UniFi U6-Mesh outdoor or U6-IW for industrial zones. Office network isolation by VLAN. Special care if there's electromagnetic interference from machinery — see HOMAG case.
What NOT to do
- Buy a home "WiFi extender" or repeater. Halves bandwidth and worsens roaming. Only valid as a temporary patch.
- Stack APs of different brands. They don't roam together; each works alone and clients hop badly between them.
- Enable WPS, leave SSIDs as "TP-LINK_XXX" or use manual passwords.
- Rely on home "wireless bridges" to connect two buildings. For professional point-to-point links there are specific units (Ubiquiti AirMax/Wave, MikroTik wireless wire) costing little more and performing 10× better.
Need help with your WiFi?
If your WiFi doesn't reach where it should, drops with many users, or you want to redesign the network for a new office or home, tell me what you have and where and I'll recommend a config with realistic budget. On-site survey and turnkey config in Cartagena, remote guidance elsewhere.