The most important features on the cloud would be the hardware configuration like firmware updates and SSID management. Beyond that, some of the nice-to-haves would be mass-deployment of changes like SSID/password or radio bandwidth/channel changes. Another nice-to-have would be client and traffic statistics for connected devices (just connected client data if hardware acceleration is on).
The two main reasons I’d like to move away from Ubiquiti’s Unifi equipment is that the controller software is often difficult to work with, settings often move between firmware versions, and the device firmware for the APs is often unstable. By contrast, GL-iNet’s firmware has been very stable (aside from one experience with beta firmware, but that’s a risk of beta) and it’s all based on OpenWRT which I prefer to Ubiquiti’s completely closed software approach.
As for which Ubiquiti APs to look at, we are currently using some of their Unifi AC Pro APs but if I were to recommend a new one it would be the Unifi U6 Pro if you were able to do 4x4 radios, or the Unifi U6 lite if you stuck with 2x2 radios. Their store pages are linked below.
For these Cloud features you mentioned, including mass-deployment of SSID/password and other WIFI configurations, and the client/traffic statistics, have been supported by GoodCloud (https://www.goodcloud.xyz/).
And the Cloud also supports two very useful functions for device management, remote SSH and remove web config. You can enable the Cloud management on router webpage, and try it by free.
About the AP hardware solution, we may think about Beryl AX with PoE, as you mentioned, which is more powerful than Unifi U6 lite, but little lower than U6 Pro.
I’m familiar with Goodcloud, I use it for the main router at work and all of my personal devices. I just have the basic plan, I don’t have access to the business features, which to my understanding includes the mass deployment of those configuration changes. I also really appreciate the remote SSH and web config on Goodcloud, it is very useful for remote management.
If Beryl AX had PoE they would be my first choice for replacing our current APs.
Good news! I bought a PoE splitter to connect to the Beryl AX that I have and it works without issue. I don’t trust the PoE Splitter for the long-term or in our office setting, I just have it running at home. But there is reasonable hope that a currently unmodified Beryl AX can be properly powered by PoE 802.3 af levels of power.
For reference, the PoE Splitter output rates it for 5V 2.4A maximum.
I need “Custom NAME” DNS Block/Enable Buttons in Network > DNS Page
For example, a button can be labelled by user “Microsoft”, “Amazon”, “Apple”. When a user Enables Microsoft button, All DNS addresses set in that button will be blocked but once a user decides to update something, he/she can temporarily Disable the “Microsoft” blocklist and so on
These are things that should NOT reach Adguard (so user don’t have to see HUGE query logs)
There are so many people who generate “blocklists” based on their experience with Attacks, Telemetries, ADs, etc
Some of those things you see in AdGuard dashboard’s “Top blocked domains” is a valuable data. Such addresses need to be in HOSTs but some items needs to be “UnBlocked” (when a user wants to update etc).
It sounds like that’s easiest handled though adding additional lists through AdGuard Home should you have it. I think you’d still have to toggle those lists off/on when updating devices though. That might be a feature request to raise w/ them if they don’t already have it.
Another option is DeCloudUs. Set up a fully restricted list them, configure DOT/DOH within GL GUI → Network → DNS (requires SSH access to configure the conf). When you need to update client devices just change the GUI’s DNS to Cloudflare or Quad9, back to DeCloudUs when done.
AdGuard query log is already HUGE (thanks to these telemetry datas) and I think Adguard is only filtering port 80 and 443,…
Repeating offenders (Attackers, these unknown telemetries, and known ADs showed blocked in Adguard), shouldn’t even reach Adguard after their IPs are in HOSTs list. For sake of simplifying Query Log,… this has to be done
DeCloudUs etc maybe nice but I prefer to keep things “local” as possible
I can respect that… but a local HOSTS file won’t help your devices (eg: mobile, tablet) when you’re elsewhere. On my GL device I do both: a local blocklist but DNS upstream is to DeCloudUs. Mobile to DeCloudUs.
Technically speaking it should be possible to extract those domains from the AdGuard lists & feed/convert them periodically into a local host/block list. How’s your knowledge of the Linux CLI?
but some items needs to be “UnBlocked” (when a user wants to update etc).