Environment - I live in an apartment in a wifi only environment. There are two SSIDs for the tenants which allow connection of most devices. One SSID is open but is MAC address enabled based on a list, the other is encrypted and requires authentication. The two wifi services are keyed to the resident accounts so that communication can happen between them for a single resident; but not to other resident computers using the same network topology. The biggest problem for me having a HomeLab is to be able to do things in this environment. In addition, the construction of the apartments are done with a view to fire safety, not to the transmission of wifi signals. I experience a drop of almost 30 dBm from the living room to the back bedroom in signal level. But, my HomeLab equipment is in the back bedroom and the wifi end point is in the living room, hence my dilemma.
Desires - Within the HomeLab, I have things that I want to accomplish in the living room, as well as the back bedroom. In addition, I need the opportunity to move around the apartment at will and still do things on my HomeLab vlans. I have no need to leave the apartment on a regular basis since I am retired. So having a VPN connecting into my HomeLab is not necessary, unless I go on a trip. I have no control over the wifi environment, nor can I tunnel through walls to pull Ethernet cable. So, my HomeLab setup has to be coordinated with the circumstances.
Setup - I have to have a way into my HomeLab which is connected to the wifi environment. I do this through a GL-iNet SLATE router which acts as a wifi bridge to my rack of equipment. Early on I had the SLATE on top of the rack of equipment connected into the wifi environment on the encrypted side and the LAN of the SLATE plugged into the WAN port of my Ubiquiti Edgerouter-12 (ER-12). However, I discovered that the signal level was about -78 dBm with a noise floor of around -71 dBm. So my signal was below the noise floor; not a good situation if you want to get maximum speed. What I then decided to do was put the SLATE in the living room, with a connection through a couple of Powerline adapters to the back bedroom where my rack of equipment resided. That worked very well since I was getting essentially the maximum level of wifi signal that I could get in the environment. But, as I started getting my HomeLab organized, it was apparent that I needed to get some additional equipment into the living room.
I decided to change out the single channel through the Powerline adapters into a trunk line between two managed switches. I placed a Netgear GS108Tv2 switch in the living room with a port configured as a trunk line with all of my defined vlans (13 in all). That was plugged into the living room Powerline adapter and in the back bedroom the Powerline adapter was plugged into a port on a Netgear M4100-26g switch port configured with the same trunk line. The untagged vlan on each trunk port was a dummy that only exists between the two switches. I then configured an untagged vlan port on the two switches that would be used to pass Ethernet signals in the direction of SLATE to ER-12. I plugged the SLATE into the resultant unmanaged port on the GS108Tv2. The other resultant unmanaged port on the M4100-26g was then plugged into the WAN port of my ER-12. I placed a Raspberry Pi in the living room and plugged it into a different untagged port on the GS108Tv2 which led back to the M4100-26g via the trunk to other things I was doing. This setup now allows me to bring other equipment into the living room and place them on different vlans as I see fit.
An additional need was presented when I discovered that my Sleep Number bed needed connection to the internet but would only work with a WPA/WPA2 enabled wifi setup. Neither of the two wifi SSIDs allowed this capability. I had to add an additional router, a D-Link DIR-505L, setup as a wifi repeater connected into the open SSID on the WAN side and presenting a WPA/WPA2 wifi signal on the LAN side. I was then able to connect my Sleep Number bed once I added it to the small bedroom near the bed itself. Since the DIR-505L is a wall-wart it was easily concealed under a vanity. The WPA/WPA2 signal was also used by my Tempest Weather Station hub for connection to the internet. In addition, I have a Raspberry Pi which is connected into the WPA/WPA2 signal and also to one of the vlans in my HomeLab rack.
I had brought a couple of my wifi access ports with me to the retirement apartment. I set one of them up with 4 SSIDs (two disabled for now), one of them for use with my personal laptop to connect within my HomeLab and the other connected into the vlan used for controlling my Tasmota switches. The Tasmota switches are currently used to turn on/off equipment in the HomeLab rack remotely.
Thus the saga of my changes to my HomeLab as a result of the wifi environment ends.