This article provides guidelines on best practices for configuring
and deploying wireless backhaul on Wi-Fi networks, and goes through the
differences between and appropriate scenarios for client bridges,
repeaters, WDS Bridge links, and mesh networks.
The Options for Wi-Fi Backhaul
In a conventional wireless network, each access point (AP) requires a
wired Ethernet connection to provide backhaul to the wired network
infrastructure and ultimately the Internet. In some environments,
however, it is either impossible or prohibitively expensive to run an
Ethernet cable to each AP. In such cases, Wi-Fi itself can be used
to provide wireless backhaul from the AP (or other network appliance, such
as a remote IP camera) to the wired network. Each Wi-Fi backhaul
link is referred to as a hop, and it is possible to have a chain
of multiple hops between the remote wireless AP to the root wireless AP
that has a wired connection to the network.
There are multiple options for providing Wi-Fi backhaul to the remote
APs. Naturally, each option has both benefits and limitations.
Most critically, each wireless hop introduces latency, which adds in
a linear fashion with the number of hops. Repeaters and mesh also
inherently lower with throughput and user capacity, often as a square of
the number of hops.
It is critical to understand your technical requirements and
constraints, as well as the benefits and limitations of each
wireless backhaul option, when designing a Wi-Fi network and
selecting a particular Wi-Fi backhaul approach.
Option 1: Client Bridge
An access point operating in Client Bridge mode provides Wi-Fi
connectivity for a wired client device. A Client Bridge is intended
to connect an individual wired client device to a Wi-Fi network.
This is depicted in Figure 1.
Figure 1: Example of a network utilizing a client bridge.
When multiple wired client devices are connected through a single Client
Bridge, they share the same MAC address on the network, namely the WLAN
MAC address of the Client Bridge itself. The multiple wired client
devices can still be configured with different Layer 3 static IP
addresses, and each wired device may or may not be able to obtain an
independent Layer 3 DHCP address, depending on the DHCP server.
Best Practice: When using an AP in Client Bridge mode, only
connect one wired client device.
For typical applications, Client Bridge mode is only utilized on
single-band APs. For dual-band access points, one radio (typically 5 GHz)
will be configured to operate in client bridge mode, while the other radio
(typically 2.4 GHz) will be used for providing Wi-Fi connectivity on an
independent SSID to wireless client devices. Client Bridge mode is
generally only available on standalone APs, meaning that each AP must be
configured individually and cannot be managed or monitored from a
centralized controller. Client Bridge mode is available on all
EnGenius® single-band Electron™ and EnStation™ access
points, as well as dual-band APs in the Electron™ ECB series.
Option 2: Repeaters
An access point operating in Repeater mode provides both Wi-Fi
connectivity to client devices as well as providing a wireless backhaul
connection to one or more wired APs. This is depicted in Figure
2. Repeaters are intended for very small networks (e.g. home
environments), where individual repeater APs are used to fill in
particular coverage gaps. Individual client MAC addresses are
preserved, though the VLAN (if any) is defined by the main access
point’s SSID that is being repeated.
Figure 2: Example of a network utilizing a wireless repeater.
For dual-band access points, one radio (typically 5 GHz) will be
configured to operate in repeater mode, while the other radio (typically
2.4 GHz) will be exclusively for providing Wi-Fi connectivity to client
devices. Note that both Wi-Fi bands depend upon the repeater radio
for backhaul. Since the repeater radio must spend half its time
providing Wi-Fi connectivity to client devices and half its time providing
wireless backhaul, the data capacity of a repeater radio for both backhaul
and for Wi-Fi client connectivity is reduced by 50%. When there are
multiple hops, the data capacity is
reduced by 50% at each hop. Thus, for two hops, the total data capacity is only 1/4, for
three hops it is 1/8, for four hops it is 1/16, and so forth.
Repeater mode is generally only available on standalone APs, meaning that
each AP must be configured individually and cannot be managed or monitored
from a centralized controller. Repeater mode is available on all
EnGenius® Electron™ ECB series access points.
Option 3: Point-to-(multi)point WDS Bridge Links
A dedicated pair of APs, usually with integrated directional antennas
(such as the EnGenius® EnStationAC), are configured to operate in WDS
Bridge mode to create a point-to-point link to provide wireless
backhaul. The WDS Bridge link on the remote end is connected to the
remote AP via its wired Ethernet interface. From the perspective of the
rest of the network, this wireless connection looks like a wired
connection; in WDS Bridge mode, the wired Ethernet frame is encapsulated
and encrypted in a Wi-Fi packet on one end, transmitted across the
wireless link, and then de-encapsulated and decrypted on the other end.
Thus, all wired Layer 2 information (i.e. client MAC addresses,
VLANs, etc.) are preserved across the WDS Bridge link. Point-to-multipoint
WDS Bridge links ae also readily possible, though be aware the remote
links collectively share the total available airtime bandwidth of the
link. This is depicted in Figure 3.
Figure 3: Examples of point-to-point and point-to-multipoint
networks utilizing WDS Bridge links.
The WDS Bridge links are statically established, so that each WDS Bridge
AP only accepts connections from pre-defined radios. WDS Bridge
usually requires dedicated hardware at each remote location operating on
independent channels, though some APs allow for one radio (typically the 5
GHz) to be in WDS bridge mode and the other radio (typically the 2.4 GHz)
to be in AP mode to provide Wi-Fi service client devices.
Best Practice: WDS Bridge with dedicated 5 GHz only access
points is generally recommended for most networks requiring both
wireless backhaul and high bandwidth and/or high user capacity
Wi-Fi. While each hop adds latency, there is no throughput or
user capacity degradation, since the point-to-(multi)point backhaul link
is solely dedicated to wireless backhaul, with Wi-Fi access for client
devices being handled by separate access points.
For more information on deploying a point-to-multipoint backhaul network,
download the EnGenius® white paper from this
For large networks consisting of multiple remote nodes, a WDS Bridge
backhaul network requires its own design effort to ensure appropriate
bandwidth capacity and channel utilization. WDS Bridge mode is
generally only available on standalone APs, meaning that each AP must be
configured individually and cannot be managed or monitored from a
centralized controller. WDS Bridge mode is available on all
EnGenius® Electron™ and EnStation™ access points.
Point-to-Multipoint WDS Bridge Network Example
Figure 4 shows an example of an outdoor Wi-Fi network at an RV park
utilizing point-to-(multi)point links to provide wireless backhaul to APs
mounted on light poles. The colored lines indicate the
point-to-(multi)point WDS Bridge links implemented with EnGenius®
EnStationAC access points.
Figure 4: Example of a wireless network utilizing
point-to-(multi)point links for backhaul to outdoor wireless APs.
Red markers indicate the location of outdoor dual-band APs, and yellow
markers indicate the location of additional light poles that were
available at the property. To maximize wireless backhaul capacity,
all of the WDS Bridge links utilized 80 MHz channels in the UNII-2 and
UNII-2e bands (i.e. DFS channels 52-64, 100-112, and 116-128). The 5
GHz radios on the dual-band APs were set to use 40 MHz channels on the
UNII-1 and UNII-3 bands (i.e. channels 36-40, 44-48, 149-153, and
157-161), so as to avoid co-channel interference with the
point-to-multipoint backhaul network.
Option 4: Mesh Networks
In a mesh network, the AP uses its own radio to provide a wireless
backhaul to other APs on the network, eventually reaching an AP with a
wired Ethernet connection to the wired backhaul infrastructure and the
network. In this sense, a mesh network is a network of repeaters,
though mesh is designed to operate automatically and more intelligently on
a large scale. A mesh network creates a set of “dynamic WDS
Bridge” links, using routing algorithms to automatically calculate
the most optimal wireless path through the network back to a wired root
node. This makes mesh networks relatively robust to the failure of
an individual AP; in a process referred to as
“self-healing”, the routing algorithms will automatically
calculate the “next best” path through the network if an AP
in the path goes offline. Since the routing functions are done
automatically within the mesh software, mesh networks are actually fairly
straightforward to set up and are thus scalable to cover large geographic
areas. All wired Layer 2 information (i.e. client MAC addresses,
VLANs, etc.) are preserved across the mesh link. Examples of mesh
networks are shown in Figure 5 (for home / SOHO environments) and Figure 6
(for larger campus-wide environments).
Figure 5: An example of a home / SOHO mesh network, utilizing
EnGenius® EMR3000 mesh routers.
Figure 6: An example of a large campus mesh network, utilizing
EnGenius® EWS1025CAM mesh cameras.
The mesh network control architecture can either be
centralized or distributed. With a centralized
control architecture, an AP controller is required to calculate and
coordinate the mesh parameters for each AP. This architecture,
however, limits the scalability of the mesh network to the capacity of the
AP controller. In a distributed control architecture, such as
the EnGenius® Neutron™ series and EMR3000 product, each AP
operationally acts like a router, continuously sharing information about
its connection status to its neighbors, and each AP uses this information
to compute its own optimal mesh path. In a distributed architecture, an AP
controller can be optional, though is generally extremely useful in
providing centralized real-time monitoring of the mesh network, as well as
establishing the core initial mesh network parameters, such as mesh ID,
Unfortunately, mesh networks have significant limitations, most notably in
the loss of throughput and user capacity, which scales geometrically as
the number of wireless hops increase, as well as the increase in latency,
which scales linearly as the number of wireless hops increase.
Accordingly, mesh networks are not suitable for high bandwidth or
latency-sensitive applications. Because of these performance
limitations, it is generally recommended that mesh networks be
avoided unless no other viable backhaul options are
available. Mesh networks should only be used in environments where
providing Ethernet data wiring to access points or cameras is
impossible or cost-prohibitive.
Mesh networks were originally trendy in the mid-2000s, as a way of both
providing metropolitan Wi-Fi coverage as well as coverage for large
outdoor properties where wiring was prohibitively expensive, such as RV
parks, garden-style apartment complexes, marinas, etc. While many
mesh networks were successfully deployed, most of these efforts ultimately
failed, especially in metropolitan Wi-Fi. Early mesh networks relied
upon single-radio APs on 2.4 GHz using 802.11g. When dual-band APs
were introduced, only 802.11a was available on the 5 GHz band, which still
led to very low throughputs as the number of hops increased.
With the wide adoption of dual-band access points with 802.11ac, there has
been renewed interest in mesh for both Wi-Fi access and surveillance
applications. Accordingly, several startup companies, as well as
established vendors like EnGenius®, have introduced mesh Wi-Fi
products utilizing 802.11ac. While the data rates of 802.11ac are
approximately 25 times larger than the 802.11a data rates of a decade ago,
the number of client devices and their bandwidth demands have also grown
exponentially during that time. The fundamental limitations of mesh
networks are therefore still the same, and thus mesh may ultimately again
prove to be a passing fad.
Nonetheless, mesh networks are the only viable option in many cases.
The sections below highlight how to best design and deploy mesh networks,
so as to maximize their performance and mitigate their inherent
Mesh Network Terminology and Best Practices
The access points in a mesh network are categorized as either root nodes
or remote nodes:
Root Node (a.k.a. Gateway Node): This is an
access point with a wired connection to the wired switch
infrastructure. The remote nodes establish wireless backhaul
connections to the root node. Note that the wired connection
utilized by a root node can either be (1) a direct Ethernet or
fiber-optic connection to the wired switch infrastructure or (2) a wired
connection to a separate WDS Bridge wireless point-to-(multi)point link
on an independent channel.
Remote Node: This is an access point without a
wired Ethernet connection. Backhaul to the network is established
via a wireless connection to a root node or to other remote nodes.
Note that the remote AP still requires electrical power, so an Ethernet
connection to a PoE injector is common, though the
“network” end of the PoE injector may not be connected at
all or may only be connected to a wired client device, such as an IP
The path from a particular remote node back to a particular root node can
require connections via multiple intermediate remote nodes, and this
wireless link in this chain is referred to as a hop. The
mesh routing algorithm selects the most optimal route through the
network. The optimization function used by the mesh APs is generally
proprietary to each AP vendor, but typically attempts to balance several,
often conflicting, parameters, such as the following:
Minimize the number of hops, so as to minimize the
total wireless latency and throughput penalty of the network
Maximize the signal strength of each hop, so as to
maximize the achievable Wi-Fi data rates between the mesh radios on each
hop. For maximum data rates in 802.11ac, the received signal
strength indicator (RSSI) would ideally be in the -40 dBm to -50 dBm
range, though this is usually unachievable in practice since
omni-directional antennas are typically used to create the widest field
of view to neighboring APs. Data rates should be above -65 dBm for
decent data rate performance between hops.
Balance the load on each AP, so as to account for the
number of associated client devices and the total throughput consumption
on each AP. The throughput load stacks as the number of hops increase,
so intermediate remote nodes that are heavily utilized with client
traffic will not give as many resources to downstream remote
Because of the competing tradeoffs in this optimization process, mesh
networks can often result in counter-intuitive and/or sub-optimal
Best Practice: The network design should cluster the
APs into groups consisting of up to four remote nodes that are only
one hop away from a root node.
Thus, at least 20% of your APs, distributed roughly evenly throughout
the property, should be root nodes. Each remote node is therefore
nominally only one hop away from a root node. In the event of a
failure of a root node, the nearby remote nodes will then only be 2-3
hops away from another root node. This approach generally requires
creating additional root nodes, which can be done either by running
Ethernet or fiber-optic cable to the particular remote locations, or by
establishing dedicated point-to-(multi)point WDS Bridge links to create
“wireless wires” from the root AP back to the wired
Best Practice: Each root node should be set on a
static independent channel, and each remote node should be set to
This is done to maximize the airtime capacity of the overall network,
so that multiple neighboring root nodes do not create
self-interference. The remote nodes are set to auto-channel so
that they can fail over to a different root nodes in the event of the
failure of their primary root node. When utilizing
point-to-(multi)point WDS Bridge links to establish root nodes, these
must also be on static independent channels, and thus must be accounted
for in the overall channelization plan.
Both root nodes and remote nodes can operate in one of two modes:
Mesh AP Mode: In this mode, the wireless radio
acts like a repeater, providing both Wi-Fi connectivity to client
devices as well as providing a backhaul connection to one or more remote
APs. For single-band mesh access points, this is the only operational
mode available. For dual-band access points, one of the bands
(typically 5 GHz) will be configured to operate in this mode. The
other band (typically 2.4 GHz) will be exclusively for providing Wi-Fi
connectivity to client devices. Note that both Wi-Fi bands depend
upon the mesh radio for backhaul. Since the mesh radio must spend
half its time providing connectivity to client devices and half its time
providing backhaul, the data capacity of the mesh radio for both
backhaul and for Wi-Fi client connectivity is reduced by
50%. When there are multiple hops, the data capacity is
reduced by 50% per hop. Thus, for two hops, the total data capacity is only 1/4, for
three hops it is 1/8, for four hops it is 1/16, and so
Mesh Point Mode: In this mode, available only in
dual-band APs, the wireless mesh radio (typically 5 GHz) only provides
wireless backhaul, and the other radio (typically 2.4 GHz) only provides
Wi-Fi connectivity to client devices. Operationally, the mesh radio
operates like a dynamic WDS bridge link, so while each hop still
introduces latency which adds linearly, there is no 50% throughput
penalty per hop, since the mesh radio is not also servicing client
devices on the same radio and can be devoted exclusively to
backhaul. Since Wi-Fi access to client devices is restricted to
only one radio (typically 2.4 GHz), the overall client capacity of the
AP is that of a single-band AP. Furthermore, even dual-band
802.11ac client devices will only be able to connect at 802.11n data
rates on the 2.4 GHz radio.
Best Practice: Mesh APs should generally be configured to
operate in Mesh Point mode.
The loss of bandwidth capacity from lacking wireless 5 GHz
wireless connectivity is minor compared to the loss of bandwidth
capacity from losing 50% of bandwidth per hop. This also allows
for the transmit power of the mesh radios to be set at their
value, so as to provide the maximum signal strength between nodes
without being imbalanced with the low transmit power capability of most
5 GHz client devices.
In both operational modes, the overall data capacity of a mesh AP is
reduced as compared to the same AP operating in a conventional
configuration with a wired Ethernet connection to a wired switch
Accordingly, a mesh Wi-Fi network will never have the same
level of throughput and client capacity of a conventional Wi-Fi
Mesh Network Example
Figure 7 shows an example mesh network deployed using the Best Practices
highlighted above. This is an RV park with 437 spaces spread across
a roughly 2000’ x 1000’ area. The main distribution
frame (MDF) is in the southwest corner of the property, and trees in parts
of the property preclude direct line-of-sight to many locations.
Figure 7: Example of a mesh network, utilizing
point-to-multipoint links to create additional root nodes.
The red links and bubbles indicate WDS Bridge links from the MDF to each
of the root APs. In some cases, multiple WDS Bridge links in series
need to be established. The point to point links are designated by
Master or Slave with a letter and number index. (For example, the
WDS Bridge link going between the MDF and G8-R is designated link D, with
[Master D] connected to [Slave D1]).
The other colors and bubbles represent the root and remote APs in Mesh
Point mode, and the nominal mesh links between the remote APs and the root
APs. In the figure, each group is designated with a group number and
an index to indicate that it is a root node or remote node. (For
example, in the right, the root node is designated [G8-R] and the nominal
remote nodes are designated [G8-1] to [G8-4].)
The point-to-(multi)point WDS Bridge utilizing 80 MHz channels on the
UNII-2 and UNII-2e bands (i.e. channels 52-64, 100-112, 116-128).
Each root AP is set to a static 40 MHz channel on the 5 GHz band in the
UNII-1 and UNII-3 bands (i.e. channels 36-40, 44-48, 149-153, and
EnGenius® AP Models Operational Modes
These tables indicate the operational mode and therefore wireless backhaul
capabilities of Electron™ and Neutron™ access points.