Possible or not? 1USG20W-VPN together with a Zyxel AP,so that end devices seamlessly roam same WiFi

Zyxel_USG_User

Hello, I have an USG20W-VPN, and its WiFi6 is not enough to cover all the intended areas. Now, I evaluate an additional Access Point with WiFi7 and WPA3 to extend the wireless access where is needed, namely an NWA50BE Pro.

Now, I haven't received yet the new AP, but I assume that it will cover the existing area better, so that I might even be able to switch off the wireless on the firewall and use only the new AP with a better overall signal and performance coverage.

If not, I might end up having to use the current firewall WiFi to coexist with the new AP.

Scenario1, for me the ideal one: both existing firewall WLAN and new AP can use the same wireless name SID etc, so that the moving devices roam accordingly to the stronger signal around the perimeter.

Can the two devices extend one single WiFi between them, making the devices capable of WiFi7 and WPA3 to seamlessly switch between the new AP and the WiFi6 / WPA2 of the older firewall + WiFi device?

If yes, how?

Scenario2: existing firewall WLAN remains unmodified, new AP has a new WLAN, and the devices switch accordingly between them for stronger signal.

Scenario3: I might be able to use only the new AP and turn off the WLAN from the firewall, given that I have then overall WiFi7 and WPA3.

Which tools do you recommend for the signal coverage and tuning of the WLAN(s)?

For all possible scenarios above: what do you recommend me to use so that I can measure and then fine-tune the WiFi signal strength for the firewall WLAN and for the new AP WLAN, so that they do not constantly beacon up each other to maximum signal strength against each other?

Anything else that you suggest?

Zyxel_Lynn

Hi @Zyxel_USG_User,

For your current setup, we recommend configuring both your existing USG-20WVPN firewall and the new NWA50BE Pro WiFi 7 access point to broadcast the same SSID, which can enable seamless client roaming between devices.

In order to enable proper roaming functionality, please ensure both the USG-20WVPN and NWA50BE Pro are configured with:

Identical SSID

Identical password

Matching security settings (WPA2/WPA3)

Moreover, for optimal roaming performance, please verify that your USG-20WVPN and NWA50BE Pro have overlapping wireless coverage areas. The signal strength from each neighboring access point should measure between -80 dBm and -85 dBm at the coverage overlap zones. This ensures clients can seamlessly transition between access points without experiencing connection drops or interruptions.

However, one important consideration for WiFi 7 BE mode access points is that with firmware version 7.20 and later, there is an automatic security protocol upgrade behavior. When the security option is configured as WPA2 on the 5 GHz band, the system will automatically convert it to WPA3. Users should be aware of this automatic conversion when planning their network configurations, as it may affect compatibility with older client devices that only support WPA2.

Here is the link regarding the new behavior with the release of the new AP firmware 7.20:

https://community.zyxel.com/en/discussion/28852/heads-up-latest-wi-fi-7-enforces-new-mlo-change-zyxel-implement-in-7-20

If you have any questions, please do not hesitate to contact us. Thanks!

Best Regard,

Lynn

Zyxel_USG_User

Hello, thanks a lot for the prompt and detailed answer!

This was very helpful. I have a better idea now how to plan and test the WiFi for seamless roaming.

I will revert with questions as soon as I have the device and start configuring and testing.

Thank you & Kind regards