The right access point today is chosen not by the maximum "speed on the box", but by a set of quite mundane parameters: how many bands are actually used, is there 6GHz, how many spatial streams does the radio frequency give, which uplink is on the wired side, is PoE supported, is there a second Ethernet port, can the device works as a bridge, whether it supports mesh, how exactly it can be controlled and in which case it is made. This is especially important for Zyxel, because the Wi‑Fi7 portfolio is already wide: from a desktop point with one 2.5GbE port to models with 10GbE, SFP+, external antennas, IP67 protection and several control modes - from the cloud to a hardware controller.

The Zyxel IAP500BE is a Wi‑Fi 7 industrial access point that focuses not so much on a typical office scenario as on working in a technically complex environment where stability, fault tolerance, and predictable hardware behavior come to the fore.

The Zyxel CX4800-56F is a high-density L3 aggregation optical switch in which the company pioneered the use of 100G ports: 8 QSFP28 100GbE uplinks complement 48 SFP+/SFP28 slots with 10/25gbe support, forming a single 56-port stack for traffic aggregation in campus and data centers factories. With a pass-through switching matrix of up to 4 Tbit/s and forwarding speeds of up to 2 billion packets per second, this switch confidently closes scenarios of highly loaded highways, where not only bandwidth, but also delays are critical.

Tailscale can now be centrally deployed on the security gateway. We'll tell you how to deploy Tailscale and Headscale on the Zyxel USG Flex500, cross internal networks, organize an exit node, and use unique features, from publishing local services to mesh routing via NAT and firewall.

This is a Wi-Fi 7 model with a simplified radio part with a 2x2:2 antenna formula and a channel width of up to 240 MHz, which gives an overall air speed of up to 5.1 Gbit/s. With a 2.5-gigabit network port, the access point can easily handle such complex tasks as backup of client laptops, synchronization of media archives, streaming video in any resolution, and in general, everything that requires the transmission of large amounts of data "over the air" is not very demanding of delays and broadcast frequency.

In modern wireless networks, access points interact with each other by exchanging clients to balance the load and switch the mobile subscriber to a station with a higher signal strength. To ensure that the process of switching between access points remains unnoticeable for the client and does not lead to a pause or interruption of the call through the messenger, the 802.11k and 802.11r protocols are used, which are responsible for switching between wireless stations and maintaining authentication.

The total bandwidth of the ZyXEL WBE530 is 10.8 GBps, but it is clear that it is achieved in ideal conditions when some customers "do not enter the wire", but exchange traffic via Wi-Fi. The access point has two 2.5 Gbit/s network interfaces, PoE power supply with up to 21 watts and 3 radio modules with 6 streams (2x2 for 2.4 GHz, 2x2 for 5 GHz and 2x2 for 6 GHz bands), channel widths of 160 and 320 MHz for 5 and 6 GHz bands are supported.>

The NWA210BE model is a model of the Wi-Fi 7 standard in the medium price range, it has 2 radio modules with formulas 2x2:2 for 2.4GHz and 4x4:4 for 5 and 6 GHz. The 5 and 6 Hz ranges are controlled by a single BandFlex radio module, so only one of them can operate at a time. The NWA210BE supports a channel width of 320 MHz, which allows for high point-to-point speeds, which may be in demand when building wireless bridges or connecting high-resolution NVR cameras.

Following the recommendations of "best practice", network devices of various purposes, such as IoT, work computers, smartphones, guest devices, should always be located in different subnets, and ideally terminated through a common security gateway, however, in some cases, for example, when the gateway does not cope with the flow of traffic, distribution by subnets it can be assigned to a network switch to separate different devices by VLANs, thus separating access to different networks already at a reliable and fast L2 level. Here the question arises, how to cope with a large fleet of devices, so as not to prescribe rules for each individually, and to abandon insecure authorization by MAC address?

Zyxel USG Flex 100AX is an entry–level security gateway that is designed for installation in small offices and branches, in cases where the company has strict security requirements or there is a complex multi-rank network in which it would be nice to restrict employee access to various social networks and unnecessary resources and have an additional line of protection of the network perimeter.

We have a rather interesting class of L3 switches in front of us: multi-gigabit PoE models with a relatively small number of ports, an average PoE budget by modern standards, but 10-gigabit uplinks. They are interesting because the manufacturer has placed 2.5G PoE + 10G in a compact 9-inch rack housing with a silent fan, and such a switch can be installed at home, in a 1-room office, under a false ceiling or in narrow telecommunication cabinets.

We will take two switches: the Taiwanese brand Zyxel and the Chinese counterpart from a little-known manufacturer and look at the design differences and what they affect in order to answer the question - does it make sense to overpay for design features?