Access Point System
Designing a complete hardware/software system goes far beyond writing code. For a product like a Wi-Fi Access Point (AP), the required knowledge spans hardware, embedded software, networking protocols, security, testing, and manufacturing — each area deeply intertwined with the others. This post breaks down each domain and explains why it matters when building a production-grade AP.
Hardware
Processor and SoC architecture
Most APs are built around purpose-built Wi-Fi SoCs from vendors like MediaTek, Qualcomm, or Broadcom, which integrate a CPU core (ARM or MIPS) alongside the radio subsystem. Understanding the capabilities and limitations of your SoC — clock speed, memory interfaces, peripheral support — shapes every decision downstream.
RF and antenna design
Radio frequency design is one of the most specialized skills in AP development. This includes PCB layout for signal integrity, RF matching networks, and antenna selection (omnidirectional, sector, MIMO arrays). You also need a solid grasp of the frequency bands in play: 2.4 GHz for range, 5 GHz for throughput, and 6 GHz for Wi-Fi 6E deployments.
Hardware communication interfaces
Internal peripherals — flash storage, radios, sensors — are wired together using protocols like SPI, I²C, UART, and PCIe. The Ethernet PHY sits between the SoC’s MAC layer and the physical RJ-45 port, and its configuration affects throughput and power draw.
Power and protection
Most enterprise APs are powered via PoE (Power over Ethernet), standardized under IEEE 802.3af (15.4 W), 802.3at (30 W), and 802.3bt (up to 90 W). Beyond power delivery, the hardware must handle surge protection and EMI shielding to pass regulatory testing and survive in the field.
Embedded Systems
Operating system
APs typically run embedded Linux — either a distribution like OpenWrt, a Yocto-based custom build, or vendor-supplied firmware. Choosing the right base involves trade-offs between community support, build flexibility, security update cadence, and licensing.
Device drivers
The kernel must expose every hardware component to userspace: Wi-Fi radio drivers (MAC and PHY layers), Ethernet, GPIO for LEDs and buttons, and optionally USB. Wi-Fi driver quality has an outsized effect on performance and stability — proprietary vendor drivers and open-source alternatives (like ath10k or mt76) behave very differently.
Resource constraints
Embedded systems are constrained. A typical entry-level AP might have 64–128 MB of RAM and 16–32 MB of flash. This demands lean kernel configuration, careful selection of userspace tools, and avoiding memory leaks in long-running daemons.
Bootloader and recovery
U-Boot is the most common bootloader in this space. A robust firmware recovery mechanism — dual-image layouts, factory reset via button hold, TFTP recovery — is essential. A bricked field unit with no recovery path is a serious operational problem.
Networking and Protocols
Wi-Fi standards
A modern AP must implement IEEE 802.11ax (Wi-Fi 6) at minimum, with understanding of key features: OFDMA for multi-user efficiency, MU-MIMO for spatial multiplexing, Beamforming for directional gain, DFS for radar avoidance on 5 GHz, and CCA thresholds for medium contention.
Mesh networking
Multi-AP deployments use mesh protocols to coordinate roaming and backhaul. EasyMesh (IEEE 1905.1-based) is the standard interoperability framework; 802.11s is an alternative for peer-to-peer mesh at the MAC layer. Many vendors also use proprietary protocols for tighter control over roaming decisions.
Client and connection management
Enterprise APs handle dozens to hundreds of concurrent clients. Band steering nudges capable clients from 2.4 GHz to 5 GHz. Load balancing distributes clients across APs or radios. Fast BSS Transition (802.11r) and 802.11k/v enable seamless roaming with minimal disruption.
Security
Wi-Fi security has evolved significantly. WPA3 (SAE handshake) is now the baseline for new deployments. Enterprise networks add 802.1X port authentication backed by a RADIUS server and certificate infrastructure. The AP must also be hardened against attacks at the management layer.
Remote management
APs in large deployments are managed centrally. Common protocols include TR-069 (CWMP) for ISP-managed devices, SNMP for legacy monitoring, NETCONF/YANG for structured configuration, and vendor-specific cloud controller APIs using REST or MQTT.
System Software
Web UI and CLI
The local admin interface — typically a web UI built with HTML/JS and a command-line via BusyBox — is often the first thing end users and integrators interact with. It should expose all critical configuration while being robust to misuse (input validation, CSRF protection, session management).
Background services
The userspace software stack on a Linux-based AP typically includes:
hostapd— manages the Wi-Fi access point role (authentication, association)wpa_supplicant— handles the station role (backhaul, uplink)dnsmasq— provides DHCP and DNSdropbear— lightweight SSH server for remote shell access
Controller integration
Managed APs report telemetry and receive configuration from a central controller. REST APIs, WebSocket streams, and MQTT pub/sub are common transport mechanisms. The AP must handle intermittent cloud connectivity gracefully without dropping client traffic.
OTA firmware updates
Over-the-air updates need to be atomic and safe. A failed update mid-flash must not brick the device. Dual-partition layouts (A/B image slots) with rollback capability are standard practice. Signature verification on downloaded firmware prevents malicious update injection.
Testing and Optimization
RF testing
Before shipping, every unit needs RF calibration: transmit power per channel and band, receive sensitivity, and spectral mask compliance. This is typically done on an automated test fixture at the end of the production line.
Network performance benchmarks
Standard metrics to validate include throughput (UDP/TCP via iperf3), latency, jitter, and QoS behavior under mixed traffic. Testing should cover both single-client peak performance and aggregate throughput under realistic multi-client loads.
Stress and load testing
Simulating many concurrent stations (STAs) reveals race conditions, memory leaks, and association table limits that don’t appear in light testing. Tools like wmediumd and purpose-built RF shielded chambers help replicate dense deployment scenarios.
Security testing
Firmware should be analyzed for known-vulnerable library versions, hardcoded credentials, and exposed debug interfaces. Penetration testing of the management interface (web UI, SSH, SNMP) is essential before a production release.
Certification and Manufacturing
Regulatory certifications
Before a product can be sold in most markets, it must pass regulatory testing:
- FCC (United States) — Part 15 radio emissions
- CE (Europe) — Radio Equipment Directive (RED)
- RoHS — restriction of hazardous substances in components
- Wi-Fi CERTIFIED™ — interoperability testing by the Wi-Fi Alliance
Certification timelines and costs should be factored into the product schedule early.
Bill of Materials and supply chain
Component selection affects cost, availability, and long-term supply. Critical components (SoC, PMIC, RF front-end) often have long lead times and require qualified alternates. BOM cost optimization is an ongoing process through the product lifecycle.
Production line testing
Automated end-of-line testing verifies that every shipped unit meets spec. A typical test sequence covers RF output power and sensitivity, Ethernet link and throughput, LED and button functionality, firmware version, and MAC address programming.
System overview
The diagram below is interactive — click any layer to expand it, then click a chip to read details about that component.