Local admin interface. HTML/JS web panel for configuration, BusyBox CLI for shell access. Requires CSRF protection and strict input validation.

Central controller manages hundreds of APs simultaneously — pushing config, collecting telemetry, triggering firmware updates. Handles intermittent connectivity gracefully without dropping client traffic.

REST for synchronous config/query, MQTT pub-sub for real-time telemetry and event streaming. WebSocket used for controller dashboards requiring live updates.

Atomic dual-partition update: new image written to inactive slot, checksum verified, then boot pointer swapped. Failed update rolls back automatically — no bricking in the field.

TR-069 (CWMP) for ISP-managed CPE, NETCONF/YANG for structured config push, SNMP for legacy monitoring. All three may coexist on an enterprise AP.

802.11ax (Wi-Fi 6) is the current baseline; 802.11be (Wi-Fi 7) adds multi-link operation. OFDMA splits a channel among multiple clients simultaneously, MU-MIMO serves multiple spatial streams, DFS avoids radar on 5 GHz channels.

EasyMesh (IEEE 1905.1) standardises multi-vendor mesh coordination. The controller AP manages topology, backhaul selection, and client steering. 802.11s operates at the MAC layer for peer mesh without a central controller.

WPA3 uses SAE (Simultaneous Authentication of Equals) instead of PSK — eliminates offline dictionary attacks. Enterprise mode adds 802.1X port auth: client presents a certificate to a RADIUS server before getting network access.

Band steering nudges dual-band clients from 2.4 GHz to 5 GHz. 802.11r (Fast BSS Transition) pre-authenticates to the next AP before the client moves, reducing roaming interruption to <50 ms. 802.11k/v give clients neighbour reports.

OFDMA (Wi-Fi 6+) subdivides a channel into resource units — multiple clients transmit simultaneously in one TXOP. WMM QoS maps traffic to four access categories. MU-MIMO serves up to 8 spatial streams at once on Wi-Fi 6.

OpenWrt is the most common open-source base — active community, extensive package repo, UCI config system. Yocto/Buildroot suit vendors who need full control. Yocto produces minimal, auditable images; OpenWrt trades size for convenience.

Wi-Fi driver quality is the single biggest factor in AP performance. The MAC layer manages association, QoS, and retransmit logic; the PHY layer handles modulation and calibration. Open-source drivers (ath10k, mt76, ath11k) have improved but some features need proprietary blobs.

hostapd manages the AP role (auth, association, WPA state machine). wpa_supplicant handles the station role for mesh backhaul. dnsmasq provides DHCP and DNS. dropbear is a minimal SSH server. All run as long-lived daemons under a process supervisor.

U-Boot initialises hardware, selects the active image partition, and hands off to the kernel. A GPIO button held on power-up can force TFTP recovery mode. Dual-image layout means a bad OTA update never permanently bricks the device.

Entry-level APs: 64–128 MB RAM, 16–32 MB flash. Every kernel module, daemon, and package competes for this budget. Lean kernel configs, stripped binaries, and tmpfs for runtime data are essential discipline.

Major vendors: MediaTek (MT7986/MT7988), Qualcomm (IPQ series), Broadcom (BCM6750). Each integrates CPU cores (ARM Cortex-A), NPU for packet processing, and the Wi-Fi MAC on a single die. SoC choice determines frequency bands, spatial streams, and PCIe lanes available.

RF front-end chain: baseband → PA (power amplifier) → filter → antenna switch → antenna. MIMO requires one complete chain per spatial stream — a 4×4 AP has four chains per band. Antenna gain, placement, and inter-element spacing directly determine coverage and throughput.

DRAM (DDR3/DDR4) holds the running OS, driver buffers, and packet queues. NAND flash stores firmware images; NOR flash stores the bootloader (faster random-read for early boot). Some designs add eMMC for larger storage.

802.3af delivers 15.4 W — enough for single-band entry APs. 802.3at (PoE+) provides 30 W for dual-band. 802.3bt (PoE++) reaches 90 W for tri-band or outdoor APs. The PD negotiates class with the PSE switch before drawing power.

The Ethernet PHY bridges the SoC's MAC to the physical RJ-45 connector. Multi-gig PHYs (2.5G, 5G, 10G) are now common on backhaul ports to keep up with Wi-Fi 6/6E throughput. SGMII or USXGMII connects PHY to SoC on high-speed designs.