Enterprise Access Points need to actually implement network features that enterprises use

The Models I want to refer to are not listed in this form.  Additionally, this form does not let me specify access points that do not exist.

I want to suggest improvements to the access points that Negear is calling "Enterprise-grade."  You know, the AX600/WAX630, AX3600/WAX620, AX1800/WAX610, etc. They still seem to be consumer-grade to me because they fall short in many ways for use in a mature Enterprise network.  In their current state, they cannot even begin to compete with Cisco, Aruba, Mikrotik, and even Unifi for Enterprise-grade features.  They still feel like something designed for crappy consumer home networks.

• Corporate networks use internal DNS. If I name the device in DNS, then its management web interface will not work because if I access the device by its DNS name, the device stupidly forwards my browser to https://www.netgear.com/business/services/aplogincom/.   To require a raw IP address for a web interface to work at all is shortsighted. I name all of my devices, both forward and reverse, but you have effectively broken that on purpose. I have to look up the address manually and then enter the address in a browser. Please, do not require raw IP addresses for professional networks that name their devices!

• There is no way to install a private Certificate Authority (CA) certificate! Instead, you give ugly end-user instructions that each browser should ignore the warnings and to allow the self-signed certificate. Professional private networks often have their own internal certificate authority and distribute that CA certificate to all devices.

• The device hostname cannot have dots in it. It should be possible to set a hostname with a dot in it that is still not fully qualified. This helps when you want a device to tell a DHCP server that it should be named inside of a subdomain, for networks that automatically name their DHCP clients.

• Email alerts configuration requires an SMTP Auth username and password. This should not be required! Professional networks often host internal mail servers authenticate by IP address, not by username. They allow all mail sent from internal devices.  This is especially helpful for network management which should never need to be bound to a personal e-mail account just to send device alerts.

• The Wireless MAC Filter does not provide a way to reject all private MAC addresses with a simple mask. Professional networks often do not allow obfuscated/random private mac addresses (these addresses have the second bit of the first byte turned on, bitmask: 02:00:00:00:00:00). Enterprise networks are secure and trusted and have the prerogative to not trust unknown devices.  Enterprise network administrators may require tracking who is on their network. It is their network, after all, so they should be able to enforce that. Private MAC addresses should be for on untrusted networks.

• Thankfully, RADIUS authentication is supported, but using RADIUS credentials to manage the device is not possible.  I have to rely on a shared device password for that.

• There isn't a way to manage an army of these access points without subscribing to Insight.  Enterprise APs should let companies run a local controller if they have the resources and choose to do so.  Your Insight live demo doesn't even work -- it errors out with a e-mail and password failure.

• Bug: If I Disable "Traffic Shaping," my traffic is still limited for some reason. I have to explicitly set it to 999 to get it to not be limited, but 802.11ax is supposed to be able to go faster than that.

• Misnomer: "Traffic Shaping" does not mean simple rate limits. What you are doing should be called "Rate Limiting," not "Traffic Shaping." If you want to allow for traffic shaping, then please provide actual QoS/DSCP identification and queue priorities.  These devices do not implement QoS/DSCP and queues, so do not call it Traffic Shaping.

• Complaint: the manual daylight saving setting is a pain, but I get it, you're trying to save space. It might be nice to include only the most common timezones for the markets in which you sell these devices.

I'm sure I might encounter many other places where these devices fall short from being Enterprise-grade, but I feel like I want to go back to using actual Enterprise products instead of wasting my time with these.

Netgear: If you ever actually read this, thanks for listening to feedback.