Asus AC68 Merlin or Mikrotik/Ubiquity for office

[zsero]

Hi,

I'd like to set up a reliable router + wireless for a small office, like 12 computers + lots of wireless devices.

I have had good luck with Mikrotik RB750GL although creating the initial config script took quite some time.

Now I'm thinking that a AC68 Merlin might be up to the task, but I really don't know. Do you think that a AC68 Merlin can do this both on wireless and wired?

Or I should go with a wired only Mikrotik or Ubiquty + an AC56 for Access Point?

 

[Cloud200]

A little more information would be helpful here.
Are you going to be doing any QOS?
Do you need content filtering?
How fast is the connection?
Do you need WAN failover?
Do you need a guest network to be segregated on the wifi?

anything else you feel is relevant.

edit:
personally I prefer to separate out the router and wifi into two physically different devices for anything more than a few users.

 

[zsero]

Hi,

Most important would be a stable connection. The broadband is not really fast, it's 20/2 mbps ADSL at the moment and might be 80/20 mbps Fibre in the future.

QoS is nice, but only if configuring it isn't complicated or needs constant managing.

Failover would be nice, either to a 3G modem or to some kind of wired 3G connection.

Yes, wifi needs to have 2 networks, one internal (same as network) and one guest.

 

[jlake]

If you're considering the ac68, just make sure you're aware of Merlin's security patch for ac56 and ac68 that needs to be applied.

http://forums.smallnetbuilder.com/showthread.php?t=14660

 

[zsero]

The only reason I'm considering AC68 is because of Merlin's firmware. Do I need to apply patches and so even on Merlin?

Do you think a Mikrotik would be a good solution, given that I know how to configure one?

 

[Cloud200]

Since you already know mikrotik, sticking with it is a pretty safe bet.

I would suggest stepping up to the RB2011 model though for a bit more speed for not much more cost.

For the Access point I would buy a POE unit and power it off of port 10 from the mikrotik.
Off the top of my head;
Ubiquiti-UAP-LR with the Instant 802.3af adapter
UAP-PRO
Cisco WAP121
Cisco WAP321
any EnGenius for the most part.

Just choose which one you find the easiest to manage and configure.

 

[stevech]

For SOHO, I'd choose instead ZyXel or Cradlepoint or others in that class. Certainly not any consumer stuff like D-Link, Netgear etc. ASUS is too R&Dish for the office grind.

 

[Cloud200]

For SOHO, I'd choose instead ZyXel or Cradlepoint or others in that class. Certainly not any consumer stuff like D-Link, Netgear etc. ASUS is too R&Dish for the office grind.

well . . . If we are adding new routers to this list . . . +1 for a Cradlepoint or Peplink.

P.S.
If you have money to burn go with a meraki mx60

 

[zsero]

Thanks for the very helpful comments!

I'll do the following:
1. I definitely split the router + AP to separate devices, as I always preferred, I just wanted to ask if these new Asus monsters might be different.
2. I'll go with a wired Mikrotik, since I already know the basics, have scripts for VPN, etc. The RB750GL is OK for now, it's so cheap that it's not a problem if we later need to upgrade to a RB2011 or something.
3. I'll use two AP for the internal and the guest network.

For the guest network any old TP-Link will do, but for the internal I'm in doubt.

The reason is that many of the computers are new machines (Macbooks, etc.), thus it'd be silly not to go with AC. The problem is that Unify AC is so extremely expensive.

So what would you recommend for AP:
1. Unify 2.4 Ghz Long Range
2. Some AC router with routing functions disabled, like: Edimax BR-6478AC

As you can see, I cannot burn money. I believe this is the best / most powerful setup I can make from not too much money now. Do you think it's the right setup?

 

[Cloud200]

First off, I love ubiquiti. Amazing product for the price point.
On that note, I would suggest you steer away from the UAP-AC ignoring price. Too many issues with stability involving Apple products in my experience.

Using a UAP-LR and Edimax BR-6478AC ought to get you to where you want to be.

What I do for 802.11ac right now is install 1 WAP for just AC and disable the 2.4ghz.
Then install a second WAP for 802.11BGN
On the second WAP I configure a guest network with restrictions to the following subnets;
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

The guest network is segregated on to a separate VLAN.

This will restrict traffic for the guests from talking to your own network and each other.

In addition it gives better speed for the AC clients

 

[zsero]

Thanks for the insight!

I have some updates about the infrastructure: there is one single Asus N55 ADSL2+ modem / router combo, which is trying to do everything:
- routing
- wired clients: 10
- wireless clients: 10
- guest network

The reality is that on wired network the internet is kind of ok, but on wireless everything is quite bad.

My plan is the following:
1. Use a Mikrotik RB2011 or RB750GL for wired routing
2. Get gigabit cable to all clients!
3. Do a UAP-LR for the wireless, and don't worry about AC, as there would be wired gigabit anyway. Or just use the Asus N55 with everything disabled.

I just have to get PPPoA/PPPoE right with the Mikrotik. Can someone explain what is the difference between PPPoA and PPPoE and what is the best strategy for connecting a wired router like a Mikrotik to an ADSL connection? Should I use the Asus N55 as a modem?

Or alternatively, how is the Asus N55 for modem/wired router, if all wireless radios are disabled?

 

[stevech]

May companies limit WiFi such that it is Internet access only; no access to LAN servers.
If at all possible, use cat5 cables and avoid WiFi totally, in a business setting, esp. if you handle health or financial info.

 

[Cloud200]

My plan is the following:
1. Use a Mikrotik RB2011 or RB750GL for wired routing
2. Get gigabit cable to all clients!
3. Do a UAP-LR for the wireless, and don't worry about AC, as there would be wired gigabit anyway. Or just use the Asus N55 with everything disabled.

I just have to get PPPoA/PPPoE right with the Mikrotik. Can someone explain what is the difference between PPPoA and PPPoE and what is the best strategy for connecting a wired router like a Mikrotik to an ADSL connection? Should I use the Asus N55 as a modem?

Or alternatively, how is the Asus N55 for modem/wired router, if all wireless radios are disabled?

1. yup!
2. get at least a smart switch here. something that you can do simple VLANs and LACP via a web gui.
3. UAP-LR with a primary and a guest network separated from each other.

To connect a mikrotik to an ADSL connection you need a modem that will function in bridge mode. If that is the N55 or something simple like a TP-Link TD-8616 or Zyxel P660R-F1, just make sure you set it to bridge mode first.
PPPoA and PPPoE are something from your service provider. I usually see PPPoA on static ip addresses, and dynamic for PPPoE. Not a hard rule, just a general thing.

If you feel you can do what needs to be done on the N55's feature set as is, you are comfortable with the stability it offers you, and the budget does not allow you to upgrade ASAP, then you stick with it. Otherwise, it is time for an upgrade.

 

[zsero]

Thanks Cloud!

About the edge router: do you think there is any point not going with the EdgeRouter Lite? It's quite cheap and seems that as with recent firmwares it supports everything what I'd use in a Mikrotik, like load-balancing.

As far as I know, the EdgeRouter Lite would be much faster than even an RB2011, is this right? What is the main difference betwen an EdgeRouter and say a RB2011? Why should I choose one over the other?

About VLAN and managed switch:
- in my understanding, if I want to use VLAN, I need to have a managed switch at least at the central location, and at the clients I can just use unmanaged switches, is this correct?
- the only reason to use VLAN and managed switch is if I don't have enough ports on the router for doing real split nets. So for example if I want to have dual-WAN + internal + guest network on the Edge, it'd require 4 ports, but it only has 3, so naturally, I'd need to put internal + guest on one port, thus use VLAN.
- but if I'd use a Mikrotik with plenty of ports, there is no need to go with VLAN + managed switch, is there? Link aggregation isn't needed for any server yet.

 

[Cloud200]

I'm just going to list the biggest pros vs cons of using the ERL instead of the RB2011
Pros;
More throughput through the firewall
CLI is basically vyatta
Physically smaller
Anything in the Web GUI is Solid

Cons;
Not rack mountable
GUI is still a work in progress and missing features
Less ethernet ports
Less throughput with QOS rules

Both are nice and stable, low priced, full featured and have an active community.


If you are willing to learn a bit of Vyatta, then the ERL is probably better. Otherwise don't go for a GUI that is very much incomplete compared to the command line and expect yourself to be able to just drop it in and hit the ground running in an afternoon like if you were using Tomato or Merlin.

Personally I really like the ERL but can't use them at work because I am the only tech able to support them. Until I can get some free time to train at least one other person it is just too much of a liability for me (I like being able to take off for a 3 day weekend ).


For the VLAN-
Client side should be perfectly fine with cheap unmanaged switches.

with the ERL;
port 1 - WAN 1, port 2 - WAN 2, port 3 - Trunk to switch with 2 interfaces.
On the switch you can now set up some ports to the guest network and some to the primary.
One of those ports will be a trunk port to the ERL, the other will be a trunk port to the wireless access point.
Configure the WAP to match your switch VLAN settings so everything still gets split based on the SSID you connect to.

with the Mikrotik;
RouterOS supports standard VLANs so you could eliminate the Managed switch.