Asus Network design

[HWfreak]

I am designing a network for several buildings over a reasonable area (not sure how many sq feet), but i estimate, ideally, it will require:

• A mesh capable primary router - I have 2 x AC88U and 1 x AX89X​
• I think 4 x node routers - I have amassed 6 x AC68U​
• a largish switch - I have a netgear 24 port unmanaged switch​
• numerous 5-8 port switches - i have plenty​
• I also have a single L2 8 port switch​
• Optical internet @ 1Gb/s​

Other items of note include:

• I am planning on building a low power (gen 3 i5 powered) opensense FW box to put in front of the router at some point​
• several dated Thecus NAS
• a couple of USB multiple bay storage devices (USB attached storage??)
• 2 x 2.4GHz yagi with some micro PL-259 coax connector...for when i want to try to get some directional range out of one of the node APs...
• I want to build some TrueNas Core boxes to replace the Thecus for storage in the future.
  ​

From my research and commonsense, as mentioned by Dong, it is best to keep the same generation of hardware working together and not mixing it up. Thus, although dated, I was thinking about using one 88U or even both (if I can get more speed out by using them together on my backbone/wired backhaul). Yes the firmware is dated but that should not matter if it is all hiding behind an opensense FW and setup as an AP mesh (I believe that can be done).
https://dongknows.com/best-aimesh-routers-and-combos/

Initially I will not have time to build a FW so the router will have to hold the line as an interim.

In time I will try to pickup some cheaper AX routers to act as satellites (ideally broadcom ones the same as the 89X), and update the infrastructure, but I am seeking your input.

I have a new 300m roll of CAT6 and a decent crimping tool so this could all get a bit out of hand.
Would you like to aid me in this craziness?

 

[Tech9]

Would you like to aid me in this craziness?

You'll be building an End-Of-Life home network. Your Gigabit fiber stops at the main router. Wired you can get Gigabit from RT-AC88U main router in light configuration, wireless up to about 500Mbps. Wireless RT-AC68U nodes - about 250Mbps if lucky and if they work well. With x86 VLAN capable firewall - AiMesh doesn't support user configurable VLANs. You'll be very limited with network segmentation and configuration options. Get proper PoE switches and business class APs instead.

ideally broadcom ones the same as the 89X

RT-AX89X is Qualcomm hardware router.

 

[HWfreak]

You'll be building an End-Of-Life home network. Your Gigabit fiber stops at the main router. Wired you can get Gigabit from RT-AC88U main router in light configuration, wireless up to about 500Mbps. Wireless RT-AC68U nodes - about 250Mbps if lucky and if they work well. With x86 VLAN capable firewall - AiMesh doesn't support user configurable VLANs. You'll be very limited with network segmentation and configuration options. Get proper PoE switches and business class APs instead.



RT-AX89X is Qualcomm hardware router.

Ah, I got that mixed up re Broadcom and Qualcomm - Ta.

This is the hardware (and budget) I have for now. I am learning and as I learn i am finding that I am likely better to build my own FW etc and my NAS are museum pieces although still functional. I am just making what will work for the moment and I will be mindful of your counsel re PoE and business class APs moving forward. Thanks for your counsel.

 

[OzarkEdge]

• I think 4 x node routers - I have amassed 6 x AC68U​

ASUS recommends 4 nodes max, 5 total counting the root node. The AC68Us require using separate 2.4/5.0 SSIDs (no Smart Connect).

• a largish switch

Managed switches may need configuration to allow fw 3.0.0.4 Guest1 WLAN VLANs 501, 502. Coming fw 3.0.0.6 for Pro models only, adds more VLANs and 3.0.0.4 fw compatibility concerns.

• a couple of USB multiple bay storage devices (USB attached storage??)

Never seems to be a reliable application for data storage.

From my research and commonsense, as mentioned by Dong, it is best to keep the same generation of hardware working together and not mixing it up. Thus, although dated, I was thinking about using one 88U or even both (if I can get more speed out by using them together on my backbone/wired backhaul).

Use one. And beware the LAN ports failing on the AC88U.

I have a new 300m roll of CAT6 and a decent crimping tool so this could all get a bit out of hand.
Would you like to aid me in this craziness?

Confirm your cable builds... one less thing to troubleshoot. How are you routing/protecting the wired backhaul between buildings?

I suggest you prototype things before scaling up and hoping for the best.

OE

 

[HWfreak]

ASUS recommends 4 nodes max, 5 total counting the root node. The AC68Us require using separate 2.4/5.0 SSIDs (no Smart Connect).



Managed switches may need configuration to allow fw 3.0.0.4 Guest1 WLAN VLANs 501, 502. Coming fw 3.0.0.6 for Pro models only, adds more VLANs and 3.0.0.4 fw compatibility concerns.



Never seems to be a reliable application for data storage.



Use one. And beware the LAN ports failing on the AC88U.



Confirm your cable builds... one less thing to troubleshoot. How are you routing/protecting the wired backhaul between buildings?

I suggest you prototype things before scaling up and hoping for the best.

OE

Ta for the sage advice - very helpful.
Separate SSIDs is fine - ta for that.
I will probably lay two cables in PVC in the ground and keep one of them as a spare. I don't see any other good options and would only consider wireless backhaul for a few weeks as an interim while i get stuff sorted out.
I will lean on the 68Us for USB if I need to - thanks again!

 

[OzarkEdge]

I will probably lay two cables in PVC in the ground and keep one of them as a spare. I don't see any other good options and would only consider wireless backhaul for a few weeks as an interim while i get stuff sorted out.

Wireless AC68U nodes will perform poorly... and worse if you can't keep them from daisy-chaining (2 nodes max and still not a good idea to daisy-chain EOL APs). A Yagi antenna with side and back lobe range could make this even worse... if the Yagi even works like you hope.

If the building nodes/APs are on separate AC power systems with separate Earth grounds/rods, then your networked equipment grounds/neutrals/chassis may float to different voltage potentials, inducing ground loop currents/noise over wired backhauls. Be prepared to bond the building Earth grounds together to make them one common ground (with separate conduits for power and data).

OE

 

[HWfreak]

I was going to hang all the nodes directly out of either the 88U or the unmanaged switch so that no daisy-chaining occurs at all.
The yagi was just an experiment and I don't have a SWR meter now anyway. I do have a serious application for them if they do work however. EOL hardware so if it dies then so be it.
You raise a good point re the AC. I believe it will all be on the same circuits, but I might make sure that the IT hardware is not on the same circuits as other high current devices such as aircon x 3 (which I will probably need to run a new circuit for), fridges, freezers etc and not near them either (induction etc). A great point. Thanks!

 

[HWfreak]

You'll be building an End-Of-Life home network. Your Gigabit fiber stops at the main router. Wired you can get Gigabit from RT-AC88U main router in light configuration, wireless up to about 500Mbps. Wireless RT-AC68U nodes - about 250Mbps if lucky and if they work well. With x86 VLAN capable firewall - AiMesh doesn't support user configurable VLANs. You'll be very limited with network segmentation and configuration options. Get proper PoE switches and business class APs instead.



RT-AX89X is Qualcomm hardware router.

Thanks again for your comments. I have been considering what you said, my site, and (of course) better coverage and speed moving forward.
Without budget busting (given i already have plenty of legacy hardware), is this the kind of thing you are suggesting or do you have particular models in mind?
AP (I had better not use WAP as I believe that has...another meaning these days...)
Another more upscale option would be this, but still the speed benefit for the cost over the proposed EOL network is not that compelling at this time IF network traffic is light.
That said, moving forward, I would totally follow the path you have suggested with upgrading hardware or just starting with a single PoE+ switch and some APs if required - for my application, that could very easily be the case.

 

[Tech9]

TP-Link Deco is consumer line products. TP-Link Omada is business line. There are many available AP options. Ubiquiti UniFi and TP-Link Omada are more affordable and with good price/performance. I don't know what else is available in your country and at what price, but folks around run different models from Zyxel Nebula and lower cost Cisco CBW. Higher end are Cisco Catalyst/Meraki, HPE Aruba, Ruckus, etc. It depends on what you need, what your knowledge is and of course - the budget. The obsolete consumer hardware you currently have may do the work for some time, but it's a dead end project with expiring support and low reliability.

 

[Tech9]

Run your RT-AC68Us in AP Mode. Seriously, don't go AiMesh. It's mostly consumer oriented marketing. In AP Mode (Access Point) you have individual per AP channel and power control. This is not available in AiMesh. You'll get better control over your system, the reliability will be higher, the interference can be reduced significantly, the roaming can be improved and the aggregate throughput to all APs can be higher. All wired, find a way to do it. When time comes you'll have the wires already in place for your better firewall, switches and APs. Use what you have temporary, but focus manly on the infrastructure. This is the foundation to your future upgrade and expansion.

 

[HWfreak]

Run your RT-AC68Us in AP Mode. Seriously, don't go AiMesh. It's mostly consumer oriented marketing. In AP Mode (Access Point) you have individual per AP channel and power control. This is not available in AiMesh. You'll get better control over your system, the reliability will be higher, the interference can be reduced significantly, the roaming can be improved and the aggregate throughput to all APs can be higher. All wired, find a way to do it. When time comes you'll have the wires already in place for your better firewall, switches and APs. Use what you have temporary, but focus manly on the infrastructure. This is the foundation to your future upgrade and expansion.

You probably just saved me many hours of bad language and time wasting - thank you.
I need to learn to setup VLANs and as mentioned will build FWs and NAS moving forward so I need to take the path you are advocating and study as well. Thanks again.

 

[HWfreak]

Run your RT-AC68Us in AP Mode. Seriously, don't go AiMesh. It's mostly consumer oriented marketing. In AP Mode (Access Point) you have individual per AP channel and power control. This is not available in AiMesh. You'll get better control over your system, the reliability will be higher, the interference can be reduced significantly, the roaming can be improved and the aggregate throughput to all APs can be higher. All wired, find a way to do it. When time comes you'll have the wires already in place for your better firewall, switches and APs. Use what you have temporary, but focus manly on the infrastructure. This is the foundation to your future upgrade and expansion.

Do you name the SSIDs the same (with separate bands as suggested by OE) or have different SSIDs in an AP setup?

 

[Tech9]

You can have all the same SSID to the entire complex of buildings if you want to.

A network for several buildings needs planning. Forget about consumer and DIY gear going forward unless you want to accept unpaid sysadmin and support job. If this place is a business - hire someone to do it for you professionally and focus on the business. Standard equipment someone else can support. Single vendor for better integration. Someone physically there has to do it with equipment popular and available in your country. On a public forum like SNB Forums you can get general guidance only.

 

[OzarkEdge]

Do you name the SSIDs the same (with separate bands as suggested by OE) or have different SSIDs in an AP setup?

I only meant that the legacy AC68Us you have collected do not support Smart Connect band steering, a router WiFi feature you will see in other routers.

Bands/WLANs are always separate, whether you name them the same or differently.

OE