RT-ac86u + 4/5 rt-ac68u AiMesh nodes upgrade advice

[giopas]

Hi all,

I currently have at home a RT-AC86U as main router, with 4 RT-AC68U as AiMesh nodes all running latest Asus Merlin's firmware (386.10).

1gb Ethernet is in each room (except in the attic where I use a decent powerline) and I have around 30 devices connected, of which around 12 are wireless (some being 2.4Ghz, others being 5Ghz and only few being 6Ghz capable). I have an OpenVPN server running on the main router and "dual band smart connect" is activated.

To give a better idea, I have the main router in the kitchen/living room, one node in the office on the same floor, one other node in the basement, one node on the master room on the first floor and the last node in the attic. Still I have the kids room on the first floor which are not well covered!

Edit: I forgot to mention that I also already have 2 TP-Link TL-SG1016DE which I use as switches at home (it this could be relevant)

I must also admit that in the latest months the main router is showing a bit of fatigue in handling the network traffic and often it looses wifi connection and the webui becomes unresponsive. This also after a complete factory reset of the network (which made the situation better, but I still encounter issues from time to time). For this reasons, I have a daily scheduled router reboot in place.

I am therefore looking either to purchase a new RT-AC68U (so to cover the dead spot, but leaving the unresponsiveness issue unsolved) or to switch altogether to a newer/better router and AiMesh system (possibly with Asus Merlin's fw).

What would you suggest?

Thanks!

 

[Tech Junky]

I would suggest ditching Asus and getting a wired router and a couple of APs is instead of having 5 routers.

 

[degrub]

What is your ISP bandwidth Down/up ?

If you are at 1 Gbit/s service, you may want to seriously consider rolling your own with Pfsense or moving to SMB gear, particularly for the future.

 

[Tech9]

I currently have at home a RT-AC86U as main router, with 4 RT-AC68U as AiMesh nodes

In case you want to stop rebooting daily:

Recommendation wireless home system

Hello, I'm novice in this forum. I'm going to upgrade my home network. I struggle to define my wireless network. I already build the hard part - wired network. My requirements are - two or 3 WIFI points to cover my 3 floor house. - dedicated wireless networks - I want to separate wifi from...

www.snbforums.com

 

[giopas]

I would suggest ditching Asus and getting a wired router and a couple of APs is instead of having 5 routers.

Why such a drastic advice (true question)? Do you have any suggestion?

What is your ISP bandwidth Down/up ?

If you are at 1 Gbit/s service, you may want to seriously consider rolling your own with Pfsense or moving to SMB gear, particularly for the future.

Well, I currently have a 200Mb/s up and 50Mb/s down. Eventually, in one or two years I hope to go for a 1 Gb/s though.

Do you have any suggestion?

In case you want to stop rebooting daily:

Thanks, let me check at it.

What if I buy a RT-AX86U and use it as main router and converting the RT-AC86U as additional node?

 

[Tech9]

You have perhaps the most unreliable Asus router as Main and perhaps the worst today routers as Nodes. You have Ethernet available - recycle or sell the old home routers, build small business Wi-Fi system with PoE once properly and enjoy your reboot and reset free life. Why buy more Asus routers?

 

[degrub]

Why such a drastic advice (true question)? Do you have any suggestion?

Well, I currently have a 200Mb/s up and 50Mb/s down. Eventually, in one or two years I hope to go for a 1 Gb/s though.

Do you have any suggestion?


Thanks, let me check at it.

What if I buy a RT-AX86U and use it as main router and converting the RT-AC86U as additional node?

See @Tech9 post for one suggestion. Beyond that it is a matter of how much time you are willing to invest for something like PFsense or SMB gear. i run older CISCO gear (AC) for APs and a CISCO router on Gbit/s service. Haven't rebooted or had issues in at least several years. My gear is EOL, but have no issues behind ATT's router.

With kids coming online, i would look for more proactive, aggressive AV, malware, etc filtering and detection. Or isolate the kids on their own lan (VLAN) to reduce the chance of cross infection/corruption.

At your current Down/Up 200/50, current consumer gear should be able to handle.

 

[giopas]

You have perhaps the most unreliable Asus router as Main and perhaps the worst today routers as Nodes. You have Ethernet available - recycle or sell the old home routers, build small business Wi-Fi system with PoE once properly and enjoy your reboot and reset free life. Why buy more Asus routers?

Ahahaha, I though the worst Asus router was my old RT-AC87U, which I eventually replaced for the RT-AC86U and coupled with the 4 RT-AC68U!

I thought to stick with Asus to do not loose all the money invested, well knowing that every 5 years or so, an upgrade is needed (now it is wifi 6, in few years wifi 7, etc...).

What would you suggest, to buy a pfsense router like this [1] and put some - probably 5 or 6 - Ubiquity UniFi UA 6 Pro (with their U-POE-AF Injectors and/or Ubiquiti UniFi Switch Lite USW-Lite-8-POE [2]) on the top to handle the wifi?

Overall it seems quite expensive...

​

[1] https://amzn.eu/d/gSrByEj
[2] should I instead have a Ubiquiti UniFi Dream Machine Pro and not that Switch lite? I do not know the difference

 

[Tech9]

You can use one of the Asus routers as a wired router temporary. Wi-Fi with network controller driven Omada in particular is far superb to what AiMesh has to offer. It's cheaper than UniFi as well. You can start with few APs and expand as needed. PoE switch is better in a long run. Many Omada APs come with PoE injectors included though. Network controller is needed for better roaming (plus other features). Software free version is available if you have a computer running 24/7. Hardware controller is $100 (OC200). There are also Omada compatible wired routers starting from $60 (ER605).

What you have is >10 years old technology (the AC68U routers). There is no much left from this investment.

 

[giopas]

Thanks, it seems I am opening my can of worms as I really do not know about Omaha, would you have some actual list/suggestion of the gear I would need, so I can have a look at it?

Thanks!

 

[Tech9]

You have excellent devices available on Amazon:

I know houses in Europe may be challenging for Wi-Fi, but you have to explore around for better than home routers options.

 

[Tech9]

list/suggestion of the gear I would need, so I can have a look at it?

I'm not familiar with the prices and availability in Germany, but look here:

Omada-Cloud-SDN | TP-Link Deutschland

TP Link - Omada-Cloud-SDN

www.tp-link.com

They have almost everything for every possible use case indoor/outdoor.

 

[giopas]

What about something like this:

1. TP-LINK ER605 5 Port Dual/Multiple WAN VPN Router (up to 4 Gigabit WAN Ports, High-Secure VPN, Omada SDN, Central Management, Intelligent Monitoring, Firewall) Black, Ideal for Office Network https://amzn.eu/d/eXBi2T4

2. TP-Link Deco X50 Wi-Fi 6 Mesh WLAN Set (3 Pack), AX3000 Dual-Band Router & Repeater (Range up to 604 m², WPA3, Ideal for Large Houses, Compatible with Amazon Alexa, 9XGigabit Ports) White https://amzn.eu/d/gpw60Cz


Edit: I forgot to mention that I also already have 2 TP-Link TL-SG1016DE which I use as switches at home (it this could be relevant)

 

[giopas]

What if I go for something like this?

1x Dream Router - EU Variant = 185 EUR
5x Access Point U6 Mesh = 830 EUR
5x PoE Adapters - PoE (15W) = 37,50 EUR
Total = 1,052.25
All of this behind the ISP modem and using the 2 mentioned TP-Link TL-SG1016DE (maybe 3 if needed).
Would the dream router be sufficiently good to:

a) handle around 30 devices connected (of which around 12 are wireless),
b) a lot of connections (I have two NAS running all the time + streaming services),
c) OpenVPN (I have a public IPv4),
d) portforwarding (for Caddy - reverse proxy - and Plex),
e) fixed NAT IPs (for NAS, game station, etc), and
f) allow to define a MAC wan address (as I need it to avoid double NAT on the ISP modem)?
It is quite pricy, but if it would be relatively future proof and especially better use, I may consider this.

 

[Tech9]

What about something like this:

TP-Link Deco is a consumer product not compatible with Omada business line.

What if I go for something like this?

Many options to choose from, but don't rush with 6x APs - you may not need so many.

Would the dream router be sufficiently good to:

I never used this soda can router. Check what it can do in documentation. Looks like cheaper version of UDM. I would rather run my own OPNsense/pfSense appliance as router. You can do UniFi APs with software controller for Wi-Fi and a router of your choice. You can use your RT-AC86U with radios disabled if you want. Not very reliable model, no VLAN options and on life support, but will work until you find something better.

 

[giopas]

I would rather run my own OPNsense/pfSense appliance as router.

Any brand/model to suggest?

You can do UniFi APs with software controller for Wi-Fi and a router of your choice.

What does it mean with software controller? Could you please elaborate?

Thanks!

 

[Tech9]

If you run very fast on an unknown path most likely you'll trip and fall.

What you are asking about is not only moving to different class equipment, but you're asking for substantial upgrade as well. The more you want the higher the price. If you really need 6x APs - why 4x4 model with 160MHz support? What you are going to be using this Wi-Fi for with your 12x wireless devices with perhaps half of them phones and tablets? Do you have options for 160MHz wide channel and how many of your devices support it or need it? I can easily recommend you perfectly matching equipment for thousands, but this is not the goal here. Not needed.

You're starting from >10 years old tech AC Wave 1 routers and AiMesh with very little control and not really a "mesh". If you want to improve your Wi-Fi for less: 1) use what you already have; 2) don't go crazy with very high requirements. I would start replacing AC68U with wall plate EAP615-Wall APs. They are available from about €80 and have LAN ports. You have NAS/Plex running - Omada Software Controller may run on one of those for free (check what device can run it). Many Omada APs come with PoE injector as well (check your local supplier). For about €400 you organize good Wi-Fi coverage and then continue using your Asuswrt-Merlin router you are familiar with even temporary. Sell AC68Us on eBay/Marketplace for like €30 to recover some money.

This is Omada Software Controller demo:

Omada Controller

emulator.tp-link.com

You will have APs only, but take a look what it looks like. Read what is does and why is it needed with multi-AP system.

Once you're ready with your Wi-Fi we can talk about x86 boxes with pfSense/OPNsense or something else, PoE switches, VLAN segmentation, etc. All at once - more money spend for unnecessary expensive and over realistic expectations equipment and frustration now to make all this thing work. One step at a time, reasonable for home use hardware and learning on the go. Once you see the results of your work there will be no going back to AiMesh.

 

[giopas]

Thank you for the very exhaustive answer and you are perfectly right that if I run fast on an unknown path, most likely I'll trip and fall. This is why I am here asking for some extremely thoughtful advice!

I did some research and looked at some videos and I have the following idea/comments/doubts:

0. Currently each room has one twin Ethernet socket, which all connect to a CAT-6A socket (10 cables) in the basement, linked to one of my 16 ports unmanaged TP-Link TL-SG1016DE.

1. PoE: if I want to bring PoE to each socket of the room, it seems I have two options:

a) to replace the TP-Link TL-SG1016DE with one (or two) managed, gigabit, PoE capable switch(es).
Like this one, right? TP-Link TL-SG108E https://amzn.eu/d/9rC5DIS

b) keep the TP-Link TL-SG1016DE and use, for each Access Point, a PoE injector, such as the TP-Link TL-POE150S https://amzn.eu/d/aEBchud

Is it correct?

2. Re EAP615-Wall AP: it seems indeed a nice device. I have a couple of stupid doubts, though: I will not be able to mount them on the wall (as the twin sockets are in most of the rooms behind some furniture, but I have a 1-2 meter cables that start from them).
- Is it still ok to connect the Access Point with a "flying" cable?
- In case of issues with PoE I could always use a TP-Link TL-POE150S, right?
- This also in the case of the attic, which is currently linked to internet via a powerline. I could use a PoE injector to make work the Access Point, right?

3. I quickly looked at where I could install the Omada Software Controller. It could be on my NAS or even on my raspberry pi 4. However, I am worried to let such very important job done by a device which is used for a lot of other reasons. Am I paranoic? Anyway, I saw that a simple TP-Link OC200 controller should do the trick (https://amzn.eu/d/3FZtER1) Is it correct?

4. As you suggest, I could simply stop here and let, for the time being, the Asus RT-AC86U to do the job of DHCP/Router/Firewall. This way, I would spend something like:
5x TP-Link EAP615-Wall ~500 EUR (if all are necessary, to be tested on the field, probably starting with 3)
5x TP-Link TL-POE150S ~100 EUR
1x TP-Link OC200 ~90 EUR (I could start with a Docker on the NAS and see if I prefer to buy a separate, dedicated device)

In the future I may want to ditch the Asus altogether and go for something like TP-Link ER605 (https://amzn.eu/d/9Drazgg).

Does all of this make any sense?

Thanks!

 

[Tech9]

Is it correct?

Do it this way and not in a hurry:

- Get one EAP615-Wall first from a place you can return it and see how it works in your environment. It has UI for stand alone mode or can be set with Omada App. Run it on max power and measure the signal level around. This will give you an idea how many more do you need.

- You don't have to go with the same type APs all around the house. Perhaps EAP610 ceiling mount AP will work better closer to your back yard or in the basement? Perhaps you have a central location AP spot and the best range EAP670 is a better fit there?

- Instead of buying PoE injectors for €100 check the price/availability of proper PoE switch(es) and put the €100 towards the switch(es). JetStream series are Omada SDN integrated, but all smart switches have own UI. TL-SG2210MP is a popular choice for small networks.

- Don't rush with the hardware controller. It's better - relatively cheap, power efficient and independent, but you can find a proper device to run the software controller for free. If the controller stops you Wi-Fi system doesn't stop - it just loses temporary the extra features.

- Once the controller is up and running provisioning extra APs is super easy, including wireless "mesh" APs (check the different models). You can have an adapter powered AP outdoors still part of your Omada network. It won't beat speed records, but may be an option for tough to reach places.

- SafeStream are Omada SND integrated routers and ER605 is the smallest and cheapest one. You won't find features like Parental Controls on business routers though and you may prefer to run something more home oriented and familiar like your RT-AC86U. Don't rush to replace the router yet.

This is why I am here asking for some extremely thoughtful advice!

Without seeing the place I can only give you ideas and directions. Why Omada? Because I've seen it in action and it's perhaps the best price/performance SMB system applicable for home use with still easy to understand management. The final result is similar or better than UniFi.

@ForkWNY runs Omada system at home and they can also give you some advice and share experience.

TP-Link ER605

I'm helping a neighbor redo their network stack in their house. I just wanted to confirm that this router does not require any cloud stuff. Does it have it's own interface (web) in the box so it can be completely managed on the LAN? Thanks in advance.

www.snbforums.com

 

[giopas]

- Get one EAP615-Wall first from a place you can return it and see how it works in your environment.

Good point, I could indeed start with one and roughly understand how many I need of them.

- You don't have to go with the same type APs all around the house. Perhaps EAP610 ceiling mount AP will work better closer to your back yard or in the basement?

I excluded ceiling mount AP, as I do not have Ethernet cable running on the ceiling and indeed I like to have the possibility to use the AP as an additional small switch, in case I need another cable.

- Instead of buying PoE injectors for €100 check the price/availability of proper PoE switch(es) and put the €100 towards the switch(es). JetStream series are Omada SDN integrated, but all smart switches have own UI. TL-SG2210MP is a popular choice for small networks.

So you are confirming (for what you can tell, of course) that placing a PoE switch in the basement will power Ethernet in each socket room, right?
I just see that on Amazon.de this switch is actually more expensive than 5 PoE injectors, but I can better look around.

- Don't rush with the hardware controller. It's better - relatively cheap, power efficient and independent, but you can find a proper device to run the software controller for free. If the controller stops you Wi-Fi system doesn't stop - it just loses temporary the extra features.

I quickly tried and I have managed to install the controller on Docker.
Question: which extra feature?

- Once the controller is up and running provisioning extra APs is super easy, including wireless "mesh" APs (check the different models). You can have an adapter powered AP outdoors still part of your Omada network. It won't beat speed records, but may be an option for tough to reach places.

I indeed have a wireless mower in the garden, but already now it is reachable from the RT-AC86U, so I think I won't need an external one.

- SafeStream are Omada SND integrated routers and ER605 is the smallest and cheapest one. You won't find features like Parental Controls on business routers though and you may prefer to run something more home oriented and familiar like your RT-AC86U. Don't rush to replace the router yet.

I will definitely look at this on a second step.

Thanks a lot again for your extraordinary patient and useful advice.

Edit: order placed. Once I'll receive the furniture, I will start testing (side by side with my current wireless set-up) and come back with a feedback/additional questions. Thanks!