What's new

Asus 68u and Microtik or edgerouter

Christian_Haitian

Occasional Visitor
Greetings All,

I'm finding that with the number of wired and wireless devices and advanced features I'm using on my network (QOS, VPN, custom IPTV setup, custom surveillance, etc.) I have on my network, I believe I've outgrown the capability of using the AC68U as the main router/firewall for these services. I'm looking at possibly moving to a Microtik or Edgerouter device to handle the routing/firewall needs and let the AC68U serve as a switch/WAP. I also want to setup a guest SSID on the same WAP that is segregated from my regular network and allow just internet access. My questions are as follows:

  1. Has anyone had any experience with setting up a Microtik or Edgerouter with the AC68u as a WAP with support for routing 2 SSIDS to segregated VLANs? Is this doable and reliable from experience?
  2. Any recommendation between Microtik or Edgerouter for this? How about other solutions that may work? I'm looking at moving away from letting just consumer units handle all this as I believe my needs merit something more robust than what consumer units are designed for even with more capable firmware like Merlin.
Thanks,
 

ColinTaylor

Part of the Furniture
The Asus does not have VLAN support (other than for IPTV). In access point mode the guest wireless networks just become additional SSIDs without any LAN segregation. You might be able to add VLANs by "hacking it" with some custom scripts (search the forum for that). Otherwise, as you're only interested in the WiFi you might be better off installing something like Tomato that does have VLAN support.
 

Christian_Haitian

Occasional Visitor
The Asus does not have VLAN support (other than for IPTV). In access point mode the guest wireless networks just become additional SSIDs without any LAN segregation. You might be able to add VLANs by "hacking it" with some custom scripts (search the forum for that). Otherwise, as you're only interested in the WiFi you might be better off installing something like Tomato that does have VLAN support.
After further review, I believe my problem may not be the 68U but the NIC in the main Linux system I use for my IPTV and surveillance system. It won't seem to get any more than 600Mbps on iperf TCP tests between it and my Windows client both wired with CAT5e cabling directly to the 68u. When testing iPerf TCP performance between 2 Windows Clients directly connected via the same CAT5e cabling, I'm getting 900Mbps or more. I'm going to try upgrade the NIC drivers on the Linux system to see if that helps with improving the performance. Glad I decided to test some more before investing in a solution that probably would not have yield better LAN performance for my use case. o_O
 

Trip

Very Senior Member
Alternative firmwares are more or less going to be your only option on consumer all-in-ones for custom VLAN support. Regardless of whether you use Merlin+scripts on Asus hardware, or DD-WRT/Tomato/OpenWRT on other brands/models. In theory, one of those combos should work well enough, but there are no guarantees, nor any support. For something with support out-of-the-box, I'd recommend small business gear, specifically open-source based, so you'd retain support for OpenVPN and similar packages.

Even though Mikrotik has cheap all-in-ones, I would lean away from them, as RouterOS can be a real bear, even for intermediates, plus they only recently introduced UDP support for OpenVPN, which means it hasn't been battle-tested for any lengthy period of time, so it may be (probably is) subject to bugs for now.

Ubiquiti's all-in-one option would be the UniFi Dream Machine. At $299, it's a bit on the pricey side, but includes everything you'd need for a VLAN-capable wired and wireless network. Here's a how-to vid for setup and what the UI looks like to give you a better idea of if it would be a fit.

A cheaper but more technical option would be a $60 Ubiquiti ER-X and a VLAN-capable access point, and it doesn't have to be UniFi. Something like a $69 TP-Link EAP245v3 would do just fine. On the AP, you'd create your SSIDs mapped to VLAN IDs, set the corresponding VLANs and subnets on the connected ER-X interface, create a DHCP server and lease range for each subnet on the ER-X, plus a DNS forwarder for each subnet. You'll also have to create firewall rule sets to isolate VLAN traffic. Not a trivial task, but there are plenty of guides in Ubiquiti's KBs and forums, on blogs and YouTube.

Both of those options will work, albeit not without some configuration work, especially the second method. But both will definitely handle what you're looking to do, and not super expensively either.
 
Last edited:

Christian_Haitian

Occasional Visitor
Alternative firmwares are more or less going to be your only option on consumer all-in-ones for custom VLAN support. Regardless of whether you use Merlin+scripts on Asus hardware, or DD-WRT/Tomato/OpenWRT on other brands/models. In theory, one of those combos should work well enough, but there are no guarantees, nor any support. For something with support out-of-the-box, I'd recommend small business gear, specifically open-source based, so you'd retain support for OpenVPN and similar packages.

Even though Mikrotik has cheap all-in-ones, I would lean away from them, as RouterOS can be a real bear, even for intermediates, plus they only recently introduced UDP support for OpenVPN, which means it hasn't been battle-tested for any lengthy period of time, so it may be (probably is) subject to bugs for now.

Ubiquiti's all-in-one option would be the UniFi Dream Machine. At $299, it's a bit on the pricey side, but includes a gateway with a high-clock ARM CPU like to most high-end consumer all-in-ones, a built-in switch, wireless access point and UniFi controller all in one box -- everything you'd need for a VLAN-capable wired and wireless network. Here's a how-to vid for setup and what the UI looks like to give you a better idea of if it would be a fit.

A cheaper but more technical option would be a $60 Ubiquiti ER-X and a VLAN-capable access point, and it doesn't have to be UniFi. Something like a $69 TP-Link EAP245v3 would do just fine. You'd create your SSIDs mappled to VLAN IDs on the EAP, set the corresponding VLANs and subnets on connected ER-X interface, a DHCP server and lease range for each subnet, plus DNS forwarding, and away you go. You'll also have to create a firewall rule sets and rules to isolate each VLAN your private network and each other. Not a trivial task, all said and done, but definitely doable, and plenty of guides in Ubiquiti's KBs and forums.

Both of those options will work, albeit not without some configuration work, especially the second method. But both will definitely handle what you're looking to do, and not super expensively either.
Very helpful response. Much appreciated should I need to move to a more robust solution.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top