1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Asus 68u and Microtik or edgerouter

Discussion in 'Wireless Buying Advice' started by Christian_Haitian, Dec 5, 2019.

  1. Christian_Haitian

    Christian_Haitian Occasional Visitor

    Joined:
    Dec 1, 2018
    Messages:
    15
    Greetings All,

    I'm finding that with the number of wired and wireless devices and advanced features I'm using on my network (QOS, VPN, custom IPTV setup, custom surveillance, etc.) I have on my network, I believe I've outgrown the capability of using the AC68U as the main router/firewall for these services. I'm looking at possibly moving to a Microtik or Edgerouter device to handle the routing/firewall needs and let the AC68U serve as a switch/WAP. I also want to setup a guest SSID on the same WAP that is segregated from my regular network and allow just internet access. My questions are as follows:

    1. Has anyone had any experience with setting up a Microtik or Edgerouter with the AC68u as a WAP with support for routing 2 SSIDS to segregated VLANs? Is this doable and reliable from experience?
    2. Any recommendation between Microtik or Edgerouter for this? How about other solutions that may work? I'm looking at moving away from letting just consumer units handle all this as I believe my needs merit something more robust than what consumer units are designed for even with more capable firmware like Merlin.
    Thanks,
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,267
    Location:
    UK
    The Asus does not have VLAN support (other than for IPTV). In access point mode the guest wireless networks just become additional SSIDs without any LAN segregation. You might be able to add VLANs by "hacking it" with some custom scripts (search the forum for that). Otherwise, as you're only interested in the WiFi you might be better off installing something like Tomato that does have VLAN support.
     
  3. Christian_Haitian

    Christian_Haitian Occasional Visitor

    Joined:
    Dec 1, 2018
    Messages:
    15
    After further review, I believe my problem may not be the 68U but the NIC in the main Linux system I use for my IPTV and surveillance system. It won't seem to get any more than 600Mbps on iperf TCP tests between it and my Windows client both wired with CAT5e cabling directly to the 68u. When testing iPerf TCP performance between 2 Windows Clients directly connected via the same CAT5e cabling, I'm getting 900Mbps or more. I'm going to try upgrade the NIC drivers on the Linux system to see if that helps with improving the performance. Glad I decided to test some more before investing in a solution that probably would not have yield better LAN performance for my use case. o_O
     
  4. Trip

    Trip Very Senior Member

    Joined:
    Aug 12, 2014
    Messages:
    1,074
    Alternative firmwares are more or less going to be your only option on consumer all-in-ones for custom VLAN support. Regardless of whether you use Merlin+scripts on Asus hardware, or DD-WRT/Tomato/OpenWRT on other brands/models. In theory, one of those combos should work well enough, but there are no guarantees, nor any support. For something with support out-of-the-box, I'd recommend small business gear, specifically open-source based, so you'd retain support for OpenVPN and similar packages.

    Even though Mikrotik has cheap all-in-ones, I would lean away from them, as RouterOS can be a real bear, even for intermediates, plus they only recently introduced UDP support for OpenVPN, which means it hasn't been battle-tested for any lengthy period of time, so it may be (probably is) subject to bugs for now.

    Ubiquiti's all-in-one option would be the UniFi Dream Machine. At $299, it's a bit on the pricey side, but includes everything you'd need for a VLAN-capable wired and wireless network. Here's a how-to vid for setup and what the UI looks like to give you a better idea of if it would be a fit.

    A cheaper but more technical option would be a $60 Ubiquiti ER-X and a VLAN-capable access point, and it doesn't have to be UniFi. Something like a $69 TP-Link EAP245v3 would do just fine. On the AP, you'd create your SSIDs mapped to VLAN IDs, set the corresponding VLANs and subnets on the connected ER-X interface, create a DHCP server and lease range for each subnet on the ER-X, plus a DNS forwarder for each subnet. You'll also have to create firewall rule sets to isolate VLAN traffic. Not a trivial task, but there are plenty of guides in Ubiquiti's KBs and forums, on blogs and YouTube.

    Both of those options will work, albeit not without some configuration work, especially the second method. But both will definitely handle what you're looking to do, and not super expensively either.
     
    Last edited: Dec 5, 2019
    Christian_Haitian likes this.
  5. Christian_Haitian

    Christian_Haitian Occasional Visitor

    Joined:
    Dec 1, 2018
    Messages:
    15
    Very helpful response. Much appreciated should I need to move to a more robust solution.