Cisco RV-345P Dual WAN Gigabit PoE VPN Router Reviewed

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

jec6613

Occasional Visitor
That's a good point - the small business in retail - with VLAN suppport, one can break out the POS and the back office, keeping compliant with PCI standards...

The branch office use case - L2TP back to corp main office, AnyConnect for remote offsite users, and one can have the router and switch in one box... a bit of risk as it's a single point of failure, but the RV line tends to be fairly robust.
They also have the RV340W with a captive portal for guest WiFi, and even without a POS you can keep guest WiFi separated - very handy indeed. I have an RV340 I've been configuring, and though it's not terribly obvious in its configuration (one of these days Cisco should hire a UX engineer), it's very powerful, definitely the best small business edge router I've seen in terms of having actual an actual useful feature set. Above this level, you basically have to go to something running classical router software (e.g. IOS) - and they got it in there for under $200 street price for the 4 port model, and under $300 for the 16 port without PoE.

At the price, you could keep a spare around in case of hardware failure. And with true branch offices, it's either two single points of failure (modem and router), or three sequential single points of failure (a switch, a modem, and a router). Most of this stuff is quite reliable nowadays and has been for quite some time, so I'm not sure that there's a significant difference, other than it's easier to keep one spare bit of kit around than two.
 

System Error Message

Part of the Furniture
They also have the RV340W with a captive portal for guest WiFi, and even without a POS you can keep guest WiFi separated - very handy indeed. I have an RV340 I've been configuring, and though it's not terribly obvious in its configuration (one of these days Cisco should hire a UX engineer), it's very powerful, definitely the best small business edge router I've seen in terms of having actual an actual useful feature set. Above this level, you basically have to go to something running classical router software (e.g. IOS) - and they got it in there for under $200 street price for the 4 port model, and under $300 for the 16 port without PoE.

At the price, you could keep a spare around in case of hardware failure. And with true branch offices, it's either two single points of failure (modem and router), or three sequential single points of failure (a switch, a modem, and a router). Most of this stuff is quite reliable nowadays and has been for quite some time, so I'm not sure that there's a significant difference, other than it's easier to keep one spare bit of kit around than two.
so you need a different model for captive portal? What the heck is this? Both ubiquiti and mikrotik integrate all their features into all their products. So all ubiquiti edgemax have the same software features and same with mikrotik except for a couple of differences based on hardware (like the mikrotik switch configuration menu).
 

tcviper

Occasional Visitor
Not to go to much off topic, but I used to work with a lot of Cisco RV/SG/WAP products. Until I found out about Ubiquiti's UniFi line. We now sell, deploy and manage Unifi and Cisco RV products (Routers, switches, access points) across almost all customers and I couldn't have been happier. Concerning Unifi, being able to remotely configure/monitor and control things (even from an iPhone), is something we could all need in the ICT business.

I was hoping that Cisco SMB would also learn from that, but so far they have created yet another product that needs licensing for almost everything (including VPN, Web filtering and Remote control).

Smallnetbuilder should definitely take a look at the USG Pro Router, and upcoming USG XG (10Gb support), in a combination with USW switches and UAP Pro/HD AP's.
 
Last edited:

jec6613

Occasional Visitor
I tried Ubiquiti's line, but there were too many updates so they required unending tinkering, incomplete documentation on issues, and they would randomly send incomplete packets and reboot modems here. You can wireshark them, they in the past had major problems with handling the high speed DOCSIS lines.

This was some time ago, and things may (and probably have) changed by now, but that was my past experience with them.
 
Last edited:

jec6613

Occasional Visitor
so you need a different model for captive portal? What the heck is this? Both ubiquiti and mikrotik integrate all their features into all their products. So all ubiquiti edgemax have the same software features and same with mikrotik except for a couple of differences based on hardware (like the mikrotik switch configuration menu).
That's correct, for a wireless captive portal you need a WAP, and a wired only model doesn't have wireless. Cisco integrates the captive portal functionality into their access points, regardless of if it's in the WAP itself or into a router with a built-in WAP.

What's amazing is that you think that the EdgeMax has one - according to Ubiquiti, it doesn't, you need to move up to the security gateway to handle that - Ubiquiti also tiers their products, just like Cisco, and it took me less than 60 seconds to determine that from Google. Just like it took me less than 60 seconds to determine when Cisco sold Linksys, but you seem bent on spouting your own alternative facts.
 

System Error Message

Part of the Furniture
That's correct, for a wireless captive portal you need a WAP, and a wired only model doesn't have wireless. Cisco integrates the captive portal functionality into their access points, regardless of if it's in the WAP itself or into a router with a built-in WAP.

What's amazing is that you think that the EdgeMax has one - according to Ubiquiti, it doesn't, you need to move up to the security gateway to handle that - Ubiquiti also tiers their products, just like Cisco, and it took me less than 60 seconds to determine that from Google. Just like it took me less than 60 seconds to determine when Cisco sold Linksys, but you seem bent on spouting your own alternative facts.
actually, its because ubiquiti's edgemax is an embedded linux device that you can just install it yourself. So while i consider ubiquiti routers terrible, its still better than the cisco rv because of being able to use the linux bit.
 

coxhaus

Part of the Furniture
I would never install code not provided by the vendor on the front door of your network. It is just asking for trouble.
 

tcviper

Occasional Visitor
One of the creators of PFSense is now (since a few months) working on the UniFi line of Ubiquiti and features are being added very fast. There is nothing terrible about Ubiquiti routers, I have no idea why you would even say that.

And @System Error Message you in a bad mood or simply here to bash on other brand products? There is nothing wrong with RV340/345 and UniFi Products.
 

System Error Message

Part of the Furniture
One of the creators of PFSense is now (since a few months) working on the UniFi line of Ubiquiti and features are being added very fast. There is nothing terrible about Ubiquiti routers, I have no idea why you would even say that.

And @System Error Message you in a bad mood or simply here to bash on other brand products? There is nothing wrong with RV340/345 and UniFi Products.
Im bashing at them in a product sense, as in how much sense it makes to pick them when there are better choices available.

Some of it is from experience. I own both ubiquit ERPRO and a couple of mikrotik routers. I had more success with mikrotik for networking than i did with ubiquiti for networking. But ubiquiti proved itself a non paper weight and not being a fanboy proof by earning its keep by doing some other tasks that i would usually need another linux device for and having 8 ports is useful.

So from my own experience, ubiquiti isnt really great at networking for routers. They are good at other things and i always mention it. The fanatical fanbase and ubiquiti's shameless actions is what makes me not recommend them (various from marketing to the company itself). Even ubiquiti themselves proposes their fanatical fanbase as a strength to potential shareholders/investors.
 

sfx2000

Part of the Furniture
I would never install code not provided by the vendor on the front door of your network. It is just asking for trouble.

Exactly - there is an upside to vertical integration - esp. in the business context where money, legal info, and even health records can come into play.

While someone can use COTS hardware and a SW package, most businesses want to focus on their business, and appliances like this are generally a one time configure and let it run...
 

jec6613

Occasional Visitor
Exactly - there is an upside to vertical integration - esp. in the business context where money, legal info, and even health records can come into play.
Even scarier than health records, and more tightly controlled in the USA, are student records and postal records.

It comes down to a concept called, "Due diligence".
 
Last edited:

System Error Message

Part of the Furniture
many bash mikrotik because of its locked down firmware approach when it is apparently a good thing which even the cisco RV does that ubiquiti doesnt.

The cisco RV i admit is better than it was in the past but it still has ways to go to be a relevant business choice.

This is partly why i dont suggest ubiquiti for businesses not to mention their best product target are home users. Their indoor APs and p2p AP based products however are relevant.

If the cisco RV supports external radius server that would be very helpful to many businesses which still do not employ radius to help secure their networks.
 

sfx2000

Part of the Furniture
The RV345 supports RADIUS, Active Directory, and LDAP for remote auth...
 

System Error Message

Part of the Furniture
The RV345 supports RADIUS, Active Directory, and LDAP for remote auth...
so did they read my comments on the net and added the features :D ?

Ubiquiti temporarely released a mikrotik vs ubiquiti edgerouters on the specific competing models i listed.

Its good to know my word carries some weight :D .
 
Last edited:

coxhaus

Part of the Furniture
i have not used anyconnect no, but i've seen friends who've used it in their university networks and have had a hard time using some of cisco's VPN based software.

For example, in your business, the cisco RV cant be used because it doesnt support what you need right? What bugs me is that if i had a proper network of offices (each office having its own segmentations and security) but at the same time to share resources, the cisco RV would not be able to cope and would require a lot of configuration. Whereas using a fully configurable router like BSD or mikrotik lets you use routing protocols with it which makes it a lot more easier.

I think those 16 ports are connected to a switch which has 2Gb/s (could be 1Gb/s) to CPU. The interesting question is why doesnt that particular cisco RV have a switch management feature like cisco has for their lower end switch line? Every mikrotik routerboard that has a switch has a menu to configure the switch chip. So if one wanted to do segmentation with the cisco RV could it even be done?

I know consumer routers arent meant to be used in businesses, but the majority of the population dont know a thing about tech so they arent going to be looking and if they are looking for a router it would be because their consumer router doesnt support the features and if a recent consumer router doesnt support the required features, i doubt the cisco RV would because feature wise consumer routers have beaten VPN routers. This is what i meant about the cisco RV, its just an overglorified VPN router that cant do more than what a consumer router can and if one is looking for a router because their ISP given or consumer router doesnt have the feature, the cisco RV isnt going to help here.

The other thing is, say each office having a few segments, each segment will require its own filters so some networks may be isolated while some wont. The cisco RV isnt a fully configurable router. If cisco wants the cisco RV to be relevant, they'd first have to beat ubiquiti edgerouters as while i dont recommend ubiquiti edgerouters they are still a better choice than the cisco RV.

To be clear if i were to ever recommend a VPN router it must fit these few points
1) be fully configurable
2) Have a fast enough CPU so it can do QoS and firewall at line speed
3) have all the VPN options available with easy to set up VPNs
4) Support segmentations and custom filters
5) Sodimm RAM
6) Come with an optional subscription to a decent VPN service that doesnt spy on you (so if cisco wants to keep their same bad practice of having to pay for everything seperately, this is one it can capitalise on)
7) Encryption speed needs to be fast enough for the next few years (if currently we use AES-256, it must support AES-512 at line rate too)
8) firmware must not be buggy
9) support LAN based security features that prevent MITM, rogue DHCP servers, etc
10) non hw accelerated encryptions need to be fast too
11) support mirroring so security such as IDS/IPS can be implemented with API so the server can communicate back with the router on whether to drop traffic
12) support an external radius/hotspot server
13)support routing protocols that the cisco RV is meant for, a multi VPN multi site device with easy routing not only between the cisco RVs, but also for managed switches that may be used at the sites.

This may be asking much but the cisco RV wont be relevant until it has that soon. I dont expect it to have the level of control mikrotik has for instance, but it must be able to perform the customisation that mikrotik offers for most SMB networks that would have some kind of complicated network.

Your point of view is from a small network view. Nobody uses routers to route traffic in a large network. Large networks use layer 3 switches especially if you are using Cisco gear because switches are so much faster than routers. Having switch functions combined with routers is not a good way to go. Switches are for your internal local network. Routers are when you exit your internal local network and go outside. Different functions.

For my small home network I have a Rv320 router and a SG300-28 layer 3 switch which I think is a much better approach than all in one box. Both the RV320 and SG300-28 switch can be had for under $300 off ebay. Having the router in separate boxes allow you to change routers in a matter of minutes. My router is just a front door so all I need to do is add an IP and switch routers. All my DHCP and local networking is contained in my layer 3 switch. It makes it much faster than entering all that information every time into the router with every router change. The same with wireless devices. I run 3 separate wireless access points because that is what it takes to cover my house in 5 ghz. If I change routers there is no wireless info as it is contained in the wireless access points not the routers. Division of duties and separate physical boxes makes it much simpler in my mind to configure and support. I have the fastest home network I have ever had using a layer 3 switch.

So not all functions are considered router functions in my mind. BGP may be a router function but to me it is a much higher function than what a RV series router would contain. Cisco would be happy to sell you a router which will support BGP but it will be a much bigger router than a RV series.
 
  • Like
Reactions: Sky

System Error Message

Part of the Furniture
Your point of view is from a small network view. Nobody uses routers to route traffic in a large network. Large networks use layer 3 switches especially if you are using Cisco gear because switches are so much faster than routers. Having switch functions combined with routers is not a good way to go. Switches are for your internal local network. Routers are when you exit your internal local network and go outside. Different functions.

For my small home network I have a Rv320 router and a SG300-28 layer 3 switch which I think is a much better approach than all in one box. Both the RV320 and SG300-28 switch can be had for under $300 off ebay. Having the router in separate boxes allow you to change routers in a matter of minutes. My router is just a front door so all I need to do is add an IP and switch routers. All my DHCP and local networking is contained in my layer 3 switch. It makes it much faster than entering all that information every time into the router with every router change. The same with wireless devices. I run 3 separate wireless access points because that is what it takes to cover my house in 5 ghz. If I change routers there is no wireless info as it is contained in the wireless access points not the routers. Division of duties and separate physical boxes makes it much simpler in my mind to configure and support. I have the fastest home network I have ever had using a layer 3 switch.

So not all functions are considered router functions in my mind. BGP may be a router function but to me it is a much higher function than what a RV series router would contain. Cisco would be happy to sell you a router which will support BGP but it will be a much bigger router than a RV series.
The reason why i did not consider a layer 3 switch entirely despite having one is because the layer 3 switch may not maintain wirespeed after applying filters. This is particularly why routers are used in this instance. In internet exchanges they dont use layer 3 switches but routers capable of very fast filtering including layer 7, such as those cisco blade routers. In a smaller network view, this could mean a filter allowing some resources between some networks which is actually the area that ubiquiti edgerouters shine at but they are attracting the wrong customers for their routers. Ubiquiti edgerouters if doing routing and not NAT will do wirespeed with filters.
 

coxhaus

Part of the Furniture
The reason why i did not consider a layer 3 switch entirely despite having one is because the layer 3 switch may not maintain wirespeed after applying filters. This is particularly why routers are used in this instance. In internet exchanges they dont use layer 3 switches but routers capable of very fast filtering including layer 7, such as those cisco blade routers. In a smaller network view, this could mean a filter allowing some resources between some networks which is actually the area that ubiquiti edgerouters shine at but they are attracting the wrong customers for their routers. Ubiquiti edgerouters if doing routing and not NAT will do wirespeed with filters.

I think in a local network you will find layer 3 switches are the way to go especially if you have lots of nodes and networks. The high end layer 3 switch can maintain wire speed with filters. Layer 3 switches are not used to connect to the internet because of the higher level protocols used. And because switches don't support the high level protocols they run faster because they do not carry all this baggage so you get a lot more bang for the buck using a fast switch over a router. The back planes in switches are much bigger and faster than a router.

So what layer 3 switch do you have?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top