Dual WAN failover/failback

[MatsR]

I have a network setup with an Asus router (GT-AX11000) connected to four wired Asus AiMesh nodes (RT-AX92U). Yes, I need that amount of nodes for good coverage. The router is connected to my fiber (1000/1000 Mbps) provider for internet access.
In order to get a more secure connection to the internet in case the fiber connection goes down I would like to setup a dual WAN failover/failback with the fiber as primary WAN and a 4G connection (USB dongle) as secondary WAN. After reading about Asus and failover/failback it seems that their solution for this is not reliable, is that true? Most posts I have read instead suggest using a Synology router for this, like for instance the RT2600ac. However I don’t want to replace my Asus devices with something else. So my question is can I put a new router (like the RT2600ac), connect it to WAN (fiber and 4G) to get dual WAN, and then connect this new router to my existing router and still keep all the features I have with my existing ASUS network setup? So I only want to use my new router for Dual WAN and not for Wifi or anything else.
Is there any configuration that I have to change on my existing Asus router or the nodes?
Is there any special configuration that I have to do on my new router?
Do I connect the router via the LAN port on the new router to the WAN port on the existing router?
Any suggestions on what new router to select (Synology RT2600ac or other) in order to get as good performance as possible?

 

[geobernd]

Switch the Firmware to the latest AsusWRT-Merlin and use the script developed by @Ranger802004 :

Dual WAN Failover Script

WAN Failover is designed to replace the factory ASUS WAN Failover functionality, this script will monitor the WAN Interfaces using a Target IP Address and pinging these targets to determine when a failure occurs. When a failure is detected in Failover Mode, the script will switch to the...

www.snbforums.com

I am using it with 1000/1000 fiber primary and 60/18 cable backup - works like a charm!

 

[Ranger802004]

Switch the Firmware to the latest AsusWRT-Merlin and use the script developed by @Ranger802004 :

Dual WAN Failover Script

WAN Failover is designed to replace the factory ASUS WAN Failover functionality, this script will monitor the WAN Interfaces using a Target IP Address and pinging these targets to determine when a failure occurs. When a failure is detected in Failover Mode, the script will switch to the...

www.snbforums.com

I am using it with 1000/1000 fiber primary and 60/18 cable backup - works like a charm!

Thanks for the reference! @MatsR I actually have the same router as you and it is what I use to develop and test the script.

 

[sunactive]

I know this is an older thread, but I am curious about the Dual WAN failover issues people have been noting. I am using AsusWRT-Merlin (latest version that i think came out in December '22) and set up with a primary (a starlink connection) and a secondary (Mofi 4500 in bridge with an ATT sim) and seems to be working this morning when I put it all together. Below are my settings:

Below is the status on my network map:

But given this is a remote location that I only come up to once in a while I don't want to chance not being up for a few weeks and things screwing up. I keep a backup NAS here I want to have access to. Is there anything particularly concerning about this setup? I tested things by disconnecting the line from one or the other port to see things swap over and then swap back, and seemed all ok.

What exactly are folks experiencing and am I just setting myself up for failure and grief here? Is there a reason to go with the script that has been noted in lieu of the Asus Merlin based default solution?

Thanks in advance!

 

[Tech9]

I tested things by disconnecting the line from one or the other port to see things swap over and then swap back, and seemed all ok.

Yes, it "works" when you physically disconnect the lines - you make it work with your hands. When the lines are connected though and you lose the service your router may or may not fail over/back. The behavior is unpredictable. If your backup line is a limited mobile plan you can find it drained completely because the router failed to switch back to your Primary ISP after the connection was restored. It only seems okay, but it isn't.

 

[Ranger802004]

Yes, it "works" when you physically disconnect the lines - you make it work with your hands. When the lines are connected though and you lose the service your router may or may not fail over/back. The behavior is unpredictable. If your backup line is a limited mobile plan you can find it drained completely because the router failed to switch back to your Primary ISP after the connection was restored. It only seems okay, but it isn't.

The main problem is the failback condition is looking for a cable plugged in for Primary WAN regardless if it is actually working or not.

 

[Tech9]

The main problem is Dual WAN appears broken for years and no one at Asus cares much about fixing it.

 

[Smokey613]

The main problem is Dual WAN appears broken for years and no one at Asus cares much about fixing it.

It is definitely not a priority but they are big on touting that function as a "feature".... as well as their mesh.

 

[Tech9]

AiMesh definitely gets more attention - it sells more routers. Dual WAN - most people don't have 2x ISP lines.

 

[sunactive]

Interesting. I recently switched at my remote location from a TPlink ER605 which had dual wan with failback with a primary starlink and then the cell connection as secondary which then fed into a google nest router. I switched to Asus both because I like having far more ability to directly tinker, including to set up an OpenVPN site to site between home and remote location, but also for things like having the failover/failback work at the remote location (with the starlink + cell).

The ability to have openvpn running between my home and this remote location is the most important aspect, so still glad I made the switch. But kind of annoying that I still have the issue if starlink goes down that I don't have the cell backup. I guess I could place the TPLink in front of the Asus router, but kind of annoying to still have to do that!

 

[Tech9]

This little TP-Link ER605 along with similar Ubiquiti ER-X and MikroTik hEX entry-level business class routers all under $100 do multi-WAN fail over/back and load balancing much better than any Asus router I have played with in recent years and on any firmware. Other features in Asuswrt are used for mostly marketing purposes. Dual WAN is only one of them. You've got RGB lights though - none of the routers above have this feature.

 

[sunactive]

Sounds like if I want failover, I have to shove me ER605 back into service. Luckily I saved it!

I did see some odd behaviour even with it, but after a bunch of tinkering think I finally got things working a while back. Stupidly I reset it, so now I just have to go back and recreate how I set it up in front of my google nest router to get it working properly with the Asus...

 

[Tech9]

You can try with your Asus, but only if your mobile plan is unlimited. You also need guaranteed and fast DDNS service update. When the WAN IP changes before DDNS update you have no access to your VPN server. Why do you need the most expensive Asus router for this remote location, by the way?

 

[sunactive]

I could have done with less up in my secondary location but just was mimicking for simplicity the exact network setup (hardware wise) I have at home. Unquestionably overkill in retrospect!

 

[Kingp1n]

This little TP-Link ER605 along with similar Ubiquiti ER-X and MikroTik hEX entry-level business class routers all under $100 do multi-WAN fail over/back and load balancing much better than any Asus router I have played with in recent years and on any firmware. Other features in Asuswrt are used for mostly marketing purposes. Dual WAN is only one of them. You've got RGB lights though - none of the routers above have this feature.

@Tech9 Have you tried/used the Failover Script by @Ranger802004? At least theres a script available to fix the issue.

 

[sunactive]

Yeah, that will be my next attempt when I am back at the remote location, to play around with. Though since I already have the ER605 and I know it works fine, I am also tempted just to set that up again in front of the router. Not sure.

 

[Tech9]

@Tech9 Have you tried/used the Failover Script by @Ranger802004?

No. I have dual ISP at my business only and that means I need to carry the router there afterhours. Also latest Asuswrt-Merlin required for this script doesn't work well on AX86U router I have at the moment. There is known working well solution for $60 on any router and firmware - no need to.

 

[Ranger802004]

No. I have dual ISP at my business only and that means I need to carry the router there afterhours. Also latest Asuswrt-Merlin required for this script doesn't work well on AX86U router I have at the moment. There is known working well solution for $60 on any router and firmware - no need to.

Are you referring to the rules being created for monitoring? I own an AX86U and validate testing results on it and an AX11000 for publishing updated.

 

[Tech9]

Are you referring to the rules being created for monitoring?

No. The latest Asuswrt-Merlin for this router is not good. There is nothing to test there when Wi-Fi is not working properly. I have to downgrade to 386.7_2 or even 386.5_2 to have a stable system first and then eventually test something on it. I don't test anything anymore for many reasons.

 

[Ranger802004]

No. The latest Asuswrt-Merlin for this router was not good. There is nothing to test there when Wi-Fi is not working properly. I have to downgrade to 386.7_2 or even 386.5_2 to have a stable system first and then eventually test something on it. I don't test anything anymore for many different reasons.

Those firmware versions should work as well with my script. If not let me know and I can figure something out.