Edge router advice? Cisco ISA550, RV180, ZyXEL USG, etc.

[jtherkel]

I'm looking for an edge router with decent firewall abilities and 802.1q VLAN tagging and VPN. I have read tons of reviews on SNB, but I still don't have a good solution.

I just bought a Cisco SG300-10 switch, and I enjoyed learning about the "big boy" equipment. This is for a small home office, and I want to avoid annual subscriptions. It seems like there are no good options out there. Am I missing an obvious choice?

Cisco ISA550
Pro: Recommended by the Cisco phone tech after he thoroughly understood my requirements.
Con: For some stupid reason, Cisco EOL'd this product. Phone support and software maintenance end in November 2014. If I spend this money, I want to ensure the product receives software updates for at least a few years.
http://www.cisco.com/en/US/prod/col...50/ps11752/end_of_life_notice_c51-729273.html

Cisco RV180
Pro: Great throughput.
Con: Based on online comments, nobody seems to like using it. Also, questions about IPv6 support.

ZyXEL USG20, USG50, USG100
Pro: These seem like a great value.
Con: I have a bunch of equipment connected via gigabit connections (laptop to NAS, etc.). If I connect my gigabit switch to the USG20 and create some VLANs, will that limit throughput on my internal network?

OTHER OPTIONS
I'm looking for a low-wattage appliance to sit in a closet, so I think that rules out a PC running software like pfSense.

It might be possible to create VLANs on a cheap router using DD-WRT or Tomato, but it would probably require tweaking.

TIA,
John

 

[thiggins]

You always run pfsense on an old laptop adding Ethernet ports via USB adapters.

I don't understand your question/concern about VLANs limiting LAN throughput.

 

[jtherkel]

ZyXEL USG20: Can VLANs limit LAN throughput?

[...] I don't understand your question/concern about VLANs limiting LAN throughput.

For the ZyXEL USG20, I liked the gigabit ports and the Anomaly Detection and Prevention (ADP) feature. However, the USG20 does not appear to have the horsepower to transfer at speeds above 58 Mbps with ADP enabled.

My switch is a Cisco SG-300 with gigabit ports. I saw somewhere (I think it was on SNB) that connecting anything to the ZyXEL USG20 with ADP enabled would limit throughput, even on internal-only interfaces.

Does that sound correct? I cannot find the reference now. Maybe it was a review or forum post about the USG100?

Thanks,
John

 

[jtherkel]

Liking Ubiquiti EdgeRouter & MikroTik RB2011iLS

You always run pfsense on an old laptop adding Ethernet ports via USB adapters. [...]

As for pfSense, I like the fact that it's open source, but this device will sit inside a medium-size home closet with so-so ventilation. I'm also sensitive to the electrical costs, where a laptop consuming 50 watts might cost about 50 bucks a year.

So I'm looking for a dedicated hardware device. It's tough to find a device that meets these criteria.

• A large user/developer community.
  
• At least a few gigabit ports and solid throughput.
  
• Low cost. Less than $200 is ideal, but I'll go higher for the right device.
  
• Ability to block undesired inbound IPv6 traffic. I thought the Cisco RV180 could do this, but posts on SNB and Cisco.com suggest that the RV180 offers no firewall for IPv6.

I've looked into dedicated pfSense devices from Tranquilnet and Netgate, but their cheapest gigabit versions cost in the $400-$500 range.

MikroTik's RB2011iLS offers 5 gigabit and 5 10/100 Ethernet ports for $109. It looks like an incredible value, but it runs proprietary software called "RouterOS."

Proprietary software is fine from Cisco, but I'm not sure about the long term viability of RouterOS. That leads me back to Ubiquiti, which based its software on the open source Vyatta platform.

EdgeRouter Lite with 3 gigabit ports = $104

EdgeRouter POE comes with 5 gigabit ports = $200

Creating VLANs and decent firewall rules requires using the command line, which I would prefer to avoid. On the flip side, once you have SSH access, it looks like you can install pretty much anything available through Debian's apt-get package manager.

Thanks,
John

 

[thiggins]

I can't speak to the specifics of either product. I would think ADP would apply to internet traffic only, not local.

 

[stevech]

MikroTik's RB2011iLS offers 5 gigabit and 5 10/100 Ethernet ports for $109. It looks like an incredible value, but it runs proprietary software called "RouterOS."

They try really hard, but they're too ambitious and thus their code tends to be buggy.

 

[absus]

Cisco ISA550
Pro: Recommended by the Cisco phone tech after he thoroughly understood my requirements.
Con: For some stupid reason, Cisco EOL'd this product. Phone support and software maintenance end in November 2014. If I spend this money, I want to ensure the product receives software updates for at least a few years.
http://www.cisco.com/en/US/prod/col...50/ps11752/end_of_life_notice_c51-729273.html

Last date of getting service and update is November 30, 2016. Howver, it is not wise to invest money in products which have no reasonable years of support. Perhaps you may try for other companies other than Cisco.

http://kb.juniper.net/InfoCenter/index?page=content&id=KB15560

Or try for old Cisco Linksys series.
http://www.corenetworkz.com/2011/05/how-to-setup-linksys-wireless-router.html

 

[jtherkel]

Ordered Ubiquiti EdgeRouter POE with 5 ports

I went with the Ubiquiti EdgeRouter POE with 5 gigabit ports for $200. It's based on the Vyatta software, which is open source, and I like that.

It took a good chunk of the weekend, but here's where I'm at.

• VLANs created
• Linksys router converted to a wireless access point
• Stable Internet access

Next step:
I would like to create a scaled-down version of internal DNS so I can configure our machines to print to \\homeprinter, rather than specific IP addresses. I'm still researching that.

Lesson learned:
I had a tough time stumbling around in the GUI. I actually found it easier to compare the code from my configuration to the examples from Small Net Builder and Ubiquiti.

My wife does not understand the point of all this effort. We agree that all the blinking green lights add holiday cheer to our home office.

FYI, Ubiquiti put out a really cute promo video for this router.

-John