What's new

Going to buy ASUS RT-AC68U & RT-N66U & Need Advice...

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

b1ggjoe

Regular Contributor
For all of you ASUS Guru's & Die-Hards On These Forums...

After tons of reading and asking questions, I'm going to be purchasing the following products:

- ASUS RT-AC68U

- ASUS RT-N66U

The ASUS RT-AC68U will be centered over my home in the attic and will be the primary source of Wi-Fi for my home. I plan on putting it in 'AP-only' mode and will be connected via Cat6 to my SonicWALL TZ210, which is my Router/Firewall (I will be disabling the current 'Draft N' mode WiFi that I currently have running on the SonicWALL).

The ASUS RT-N66U will be placed in my Garage Office and I plan on also putting it in 'AP-only' mode. It will be connected via Cat6 to my Gigabit RJ-45 drop in the Garage Office, that runs and terminates to my SonicWALL Router/Firewall.

With this one however, I will have a few devices, hard-wired directly into the ASUS RT-N66U Gigabit switch.

I also plan on running Merlin's custom FW on both of them (or at least I think he has FW for the N66U).

I'm hoping that by both devices being in 'AP-only mode', ALL devices connected to either of these two devices (hard-wired or via WiFi) will be assigned DHCP Addresses from my SonicWALL.

Given this setup, does anyone have any recommendations, whether it has to do with putting them in 'AP-only' mode or etc?

Thank you!!

BJ

:cool:
 
You've pretty much described one setup I have.

My only comment is to make sure that you don't use 'auto' on the wireless channels on either router - select fixed but different channels for the 2.4Ghz and 5Ghz networks on each router (using auto to start with if you like, or a visualization tool like inssider) so that if you are using the same SSID it will make roaming a little less painful. There is also a 'roaming assistant' feature which allows you to drop clients which are beyond a particular range (so in theory they connect to the nearer one sooner), but to be honest I've had little success getting it to work in either the ASUS or RMerlin firmwares (no critique of the Rmerlin code - he's locked into the closed source drivers from ASUS).

Other than that you should be good to go - although bear in mind you will have limited use of some of the more 'extensive' features of the firmware. In AP mode you get full control of the wireless etc, but you lose all LAN and traffic management type features.

"In Access Point (AP) mode, RT-N66R connects to a wireless router through an Ethernet cable to extend the wireless signal coverage to other network clients. In this mode, the firewall, IP sharing, and NAT functions are disabled by default."
 
Last edited:
You've pretty much described one setup I have.

My only comment is to make sure that you don't use 'auto' on the wireless channels on either router - select fixed but different channels for the 2.4Ghz and 5Ghz networks on each router (using auto to start with if you like, or a visualization tool like inssider) so that if you are using the same SSID it will make roaming a little less painful. There is also a 'roaming assistant' feature which allows you to drop clients which are beyond a particular range (so in theory they connect to the nearer one sooner), but to be honest I've had little success getting it to work in either the ASUS or RMerlin firmwares (no critique of the Rmerlin code - he's locked into the closed source drivers from ASUS).

Other than that you should be good to go - although bear in mind you will have limited use of some of the more 'extensive' features of the firmware. In AP mode you get full control of the wireless etc, but you lose all LAN and traffic management type features.

"In Access Point (AP) mode, RT-N66R connects to a wireless router through an Ethernet cable to extend the wireless signal coverage to other network clients. In this mode, the firewall, IP sharing, and NAT functions are disabled by default."

Pericynthion,

Thank you so much for all of your input!! I have a few questions regarding putting either device in 'AP-only' mode:

I currently have a SonicWALL TZ210 Router/Firewall that supports up to Draft 'N' WiFi. Once I have my two ASUS Routers (in AP-only Mode) up and running, I will be disabling the WiFi radio on this device.

1. - Since the definitions of 'Bridge' vs. 'AP' seem to slightly differ from Manufacturer...If I want the Wireless device(s) that connect to the RT-AC68U or RT-N66U to receive IP addresses from the same DHCP address range from my SonicWALL as wired devices...which mode will accomplish this with the RT-AC68U? I'm assuming that would be 'AP-Only' Mode??

2. - From what I've read, these devices allow you to create multiple SSIDs/Guest Networks. Is this still possible in 'AP-Only' Mode?

3. - In 'AP-Only' Mode, can I still have my Wired Clients (connected to the Gigabit Switch) and the WiFi clients receive DHCP-issued IP Addressed from my SonicWALL Router/Firewall so that they're all part of the overall LAN...yet have the Guess Network connected devices on a separate IP-Address Range?

How would this work exactly?

4. - When putting either device in 'AP-Only' mode, when connecting either of them to the LAN with a Cat6 Cable, can I use the WAN Port still or do I have to use one of the Gigabit Ports?

5. - Also, is the WAN Port for either device 'gigabit' speed?

Thank you!!!

BJ

:cool:
 
Pericynthion,

Thank you so much for all of your input!! I have a few questions regarding putting either device in 'AP-only' mode:

I currently have a SonicWALL TZ210 Router/Firewall that supports up to Draft 'N' WiFi. Once I have my two ASUS Routers (in AP-only Mode) up and running, I will be disabling the WiFi radio on this device.

1. - Since the definitions of 'Bridge' vs. 'AP' seem to slightly differ from Manufacturer...If I want the Wireless device(s) that connect to the RT-AC68U or RT-N66U to receive IP addresses from the same DHCP address range from my SonicWALL as wired devices...which mode will accomplish this with the RT-AC68U? I'm assuming that would be 'AP-Only' Mode??

2. - From what I've read, these devices allow you to create multiple SSIDs/Guest Networks. Is this still possible in 'AP-Only' Mode?

3. - In 'AP-Only' Mode, can I still have my Wired Clients (connected to the Gigabit Switch) and the WiFi clients receive DHCP-issued IP Addressed from my SonicWALL Router/Firewall so that they're all part of the overall LAN...yet have the Guess Network connected devices on a separate IP-Address Range?

How would this work exactly?

4. - When putting either device in 'AP-Only' mode, when connecting either of them to the LAN with a Cat6 Cable, can I use the WAN Port still or do I have to use one of the Gigabit Ports?

5. - Also, is the WAN Port for either device 'gigabit' speed?

Thank you!!!

BJ

:cool:

If you have your Asus routers in AP mode, yes, they will not be supplying IP addresses to the clients, your SonicWall will do that. And you can also use the LAN ports of the Asus routers in AP mode for wired devices, as well as the wireless from each AP. And yes, since you're using AP mode on the Asus routers, you should connect the WAN port of each Asus in AP mode to it's own LAN port on the SonicWall. Also, yes, the WAN ports on the AP's are gigabit ports.

On the guest network question, as far as I know, if you're using the Asus routers in AP mode, they cannot support guest networks. You do lose a certain amount of routing functionality if you use a router in AP mode, and I believe that's one of the things that you lose.
 
RogerSC covered most of it but in summary;



1) Yes - in AP mode the router will establish the wifi connection and then bridge all the DHCP requests etc onto your LAN (where the sonicwall will provide all the address management)



2) Yes - you can still create guest networks in AP mode (I have a couple on my N66u).

The only odd thing I would say is around 'isloation'. In the AC68/66U you can *specify* whether you want the guest SSID to be isolated (i.e. can only access services over the WAN interface, and nothing on the LAN/intranet side) or not (just a regular AP). On the N66U *ALL* guest networks you create are isolated. Now all of this is purely for background information you see, because in my testing it doesnt seem to make any difference at all in AP-mode :) - nothing is isolated.
I only mention it in case you do need to create an isolated guest SSID at some point - be aware the 2 models function in slightly different ways.



3) Yes - local gigabit switch still functions in AP mode.



One thing that you wont be able to do with this setup is run a separate logical network for wired and wireless (unless you move out of AP mode and create isloated guest networks as I described). In AP mode the whole unit becomes a single broadcast domain and shares the same DHCP scope. The only way I can think of doing this would be to run multiple IP subnets with some command-line hackery of DNSmasq or complex firewall rulesets.



4) Yes - in AP mode, the WAN port functions as a LAN port



5) Yes - the WAN port is also gigabit.





As I say you should be ok apart from (3) - you will struggle to segregate them using a single AP and address source unless you consider moving out of AP mode so you can leverage isolated guest networks.
 
Last edited:
RogerSC covered most of it but in summary;



1) Yes - in AP mode the router will establish the wifi connection and then bridge all the DHCP requests etc onto your LAN (where the sonicwall will provide all the address management)



2) Yes - you can still create guest networks in AP mode (I have a couple on my N66u).

The only odd thing I would say is around 'isloation'. In the AC68/66U you can *specify* whether you want the guest SSID to be isolated (i.e. can only access services over the WAN interface, and nothing on the LAN/intranet side) or not (just a regular AP). On the N66U *ALL* guest networks you create are isolated. Now all of this is purely for background information you see, because in my testing it doesnt seem to make any difference at all in AP-mode :) - nothing is isolated.
I only mention it in case you do need to create an isolated guest SSID at some point - be aware the 2 models function in slightly different ways.



3) Yes - local gigabit switch still functions in AP mode.



One thing that you wont be able to do with this setup is run a separate logical network for wired and wireless (unless you move out of AP mode and create isloated guest networks as I described). In AP mode the whole unit becomes a single broadcast domain and shares the same DHCP scope. The only way I can think of doing this would be to run multiple IP subnets with some command-line hackery of DNSmasq or complex firewall rulesets.



4) Yes - in AP mode, the WAN port functions as a LAN port



5) Yes - the WAN port is also gigabit.





As I say you should be ok apart from (3) - you will struggle to segregate them using a single AP and address source unless you consider moving out of AP mode so you can leverage isolated guest networks.

OMG!!!! You guys rock!!!!!!!! Thank you so much for this awesome feedback...IT'S EXACTLY WHAT I WAS LOOKING FOR!!!

Ok, now that I know all of this info...it is all starting to make sense. Not having ever played with an ASUS Router's UI, I wasn't even familiar with what is standard and what wasn't.

I only come from SonicWALL, Linksys and D-Link WEB UIs, not ASUS.

- On the topic of 'isolation'...THANK YOU for clarifying this! I was confused as to how in the world are they going to isolate guess networks in AP-mode, if the built-in NATing and DHCP Server in the ASUS is disabled when in AP-mode.

So you just cleared up that whole thing.

So with this in mind, I may either allows guests to use my SSID or instead, I may re-purpose my WRT54G Router running DD-WRT and have it run in Router-mode and just split-off and isolate a separate WiFi network for guests.

I will at least put it in 'G-only' mode, but who cares...they're just family or friends sucking my bandwidth anyway...LOL.

- Does AP-only mode in these 2 devices offer Mac Address Filtering and SSID Broadcast Disabling?

- Ok next question...kind of a stupid one:

I am VERY new to 'N' and 'AC' WiFi.

All of my devices that I plan on connecting to our WiFi (iPhones 4, 4S', 5,), Android Tablets & Smart Phones and 4 Laptops all support 'N' functionality.

So the first thing I'm going to do is put the 2 APs in either 'N' mode or 'AC & N' mode if there is such a thing.

As I add new devices, I may look for USB AC Adapters to take advantage of the AC WiFi.

That said, what and how do you recommend I setup the 2 APs, with regard to either 'N' or 'AC' functionality, 2.4 vs. 5GHZ, Channels and etc? Is there some sort of Checklist that I can follow for this?

BJ

:eek:
 
- Does AP-only mode in these 2 devices offer Mac Address Filtering and SSID Broadcast Disabling?

- Ok next question...kind of a stupid one:

I am VERY new to 'N' and 'AC' WiFi.

All of my devices that I plan on connecting to our WiFi (iPhones 4, 4S', 5,), Android Tablets & Smart Phones and 4 Laptops all support 'N' functionality.

So the first thing I'm going to do is put the 2 APs in either 'N' mode or 'AC & N' mode if there is such a thing.

As I add new devices, I may look for USB AC Adapters to take advantage of the AC WiFi.

That said, what and how do you recommend I setup the 2 APs, with regard to either 'N' or 'AC' functionality, 2.4 vs. 5GHZ, Channels and etc? Is there some sort of Checklist that I can follow for this?

BJ

:eek:


-SSID broadcast disabling is on/off for the primary SSID through the router web gui. For some reason ASUS didnt implement it for guest SSIDs , however there is a post here that explains how to do it on the command line (I can confirm it works - I hide all my SSIDs as basic 'drive-by' security)

-the MAC filtering is more complex. You have the ability to set a whether MAC filtering is 'on' or 'off' and whether this is an 'ACCEPT' or 'REJECT' list - but this list and option is on the primary radio. When you configure the guest network you can specify whether MAC filtering is 'on' or 'off' , on a per guest network basis.

The logic behind this makes my head hurt so maybe someone else has played with it a little more - but I think the theory is you enable filtering on the primary radio and give it an entire list of permitted mac addresses. This list is then applied to the primary radio regardless - without question, but you can choose to not apply the filter on the guest SSID (so on the same radio you can have a closed-MAC list for the primary, but allow anything on the guest).

The other option I guess is you specify a list of MAC addresses as 'reject' so they can never connect to the primary radio, and that way you force them onto the guest (assuming it doesnt have mac filtering enabled) - that assumed of course you know all the addresses in advance which is only practical where you own all the devices.

As you can see its making me feel sick thinking about it - I would have typically expected each primary and guest SSID to have its own discrete MAC filter 'on/off', 'reject/accept' and 'enable/disable' , but it doesn't. You have to play with the primary 'secure list' on the main SSID, and then choose whether you want that MAC security on the guest networks or not (you can have up to 3 guest networks on each band, and you can elect to have it on or off on each of the 3 guest networks independently)

-As a point of note, only the AC6x router is AC compatible (clue is in the name :) ) - so you'll be able to set that in 'N+AC' mode, but the N66U will only give you 'N only' as your best option (the actual options vary depending on what encryption you have so I'm assuming WPA2/AES). All of my devices are N capable (pretty much the same list as you iPhones 4s, 5's, iPad, Macbook, Sony TV etc) and I was expecting to have a few more AC capable devices by now ;-) On reflection I could probably have gotten away with a pair of N66U's but it doesnt hurt to be ready.

Unless you have anything you know isn't 'N' at least I would stick with N+AC on the AC6x, and N only on the N66U. Both with WPA2/AES.

As regards the channels you could try using a dedicated tool such as inssider so you can see which bands are busy in your area, or you could go for the ol' trial-and-error to see which gives you the best signal and throughput.

For the 2.4Ghz I always stick at 20Mhz, and I have one AP fixed on channel 6 and one fixed on 11 as the non-overlapping channels. the 5GHZ seems to be much more forgiving so you can pretty much take what 'auto' gives you as a starting point, but make sure that the 2 AP's run different fixed channels in the end to avoid confusion when roaming between the APs.
 
Last edited:
Thank you again for the awesome feedback!! Yesterday, I ended up purchasing the ASUS RT-AC68U for the house and the ASUS RT-N66U (Dark Knight) for the Garage, which is about 100 feet away. I plan on setting them up this Monday. Both will be hard-wired with a Gigabit connection straight into the LAN and will be in AP-only mode. Well this is the plan at least.

Not sure if I want them to have 2 different SSIDs or if they should be the same one.

I read on here that some clients tend to be 'sticky' and have a hard time auto switching to the closest AP.

Any suggestions?

BJ


Sent from my iPhone using Tapatalk
 
Please see my answer in the other thread.

(Also; please don't cross post your questions - makes it very confusing when I think I've answered and my response is not showing). :)
 
Asuswrt lets you set a minimal signal strength below which it will force disconnect a client. That would help forcing it to switch to a closer AP.
 
...will be connected via Cat6 to my SonicWALL TZ210, which is my Router/Firewall (I will be disabling the current 'Draft N' mode WiFi that I currently have running on the SonicWALL).
Hi,

Another thought around: "Why are you keeping your SonicWALL TZ210?"

Alll the special features from the SonicWALL can be replaced by the RT-AC68U (who has more then enough CPU power and memory):
  1. High-Speed Architecture That Won't Slow You Down
  2. Remote Access (VPN) That's Safe from Malware
  3. Modem Failover for Uninterrupted Network Access

Otherwise the RT-AC68U is just a waist of money (as I bet you have no AC devices)! :eek:

With kind regards
Joe :cool:
 
Just purchased an RT-AC68U - I have a DSL modem (192.168.1.0) that feeds a 16 port switch. Modem is providing DHCP. Switch feeds the RT-AC68U and other wired devices. RT-AC68U is in Access Point Mode. IP is 192.168.1.1 and it is static but is plugged into the DSL modem IP table by MAC address. I saw in this thread that the 68U's wired ports still function in AP mode. However, I cannot get them to work and I am on a chat now with Asus who is telling me the ports are inactive in AP mode. How can I use AP mode and use the wired ports?
 
Correct. That's the way it was set up with the DLink I replaced. Also, everything on the network works and interacts except the ethernet ports on the 68U. Do I need to change something there to get the ethernet ports to work? The devices plugged into the ports show up in the modem's client list - they just don't see the internet. But something else that seems strange to me - in the 68U's client list, wired devices show up that aren't even plugged into the 68U.
 
Need elementary instructions to Bridge ASUS RT-AC68U to RT-N66U via Cat 6 cable

I need help setting up my home network, and I have a similar set-up as described in this thread, but I don't know the networking language well enough to be able to understand it all. My wife and I both work from home and need wifi in two locations (office in main house and 2nd office in studio apartment next door). The modem is in the studio apartment, I have the ASUS RT-AC68U there. This is connected via Cat6 to an ASUS N66U in the main house (100' distance). The only AC user is a (June 2014) MacBook Pro used primarily in the studio. In not technical language, how should this system be configured to provide a single network to both locations. Currently they are showing as two separate wireless networks.
Background: The RT-N66U was originally the only router. I recently added the AC68U.
All help is appreciated.
 
Assuming one of the routers is setup in the AP mode (not assigning IP s using DHCP ) then you can use the same SSID S on both routers. How well it works depends on your clients. Roaming isn't a supported feature.

In your case if you don't need WiFi in the 100 feet between your routers, work on creating a dead zone by turning down one or both of the routers transmit power. That will force devices to connect to the router in the building where they are located not the weaker signal from the adjacent building. You won't have to turn down the 5Ghz radios as much as the 2,4The. You will probably find it works better if all your radios are on different channels.

Sent from my KFTT using Tapatalk
 
Assuming one of the routers is setup in the AP mode (not assigning IP s using DHCP ) then you can use the same SSID S on both routers. How well it works depends on your clients.
Just to emphasize what CaptainSTX just said, in your case the RT-AC68U which is connected to the modem should be in "router mode" and the RT-N66U should be in "access point mode".

Roaming isn't a supported feature.
That's not entirely true :) If you use the same wireless SSID on each of the routers, moving a mobile device (laptop, phone) between the studio and house should allow them to automatically re-connect to the strongest signal. As CaptainSTX implies it's not always that reliable, however there is a setting on the router (at Wireless > Professional > Roaming assistant) that allows you to set the threshold at which it will release it's connection to a client.
 
I tend to agree with JoeGreat: Leaving the SonicWall in place is a curious move to me. Especially if you're going to buy the AC68 which can do, from what I've read about that SonicWall model's capabilities, everything the SonicWall does and more. Also, the SonicWall is kind of dated at this point, so how does it handle IPv6 (which the AC68 does handle)? Doesn't Sonic Wall also require that you pay each year to renew your license? I mean it may be a great product, but if you're just running a SOHO network, do you really need it when the AC68 can do everything it can do without the on-going expense?

Personally, I'd want as few things between my client devices and my ISP's signal other than a good firewall, which the AC68 has. You already noted that you intend to turn off the wireless on the SonicWall, so why not just get rid of it completely. If you need more GigE ports, you can always buy an inexpensive switch and hang it off the AC68.

Also, if I were you, for the second device, rather than the N66U I'd get either an AC56U or an AC66U depending on the need for additional wireless range out in your office. You may not have the AC clients right now, but you're going to want to get them as you either replace clients or upgrade them (either through USB dongles or internal cards). Why not just make your network simple and easy, and implement it so that it's completely ready for using AC when you decide to switch over to new clients or upgrade, rather than having to buy yet another AC router later?

Is there some reason in particular that you want to keep a Draft-N router to feed newer and more advance routers that you're going to just set up as AP's?
 
Last edited:
@jegesq: You do realise that you are replying to a question that was asked 10 months ago? He's probably decided what he wants to do by now.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top