New Router Solutions

[heartl3ss21]

Hello everyone,

I'm looking for advice, so feel free to write your opinions on the matter.
I have been using the modem/router my ISP provides for a year now, which is a ZTE-H108N. It doesn't have any useful features, even when logged in as a root user. Apart from this, the line is really unstable, a lot of drops happen frequently and the connections seem slow. Wifi is also horrible.

So, since I'm starting to learn stuff on networking in general as a new exciting hobby, I have thought of a few solutions.

1) Buy a dedicated router, turn the ISP's device into bridge mode, disable DHCP and plug in an Access point.
Devices I'm considering for the purpose of customization and learn a lot about routing in the process. Both devices cost around 50€.
1a. Buy a Ubiquiti ER-X, which is a good one to start learning and will improve greatly my networks routing and QoS
1b. Buy an affordable Mikrotik Router like the hex RB750gr3, which is a lot more customizable and is a more popular router platform compared to the Ubiquiti, has slower hardware and doesn't have a PoE port for my access point.

2) Buy a combined third party Modem/Router from the popular brands like Asus,Fritz!box etc and use it as one device. In the worst case the wireless is not enough on it, I can also plug an AP. Usually those devices cost around 150€, so it's an expensive option.

3) Switch my ISP's device into modem only mode and use an old TL-WR2543ND which runs on DD-WRT as the network's router. This is the only free solution in which I won't have to spend any money.

Thanks a lot in advance.
Have a great day!

 

[L&LD]

1) You don't want to do this option.

Do not plug in an AP into a modem/router in Bridged mode.

1a. to 2) Don't buy devices that you may soon outgrow or find redundant.

3) Start here and experiment with it fully to get the base knowledge you need, come and ask questions as needed.


When you are ready to buy something, buy a complete system and knowing what the total cost will be.

Starting with random bits and pieces is a good way to look back in a few weeks or months and say 'how did I spend so much'!

Start with what you have and build on it or expand as you need.

Have a great weekend!

 

[coxhaus]

+1 No reason not to start with the free version. You might want to make sure you have the latest firmware version as there were hacks last year before you install the router.

 

[heartl3ss21]

1) You don't want to do this option.

Do not plug in an AP into a modem/router in Bridged mode.

1a. to 2) Don't buy devices that you may soon outgrow or find redundant.

3) Start here and experiment with it fully to get the base knowledge you need, come and ask questions as needed.


When you are ready to buy something, buy a complete system and knowing what the total cost will be.

Starting with random bits and pieces is a good way to look back in a few weeks or months and say 'how did I spend so much'!

Start with what you have and build on it or expand as you need.

Have a great weekend!

Sorry, I can clearly tell I messed up explaining my plan. I meant something like this -> ISP Modem (Bridge) connected with the new Router (ER-X or Mikrotik) connected with a gigabit (switch,unmanaged, optional) connected with an Access Point.

Also, I understand what you mean about redundant hardware, though I would be willing to buy something this cheap in order to gain some experience and start learning.

Furthermore, I forgot to add that I am sharing my Wi-Fi with my neighbours for free. However, since we are all on the same network (yes i know its not safe, but they are not too tech savy) they often cast the Youtube videos they watch on my Smart TV by mistake, which turns on the TV on random hours (yes also late at night) or launch Youtube when I am playing a game or watching Netflix, which is annoying. Also, they watch a lot of youtube and download movies which hurts my overall experience.
Therefore, I would like something that allows me to create two VLANS (seperate networks right?) that will allow me to have all my devices on one and the neighbors can use the second one. I would also need to create two Wi-Fi networks with different SSID (maybe one Hidden for my own use). Then, I would somehow limit the bandwidth on the vlan I share with them, so they won't abuse it and give priority to my own VLAN.

Hope things are more clear now.
Thanks!

 

[L&LD]

Sorry, I can clearly tell I messed up explaining my plan. I meant something like this -> ISP Modem (Bridge) connected with the new Router (ER-X or Mikrotik) connected with a gigabit (switch,unmanaged, optional) connected with an Access Point.

Also, I understand what you mean about redundant hardware, though I would be willing to buy something this cheap in order to gain some experience and start learning.

Furthermore, I forgot to add that I am sharing my Wi-Fi with my neighbours for free. However, since we are all on the same network (yes i know its not safe, but they are not too tech savy) they often cast the Youtube videos they watch on my Smart TV by mistake, which turns on the TV on random hours (yes also late at night) or launch Youtube when I am playing a game or watching Netflix, which is annoying. Also, they watch a lot of youtube and download movies which hurts my overall experience.
Therefore, I would like something that allows me to create two VLANS (seperate networks right?) that will allow me to have all my devices on one and the neighbors can use the second one. I would also need to create two Wi-Fi networks with different SSID (maybe one Hidden for my own use). Then, I would somehow limit the bandwidth on the vlan I share with them, so they won't abuse it and give priority to my own VLAN.

Hope things are more clear now.
Thanks!

My answer above doesn't change in essence from what I already gave, even with this new information.

Of course, it obviously changes my answer 1).

What you want to do I would accomplish with a currently supported RMerlin powered router, a spare USB drive and, amtm + the @Jack Yaz YazFi script.

The first rule; do not recreate an already built wheel, stand on the shoulders of those before you.

The second rule; communicate your needs first, not what you may think your end goals are, particularly when you are in learning mode.

As for the Smart TV issue, there must be a setting for that to disable automatic connections.

For the issue of them watching a lot of youtube? That is the sharing part, right?

What is your ISP connection at your home? Can it reasonably support two or more video streams? If not, then the only solution is to stop the sharing. No amount of tweaking or configuration will fix this type of deficit.

If there is enough bandwidth available for two or more video streams, then any of your options can work, including what I've suggested here too.

What you're comfortable to spend euros on and also your time is up to you. I know I wouldn't go down that route (the dedicated, wired-only routers that have a learning curve with little documentation or support, except online) with the key details I know about your situation right now.

If the points learned along the way are worth it to you, go for it!

If you just want a solution to your current issues as described above, there are simpler and more direct ways to get there.

 

[Trip]

With a ZTE-H108N in your possession, I'm assuming you have ADSL2+ from Cosmote, Forthnet, Hellas or Vodafone? That would mean either 24 Mb/s or 12 Mb/s internet speed?

First off, to keep support from the ISP for issues that they can/will troubleshoot at your drop (at least here in the USA), generally you have to keep their modem in-play, so I would continue to use it for the base connection, the bridge it as just a modem with all other services turned off, and run PPPoE authentication on whatever router you start using, be it your AIO running DD-WRT or an ER-X/HeX.

I'd also agree that you want to run a separate SSID just for neighbors to use, then map that to a specific VLAN, down-prioritize and bandwidth-limit the traffic on both the AP (if possible) and the router (if possible). Activate fq_codel/cake on the router for the appropriate up/download, and you should be good to go. Also, I wouldn't bother trying to hide your private SSID; just make sure it has a strong-enough password that only you know. I find hidden SSIDs cause more trouble than benefit, as a lot of clients/OS's have trouble recognizing and/or keeping connected to the broadcasts. Not worth the trouble, IMHO.

Also, if you're going to introduce a discrete switch and you're intending to propagate VLANs, you at least a web-managed L2 "smart" switch with 802.11Q support. Web-managed models aren't that much more costly, at least not in the SOHO segment (TP-Link/Netgear, etc.).

(P.S. Curious as to the progress on the apartment building.)

 

[heartl3ss21]

Thank you guys so much for the info.

To be honest, I can't say I am any less confused right now compared to before. Probably more lol
@L&LD I guess you are right, but that's the point of technology. To use it in order to create ideal solutions for each of our problems, instead of compromising. That's why I was so specific.
If doing a bit of studying can allow me to achieve what I want with the stuff I have, I am absolutely ok with it. That's why I don't think that just taking away my neighbors Wi-Fi is something I would compromise for, even if my ISP connection is slow, since I have all necessary tools to make adjustments and plenty of free time
The issue with the TV, I tried to fix a lot of times, however it's not a TV setting but a Youtube app setting, which doesn't offer specific devices to connect through the network. Either all or none. And since I use the casting feature too, this is why I would like to seperate the network in two parts.

@Trip you are absolutely right. My provider is Forthnet at 24Mbps. I dont think I absolutely need to keep the ISP provided modem. The ISPs here in Greece also provide official support for some AVM modem/routers and offer full VOIP functionalities as well. But I know plenty of people that have altogether ditched the ZTE and replaced it with something else like Asus, TP-Link Archer or whatever has a built-in modem.
I agree about the hidden network, I might as well indeed use a really strong password and have a peace of mind.
Do I really need a managed switch? I do not have so many wired only devices or ports needed in general to demand it, but since I have it lying around the desk, I thought I might as well use it. I do not intend to use different VLANs for each port of the switch, since only devices from my home connected to it, they might as well be part of the admin vlan.
Also, about the thing you mentioned on limiting the traffic on both the AP and router, does this mean that I am throttling also my own VLANs bandwidth or I can choose to do that at the neighbors VLAN only?
For now I am struggling to add the DD WRT into the mix as when I connect it to the modem, all connections stop working. Could you elaborate on which services I need to deactivate for my ZTE, for it to become a modem only device? So far I know I should turn it to bridge mode, disable DHCP, plug one LAN port of the modem to the WAN port of the router, use PPPoE username and passwords of my provider in the router and it should work right? Correct me if I am wrong please!

Thanks a lot and have a great day!

PS: I'm surprised you remembered from my username that I have another ongoing project. Actually that thread is what excited me to start learning about networking as a hobby, so I thank everyone that participated in there. The apartment building project is advancing smoothly, I have made the request for the ISP connection, which once is active, I can find out if the nearby node supports VDSL up to 50 Mbps (they told me I need a nearby phone number for them to check if it's supported, but since nobody lives there my only option was to wait for my own DSL line to be active). If not supported, I might add another DSL 24Mbps line, which I have no clue on how to implement. There must be a way to share the badnwidth of each connection equally throughout the Wi-Fi of the building. Maybe each access point should be connected to each ISP connection? I also bought some CPE210 to make the first test when the line is active. I have already installed the poles as high as I could and I need one of those days to grab cat6 cable and run it through the front of the building so everything will be ready. I also want to order the router soon, but I am still not exactly sure which one to get for my needs.

PS2: Since you introduced that "unicorn dust" rj11 modem cable in the other thread I have been desparately looking for it. Unfortunately, I can't seem to find the same one or something of similar quality in Europe, to minimize shipping costs and avoid custom fees. Some ebay sellers can ship it to me but it's basically not worth it since the shortest cable go for around 7 euros + 23 euros shipping + any additional custom fees. Any help here? From my understanding I need to find shielded rj11 cable and it needs to be as short as possible to achieve best results. My modem is very close to the ISP plug, so I guess this will help a lot my connection. Should I just grab an STP cat6 panduit cable and crimp it myself with RJ11 on the blue + white-blue cables? Is it going to be the same?

 

[Trip]

Got it. I would run the Forthnet ZTE unit in bridged mode. That should disable all packet manipulation by turning off: NAT, Firewall, DNS and DHCP -- those are the big four. Then run a Cat6 cable from one of the four LAN ports on the ZTE to the WAN port of the router. If you'll be wiring in additional VLAN-capable APs, they should be connected to built-in switch on the router, with VLANs configured properly on both the APs and in DD-WRT. From there, you can fill the rest of the router ports with any other wired devices you have, and if you need more ports, you can certainly use an unmanaged switch (connected to the last open LAN port on the DD-WRT router), as long as all the devices are permissible being on your default private VLAN. If not, you'll need a managed switch for segmentation.

Re- DD-WRT struggles, most likely the ZTE may still have services running on it, although, like I said, it really shouldn't if it's fully and properly bridged; otherwise, DD-WRT may be mis-configured, or have bugs. I know the last time I used DD-WRT I was miffed at how buggy it was overall, with memory leaks, broken features, unreliable features, etc. especially from sub-version to sub-version, which would fix certain things, while breaking others. I absolutely couldn't have that in any of my networks, personal or professional, so I walked away from it. That was in 2013-14 I believe. That said, I think there have been several forks, such as Kong, that have proved much more stable, or perhaps you know of even a better fork for your hardware. Assuming it's not bug-related, it's most likely a mis-config.

Re- the housing wifi project, good to hear. I would make a point of returning to that thread with any further updates/questions, so we can keep each of these threads on-track.

For the RJ-11 cable, at least you've found a way to get one. I would first try your service as-is, and if it's stable enough, I would probably just go without it.

 

[heartl3ss21]

Got it. I would run the Forthnet ZTE unit in bridged mode. That should disable all packet manipulation by turning off: NAT, Firewall, DNS and DHCP -- those are the big four. Then run a Cat6 cable from one of the four LAN ports on the ZTE to the WAN port of the router. If you'll be wiring in additional VLAN-capable APs, they should be connected to built-in switch on the router, with VLANs configured properly on both the APs and in DD-WRT. From there, you can fill the rest of the router ports with any other wired devices you have, and if you need more ports, you can certainly use an unmanaged switch (connected to the last open LAN port on the DD-WRT router), as long as all the devices are permissible being on your default private VLAN. If not, you'll need a managed switch for segmentation.

Re- DD-WRT struggles, most likely the ZTE may still have services running on it, although, like I said, it really shouldn't if it's fully and properly bridged; otherwise, DD-WRT may be mis-configured, or have bugs. I know the last time I used DD-WRT I was miffed at how buggy it was overall, with memory leaks, broken features, unreliable features, etc. especially from sub-version to sub-version, which would fix certain things, while breaking others. I absolutely couldn't have that in any of my networks, personal or professional, so I walked away from it. That was in 2013-14 I believe. That said, I think there have been several forks, such as Kong, that have proved much more stable, or perhaps you know of even a better fork for your hardware. Assuming it's not bug-related, it's most likely a mis-config.

Re- the housing wifi project, good to hear. I would make a point of returning to that thread with any further updates/questions, so we can keep each of these threads on-track.

For the RJ-11 cable, at least you've found a way to get one. I would first try your service as-is, and if it's stable enough, I would probably just go without it.

Would you suggest switching the custom firmware on the router from DD-WRT to something else like OpenWrt (which I know might be harder for me to configure), Tomato, Gargoyle etc.?
Just to let you know, the AP I will be using is a ruckus H510 I found for really cheap on ebay. Should be good enough right?

 

[Trip]

Actually, yes, other firmware might be worth considering.

A few years ago, I would have likely pointed you to Tomato most of the time, as it was much more often updated by Shibby, and was miles ahead of some other firmwares (namely DD-WRT) on stability. But in the last year or two, development seems to be slowing down a bit, so I'm a bit unsure. I do like AdvancedTomato, which has a much nicer GUI wrapper on top of Tomato, but I don't believe that dev makes a firmware package for any of the TP-Link WR series...

Gargoyle is basically a simplified OpenWRT, with a bit extra spit and polish to make sure it works on the supported hardware (mostly QCA-based). That said, due to its simplicity, I'm not sure it offers enough (or any) control over multiple VLANs. You'll have to confirm. If so, then Gargoyle could be a great K.I.S.S. option, for sure.

OpenWRT itself shouldn't be that hard to configure, for as long as you can get past some of the initial command line (usually outlined well enough in their wiki, forums, blog posts, etc.), you can load and activate LUCI, the web GUI, and away you can go from there. From that point, it's about as flexible and modular as pfSense/OPNSense, ie. downloading specific packages to extended functionality.

So I would either try to find a sub-version and/or fork of DD-WRT which has been proven stable on the TL-WR2543ND, or jump over to vanilla OpenWRT (latest version) with LUCI loaded up.

 

[coxhaus]

Here is the best site I have seen for Tomato.

https://www.linksysinfo.org/index.php?forums/tomato-firmware.33/

 

[Klueless]

On one hand the OP sounds more advanced than me and, as much of the conversation is already over my head, I'm a little intimidated to even respond. But, since it's all anonymous fun ... what the heck : -)

First off I'd be interested in knowing your service speeds. If it's less than say 10 x 1 Mbps I'd cut off your neighbor's access. If it's around say 100 x 10 Mbps I'd tell them what beers and bourbons I prefer.

Second it sounded like (somewhere) you were skeptical that you were getting what you're paying for. When no one else is using the network (3 AM?) connect directly to Ethernet and run some speed tests.

• Try similar during peak times (but, again, when no one else is on your network). Sometimes an ISP will oversubscribe such that you get good service in the wee hours but not so much when the city wakes.

Someone else suggested keeping the ISP's modem. I agree. If an ISP can't resolve a problem quickly they will often blame the user. If you keep their modem you have a much better chance of proving it when it's their problem.

Ask the provider to swap out their combo modem/router with a modem. (Around here that change would reduce your monthly by a few dollars.) If they won't then ask them to "bridge it" (as you already mentioned) which, effectively, turns it into a modem.

Just so we're all on the same page a modem simply delivers one Ethernet port and a single IP address to you. It is the router, through the magic of DHCP and NAT, that turns your service into a multiplicity of Ethernet ports and IP addresses. Even better most home routers already include "wireless".

VLANS are good but let's walk through a simple implementation using a basic Asus wireless router. I picked Asus because I like their built-in traffic monitor. Could be very useful if you're sharing with neighbors.

• Plug it into your modem.
• Ethernet ports - they're all yours!
• Set up SSIDs with passwords for you ... and only you.
• Set up guest SSIDs (with passwords) for your neighbor.
  • Set intranet access to disabled. This means your neighbor cannot see your stuff, just the Internet (just like a VLAN).
  • If you've (s)low speed service then set a "bandwidth" limiter for guest thus guaranteeing there's always something for you.
  • You could, if needed, also set up QoS rules that favor you.

A reasonable Asus solution should cost around $100 to $150 US and should take around seven minutes to setup. You can get an idea of what the user interfaces look like ==> here or here (click on "enable" to see some of the options I talked about).

PS You're probably already familiar with the term "dual band" and that 2.4 GHz goes further while 5 GHz goes faster. I don't know how far your neighbor is but if he's on the edge of the 5 GHz signal he could compromise your performance. Google "WiFi analyzers". If he is on the edge perhaps you only want to enable 2.4 GHz access for him?