Router Suggestion

[Jesse B]

Howdy all,

I'm [possibly] in the market for a new router. Originally, I was planning on just running m0n0wall on an Alix board I have sitting around. I'm not against this, just exploring my options.

Basically, as far as features go, the must-haves are VPN, QoS and VLAN support. There will only ever been a maximum of 1 VPN connection. I am looking for a fun toy however, and I do want something I can learn on and play around with. I'm no networking expert, but I'd say I have above-average knowledge.

I originally saw the Ubiquiti EdgeRouter Lite, but have been told by others it's not really suited for home use. The RB2011UAS-2HnD-IN looks interesting as well, and the integrated WiFi is neat, but I've heard mixed reviews about it, and don't know much about RouterOS.

I'm just looking for suggestions in the $100-$150 range. If my best option right now would just to be sticking with the Alix/m0n0wall, so be it.

Thanks,


- Jesse

 

[thiggins]

If you are willing to consider m0n0wall, you might want to spend $99 for the Ubiquti. Plenty to mess around with there.

 

[coxhaus]

The Ubiquiti EdgeRouter Lite will give you higher download speeds than m0n0wall on a Alix board. M0n0wall on an Alix board will only support about 50mbit, maybe a little more. I don’t know what your internet download speed is but m0n0wall loaded on an Alix board would be limited for today's download speeds.

 

[Jesse B]

Thanks for the input guys. Think I'm gonna order one of the Ubiquitis. Got some reading to do

 

[Jesse B]

Bit the bullet today and bought one. Should be here in under a week

 

[Jesse B]

New toy is here

 

[coxhaus]

Very nice. This is probably what I would try if I got a Google gig connection. Not many devices out there for gig connections. It means learning another command language though.

 

[Jesse B]

Very nice. This is probably what I would try if I got a Google gig connection. Not many devices out there for gig connections. It means learning another command language though.

It's my first "real" router, so I'm just looking forward to playing around with it No time tonight unfortunately, hopefully get to take a whack at it this weekend.

 

[Jesse B]

Started playing around with this thing a little bit tonight. Just got the basic configuration done, based heavily on the config posted here (thanks thiggins! ).

I'm liking it so far. Mostly just been playing around with the GUI-based stuff, familiarizing myself with the firmware. Once I get a bit more time I'm gonna start digging into the CLI stuff. Overall, great little unit so far.

 

[Fraoch]

My problem with it is - once you got it configured to your liking, there's nothing else to play with because it's extremely stable.

I started out with the bridged connection and didn't use the bridged port, but once I learned that bridged connections are not hardware-accelerated (in the current firmware version at least) I removed the bridged port configuration and am only running one port in and one out.

I recently started using SNMP with it and graphing router statistics using MRTG on my Linux PC, but that's just a simple click on the GUI.

I also have a modified hosts file which performs ad blocking for all clients. It would be nice to have a self-updating file which pulls from several sites using the Debian package hosted here but that's pretty complicated and not really intended for such a device - I'm worried it will impact performance.

I wish there were more home users on the Ubiquiti forums - most are WISPs and they're using a lot of features a home user doesn't need. They also assume you have a high level of networking knowledge although I must say the Ubiquiti employees that frequent the forums are extremely helpful and patient.

 

[Jesse B]

My problem with it is - once you got it configured to your liking, there's nothing else to play with because it's extremely stable.

I can live with this; at the end of the day, stability is what I'm looking for. I have plenty of other toys to play with after I grow bored with this anyways

I've set up about as much as I can without actually deploying it. I'm moving at the end of the month, so I don't see much point completely re-configuring my network for two weeks. Once I move I'll put it into production

Should be usable at this point, just have a bunch more features I'm wanting to enable/configure still. Gonna play around with different setups of subnets/VLANs for segregating wireless ("public") and wired (my toys). Also want to set up VPN (just to play around mostly) and play with the Firewall settings and QoS some more.

Overall, from what I've seen so far, wonderful unit. Very happy with this purchase.

 

[Fraoch]

I can live with this; at the end of the day, stability is what I'm looking for. I have plenty of other toys to play with after I grow bored with this anyways

Oh me too - a router isn't really for experimentation.

Fortunately if you do break it, recovering is easy - just reset it and reload a saved config file. You're back in 2 minutes.

 

[Jesse B]

Oh me too - a router isn't really for experimentation.

Fortunately if you do break it, recovering is easy - just reset it and reload a saved config file. You're back in 2 minutes.

I do quite like that feature. I have a tendency of getting a bit too, er, adventurous sometimes

Question while I'm here. I don't think it's possible, but I'm far from an expert. Say I have two Subnets (or VLAN's, whichever works), N1 and N2. Is it possible to have N1 inaccessible by N2, except by certain IP's/MAC Addresses? I was planning on separating the wired and wireless traffic, but still wanted access to the wired traffic from my laptop. Just curious if this is possible.

 

[Fraoch]

Question while I'm here. I don't think it's possible, but I'm far from an expert. Say I have two Subnets (or VLAN's, whichever works), N1 and N2. Is it possible to have N1 inaccessible by N2, except by certain IP's/MAC Addresses? I was planning on separating the wired and wireless traffic, but still wanted access to the wired traffic from my laptop. Just curious if this is possible.

I'm no expert either...it might be possible, but access between subnets would probably be an all-or-nothing arrangement. I'm not sure if you could single out one IP.

This is definitely something to post in the Ubiquiti forums. I have yet to see a question go unanswered.

 

[coxhaus]

I do quite like that feature. I have a tendency of getting a bit too, er, adventurous sometimes

Question while I'm here. I don't think it's possible, but I'm far from an expert. Say I have two Subnets (or VLAN's, whichever works), N1 and N2. Is it possible to have N1 inaccessible by N2, except by certain IP's/MAC Addresses? I was planning on separating the wired and wireless traffic, but still wanted access to the wired traffic from my laptop. Just curious if this is possible.

My guess would be you setup routing between vlans and then create firewall rule sets to allow and deny IP addresses between the vlans.

 

[Jesse B]

My guess would be you setup routing between vlans and then create firewall rule sets to allow and deny IP addresses between the vlans.

Hmm, I'll try that when I get home. If that doesn't work I'll head over to the Ubiquiti forums. I'll check back in tonight.

 

[coxhaus]

I would think if you want to default to a guess style account where people do not have access unless specially assigned. I would use a class C for the DHCP scope addresses and assign a smaller mask such as a 224 or 248 mask for a permit. This would keep from creating a permit for each and every IP address and consolidate the permit statements for faster speed. Assign the permit either on the upper end or lower end opposite of what the DHCP goes up or down when assigning IP addresses. Then just create a deny all for vlan access.