Which router model I should buy to use in my office

[L&LD]

This is what my gut tells me about the op's network from the few details he's provided.

And why I have already suggested an RT-AC86U back in post 8.

There are between 3 and 10 people normally on the network with up to 15 devices.

When occasionally 50 devices are present, the existing networking equipment chokes. I am guessing about 30 people are using the network when this happens.

If up to 32 people are using a single band of the WiFi router, this should be within easy reach of a consumer/prosumer router like an RT-AC86U. If more people are connected and actively using the network, if they're able to be split between the 2.4GHz band and the 5GHz band, that would also be a possible solution here (with the existing and/or the new router too).

Even with a weekly meeting of up to 60 people in this space, an enterprise solution would be overkill not only in capabilities but also in cost and ongoing maintenance.

The RT-AC86U + RMerlin + amtm + appropriate scripts will give them the capabilities and the stability they require today at the budget they can afford. (This is also what I find to be the case for many of my small business customers too).

If the budget is able to be increased to enterprise levels, great. The network will perform at a higher level.

But it won't be earth-shatteringly different compared to the RT-AC86U option for the small business setup my gut tells me this company currently is.

 

[Val D.]

260P: NAT 800Mb/s, IPSec 75Mb/s and 8-port LAN, 4 with 60W total PoE+. Released 10/2018.

@Trip, do you have any experience with 260W model? What I usually see is racks with servers, routers, switches, etc. standard setup most companies have. Never seen one of those with integrated WiFi in action. @aavvtomjerry may get one of those and upgrade with APs later as needed. No PoE on it, but it's fixable. May be a good starting AIO point and fits the budget, instead of playing with another temporary solution consumer products.

 

[CrystalLattice]

Dear all

May I ask for your help?

My company needs to but the new router to use in our office. Our staff have around 50 devices maximum but normally around 10-15 devices daily. Our current router always has problems. It frequently lost 5Ghz and router frequently freeze. We have to go to restart from time to time. Sometimes, we have training in our office and a lot of people use the network. We cannot do anything on the current router at all. My company decides to buy a new router for next year's budget. We are a small company and have no IT staff. So I have to do this to help fix the problem.

I decide to buy the Asus Router that I have a long experience with them for more than 10 years on different models. It will be easy for me to configuration and troubleshooting the new router. The budget around 300 USD.

May anyone can help to select the model of the Asus router that fit for the requirement above.

Thank you.

OMG, good old american ingenuity strikes. Bring your home AC-86U into work, as a test. If you like it there, leave it there, or get another one, or get yourself a better one at home. Let the accountant deal with the tax issues.

Altho(sic) I love my 1. any old openwrt router 2. two ruckus r510 access points, with ruckus 12 port poe(power over ethernet wires) switch(not really necessary, can use power injectors. Use ruckus "unleashed" app to create and manage wireless network. Lock solid wifi everywhere, and openwrt router can be made even more secure with a few tweaks.

It's like the russian character in the first chris pine star trek movie says," I am invincible," then the missile strikes him! [yeah, right, with NY accent]

 

[Trip]

@Val D. - I haven't personally deployed the 260W, for much the same reasons; I'm usually dealing with wired-only firewalls/gateways and discrete wifi gear (Ruckus, Aruba, etc.). It does look decent for $260-ish, though, mostly because it's somewhat hard to find to similar value in the space... Zyxel, DrayTek, etc. are there but won't really be any cheaper, or even better, depending on what you're judging. For example, ZyXel VPN__ or USG__ models in my experience can be a bit buggy, and they're also somewhat low on throughput per dollar right now. Then you've got the UTM/NGFW vendors like Fortinet, Watchguard, or pre-built Untangle/pfSense vendors (Untangle direct, Netgate, NexGen, etc.) but again, much of that stuff is wire-only, and definitely no cheaper for the basics (you're buying for the security piece and/or the software extensibility).

Re- OpenWRT on commodity gear, Mikrotik RouterOS and/or Ubiquiti Edge stuff, I'm usually a fan of most of it, as it usually offers way better bang for the buck, but turn-key with direct support bundled it is definitely not, so unless the admin is plenty aware, experienced/skilled and asking for it, I usually shy away in recommendations. It is sweet software for such minimal investment, though (ie. free in most cases).

@CrystalLattice - I roll Ruckus at home as well, and their stuff just kills it for sure. I haven't even gone AC yet (don't need the bandwidth or the airtime optimization, for now); two 7982's and an outdoor 7782, which gives me wifi almost two blocks over when I'm out for a walk, lol!

 

[CrystalLattice]

@Trip I have no idea why people continuously bad mouth openwrt. You put it on, you wake it up, it asks you to set a password, bang it's routing, without further ado. No reboots. It is the software underlying most home/office routers today; the manufacturers use it, or its concepts.

I use it as a firewall at home, and use the name brand router, namely Asus, as an access point only. It makes me pretty secure. Zero problems. At the office I use Openwrt as a commercial firewall, with 2 AP's as described above. I wouldn't appear naked to the internet just using asus, netgear, d-link, tp-link, merlin, etc. directly. Cisco is ripe with CVE documented security problems, which they slowly fix.

I don't use pfsense/opnsense/ddwrt/firewalla/etc. due to what the main man of computing, security, and routing, Jim Salter, published in arstechnica in the diy router series. I suggest poring over his articles to find out how horrible what you are using really is. Incidentally the KONG mentioned in the articles as a ddwrt builder is now an openwrt builder.

Also, openwrt is not as good as home brewed linux, or edgerouter pro blade(vyatta) in throughput "purity," or successful downloads. But it's free, with zero work, on a $10 used or $50 new router.

 

[Val D.]

I have no idea why people continuously bad mouth openwrt.

It's not that, just OpenWrt is not that popular, known, allowed if you like in enterprise environment. We can do whatever we want at home or in our own office, but we have to follow specific guidelines when working on someone else's network. This is what @Trip is referring to, I believe. Standard commercially available solutions are easier to support and most admins just stick to what they know and what is easy. In larger projects often you have no choice. I had a case with a failed server and I found how to fix it, but because it was an IBM project the answer I received was "not approved procedure", so we had to wait for 9 hours for someone to make a decision and come back with a very similar solution, but this time "approved". In short, it all depends who's responsible for the support. I'm sure you've been in a situation when a drive fails, for example, a standard WD/SG model XXX drive you can buy from every computer store, but you can't do nothing before a special box with Certified Genuine Authentic etc. HP/Dell Part No. XXX arrives on site (and 5-10 times more expensive, of course).

 

[Trip]

Indeed. I'll definitely have to read more of Jim Salter's articles on the various firewall/routing distros.

 

[coxhaus]

I think turn key firewall software is best. I would never program or add scripts to a firewall software unless it was tested very thoroughly. Your internet connection is nothing to fool around with. Your firewall is your network protection.

 

[coxhaus]

Maybe a mon and pop store but it would not be my choice where you run only 1 network with everything in it. How do you segment off POS? How do you segment off mobile phones for customers for staff? I think you are asking for trouble?

 

[CrystalLattice]

ASUS proof of security vulnerabilities: https://www.cvedetails.com/vulnerability-list.php?vendor_id=3447&product_id=0&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=77&sha=1246a655228426974d68bcfe7fe98d09ed0e10ca

CISCO proof of security vulnerabilities: https://www.cvedetails.com/vulnerability-list/vendor_id-16/product_id-19/year-2019/Cisco-IOS.html

you really want to expose yourself to the cold, brutal internet with this stuff? Versus:

OPENWRT proof of security vulnerabilities: https://www.cvedetails.com/vulnerab...&sha=7f4a013a773f2999d7344963c7478757268308e7

also, just don't use a merlin, voxel, or kong build of anything. They, or a hacker, can embed nasty stuff into the code at any point.

 

[CrystalLattice]

I think turn key firewall software is best. I would never program or add scripts to a firewall software unless it was tested very thoroughly. Your internet connection is nothing to fool around with. Your firewall is your network protection.

There's no scripts or coding to what I propose. Why is the IT world, running mostly Cisco and Juniper, being invaded by hackers, viruses, and malware on an hourly basis? Join the opensource world in 2019 or 2020. It's a much better existence, without all the hassle of high priced junk that doesn't work at all !!!

 

[ColinTaylor]

OPENWRT proof of security vulnerabilities: https://www.cvedetails.com/vulnerab...&sha=7f4a013a773f2999d7344963c7478757268308e7

Your constant trolling about OpenWRT is getting tedious.

The links you posted above are misleading because they are not comparing similar things. Asus and Cisco write their own proprietary code and therefore are responsible for fixing it. OpenWRT on the other hand mostly relies on open source projects from other people so they don't get a CVE logged in OpenWRT's name.

If OpenWRT is so wonderful how come the current stable release fixed 55 CVE's?
https://openwrt.org/releases/18.06/changelog-18.06.5#security_fixes

CVE-2017-16808
CVE-2018-10103
CVE-2018-10105
CVE-2018-14461
CVE-2018-14462
CVE-2018-14463
CVE-2018-14464
CVE-2018-14465
CVE-2018-14466
CVE-2018-14467
CVE-2018-14468
CVE-2018-14469
CVE-2018-14470
CVE-2018-14879
CVE-2018-14880
CVE-2018-14881
CVE-2018-14882
CVE-2018-16227
CVE-2018-16228
CVE-2018-16229
CVE-2018-16230
CVE-2018-16300
CVE-2018-16301
CVE-2018-16451
CVE-2018-16452
CVE-2018-16870
CVE-2018-1000156
CVE-2019-1547
CVE-2019-1549
CVE-2019-1563
CVE-2019-3846
CVE-2019-3900
CVE-2019-5101
CVE-2019-5102
CVE-2019-10207
CVE-2019-11360
CVE-2019-12900
CVE-2019-13628
CVE-2019-13636
CVE-2019-13638
CVE-2019-13648
CVE-2019-14697
CVE-2019-14814
CVE-2019-14815
CVE-2019-14816
CVE-2019-14821
CVE-2019-15030
CVE-2019-15161
CVE-2019-15162
CVE-2019-15163
CVE-2019-15164
CVE-2019-15165
CVE-2019-15166
CVE-2019-15167
CVE-2019-16275

 

[CrystalLattice]

Your constant trolling about OpenWRT is getting tedious.

The links you posted above are misleading because they are not comparing the similar things. Asus and Cisco write their own proprietary code and therefore are responsible for fixing it. OpenWRT on the other hand mostly relies on open source projects from other people so they don't get a CVE logged in OpenWRT's name.

If OpenWRT is so wonderful how come the current stable release fixed these CVE's?
https://openwrt.org/releases/18.06/changelog-18.06.5#security_fixes

Your constant put down of open-source firmware is beyond verbose. I listed to openwrt cve's. Old IT guys like old crutches

 

[Val D.]

also, just don't use a merlin, voxel, or kong build of anything. They, or a hacker, can embed nasty stuff into the code at any point.

Yes, especially @RMerlin is the worst. He embeds really nasty stuff into Asuswrt firmware. And never tells what it is.

P.S. I got hacked 3 times trying to reply here in this thread. Asuswrt-Merlin firmware... I know why now. Thank you!

 

[aavvtomjerry]

Dear all....Follow up your recommendation. I ask my company to find the outsource company to set up. Finally we decide to go with
UAP-AC-PRO
https://www.ui.com/unifi/unifi-ap-ac-pro/

Thank for your guide.

 

[Val D.]

UniFi UAP-AC-PRO is an Access Point. What does the routing/switching? Did you go full UniFi system?