[SOLVED] is my proposed "hybrid" wireless/wired setup plan sensible?

[Megunticook]

Would appreciate hearing any feedback or advice from some of you experts before I commit to my plan for a "hybrid" home network that has both ethernet ports and wireless.

When I built my home in 2002 I installed CAT5e throughout the home with wall ports in most rooms. Setup looks like this:

WAN via Spectrum coaxial --> Netgear CM500 cable modem --> Netgear FVS318gv2 VPN Firewall --> CAT5e wiring --> devices

I realize some of this gear is getting a little gray in the hair but it's working great (occasional DNS issues after power outages, usually solved by shutting down modem for a few minutes to release IP then restarting).

Now my son is doing remote school and needs a wireless signal for a school-issued device without an ethernet port (iPad). I tried using the Windows 10 hotspot feature on several computers in the home but it's not reliable (drops signal intermittently, shuts down, etc. -- I troubleshooted it to no avail. So I figured no problem, I'll install a wireless router to supplement the hard-wired network already in place. I picked up an Asus RT-AC66U Dual-band Wireless-AC1750 Gigabit Router.

My wife and I would prefer not to have the wifi activated 24/7 (several reasons), so I will schedule the Asus to only run during school hours.

I'm thinking I should convert the Asus to an Access Point and plug it into one of the CAT5 ports.

Is that the best solution? Or should I replace the older Netgear router with the Asus, which has 4 ethernet LAN ports on it? Then maybe the Asus could run both wired and wireless, with the wireless side on a schedule.

What would you advise here in terms of best security, performance, and reliability? (FYI we live in a rural location 900 feet off the town road so wireless security not really an issue).

Thanks for any input.

 

[kanewolf]

Would appreciate hearing any feedback or advice from some of you experts before I commit to my plan for a "hybrid" home network that has both ethernet ports and wireless.

When I built my home in 2002 I installed CAT5e throughout the home with wall ports in most rooms. Setup looks like this:

WAN via Spectrum coaxial --> Netgear CM500 cable modem --> Netgear FVS318gv2 VPN Firewall --> CAT5e wiring --> devices

I realize some of this gear is getting a little gray in the hair but it's working great (occasional DNS issues after power outages, usually solved by shutting down modem for a few minutes to release IP then restarting).

Now my son is doing remote school and needs a wireless signal for a school-issued device without an ethernet port (iPad). So I figured no problem, I'll install a wireless router to supplement the hard-wired network already in place. I picked up an Asus RT-AC66U Dual-band Wireless-AC1750 Gigabit Router.

My wife and I would prefer not to have the wifi activated 24/7 (several reasons), so I will schedule the Asus to only run during school hours.

I'm thinking I should convert the Asus to an Access Point and plug it into one of the CAT5 ports.

Is that the best solution? Or should I replace the older Netgear router with the Asus, which has 4 ethernet LAN ports on it? Then maybe the Asus could run both wired and wireless, with the wireless side on a schedule.

What would you advise here in terms of best security, performance, and reliability? (FYI we live in a rural location 900 feet off the town road so wireless security not really an issue).

Thanks for any input.

Yes, your solution of setting the Asus as an access point is the correct one, IMO. You can put the Asus in the room that needs the WIFI. Turn DOWN the power level of the AP. The one thing I don't know for sure (it has been a while since I retied my Asus routers/APs ) is if you get WIFI scheduling with AP mode. You can run Merlin firmware on an AC66U, although it is now frozen, without updates.

 

[Megunticook]

Thanks for the affirmation. Glad to hear you can adjust the signal strength of the WiFi. Hoping I can schedule it but if not there's always the manual method.

So no advantage in replacing the Netgear router with the Asus? Assuming I can have the Asus run in ethernet mode 24/7 with the wireless signal on a timer.

And I presume I definitely want to keep the VPN Firewall in there for security...

 

[Megunticook]

Been doing a little more research on this.

Should I do a LAN to LAN configuration with the new wireless router, or LAN to WAN?

Sounds like I could make the secondary router have its own network separate from the primary LAN. I understand that devices on the two networks would not be able to communicate or see each other. But maybe I could put my son's gaming device (Playstation 4) plus his iPad on that Network (PS would use ethernet; iPad wireless). Perhaps this would prevent give him a dedicated network for his gaming and other activities so if he's gaming while, say someone else is streaming a move, and a third person is transferring some big files, there wouldn't be any noticeable performance degradation for anyone. But maybe there wouldn't be anyway...

Just did a speed test this morning, here's results using Ookla:

ping=18ms; download=119Mbps; uploads 12Mbps

 

[bill001g]

Running a second subnet/network does not magically give you more internet bandwidth. They all compete for a chuck of the bandwidth coming into your house no matter where they go after it gets inside your house.

It provides almost no function for your common users. All it would do is prevent devices on the main network from open session with the devices behind the second router. BUT devices on the second router could open sessions with devices on the main network. It is a matter of who does the opening.

It just makes things complex so it is not worth doing unless you have some very well defined need. Now if there was some way to play games between the devices on the remote router then the traffic would not affect the other users at all. This does not require a seperate subnet it will do that because a AP function like a switch and the all the devices both wifi and ethernet do not leave the device if they are only talking to each other.

With 119m bandwidth you should have no problems. Someone downloading large files though will eat all the bandwidth no matter how large a internet connection you have. This is a matter of being respectful of other users and using feature that limit the download rates. In this case maybe do not download more than say 75mbps and there will be plenty of bandwidth left for other users.

 

[Megunticook]

Got it...I must've misunderstood something I read.

Appreciate the advice, simple is definitely best so will stick with just one LAN for the whole house.

But what do you think about replacing the Netgear VPN router with the Asus? I don't really ever use the VPN capacity--I thought that was for securely accessing the LAN from outside, like if you wanted to tunnel in remotely to your home LAN. But I've been seeing the term "VPN Router" used with respect to online anonymity, like it prevents your ISP or others from identifying your IP address, geolocation, etc.). Can something older like the Netgear FVS318gv2 VPN Firewall do that? I'm thinking not but please correct me if I'm wrong.

My instinct is just to plug the Asus into one of the LAN ports in one of the rooms (like my son's).

 

[bill001g]

I am a little confused as to what you mean about plugging the asus into a lan port.

If you were to replace the netgear with the asus you would need to plug it into whatever modem the netgears wan port is currently plugged into.

That netgear is kinda old technology. From what I can tell it primarily used to allow remote access but it maybe able to act as a client to a vpn service. The larger problem it is using IPSEC for VPN. This is actually still extremely common for commercial vpn and has many performance advantages. The issue is it is very hard to setup sometime in a home installation. Because of this most VPN services (these are what you use to hide your traffic) use something called OPENVPN. It uses a encryption method similar to HTTPS and can be made to appear as HTTPS traffic if you really need it to. Since it runs more like normal web traffic it has less issues passing through a router and can bypass firewall restrictions on vpn (ie China).

I think the asus with merlin firmware can run both as a sever and a client vpn. It might have the features in the asus base code. I have not looked at the details of that router for a few years, there is one someplace in my junk collection in the garage.

Be aware running any vpn will cap your speed to about 30mbps because of the huge cpu load. That is kinda why the boxes like the netgear you have exist. Some newer devices have larger cpu and can push more traffic than you general consumer router.

 

[Megunticook]

I am a little confused as to what you mean about plugging the asus into a lan port.

If you were to replace the netgear with the asus you would need to plug it into whatever modem the netgears wan port is currently plugged into.

Sorry for the confusion, if the Netgear VPN Firewall was retired the Asus router would connect directly to the Netgear cabel modem. Otherwise I would just plug the Asus router into any ethernet port in the house and it would serve as an access point.

I probably shouldn't try to set up a VPN here for online anonymity--the reduced connection speed would probably impact my son's gaming pretty hard. I tried a VPN service for a month and he definitely noticed it! On the other hand we were able to access some online content normally unavailable in the U.S. And I like the idea of my ISP not tracking us relentlessly.

That netgear is kinda old technology.

Agreed, although it's only been in service here since 2016. Bought it primarily to increase security. Still seems to be working well (except for the occasional DNS issues I mentioned earlier--sometimes after a power outage when you try to load a page in a browser it can't locate the address).

I think the asus with merlin firmware can run both as a sever and a client vpn. It might have the features in the asus base code. I have not looked at the details of that router for a few years, there is one someplace in my junk collection in the garage.

If it's in your junk collection I hope that's not a reflection of its quality!

Last night I took a stab at setting up the Asus. Plugged it into an ethernet port in the living room and connected my laptop to one of the Asus' LAN ports, was able to load the admin. page in a browser and had full internet access as well. Set up the two wireless networks (2.4G and 5G) and tested them with a phone. Question: I only need one...should I use the 5G?

After setting it up and testing, I noticed there was another mode where you could choose to make it an Access Point (I thought it was functioning essentially as an access point when I tested it in its default mode). But after setting the mode to "AP" I could no longer browse to the admin. with my laptop. Only solution was to reset the router to default factory settings and keep it in the "Wireless" mode.

I will say that the admin. interface seems well-done and better than what the Netgear VPN Firewall has. You think I should just go ahead and install the latest Merlin firmware now?

Think I'm 95% there in terms of putting this thing in service. Just in time for school tomorrow morning!

Appreciate all the advice and tips.

 

[bill001g]

I really like merlin software it has many of the features of things like dd-wrt but is much simpler to get running and is very stable. Asus since they work with the merlin guy have "stolen" many of the features into the factory code and I have not looked to see what really is different. The VPN is still very different it is much more advanced on merlin.

Unfortunately the router you have is does not have enough memory to load the newest version. This is asus fault since merlin is based on the base asus code and asus also stopped putting out new updates. It should be fine with the last release for that model there were no actual bugs the new stuff just has new feature.

I moved on to 802.11ac routers was the main reason it is out in the garage. My main router is pretty basic but the vpn router I use is a asus ac86u. This is a very special router that has vpn encryption acceleration. Merlin actually used the feature almost a year before asus supported it. This router can do almost 200mbps of vpn traffic unlike other routers that are limited to 30mbps because they don't have the special encryption instructions. What I am watching very closely is the very first announced wifi6e router from asus uses this same cpu chip. So maybe when they actually start to sell the box we will find out if they actually use the encryption acceleration features. Wifi6e stuff is going to be the biggest thing we have seen in wifi in many years. There is a massive amount of new bandwidth in the 6g range so maybe there is chance to not have a neighbor stomping on the wifi channels you use.

 

[Megunticook]

It's up and running, I have it in the room right below my son's bedroom so he gets a strong signal even though I have the power turned down to the second from lowest setting. The timer was easy to set up and appears to be working well. I only have the 5G band active for now.

He's on a school Zoom right now so all is well. Hopefully this solves the issue of the Windows 10 hotspot dropping him randomly throughout the day. Never could figure that out despite a couple hours of research and troubleshooting. Another example of Microsoft releasing a buggy Windows feature I guess.

Hopefully this solves the problem. Thanks again for all your help.