[Merlin/ASUS ac5300/N66U] How do I effectively '3 router' my network without losing smart-connect QAM speeds and maintain an Isolated Full VPN network as well as and a Isolated Non-VPN network and resolve www.router.asus.com correctly.
I have two ASUS Routers and a FIOS MoCA/Router:
MI424-WR Rev D. (small NAT Table, daily reboots, Needs TV/Can't bridge)
RT-N66U w/Merlin
RT-AC5300 w/Merlin's new ASUS firmware build.
I plan to put Merlin on the AC5300 now that we have a final build of it.
I'm having trouble deciding how to manage all the feature with what my ideal setup would be. I have been reading multiple threads and learning multiple concepts, but an getting confused here and there and hope for some advice or for someone to point out where I wrong.
Description of my ideal setup:
FIOS MOCA Router (TV support needed) to the AC5300 and possibly include the N66U without running into double NAT problems or speed step-down from what the AC5300 can offer over the N66U. (I think I read that if I bridged the AC5300 with the N66U then I'd lose all the AC5300 has to offer and suffer speed step-downs)
Q. Can I *only* avoid Double NAT only by putting the FIOS router in bride-mode? If I plug each Asus router into a FIOS eth port, with FIOS serving out DHCP to both routers and each router serving out DHCP to its subsequent clients does that create double NAT or avoid it, meaning, is double NAT occur when daisy-chaining routers (FIOS w/dhcp --> AC5300 w/dhcp --> N66U w/dhcp) Additionally, I am a bit confused on the ASUS Modes of operation, but for the moment, wait before clearing it up for me - there is probably more to consider later on) I know I definitely get doubled NAT's if I daisy-chain the three routers - Actiontec into AC5300 into N66U and everything stops working correctly.
I also don't know how to beat the damn Asus www.router.asus.com thing. How are people able to run two Asus routers on their networks when Asus is forcing all internal routes to www.router.asus.com to resolve into only one of the routers? There seems to be no way to get two Asus routers to work together because of this auto-resolve issue.
Ideal Features:
Everything tunneled out through VPN except Netflix because Netflix sinks on VPN support, so I definitely want to migrate my VPN from the N66U to AC5300. Its possible I want to use the N66U for only things like Roku with No VPN while everything else is VPN'd. I will lose the speed advantages of the AC5300 if I go this route, yes? Other suggestions?
Netflix is currently a Roku app. I might use a desktop with Kodi instead for all the media things that are internal (NAS,NFS) and only use Roku for Un-encrypted Netflix access.
I think I would prefer to use the Tri-Band Smart Connect since that'll provide the speed increases I desire. However, it looks like I cannot use Smart-connect if I end up using the N66U in certain modes (AP/Bridge/Repeater) The high-speed QAM connections can only be achieved with Tri-band smart connect, correct? If so, then I lose control over AP isolation for certain devices, correct? (see below)
I might want to create an isolated band network so that some devices are not able to see or talk to other devices. (Perhaps the N66U will be that, or at least a Band on one of the routers) I am considering putting all 'personal information collection' devices where its difficult to control PII leakage on the isolated network, e.g. Kindles, Rokus, Phones, ChromeOS. (This might seem backwards to some. The idea is that If I can't trust the hardware/closed-binaries on these devices (and I don't), I want them cordoned off from the rest of my network and it really doesn't matter if they are connected through VPN since they are untrusted to begin with. No matter what, they will likely be reporting 'real name' PII back to advertisers or manufacturers anyways.
I have two ASUS Routers and a FIOS MoCA/Router:
MI424-WR Rev D. (small NAT Table, daily reboots, Needs TV/Can't bridge)
RT-N66U w/Merlin
RT-AC5300 w/Merlin's new ASUS firmware build.
I plan to put Merlin on the AC5300 now that we have a final build of it.
I'm having trouble deciding how to manage all the feature with what my ideal setup would be. I have been reading multiple threads and learning multiple concepts, but an getting confused here and there and hope for some advice or for someone to point out where I wrong.
Description of my ideal setup:
FIOS MOCA Router (TV support needed) to the AC5300 and possibly include the N66U without running into double NAT problems or speed step-down from what the AC5300 can offer over the N66U. (I think I read that if I bridged the AC5300 with the N66U then I'd lose all the AC5300 has to offer and suffer speed step-downs)
Q. Can I *only* avoid Double NAT only by putting the FIOS router in bride-mode? If I plug each Asus router into a FIOS eth port, with FIOS serving out DHCP to both routers and each router serving out DHCP to its subsequent clients does that create double NAT or avoid it, meaning, is double NAT occur when daisy-chaining routers (FIOS w/dhcp --> AC5300 w/dhcp --> N66U w/dhcp) Additionally, I am a bit confused on the ASUS Modes of operation, but for the moment, wait before clearing it up for me - there is probably more to consider later on) I know I definitely get doubled NAT's if I daisy-chain the three routers - Actiontec into AC5300 into N66U and everything stops working correctly.
I also don't know how to beat the damn Asus www.router.asus.com thing. How are people able to run two Asus routers on their networks when Asus is forcing all internal routes to www.router.asus.com to resolve into only one of the routers? There seems to be no way to get two Asus routers to work together because of this auto-resolve issue.
Ideal Features:
Everything tunneled out through VPN except Netflix because Netflix sinks on VPN support, so I definitely want to migrate my VPN from the N66U to AC5300. Its possible I want to use the N66U for only things like Roku with No VPN while everything else is VPN'd. I will lose the speed advantages of the AC5300 if I go this route, yes? Other suggestions?
Netflix is currently a Roku app. I might use a desktop with Kodi instead for all the media things that are internal (NAS,NFS) and only use Roku for Un-encrypted Netflix access.
I think I would prefer to use the Tri-Band Smart Connect since that'll provide the speed increases I desire. However, it looks like I cannot use Smart-connect if I end up using the N66U in certain modes (AP/Bridge/Repeater) The high-speed QAM connections can only be achieved with Tri-band smart connect, correct? If so, then I lose control over AP isolation for certain devices, correct? (see below)
I might want to create an isolated band network so that some devices are not able to see or talk to other devices. (Perhaps the N66U will be that, or at least a Band on one of the routers) I am considering putting all 'personal information collection' devices where its difficult to control PII leakage on the isolated network, e.g. Kindles, Rokus, Phones, ChromeOS. (This might seem backwards to some. The idea is that If I can't trust the hardware/closed-binaries on these devices (and I don't), I want them cordoned off from the rest of my network and it really doesn't matter if they are connected through VPN since they are untrusted to begin with. No matter what, they will likely be reporting 'real name' PII back to advertisers or manufacturers anyways.