new ASUS BRT-AC828 ( Wireless-AC2600 Dual WAN VPN Router)

[RMerlin]

Having a firewall between subnet a and b is pretty nice to keep clutter down.

Having a separate subnet doesn't provide any security in itself, you can easily change subnet just by changing your IP. The key here however is what you just added this time: a firewall between the subnets. Only then, are you actually securing things properly. You aren't just subnetting then - you are completely segmenting your network.

I never understood the allure of vlan. Maybe it's better in a virtual environment?

It's usually a matter of manageability. VLANs can also be easily assigned by ports or by device. And, VLANs can be mixed. Picture the following simplistic scenario:

- Printer is on VLAN 1
- Accountant is on VLAN 2
- Employee is on VLAN 3

With vlans, you can easily allow both the accountant and the employee to access the same printer, but they still will be unable to access one another's computers.

With subnetting, this is more complicated to implement. You'd have to configure this both at the routing level as well as the firewall/ACL level.

 

[W4RH34D]

Having a separate subnet doesn't provide any security in itself, you can easily change subnet just by changing your IP. The key here however is what you just added this time: a firewall between the subnets. Only then, are you actually securing things properly. You aren't just subnetting then - you are completely segmenting your network..

I forget I've subscribed to one of many ways to do things. Separate interfaces are automagically firewalled so when you run each interface with its subnet you get the segmentation. -Which is the PCI/DSS requirement - and you're right - it's not the subnet that provides the security but in my use case referring to seperate subnets infers a firewall is between the devices on each side.

vlan is just one of those things that doesn't seem to get past my forehead - if that makes any sense.

 

[RMerlin]

vlan is just one of those things that doesn't seem to get past my forehead - if that makes any sense.

I understand what you mean. VLAN can be a fairly broad concept, as it can be implemented in different ways. Personally, I only have one customer who's setup with VLANs at this point. I did buy an inexpensive 8 ports managed switch from Netgear to experiment with at home, but bad timing meant I never got around to fiddling with it. But it still allowed me to get a better understanding on the basics just by reading through the manual (yes, I'm that kind of person who actually reads manuals).

 

[sfx2000]

I wonder if it can do multiple subnets over the ethernet ports. That's a pretty standard feature that is a requirement for business running credit cards and also an office + public wifi.

Most "business" class connections will have multiple VLAN's - even at the local gas station or coffee shop - the payment card houses have pretty much made that a requirement (not VLAN specific, but that the PCI side must be isolated from back of house) - You might find similar situations with HIPAA related companies (Dr.s offices, health insurance billing, etc..)

 

[sfx2000]

I understand what you mean. VLAN can be a fairly broad concept, as it can be implemented in different ways. Personally, I only have one customer who's setup with VLANs at this point. I did buy an inexpensive 8 ports managed switch from Netgear to experiment with at home, but bad timing meant I never got around to fiddling with it. But it still allowed me to get a better understanding on the basics just by reading through the manual (yes, I'm that kind of person who actually reads manuals)

That was actually one of the reasons why the RT-AC88U with the Realtek switch was so interesting before it launched, as that switch can be "managed" like the the 8 port Netgear switch you bought to experiment with - it's a really decent switch chipset, although I can imagine the challenges Asus would have to try and integrate that level of management within their AsusWRT mainline code - but the capabilities are there inside that Realtek switch - it's quite good... it's basically a 4 port managed switch (excluding the uplink port to Broadcom), but at the moment, Asus is running it unmanaged, which is ok as well...

 

[RMerlin]

as that switch can be "managed"

So can Broadcom's.

 

[W4RH34D]

I'm kind of surprised Asus hasn't made a go at managed switches yet.

 

[RTN]

https://wikidevi.com/wiki/ASUS_BRT-AC828/M2

 

[cybrnook]

Saw that Wiki as well, notice release date is December 2015

 

[L&LD]

Saw that Wiki as well, notice release date is December 2015

Seems the release date is for when the hardware 'arrived'? They can't sell it before it is FCC approved, can they?

 

[cybrnook]

I see, assumed it would be release for "sale" not prototyping and development.

 

[cybrnook]

@maylyn will there be an OpenVPN "client" option?

 

[wocram]

@maylyn will there be an OpenVPN "client" option?

According to Asus product page it will support the following regarding VPN:

- IPSec Pass-Through
- PPTP Pass-Through
- L2TP Pass-Through
- IPsec server
- SSL VPN server
- PPTP server
- OpenVPN server
- PPTP client
- L2TP client
- OpenVPN client

https://www.asus.com/Commercial-Networking/BRT-AC828/specifications/

 

[EniGmA1987]

ASUS has a product page up now and has done an official announcement for this
http://www.guru3d.com/news-story/asus-releases-2534mbps-brt-ac828-wi-fi-router.html


Now the only problem I notice is that it says available soon in the UK and leading retailers. Hopefully I can manage to buy this from in the US, or maybe someone from this site will be kind enough to facilitate overseas purchases if it is unavailable through other means?

 

[skypx]

Yup, can't wait to see the review! Although I "think" I'm going to hold out for a 10gbe router!

 

[sfx2000]

So can Broadcom's.

Was looking at another thread, and reminded me here - I think Asus probably went towards the conservative side with regards to the switch options that could be available on the Realtek ports - mostly to simplify documentation and support, keeping things consistent across all the ports.

Folks might like having even "smart" switching capability, but this would be a support burden for a feature that most folks wouldn't use in the first place...

Adding yet another panel that would be specific to that one model (RT-AC88U) would be a lot of work for Dev and QA - and the 88U being the middle child in the AC3100/AC88U/AC5300 lineup...

Still kinda unique across BHR's, and there's an advantage to having that switch anyways - for LAN traffic that is primarily local with no need for routing, one can put those on the Realtek, taking some of the load off the primary Broadcom switch...

 

[sfx2000]

Yup, can't wait to see the review! Although I "think" I'm going to hold out for a 10gbe router!

I think you'll be waiting a while - esp now that NBase-T is out there, and it's not near as sensitive or costly as 10GbE... and it's an easier transition at the silicon layer - many comms oriented SoC's already have 2.5GbE support on the silicon, so it's driver support and of course validation and testing...

Maybe in the 2017 model year for vendors for some 2.5 and 5GbE support - but this also needs client silicon... it's not that much different (but easier perhaps) than the MU intro - MU capable AP's were out months before we saw the trickle of MU capable clients..

 

[Smedley]

Is there any update as to when the BRT-AC828 might be available in the States?

 

[maylyn]

Looking forward to it and your in-depth review... esp in conjunction with VQ's 2gbps offering (if you can)... Thank you very much sir.

I'm afraid that doing the actual un-boxing is not possible as the actual BRT828 box, labels and information are currently still under embargo :s22: until i have received the green light from ASUS TW/SG.

Nevertheless i still post on those that what i have posted before ^^

Actual ASUS BRT-AC828

Specs change - 128MB Flash to 256MB Flash



AC Adapter



Rear

Do note default SSID as ASUS_40_2G and ASUS_40_5G



M.2 SATA slot (socket3)

It's comes with the M.2 hand screw as well.

 

[dlandiss]

I wonder if the will correct the spelling of "WARRNING" before public release?