Replace RT-N66U (wireless disabled) with an EdgeRouter X?

[Yzencee]

Asking for advice. I have an ASUS RT-AC1900P wireless router hardwired to an ASUS RT-N66U router with wireless disabled as my home edge router. I am considering replacing the ASUS RT-N66U with an Ubiquiti EdgeRouter X. Is an upgrade necessary?

 

[L&LD]

If your current configuration is working and you're using the john9527 42E7 build (yes, john9527 is back!) on your RT-N66U router and you're getting the performance and stability you expect? No.

How many wireless clients do you have? What are your client devices capable of? What is your ISP paid for speeds? Are you able to achieve those speeds (at least wired)? How many concurrent users and concurrent clients are using the network at its peak? What does 'normal' usage consist of?

What price can you get the EdgeRouter X for? What do you expect this upgrade to offer your network in return?

 

[Val D.]

I have an ASUS RT-AC1900P wireless router hardwired to an ASUS RT-N66U router with wireless disabled as my home edge router.

What's the idea behind this setup? RT-AC1900P is a much faster router than RT-N66U.

 

[Yzencee]

My RT-N66U is not used for wireless as I have it disabled, and my thought for the upgrade is for better security. I had not heard of the john9527 build and will research it.

I have a 1 Gbps connection and performance meets paid connection speed. With current home remote schooling there are always at least 3 laptops connected during the day and 2 or 3 Xbox's late afternoon and evening times.

2 Xbox's, a VOIP modem and a wireless router are hardwired to the RT-N66U.

The wireless router has a 3rd Xbox hardwired to it. For wireless devices, there are 3 phones, 3 laptops, 3 Dots and a Kindle.

The EdgeRouter X SFP is $99.00.

 

[Yzencee]

What's the idea behind this setup? RT-AC1900P is a much faster router than RT-N66U.

My setup is based on Steve Gibson's 3 router solution. The RT-N66U has wireless disabled and the RT-AC1900P handles wireless devices.

 

[Val D.]

My setup is based on Steve Gibson's 3 router solution.

You can achieve the same results using 1 router only, your RT-AC1900P. This 3-router solution is good only when using relatively dumb routers with limited configuration options. Basically, compensating for missing configuration options with more hardware. You have Asuswrt-Merlin firmware available though for your RT-AC1900P router + ability to run custom scripts for added security and better WiFi separation. If you need wired devices separation, just use your RT-N66U router as Ethernet Bridge connected to RT-AC1900P Guest Network. Your setup and requirements are pretty simple, you already have all you need.

 

[Yzencee]

Val D. thanks for the response. I'll work with what I have and modify my setup as suggested.

 

[coxhaus]

Is the RT-N66U still supported with recent router updates? Does it have fixes for KRACK and some of the recent router hacks?

 

[Val D.]

I'll work with what I have and modify my setup as suggested.

Looking at the list of your client devices I don't see any IoT separation requirements, so what I would do is the following:

1. ISP modem in bridge mode (if possible), or with RT-AC1900P IP address in DMZ (if double NAT is the only option)
2. RT-AC1900P as a Main Router, running Asuswrt-Merlin firmware*
3. RT-N66U in Access Point mode with WiFi disabled and antennas removed (as Gigabit Switch for extra wired connections )

* On RT-AC1900P you have the choice of:
- AiProtection (simple packet inspection engine)
- Adaptive QoS (mainly to prevent bufferbloat in your case)
- Parental Controls (using TrendMicro engine or DNSFilter option)
- DNS-over-TLS (for added DNS security)
- Custom Scripts** (USB drive is needed)

** From custom scripts I would eventually run the following:
- Disk Check utility (to check the health of the USB drive)
- Swap File (required by Diversion and Skynet scripts)
- Diversion (DNS based blocker), not for ad-blocking though, but with EasyList trackers blocking, custom lists option available
- Skynet (IP based blocker), default configuration is good, options for custom configuration (like countries blocking, etc.)
- scMerlin (automates some tasks with a simple menu)

I would also set Phishing/Malware blocking DNS like CleanBrowsing DNS with Security Filter option (DNS-over-TLS is supported). It's not the fastest DNS service available, but trusted, effective, easy to use and free. For ad-blocking uBlock Origin browser plugin (or similar) work best, IMHO. If you need VPN on some computers, run the VPN client on the computers (your router's CPU will limit the OpenVPN connections to about 50-60Mbps).

Having DNS filtering, AiProtection, DNS blocking and IP blocking should provide more than enough security for a home network. You may see some maximum Internet speed penalty because of everything running on the router, but you can't push full Gigabit over WiFi anyway and game consoles don't need Gigabit connection either.

The above are suggestions only, there are many options to experiment with. Nothing is the best possible option, but you can have a pretty good setup with zero investments, using the existing hardware. All the information you need around Asuswrt-Merlin firmware options is available here on SNB and fellow SNB forum members are always ready to help.

Is the RT-N66U still supported with recent router updates?

John's Fork only, but I don't think this RT-N66U has to be used as a router in this setup.