RT-AC5300 Performance & Security Guide

[OABC]

Got it. Thank you @HuskyHerder I will give it a try once I get home and I will let you know.
Appreciate the link. Will get back to you. Have a good one!

 

[JDD-RT5300]

Hello all,

I've been searching all over for weeks on optimal settings for the RT-AC5300. Here is the issue. I've got it hardwired through my modem SB8200 to my desktop. When I go directly from the modem to my desktop I am maxing out my connection. When I put it through the router no matter what I;ve tried my speeds drop almost 50%. I have the latest firmware as well. Does anyone have any ideas or how to get the speed to where it should be?

If you need additional information let me know and I will provide it. Thanks, as I have wasted so much time with this and the Asus technical support is literally useless.

 

[daviworld]

Hello all,

I've been searching all over for weeks on optimal settings for the RT-AC5300. Here is the issue. I've got it hardwired through my modem SB8200 to my desktop. When I go directly from the modem to my desktop I am maxing out my connection. When I put it through the router no matter what I;ve tried my speeds drop almost 50%. I have the latest firmware as well. Does anyone have any ideas or how to get the speed to where it should be?

If you need additional information let me know and I will provide it. Thanks, as I have wasted so much time with this and the Asus technical support is literally useless.

Hey JDD,

I also have a SB8200, although your bandwidth and performance will depend on how your ISP delivers your connection to you, how many people share that line with you, how your environment looks such as what runs through your router.

For me, I live in a building unit, and everyone shares the same line. I have a Max of about 5 devices connected at a time, and I also have a network share. With 2 vpns running at all times.

I have a 1gig pipe, directly connected I get 866Mbps, while my WiFi devices get between 400-700Mbps depending on distance and which band they're on.

Hope this help to give an idea, since I'm not in front of a PC at the moment, can't really get too technical

Sent from my LG-H830 using Tapatalk

 

[JDD-RT5300]

Thanks for the reply Daviworld! So here is some more information:
I have a 1 Gbit line. It was wired directly into my house. I am the only one that uses it. I have other things on the network, I.E. security system, Xbox, google minis, some other devices. However, when I directly connect from line coming in on the pole to my modem, then to my desktop, (which is not the problem), i get full speeds, pushing 940. Once I plug it in through the router, it drops 100s of mbps. It's got to be something in the router - the question is what in the settings needs to be tweaked to get that same speed, (or close to it) when i am directly hardwired to my same desktop, but through the router.

I understand that possibly some of the other devices may be using up some BW, but they wouldn't use that much, especially since I would notice on the traffic analyzer. Do you recommend anything? Any settings? Any changes that will help the hard wired connection through the router and into my desktop?

 

[Vexira]

@daviworld Upnp generally should be enabled if you are playing online games or have a gaming console, if I remember correctly some applications need upnp eg, torrent clients as long as you don't enabled ports below 1024 for internal port range it should be fine to leave on in the wan page, but this is just a suggestion.

Otherwise that is quite a well written and informative guide also one last thing all pre hnd routers have symetric Nat by default so it restricts the usage of upnp in general.

 

[daviworld]

@JDD I can think of a few settings, as vexira mentioned you can enable upnp, but this will change your security posture. As vexira mentioned just don't use well known ports.

If you feeling confident about your networking skills, you can tweak the TCP/IP settings.

You can also change some of the routers advanced options since it seems you have a mix of older and newer technologies.

Lastly, its a long shot, but you can also use QoS to get better traffic priority and classification for a better connection quality.




@ vexira good point, I wrote the guide during a time when upnp was considered a security threat, so I haven't tested the settings for recently, but you're correct that online gaming and torrenting benefits from it. I plan on testing the current baseline configuration for recent changes to get a balance of performance and security.

Also thanks man, I plan to keep it as helpful and easy to understand as possible

Sent from my LG-H830 using Tapatalk

 

[JDD-RT5300]

Thanks @daviworld! My networking skills are decent, but looking for specifics to change in the professional tab / any actual settings. I have UnPn enabled at the moment as well as an Aimesh RT-68u. I hardwired it so 5ghz is apparently a backhaul. I am not worried about security yet as I want to get the maximum throughput (absent using a DMZ) and then slowly increase any security, which I am sure affects speed at some level.

If I were to replace the RT-68u, would it make sense to get the new ROG Rapture GT-AX11000 as the main router and switch the RT-AC5300 over to the aimesh? Anyone used the new tri-band routers asus just released? Or is there something better out there these days. The main goal is to maximize my 1gbit a much as possible? Also, could it be the cable? I've got cat 5e at hte moment. Maybe Cat 6 would be better? So many variables, it's hard to know where to start these days.

 

[daviworld]

Thanks @daviworld! My networking skills are decent, but looking for specifics to change in the professional tab / any actual settings. I have UnPn enabled at the moment as well as an Aimesh RT-68u. I hardwired it so 5ghz is apparently a backhaul. I am not worried about security yet as I want to get the maximum throughput (absent using a DMZ) and then slowly increase any security, which I am sure affects speed at some level.

If I were to replace the RT-68u, would it make sense to get the new ROG Rapture GT-AX11000 as the main router and switch the RT-AC5300 over to the aimesh? Anyone used the new tri-band routers asus just released? Or is there something better out there these days. The main goal is to maximize my 1gbit a much as possible? Also, could it be the cable? I've got cat 5e at hte moment. Maybe Cat 6 would be better? So many variables, it's hard to know where to start these days.

Try adjusting your TX burst and DTIM settings in professional tab, I would be careful adjusting these and only adjust 1 level, test, and repeat. DTIM will benefit a strong router, while TX burst will see better performance regarding packets, but might bottleneck your network if set too high.

Adjust down with DTIM and Adjust up for TX burst

I personally don't use Aimesh, so can't offer too much advice on that feature and how it affects performance.

Better cables could possibly work. I have only cat 7 cables in my home, and upgraded from 5e cables a few years ago.

Lastly, regarding to the new AX router's, both have pretty nice hardware specs compared to the AC5300, so you'll absolutely see performance benefits upgrading to those beefier models, which if I remember correctly both come with a cryto chip or it might only be limited to the AX88U

Sent from my LG-H830 using Tapatalk

 

[Vexira]

@JDD I can think of a few settings, as vexira mentioned you can enable upnp, but this will change your security posture. As vexira mentioned just don't use well known ports.

If you feeling confident about your networking skills, you can tweak the TCP/IP settings.

You can also change some of the routers advanced options since it seems you have a mix of older and newer technologies.

Lastly, its a long shot, but you can also use QoS to get better traffic priority and classification for a better connection quality.




@ vexira good point, I wrote the guide during a time when upnp was considered a security threat, so I haven't tested the settings for recently, but you're correct that online gaming and torrenting benefits from it. I plan on testing the current baseline configuration for recent changes to get a balance of performance and security.

Also thanks man, I plan to keep it as helpful and easy to understand as possible

Sent from my LG-H830 using Tapatalk

One of my friends did some testing with me having so protection enabled he said it seems that my router was invisible to a port scan if I remember correctly couldn't find any points of entry.

 

[daviworld]

One of my friends did some testing with me having so protection enabled he said it seems that my router was invisible to a port scan if I remember correctly couldn't find any points of entry.

Even with my set-up, a while back when I tested it only ports of entry that popped up when probing my network were 53, 139, and 445 with samba enabled.

Recently, doing a port scan only reveals 123 and 443 as open

Sent from my LG-H830 using Tapatalk

 

[Vexira]

Even with my set-up, a while back when I tested it only ports of entry that popped up when probing my network were 53, 139, and 445 with samba enabled.

Recently, doing a port scan only reveals 123 and 443 as open

Sent from my LG-H830 using Tapatalk

He was doing a security test on my router the RT-AC 88U at the time, I upgraded to the RT-AC 88U which is now my current unit.

 

[JDD-RT5300]

Thanks @daviworld I'll give those a shot today. Which Cat 7 cables did you use? Maybe I will grab a couple and see if that helps the throughput.

Try adjusting your TX burst and DTIM settings in professional tab, I would be careful adjusting these and only adjust 1 level, test, and repeat. DTIM will benefit a strong router, while TX burst will see better performance regarding packets, but might bottleneck your network if set too high.

Adjust down with DTIM and Adjust up for TX burst

I personally don't use Aimesh, so can't offer too much advice on that feature and how it affects performance.

Better cables could possibly work. I have only cat 7 cables in my home, and upgraded from 5e cables a few years ago.

Lastly, regarding to the new AX router's, both have pretty nice hardware specs compared to the AC5300, so you'll absolutely see performance benefits upgrading to those beefier models, which if I remember correctly both come with a cryto chip or it might only be limited to the AX88U

Try adjusting your TX burst and DTIM settings in professional tab, I would be careful adjusting these and only adjust 1 level, test, and repeat. DTIM will benefit a strong router, while TX burst will see better performance regarding packets, but might bottleneck your network if set too high.

Adjust down with DTIM and Adjust up for TX burst

I personally don't use Aimesh, so can't offer too much advice on that feature and how it affects performance.

Better cables could possibly work. I have only cat 7 cables in my home, and upgraded from 5e cables a few years ago.

Lastly, regarding to the new AX router's, both have pretty nice hardware specs compared to the AC5300, so you'll absolutely see performance benefits upgrading to those beefier models, which if I remember correctly both come with a cryto chip or it might only be limited to the AX88U

Sent from my LG-H830 using Tapatalk

Sent from my LG-H830 using Tapatalk

 

[Grisu]

Thanks @daviworldThe main goal is to maximize my 1gbit a much as possible? Also, could it be the cable? I've got cat 5e at hte moment. Maybe Cat 6 would be better? So many variables, it's hard to know where to start these days.

Thanks @daviworld I'll give those a shot today. Which Cat 7 cables did you use? Maybe I will grab a couple and see if that helps the throughput.

If your Cat5e connects with 1Gb you cant get anything faster by changing it to whatever! These are digital signals, either working or not, and 5e will do.
Nothing than wasted money, maybe with some placebo or feel good.

 

[daviworld]

@JDD I only got cat 7 cables for its shielding to reduce signal attenuation. I tend to do a lot of lab work at home, in the office, and in the data centers. I would say cat 7 would be a bit much for the home, but will future proof you. You can get some cat 6 or cat 6a cables for cheaper, which still has shielding and has a pretty robust sheathing which gets rid of AXT (Alien Crosstalk) and NEXT (Near End Crosstalk )

I am no cabling expert, but had to learn a bit due to the networking and security environment I work in.

@Grisu

I don't think he trying to gain above 1G, moreso achieve as close to 1G as he can get. From my limited cabling knowledge, I know you can reach close to your advertised speed if cable length, cable quality, and reduced interference is achieved.



Sent from my LG-H830 using Tapatalk

 

[Grisu]

if it syncs with 1G he CANNOT make it any faster, not even with CAT1000Z, his ports only capable of 1G.
Cat5e is good for 1G, maybe not 100m with patch cables on both ends, but very reliable at home for 30m distance.

 

[daviworld]

if it syncs with 1G he CANNOT make it any faster, not even with CAT1000Z, his ports only capable of 1G.
Cat5e is good for 1G, maybe not 100m with patch cables on both ends, but very reliable at home for 30m distance.

Which is true, cat5e is good for 1G, since the consumer market hasn't reached higher speeds like other nations.

I'm not suggesting his back-end speed will improve, only that his end devices connection quality could be improved to attain close to 1gig.
So, from end device to router. Modem to router will auto sync 1gig, but how close a end device gets to that speed is a different matter



Sent from my LG-H830 using Tapatalk

 

[ODISEO123]

Hi daviworld,
Thanks for the great guide.
I am tweaking a RT-AC68U running merlin 384.12.
I tried to use ED25519 keys, as you suggested, but got an error: "Server has refused our key"
With other algorithms I get:
RSA2048: OK
DSA2048: "Server refused public-key signature despite accepting key!"
ECDSA: OK
I followed an identic procedure in all 4 cases and was extra careful not to make copy-paste errors.

Is it a case that the hardware cannot support this encryption?

Thanks for any help,

 

[daviworld]

Hi daviworld,
Thanks for the great guide.
I am tweaking a RT-AC68U running merlin 384.12.
I tried to use ED25519 keys, as you suggested, but got an error: "Server has refused our key"
With other algorithms I get:
RSA2048: OK
DSA2048: "Server refused public-key signature despite accepting key!"
ECDSA: OK
I followed an identic procedure in all 4 cases and was extra careful not to make copy-paste errors.

Is it a case that the hardware cannot support this encryption?

Thanks for any help,

Hi Odiseo,

That's odd, but off the top of my head, I can't think of a reason why it would be doing that. Let me look into a bit after work, and update you in a few hours

Best,
Davi

Sent from my LG-H830 using Tapatalk

 

[ODISEO123]

Hi Odiseo,

That's odd, but off the top of my head, I can't think of a reason why it would be doing that. Let me look into a bit after work, and update you in a few hours

Best,
Davi

Sent from my LG-H830 using Tapatalk

Thanks for that Davi.
In the meantime, which one would be your second-best recommended encryption algorithm/settings?

Kind regards,

 

[daviworld]

Thanks for that Davi.
In the meantime, which one would be your second-best recommended encryption algorithm/settings?

Kind regards,

A DH RSA key at or above 2048 bits or other ecdsa keys

x25519, ed25519 and ed448, excluding ed25519 since you said it isn't working for you. Haven't found anything on it so far, but I'm still looking into currently, at least until tomorrow

EDIT: couldn't find a reason why it wouldn't take. Have you tried inputing the ed25519 key on a clean installed firmware, before setting up other settings?

Sent from my GM1915 using Tapatalk