Replacing a router and not the entire network!

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Replacing a router and not the entire network!
Replacing a router and not the entire network!
2019-08-22 15:43:29 - last edited 2021-04-19 11:58:56

Lately, I have been unable to use TP-Link routers in situations where routers existing in the network has to be replaced, for the largest reason that sadly, TP-Link is the only mainstream manufacturer of routers (rack mount), that do not offer (at present) multi-lan configurations.

 

For example, I asked SMB support how to get multi-lan/vlan to work and was recommended to replace switches with managed ones. If I walking into a company and tell them the entire network has to be replaced (all the switches and a router) just to replace the existing failing router that has multi-lan configurations with TP-Link products where the router doesn't, would get me fired!  So sadly, what I have at one location now, is EAP225V3.1's an OC200 and a Cisco RV340...  The headaches I had with VLAN configuration with that router and their existing Cisco managed switch (and I believe it may be failing, unsure yet as the error count is high) was a lot of extra work.  Had they not had that managed switch, I wouldn't have had to LOCALLY manage it for the VLAN for the EAP225V3.1s (Guest network).  Had I been able to use the ER5120 (had it had full multi-lan support), it would have been a simpler configuration with less management requirements.

 

Most of the businesses I deal with, are under 200 employees and their networks are not "massive" and therefore require hardware capable of surviving Internet hacking and still provide multi-lan support.  The reason for the multi-lan also stems from isolating networks, as in Guest (192.168.10.0/24), Office (192.168.0.0/24), Cash (192.168.1.0/24), etc, the other reason is with Guest networks I need to be able to severely limit their ability to "Facebook", "Facetime", "Upload their life to the cloud" using different DNS services, where as on Office I would only block some of that, Cash would be isolated 100% so that wired devices can't see anyone on any subet, but the internet, by blocking all services on the LAN minus the ones used by the cash systems.  Some of the locations require 2 to 300 Guest wireless connections, to design this type of network with 1 lan would be itself a feat of configuration without a managed switch, which again, would require replacing the entire network and walking into any business to say that would be "we'll get back to you" type of response.

 

I wish to continue to sell TP-Link products, but having all the same ducks on the rack, makes it less quirky (and no I wasn't going for quacky).

  0      
  0      
#1
Options
1 Reply
Re:Replacing a router and not the entire network!
2019-08-22 23:36:04 - last edited 2021-04-19 11:58:56

Try OpenWRT on a fast SoC or micro system; it supports Multi-LANs and is VLAN-aware, too. I use OpenWRT on different router hardware (more than 1,000 platforms are supported, most of them wireless routers, but also plain x86-, ARM- or MIPS-based routers) for all of our customers. Beside Multi-LANs and VLANs OpenWRT offers a zone based firewall making firewalling very easy. It's also Open Source Software and you can add every functionality you need either by just installing a software package from the OpenWRT repositories or by adding your own customized software.

 

Another priceworthy router is EdgeRouter-X running standard Debian Linux with nearly gigabit NAT throughput if hardware-offloading is enabled, but it can also run OpenWRT if you prefer a true OSS for embedded systems with a read-only filesystem. OTOH, the standard OS of ER-X has a (proprietary) Deep Packet Inspection feature for traffic analysis - which is remarkable for such a cheap device -, IPsec VPN, OpenVPN, OSPF routing protocol, load balancing, a nice web UI and a command line interface. It has a MIPS CPU for embedded devices descending from the field of supercomputing (MIPS was once owned by Silicon Graphics Inc., my former employer), thus it has exceptionally good I/O throughput.

 

Both alternatives would meet your demands, I do such setups all the day (see this post in another thread).

 

I like almost all TP-Link business-class devices very much b/c of their robustness and good price/performance ratio - all switches and WiFi APs in our product portfolio are from TP-Link -, but their routers are just missing basic features in my opinion, as you did notice already. If TP-Link would offer routers capable of running OpenWRT, I would sell them, too. But NAT throughput needs to be improved then, too, else it would be just a quirky duck for me.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#2
Options