Good Router Choices for VLAN Support?

Hi,

I need to choose a wireless router that will provide me with reliable VLAN configuration.

Basically, one of the ethernet ports needs to provide Internet-only access to a B&B while the wifi and other ethernet ports service the main home. I just want to reasonably block snooping or malware spreading between the two networks.

The simpler and more reliable this will be to set up, the better. Given my inexperience, I'd rather not be messing around with a CLI more than I have to, and I won't regularly be around to support it. The wireless router also needs to have an ethernet WAN port (PPPoE), and the ability to create a guest SSID would be a definite plus (but is not essential).

Can anyone please recommend some appropriate router choices for this kind of configuration?

The TP-Link Archer C9 AC1900 and Asus RT-AC68U are examples of models fairly available in my region, if that helps. I don't know if they would support VLANs through LEDE though.

Much thanks,

Joe

Configuration through LuCI (web GUI) should be "the same" for all supported units, within their capabilities.

Most "recent" router/APs from major manufacturers support at least a handful of VLANs (16 is the smallest number I've seen recently).

I've read that Broadcom-based wireless chips don't support multiple SSIDs, so confirming that would be more of a consideration. (I've only used Qualcomm-based wireless over the last many years.)

These days, I'd recommend something that supports 802.11ac as a minimum, preferably an ARM processor and with two internal Ethernet phys. The device pages can help with the latter suggestion. A device that is default-configured for eth0.1 and eth0.2 likely only has a single phy, and may become congested with higher data rates. Single-phy devices and MIPS processors were fine in the days of 10-100 Mbps connectivity, but aren't up to the task for many home-grade connections. Multi-core devices typically don't help with data throughput, but are attractive for those that run multiple services on their devices, rather than on service hosts within the network.

Once you've got it narrowed down, you should be able to ask about the number of supported VLANs for those specific devices.

2 Likes

In addition to the stuff @jeff said, which I agree with, it's also always helpful to get some feedback from someone who has actually used a given device and seen that there are not driver/hardware/config bugs in LEDE/OpenWRT. Since the Archer C9 and RT-AC68U are on your menu, perhaps someone with either one of those can chime in and say "yes I run a multi-VLAN system" with whichever one they have.

It sounds like this is at least nominally for use in a business (B&B) as such I'd suggest considering more of an investment into reliable and easy to configure / unbrickable hardware.

The best choice from that perspective would be one of the many low-end "network appliance" x86 boxes. These devices are unbrickable in the sense that you can always remove the flash storage, stick it into a different computer, reimage it from a backup, and get back to a known good config.

A device like this:

doesn't have an SD card, but might boot by USB 3.0 flash drive, so you could do it that way. For a router, there's really no need for the flash speed to be super fast.

For wifi, you could use separate access points, such as these:

One for the main house, one for the B&B.

The cost of hardware probably pales in comparison to the cost of a single complaint from one of the B&B guests about how your wifi doesn't work...

Other options include stuff from Shuttle, for example:

2 Likes

Are you saying that VLAN configuration through the web GUI exists? That would certainly make my life easier with a simple configuration like this. All the stuff I'd read seemed to indicate it was CLI only.

I set up an ASUS RT-AC68U yesterday with stock firmware. It had multiple guest SSID support and advertises itself as having "Broadcom TurboQAM", so maybe they've caught up in that regard.

Yeah, I saw mention of them in general when initially searching the forums, so I thought they might be a good starting point to include them.

Quite likely. Unfortunately, as I understand it, the Broadcom drivers aren't open source so those features often aren't available without licensing the drivers.

Yes, VLAN capabilities are reasonably well exposed in the web UI (LuCI)

image

1 Like

ISP speed is a big factor in router selection, since that determines how much CPU you need. Nearly all OpenWrt compatible devices that are not Broadcom chips will do VLANs and multiple SSIDs. And these features can be set up from the web interface.

2 Likes

It all looks like a bit of a minefield to a beginner like me. Just finding a router that isn't Broadcom-based is especially difficult.

I've since found that the ASUS BRT-AC828 does everything I need natively (and tonnes more), so that seems like the safest option, despite the price tag.

Thanks for the advice though.

The ASUS BRT-AC828 is IPQ8065 based, which -as a SOC- is supported in LEDE and this might make the device itself not too difficult to support either. But as of this moment, it isn't supported and given the price in comparison to its competition (yes, the hardware features are tempting and rather unique, but it's still almost twice the price of its siblings), chances aren't too great that anyone will pick it up in the future either (other than yourself, perhaps).

It is especially easy with this toh:
https://openwrt.org/toh/views/toh_performance_details?datasrt=cpu
(already sorted by SoC; further filter yourself as needed)

That's alright, I'm not looking to put LEDE onto it. ASUS' software appears to do everything I need for this project, without the timeframe pressure or risk. It's just easier to pay the money in this case.

Yeah, I did use that. I meant in relation to the models readily available in my region though. It all got a bit overwhelming, especially when looking for other compatible factors as well. LEDE just isn't the best fit for this project right now. It was more that I was struggling to find an off the shelf solution earlier and this looked like the only option.

Thanks anyway.

For anyone who might be looking at this topic in the future, I find the TP-Link Archer C2600 to be an excellent unit. I have installed dozens of them and their predecessor, the Archer C7. They use Atheros chipsets and support VLANs without issue.