Router to replace TL1043ND

Kei

Kei

Soldato
Joined
24 Oct 2008
Posts
2,751
Location
South Wales
Been using a tp link TL-WR1043ND V1 since I moved to BT infinity a few years back. All told it's been great, but it is starting to get a bit unreliable, becoming completely inaccessible and stopping all network traffic. (a power cycle fixes it for a week or so) I've updated the firmware to the latest version and taken it to bits and replaced all the capacitors in the hope that it would solve the intermittent issue but nothing has worked so far.

I've been looking at all of the options out there and have to admit that they all seem a bit hit & miss going by the reviews. Mad as it may sound, I've been considering going all out and getting a dedicated router (cisco 1921) and separating the wireless using an access point connected via gigabit ethernet. I'd still be using the ECI vdsl2 modem as the HWIC cards for the cisco don't come cheap. I also realise that it will need configuring which isn't anywhere near as simple as a web interface.

This is the current layout of our home network. Blue is cabled ethernet, green is wifi.


This was the idea I'd had for using the cisco router. I've been looking at the D-Link DAP-2695 as the access point and using a pair of unmanaged 8 port switches.


Anyone got any ideas. Like whether my idea really is as nuts as I think, or whether I can get something that will be reliable without needing perpetual firmware updates. The only requirements that i have are:-

  • Reliable
  • Secure
  • Port forwarding
  • DHCP address reservation

For wifi, I merely need it to cover the house, which the current TP link just manages. Speed on wifi isn't important provided i get sufficient bandwidth for normal web browsing.
 
Last edited:
I use most of that kit - or variations on a theme - and it works nicely.

How fast is your internet connection as that will determine whether the 1921 is overkill or not. There may be cheaper to be had on online auction sites that will do the job.
Setup is a little more complicated on Cisco kit but it's infinitely more flexible. There is a graphical setup utility but it's easier to use the command line if possible - if for no other reason than you can post your config as plain text to a forum and get help on it...you just can't [reasonably] do that with a gui.
Pretty much any Cisco kit will do port forwarding and DHCP. It'll be as secure as you configure it and how up to date the OS is. I've not had any major gaping security issues so far in versions of IOS that I've had running but there can be bugs in anything.

Definitely keep the OpenReach modem as it'll save you a fortune over getting a VDSL card. That said, I think the 887VA has VDSL built-in but it's quite early so may not be compatible - honestly, I've never had the VDSL to play with or I would have :D

There are Cisco routers with built-in WiFi (or add-in cards) so you could do it all in one box. It may not be convenient in terms of where you want to place the router and the wifi though. Again, command-line setup - flexible but not point-and-click.

The Netgear switches are a bit of a pain in terms of the interface and setting up things like VLANs but you may not have that issue. Otherwise, for just basic switching, they're pretty solid. Have you looked at the GS510TP which will do PoE+? That would let you power the DAP-2695 via PoE and save you a socket and potentially make siting it easier. Also, if the GS108 you already have is a GS108T then it can also be powered by PoE. It means then that if you have a UPS by your server and routers, it can power your infrastructure further away.

DAP-2695 is again, fairly poor interface-wise - mainly in VLAN setup again - but works nicely once sorted.

Hope that helps
 
Cheers, that's a big help. TBH, I get the feeling that I may be going overkill on it as it is just basic FTTC giving 75mb down 18mb up. I like to keep the connection here as gigabit in case i move up to a line speed in excess of 100mbit in the future. The server that i have is just my old phenom II system rebuilt with a huge RAID 5 array for storage running on openSUSE. It also gets used for teamspeak, ftp and plex.

Router wise, I have no need for anything like vlans or vpns that require cisco kit at either end. Size and noise are also concerns. The 1921 is as big as I'd be willing to go. The older 28xx series and the 1941 were definitely too big. Cost is the other issue as I'd rather the total cost didn't exceed £500. (a second hand 1921 and the access point uses that)

My current config for the most part works fine, just reliability that lets it down. It does get some heavy traffic internally. (usually copying/moving large files around) The internet connection only gets used heavily when downloading games via steam or when using ftp.

I have looked at the Asus RT-AC87U & RT-AC66U, Linksys WRT1900AC, TP-Link Archer AC1750 and netgear nighthawk R7000 & X4 AC2350. The reviews are all distinctly hit and miss. (TBH, I'd prefer the simplicity)
 
I'll try to have a look tomorrow for something with gig ports that isn't monsterous but in the meantime, have you looked at an 1801? It's only got 100Mbps ports but it will push 100Mbps of Internet traffic with NAT and firewall. The best part is that you can pick them up for under £100 and then upgrade when something is available with gig-e in sensible form factor for sensible price.
I currently run a VM SuperHub in modem mode that's by my TV with a GS108T. I then run a link back to my server cupboard where the router sits. Because I haven't got enough Cat5e between the two points, I run a trunked connection (802.1q) to carry a VLAN for Internet (router to SuperHub ), guest network (on multiple wifi) and main LAN.
 
You're coming from a £40 TP-Link TL-WR1043ND which apart from recent unreliability appears to have met your requirements.

Your suggested replacement of a Cisco 1921 is such a massive leap that it makes no sense at all.

You then state that 'Speed on wifi isn't important provided i get sufficient bandwidth for normal web browsing' and spec a £200 wireless access point.

As you don't need exotic Wi-Fi then you may as well just buy a newer version of the TL-WR1043ND and spend the £450 you've saved on something more interesting.
 
@Bremen: There are certainly cheaper ways of doing this...but this is Overclockers! How often do people come here asking for the cheapest, most cost-efficient, boring way of achieving something?! If that was the ethos you wouldn't get 'interesting' things like watercooling or the iWin S-frame case or CPU blocks with solid silver bottoms that nobody is ever going to see. There'd be no coloured coolants, no lighting, no acrylic. Usually people want the interesting, the extreme solution or the better than bare-minimum solution. Yes, there are limiting factors - usually cash, time and the looming possibility of divorce...but most of us have been known to get to our budget and then say "Oh, but that one's so SHINY...and it's only a little bit more." </rant></2c>
 
Had a quick look at Cisco routers that might fit the Gig Ethernet bill for you and probably the most interesting is the 867VAE Secure.
* Available 2nd hand at £150-£200
* fanless
*WAN Ports: 1xGE and 1x ADSL2+/VDSL2 WAN interface
*LAN Ports: 1xGE and 4xFE LAN
*Reported to be capable of pushing 300Mbps (probably without NAT and firewall)

The 1921 you were looking at has a fan so will be noisier, is closer to £200 and doesn't have the VDSL interface which could be of interest but it does have a couple of slots for cards.

The other option is a 2851 which is cheap (£60 ish) but it's bigger, almost certainly noisier and almost certainly uses more juice too. I believe it tops out at just over 100Mbps too.
 
Yes, certainly no fun to be had if you don't go a little overboard. What I meant by wifi speed not being important, is that it isn't my primary concern, rather than it not being something I would like. (given the opportunity) The 1921 seems like a reasonable deal as I don't mind the size (we have 2 of them in work) and they seem to be quiet. I'd need both NAT and firewall to be enabled so throughput on a lower model would probably fall, maybe not below my current connection speed but certainly likely to be below the potential line speed in a few years time. It'll also be a challenge for me anyway as configuring a cisco device will be new territory that I'd like to learn.

The only remaining question:
1. Can I get it to always assign the same ip addresses to machines by mac address rather than me having to set static ip's on the machines?
 
Absolutely. You just configure a generic DHCP pool with a range of IPs and then a separate pool of one IP for the device you want fixed. It's identified by it's MAC. You'll need either "client-identifier" or "hardware-address" depending whether the device asks for DHCP or BOOTP. Just let it get assigned from the main pool and then use 'show ip dhcp binding' to see which (match the length) is requested.

Code:
ip dhcp pool general-pool
 network 192.168.1.0 255.255.255.0
 default-router 192.168.1.1
 domain-name home.local
 dns-server 8.8.8.8 4.4.4.4
 lease 5
 update arp


ip dhcp pool wifi
 host 192.168.1.30 255.255.255.0
 client-identifier 011c.df0f.4a55.35
 hardware-address 0001.e39a.f9b8
 default-router 192.168.1.1
 domain-name home.local
 dns-server 8.8.8.8 4.4.4.4
 lease 5
 update arp
 
Well, I'll be the proud owner of a new cisco 1921/K9 ISR router at some point next week. (with IOS version 15.2)

Next challenge is to choose the interconnecting switch and the WAP.

1. Dumb or managed switch? I have an ordinary GS108 in my room already. Idea's so far:
Another Netgear GS108 (though the capacitor issue has put me off somewhat, even though I have the skill and tools to easily repair them)
Cisco SG100D-08-UK - reasonably cheap alternative to the GS108
HP 1810-8G Switch J9802A - managed switch which seems to be sensible money

2. Is the DAP-2695 the ideal access point for my purposes or have I overlooked any others? I've been looking at other brands as d-link doesn't have the best reputation nor can i find many reviews for this particular AP. These were the other APs I've been considering:
Cisco WAP371
Ubiquiti UniFi UAP-AC

Not fond of internal mini antennas though as that limits the range. Maybe I'm worrying over nothing regarding the d-link AP though.
 
Last edited:
1. The answer to this question depends entirely on what you want it to do. If you want it to just sit there and switch packets then a dumb switch of pretty much any brand will be fine. I personally like the fanless type because I have an aversion to the noise. For that reason I tend to favour those in a metal case (better heat dissipation).
If you want to play with VLANs or trunked connection (two or more Gig connection to a server or between switches) or you want to monitor or pull stats off the switch (SNMP) then managed is the way forward.
Things like Spanning Tree are useful as they stop it all falling apart when someone plugs one port into another in a loop but that may an unnecessary expense if you don't have people interfering with your network. Most managed switches will have it but some (the Dlink range) seem to have it switched off by default for some reason.
Another option is the Dlink GS108T which is managed and will run off PoE
or the GS510TP which will push out PoE+
The Cisco managed gigabit switches are very nice...but you might be able to buy a car for the same money!
2. The DAP-2695 was the only access point only (ie non-router) that did 802.11AC when I bought it. I didn't want the routing part and couldn't tell for certain whether you could safely ignore/turn off the routing side of things before buying. It also did the multiple VLANS and concurrent dual-band that I wanted so it ticked all the boxes. I've got mine attached to the back of the TV on a VESA mount (jury-rigged) and haven't physically touched it since. It runs off PoE and can be tinkered with via web page if I need to. The interface is a bit clunky but functional so as long as you don't need to be changing the config every day, it's fine. There are certainly others available. Cisco do some lovely stand-alone access points but again, they're not cheap. Cheaper products still seem to be concentrating on either being a router or an extender and it's not clear whether they allow you to configure them as just an access point. As an example: Netgear AC1200 looks good but can you use it stand-alone rather than just as an extender?!
FYI, the Ubiquiti APs look like they need a PC to be running management software to control them. That might not be a problem if you're running a 24x7 server but it's something to be aware of that they're not autonomous.
 
Well, if the dlink access point has been fine for you, I don't see any reason to avoid it as i only need it to act as an access point. (so the cisco router assigns ip addresses to clients on wifi.) The all internal designs aren't my cup of tea as i like external antennas.

I may as well go with the hp managed 8 port switch as it gives me some options that i may or may not use in the future.

Thanks for the help, it's been very useful. No doubt I'll be pestering you for further assistance once the cisco turns up. (though i've got some info about a 1921 and infinity already which should help)
 
Last edited:
All ordered, just have to wait for it to arrive. I went with an hp procurve 1910 8 port switch over the 1810 as I prefer the metal construction and built in psu.
 
Still waiting on the cisco to arrive but the access point and switch are working well together with the TP-link router. Not sure the range is any better than the tp link but the speed is certainly up, 5ghz wifi is certainly a heck of a lot quicker than 2.4ghz.
 
In theory 5GHz doesn't travel as far as it doesn't penetrate walls so well. That said, it should be faster as it has more bandwidth. Also, you will often find that there is nobody else on the 5GHz band - or it's certainly not full with overlapping networks - so it may go further due to lack of interference from other networks on/near the same channel.

In theory you can create an SSID with the same name on both 2.4 and 5GHz bands and let the device choose which it thinks is better. The WAP has an option somewhere like 5GHz steering which you can set thresholds of signal strength to push the client towards 5GHz. If it's not working well you can always set up something like MyWifi and MyWifi-5.

Agree on the metal chassis and internal PSU - lot more convenient than the mess of power-bricks you end up with otherwise.
 
Yeah I decided to split the two frequencies apart as separate SSIDs to avoid all the 5GHz devices defaulting to 2.4. Even in a poor signal area it was able to copy files at 10mb/sec, in good signal that was up around 45-50. 2.4 was around 2mb/sec in moderate signal strength. I haven't really played about with many of the settings yet, but strength/coverage of 2.4 doesn't seem superior to the tplink. It certainly manages the whole of the inside of the house. The old tp link could manage to get sufficient signal for sitting in the car on the street outside, but little of the back garden. I assume that it is possible to extend the coverage by buying another 2695 and placing it at the opposite end of the house. (if i wanted to improve signal strength for the back garden)
 
The cisco arrived yesterday, so i got straight to it after work. Finally managed to get it to work in place of the tp-link by about 1am. (started on it around half 8) Tested on speedtest and i am getting the full throughput of the connection. (75mbps/18.5mbps)

Here is the startup config that's now been set.
Code:
Cisco-1921#show startup-config
Using 3305 out of 262136 bytes
!
! Last configuration change at 00:50:55 UTC Sat Nov 8 2014
version 15.2
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco-1921
!
boot-start-marker
warm-reboot
boot-end-marker
!
!
enable secret 5 $1$GAFE$d0Ah1QWpu4CUlpB27ztl2.
enable password 7 05242427751C1B24
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.50 192.168.0.51
!
ip dhcp pool main_dhcp_pool
 network 192.168.0.0 255.255.255.0
 default-router 192.168.0.1 
 dns-server 194.72.0.114 213.120.234.46 8.8.8.8 
!
!
!
ip domain name WesNet
ip name-server 62.239.186.73
ip name-server 8.8.8.8
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn ********
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 no ip address
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!         
interface GigabitEthernet0/1
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1350
 duplex auto
 speed auto
 no mop enabled
!         
interface Dialer1
 ip address negotiated
 ip access-group 101 in
 no ip unreachables
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 ppp chap hostname [email protected]
 ppp chap password 7 1415060303092F23312A1337361115190205545856571A0D0C15
 ppp pap sent-username [email protected] password 7 0111120C54060307344E6E0B0D07051D0A08062B252066303A2F
!         
ip forward-protocol nd
!         
no ip http server
no ip http secure-server
!         
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.0.0 255.255.255.0 GigabitEthernet0/1
!         
access-list 1 remark INTERNET-ACCESS
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip 255.0.0.0 0.255.255.255 any
access-list 101 deny   ip 248.0.0.0 7.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   udp any any range 33400 34400
access-list 101 permit icmp any any net-unreachable
access-list 101 permit icmp any any host-unreachable
access-list 101 permit icmp any any port-unreachable
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any source-quench
access-list 101 permit icmp any any ttl-exceeded
access-list 101 permit icmp any any echo-reply
access-list 101 permit tcp any any established
access-list 101 permit udp any any
!         
!         
snmp-server community WesNet RO
snmp-server enable traps entity-sensor threshold
!         
control-plane
!         
!         
!         
line con 0
line aux 0
line 2    
 no activation-character
 no exec  
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password 7 09636C214D55423F585B56253E2F
 login    
 transport input all
!         
scheduler allocate 20000 1000
!         
end

I reckon that the line "ip name-server 62.239.186.73" has an incorrect ip address. (should match the DNS from the section above) Minor muck up where i was trying to figure out what my current BT DNS servers were. (that ip is actually bt.com)

I also haven't worked out how to do the bound dhcp addresses. Should I start the "main_dhcp_pool" at 192.168.0.5 rather than 192.168.0.0 and then bind the other machines from 192.168.0.2 up?

I haven't tried to set up a firewall properly nor have i attempted to configure port forwarding. The port issue i reckon is going to be the most difficult due to online gaming.
 
Back
Top Bottom