Small-business owners shopping for a new router should avoid the flashy new 802.11ac models. Here's why.
If you're in the market for a new router for your small business, you might be tempted by the flashy features, high speeds, and low cost of consumer-oriented routers. The latest models, based on the IEEE 802.11ac standard, look particularly attractive.
But can a consumer router deliver everything your business needs? Is it sufficiently secure? Is it scalable? Does it provide redundant connections to the Internet? If it's a wireless model, does it provide enough range to cover your entire office?
Should you instead invest in a router that's specifically designed for the needs of small- to medium-size businesses? What exactly distinguishes a consumer router from a business-class model, anyway? Glad you asked.
Consumer Router Priorities: Speed, Media Streaming, and Security
Walk into your local electronics retailer or shop online, and you'll find at least a dozen consumer wireless routers selling for $100 or less, from such well-known brands as Asus, Buffalo, Cisco (Linksys), D-Link, and Netgear.
The prices are certainly appealing. Even better, all the essential features seem to be in place, including compatibility with the IEEE 802.11n wireless networking standard, a four-port ethernet switch, wireless encryption, and a built-in firewall. Most routers in this class have 2x2 antenna arrays (two transmit and two receive antennas), which are capable of handling two 150-megabits-per-second spatial streams (one on each antenna) for a total theoretical throughput of 300 mbps. You'll never see real-world performance that fast, however; overhead, distance between the client and the router, and environmental factors can whack that number down. The industry refers to this class of router as "N300."
Many lower-end consumer routers are dual-band models, capable of operating wireless networks on both the 2.4GHz frequency band and the 5GHz band. The 2.4GHz band delivers better range--but since it provides only two nonoverlapping channels, and since so many routers have been deployed, the spectrum has become congested. The 5GHz band boasts 23 nonoverlapping channels, so it's significantly less crowded, but it provides much less range. Many people use the 2.4GHz band for data and Internet access, and reserve the 5GHz band for streaming audio and video over their network.
The industry refers to this class of router as "N600," but the term is misleading because it implies that routers in this class can stream data at 600 mbps. They can't. The N600 claim comes from summing the speeds of the two concurrent but independent 300-mbps networks. You'll never be able to connect a client to either network and expect it to stream data at 600 mbps, nor can you connect a single client to both networks simultaneously.
Move up the consumer market to the $200 price range, and you'll see more-advanced dual-band routers from the same manufacturers. These devices come outfitted with 3x3 antenna arrays and promise a theoretical throughput of 450 mbps on each band. Routers in this class are often described as "N900" models; here again, however, it's not because they can deliver throughput to a single client at 900 mbps. Typically these routers are also outfitted with a four-port ethernet switch, but they support wired connections at gigabit speeds, versus the 100-mbps switches on less-expensive routers.
The IEEE 802.11ac wireless networking standard isn't likely to be ratified before early 2013, but that hasn't stopped router manufacturers from introducing routers based on the latest draft definition. We saw a similar pattern of events when the 802.11n standard was being finalized.
Only two such routers are on the market right now: The Buffalo WZR-D1800H arrived first, followed by the Netgear R6300. Both manufacturers are aiming their products squarely at consumers, emphasizing the devices' ability to stream media. Thanks to a much-improved modulation scheme, 802.11ac routers can pack more data into each spatial stream: 450 mbps, versus 150 mbps for 802.11n. An 802.11ac router with a 3x3 antenna array can deliver a theoretical throughput up to 1300 mbps (1.3 gigabits per second). Buffalo, for one, is marketing its product as an "AC1300" router.
Since there's an outside chance that these products will be incompatible with equipment based on the final standard, we don't recommend buying such devices for your business.
Next Page: Common Features in Consumer Routers
One feature you can expect to find in a high-end consumer router is one or even two USB ports. Through such ports, networked computers can easily share a USB printer and a USB hard drive. Although this might seem like an attractive feature in a router, anything but the tiniest small business will be better served by printers and NAS (network-attached storage) devices that have built-in networking capabilities. A printer with built-in networking features won't limit you to the length of a USB cable when you deploy it. USB storage devices, meanwhile, are slow and top out at 2TB, whereas a high-end NAS can deliver as much performance and storage capacity as a small server can.
Here are some of the other features you'll find in the typical consumer router:
- Quality of Service:This term describes a router's ability to prioritize different types of data traffic. For instance, if data packets drop during a file transfer, the router can repeatedly resend those packets until you've received the entire file. It might take a fraction longer, but you'll eventually receive the entire file intact, and it's largely irrelevant how many packets were dropped and resent in the process. However, if packets drop while the router is streaming music or video, or while you're in the middle of a phone conversation, you'll experience unpleasant dropouts and glitches. Routers with strong QoS capabilities can assign top priority to lag-sensitive media and VoIP traffic by throttling lag-insensitive file-transfer traffic. This is a good feature to have if you use VoIP equipment instead of a landline.
- Parental controls: This feature is designed to limit when client PCs have Internet access, and where those clients can go on the Internet. If you have children, you might configure the router's parental controls so that they can't access porn sites, or play online games during hours when they should be doing homework.
- Guest network: This is a virtual network that can allow your guests to access the Internet while barring them from accessing computers, printers, NAS boxes, and other devices on your network. (Some routers allow you to run a guest network without any security, but that isn't a good idea.) A guest network can be as handy for a small business as it is for a consumer.
- Built-in media server: Consumer routers are increasingly focused on streaming media, so it only makes sense that they'd have integrated servers for this purpose. UPnP (Universal Plug and Play) is the bare minimum. Advanced models add DLNA (Digital Living Network Alliance) and even iTunes servers.
- Lightweight VPN support: A VPN (virtual private network) allows remote users to access your network through a secure Internet pathway (often referred to as a tunnel).
- Integrated firewall: A firewall is a security mechanism designed to prevent intruders from accessing your network from the Internet.
- Wi-Fi Protected Setup (WPS): Operating a wireless network without encryption is asking for trouble. WPS helps consumers set up a wireless network with ease: You simply push a button on the router and a button on the client to establish a secure connection via WPA or WPA2 (see below). A recent discovery, though, has revealed that a brute-force attack can defeat this kind of security within a few hours. If your router supports WPS, you should disable it (if possible), whether you're running it at home or at the office.
- WEP/WPA/WPA2: These three security schemes involve the router and client exchanging preshared keys. WEP (Wired Equivalent Privacy), and to a lesser degree WPA (Wi-Fi Protected Access), have proven vulnerable to brute-force attacks. WPA2, which uses AES (Advanced Encryption Standard) encryption, remains relatively secure--provided that you establish a complex password.
- RADIUS: A few consumer routers support RADIUS (Remote Authentication Dial-In User Service) security. I'll discuss RADIUS in more detail later.
Business-Class Router Priorities: Security, Remote Access, and Scalability
Now let's turn our attention to business-oriented routers. Prices for low-end business routers start right about where consumer models top out, around $200, and they share many of the same features, such as a four-port switch, 802.11n wireless support, virtual networks, and QoS support (for VoIP applications).
Business routers, however, lack some of the features available in high-end consumer routers. You won't find a convenient-but-insecure WPS button, for example, nor will you get USB ports for sharing a printer or storage. And it's no surprise that you won't find an onboard media server. Many entry-level business models have only a Fast Ethernet switch (10/100 mbps), and wireless models typically operate only on the 2.4GHz band. In this environment, raw speed is less important than supporting large numbers of users, because those users are typically only accessing the Internet, moving small files around the network, and using server- or Web-hosted applications.
What you will get in business-class routers at all price points is stronger security features, more flexibility in giving you access to your network from remote locations, and the ability to scale as your business grows.
In addition, SMB routers support the aforementioned WPA, WPA2, and RADIUS (also known as WPA-Enterprise) security protocols, but you should use only the latter two to secure your business's network. RADIUS is the most secure option, but it is complicated to set up because it requires a dedicated server independent of the router. When a user logs on to a wireless network secured via RADIUS, a RADIUS client running on the router sends the user's login ID and encrypted password to a central authentication server. The authentication server then sends one of several messages back through the router to the user: 'Accept' (in which case the user is authorized to access the network), 'Reject' (the user is denied access, and asked to reenter their credentials), 'Challenge' (the user is asked to provide additional information), or 'Change password' (the user is recognized, but asked to create a new password before gaining access).
Next Page: More Details on Business-Class Routers
More Business Router Features
You might be surprised to learn that many business-class routers don't include integrated wireless networking. If the one you select doesn't, you can easily add such capability by deploying one or more wireless access points.
Higher-end business routers, meanwhile, deliver scalability, redundancy, and even stronger security features. Scalability defines the router's ability to expand as your business grows. Expanding a network's hardwired capabilities is easy: Plug another multiport ethernet switch into one of the router's ports. Voila! More ports! (If you're operating a complex network with a RADIUS server, multiple VLANs, and other features, you might need to invest in a managed switch.)
The only way to increase your Internet bandwidth, though, is to get additional connections to your Internet service provider via your router's WAN (wide-area network) ports. While consumer and low-end business routers typically have just one WAN port, higher-end business-class routers have multiple WAN ports, so you can establish more than one connection to one or more ISPs. Establish two or more connections to the same ISP, and you can improve your network's performance through load balancing. Establishing two or more connections to different ISPs provides redundancy for business continuity (since it's unlikely that two ISPs will suffer an outage at the same time). Cisco's RV016 Multi WAN VPN Router ($450), for example, is outfitted with 16 Fast Ethernet ports, including two that serve as dedicated WAN ports. But you can configure five of the other ports to function as WAN ports (making a total of seven) for load balancing or redundancy.
Here are some of the other features you can expect to find in a business-class router:
- Robust VPN: Business-class routers provide virtual private networks that can handle many more users (anywhere from 5 to 100), while offering much stronger security than consumer models do. At its best, a VPN will provide an environment in which a remote user's experience is no different than if they were working in the office and hardwired to the network.
Suidobashi Heavy Industry agrees to fight MegaBots in a piloted robot brawl.
We mined Microsoft's CodePlex repository to unearth 15 invaluable Windows admin tools -- and they're...
Android M isn't the massive, top-to-bottom overhaul that Lollipop was, but it has plenty of features...
Rather than poach IT pros away from other industries, many healthcare systems are developing in-house...
Kids can program the micro:bit board to display an LED pattern with no prior knowledge, the BBC said
At least one new exploit for Flash Player has been confirmed
Privacy group wants Google to forget more... Programmer escapes vampire squid... Self-driving cars...