May 19, 2013, 7:45 AM — A router is the heart of your network, so it deserves to be chosen carefully. Any router will share your Internet connection amongst your computers and other networkable devices (smartphones, tablets, and so on), but better models provide features that will enhance your network and its performance. Whether you're seeking a business- or consumer-class router, here are the eight most essential features to look for.
1. Wi-Fi access point
Most routers targeted at the consumer and SMB market have a built-in Wi-Fi access point (AP) to provide wireless network connections for PCs and other devices equipped with Wi-Fi adapters. You can purchase additional APs to extend the router's range. A stand-alone AP can also add wireless capabilities to a wired router. There are several wireless standards in use, with IEEE 802.11a, 802.11b, and 802.11g considered to be legacy standards. IEEE 802.11n is the latest ratified standard, and 802.11ac is in "draft" mode with final ratification expected late this year or early next. There is a remote chance that devices based on this standard won't be compatible with the final standard, but most people in the industry consider that event highly unlikely.
Wireless routers operate on one of two frequency bands: 2.4GHz or 5GHz. The 2.4GHz band provides only three non-overlapping channels, so it can become crowded very quickly. There are 23 non-overlapping channels available on the 5GHz frequency band, so you'll encounter much less interference when operating a network there. Routers and access points capable of operating on both the 2.4- and the 5GHz frequency bands are described as "dual-band" products.
If you're buying a router today, pick a model that's based on either 802.11n or the draft version of 802.11ac.
2. Guest Wi-Fi access
Some consumer-class routers include what vendors typically refer to as wireless guest access. This feature allows you to broadcast a separate wireless network name (SSID) with different security settings from your main wireless network. Since the two networks are virtually separated, guests can't see the traffic or access computers on your main network. This lets you easily offer visitors, contractors, and even the public wireless access while keeping your private network secure.
3. Virtual LANs and multiple SSIDs
Many business-class routers go beyond offering a simple wireless guest feature. They will allow you to create multiple, separate customized networks using what is commonly called virtual LANs (VLANs). They'll also enable multiple SSIDs to offer virtual wireless networks.
You can for instance, create a VLAN for management where sensitive company information can be shared, a VLAN for regular employees to share files, and a VLAN for guests providing limited Internet access. And then you can assign the router's Ethernet ports to the desired VLAN and broadcast a separate SSID for each VLAN. Or if you use 802.1X authentication you can assign users to a VLAN and they'll be dynamically connected to their VLAN when plugging into any Ethernet port or when connecting to a single SSID.
4. VPN Server and Client
Some business-class routers include a virtual private network (VPN) server and/or client. Many vendors market these devices as VPN routers. A built-in VPN server allows users to securely access your network and files while they're on the road or working from home. With a built-in VPN client, you can connect one router to another router with a VPN server to securely connect two networks together via the Internet, enabling you to share network resources and files between two or more physical locations.
5. USB port for printers or drives
Some consumer-class and business-class router include a USB port so you can share a USB printer or external drive with the network. This is useful if you don't already have a network-ready printer that can be used among all network users, or a network-attached storage (NAS) appliance for centrally storing and sharing files.
6. Malware and spam protection
Business-class routers that include additional security features are commonly called unified threat management (UTM) gateways. They typically include antivirus, anti-spam, and content filtering to block dangerous or inappropriate sites and email. Although individual computers should still have an antivirus tool installed, a UTM gateway can help catch malware before it reaches individual computers, providing double protection. Sometimes UTM gateways provide intrusion detection and prevention features to help block additional local network or Internet threats.
7. Dual or backup WAN port (or 4G support)
A business-class router that includes two WAN/Internet ports (or 4G support) gives you another Internet connection for backup or load balancing. Connect the router to two cable or DSL lines from different service providers, or plug in a USB 4G adapter, and you'll have a backup connection if one fails. Some routers allow you to increase your Internet bandwidth using both Internet connections simultaneously. This is commonly called load balancing.
8. RADIUS server
A few business-class routers include a built-in Remote Authentication Dial In User Service (RADIUS) server, enabling 802.1X authentication so you can use the enterprise mode of WPA or WPA2 security for the Wi-Fi. This is more secure than the pre-shard key (PSK) security that consumer routers provide using services such as WPA (Wi-Fi Protected Access). Using RADIUS, you can assign each user a unique user name and password and then change or revoke access in the event a user leaves or loses their Wi-Fi device.
Routers on the market
Now you should have a better idea if you want a consumer-level, off-the-shelf router from a store like Best Buy or Fry's, or a business-class router available from online retailers. Remember, consumer-level routers typically provide simple Wi-Fi access, as well as possibly guest access and USB printer and drive sharing. But business-class routers might also include VLAN and multiple SSID support, built-in VPN, malware and spam protection, support for two Internet connections, and an integrated RADIUS server.
For example, these two consumer-level routers are on the market now:
D-Link Xtreme N450 Dual Band Gigabit Router (DIR-665): Dual-band wireless router with a wireless guest feature and a USB port for sharing a drive or printer.
Netgear N750 Wireless Dual Band Gigabit Router: Dual-band wireless router with a wireless guest feature and a USB port for sharing a drive or printer.
Here are several business-class routers and APs to consider:
Cisco Wireless Network Security Firewall Router (RV220W): Dual-band Wi-Fi and gigabit ethernet router providing several VPN options, VLANs, and multiple SSIDs.
Netgear ProSecure UTM Firewall with Wireless N (UTM9S): A UTM gateway offering dual-band Wi-Fi and gigabit ethernet, offering anti-virus and anti-spam, content filtering, and intrusion protection. It also has dual WAN support, several VPN options, VLANs, and multiple SSIDs.
802.11a/b/g/n Business Access Point (NWA3160-N): An AP that can serve as a traditional AP, managed AP, and an AP controller to manage up to 24 APs. It supports VLANs, multiple SSIDs, and has an embedded RADIUS server.