Jan 12

ASUS AC2400 (RT-AC87U) Review

I was recently tasked with providing an upgraded wireless solution at a customers apartment. I wasn’t given any good information about the apartment except for the fact that it was two floors in a 44 floor building. I was given 24 hours to get the solution in place. Without appropriate gear on hand, I had to make a quick purchase. With only having enterprise wireless experience I wasn’t sure what to get. I called my friend at Micro Center for some trusted advice. I explained that I wanted something that compared to the Cisco 3702 access point with dual band with 4×4 AC capabilities. Being an enterprise wireless engineer, anything less just wouldn’t be appropriate. Quickly my friend said to buy the ASUS AC2400.

A quick trip to Micro Center and $300.99 (Tax included) I quickly had my wireless router.


After arriving at the apartment and finding where the cable modem was at I started my survey. I found a two floor apartment with concrete floors, a concrete walled stairwell and an elevator shaft in the middle of the apartment. The apartment was a small rectangle shape with the utility room (where the cable modem was) on the lower floor. With the elevator and stairwell in the center of the room, I had my doubts about the coverage from the ASUS AC2400.

After a quick and easy setup I had the router working on the correct SSID with the correct PSK. NAT worked out of the box on the DHCP address from the cable modem. This setup was very easy, there was even a wizard to guide me through the setup.

After using my analyzer I was surprised to see such a strong signal on the upper floor on the other side of the stairwell and elevator shaft. The signal was around a -65db.

I found that my laptop worked, but at a very slow data rate. My Samsung Galaxy S4 connected, but at a slower data rate and really didn’t work. Due to the poor performance I headed back to Micro Center and picked up a 2nd ASUS AC2400. Fortunately, the apartment had a CAT5 cable on the 2nd floor on the opposite side of the apartment.

Keep in mind that the ASUS AC2400 is a residential product. Built into the product is an ability to connect the multiple AC2400 units so they work together. This is similar to a controller based solution in the enterprise, but for a fraction of the cost. I was able to setup the 2nd unit into “AP Mode” (I will now reference this AC2400 as the AP). After connecting the AP to the other unit via CAT5 I had to tell the other unit to work with the AP by selecting the AP by it’s MAC address. This process was very easy.

The the two units were able to broadcast a single SSID with the same PSK. From the client view, it looked the same as it does at the office. Each unit is configured independently of the other. On the AP, I wasn’t able to adjust the channels that it used. When I went to the wireless configuration page it only showed me the 5GHz in the drop down (No 2.4), yet it displayed the 2.4 channels. Due to this, I called the ASUS support line.

Call #1. The hold time wasn’t more then a few minutes and I was able to talk to a person. After explaining myself a few times the call was disconnected… I felt as if I was hung up on, but maybe it was something else.

Call #2. Same hold time. I got Tommy on the phone. Tommy was very helpful and provided me with the latest version of software and asked me to upgrade. I had explain that the AC2400 did the automated upgrade. The automated upgrade was very easy and worked, except according to Tommy, I didn’t have the latest software. Tommy asked me to perform the upgrade and if the issue was not resolved I was to call him back. Tommy didn’t want to wait the 10 minutes or so because there were people waiting on hold for his help. The call ended.

Call #3. Wait time was 6-7 minutes and talked to the 3rd person. I gave her my ticket number and explained that the upgrade did not resolve the issue. After about 15 minutes she told me to return the AC2400 where I got it and get a different one as this unit was defective. With years of enterprise networking experience, this stuff happens with new gear. So, for a 3rd time, I headed back to Micro Center and picked up their last ASUS AC2400 that was on the shelf.

After installing the new unit as the AP the system worked well with the exception of one problem, roaming. The AC2400 has a very good wireless radio and that good radio sent it’s signal through the stairwell, concrete floor, and elevator shaft with no problem. Just like other reviews stated, it has be best coverage and I would support that statement. On the return side, the clients didn’t have a strong enough signal to get back to the AC2400 and negotiate a good data rate. The size of the apartment was also working against me. I would attach to one unit, then walk to the other and not roam. The client didn’t get far enough from the original unit to feel like it needed to roam. The signal was too good from the AC2400. In the GUI of the AC2400 under WIRELESS –> PROFESSIONAL there is an option to lower the TX power level. This setting doesn’t seem to work at all, no matter what percent I had it set to, my analyzer showed the same signal strength. I was informed by ASUS that this setting is not supposed to work…. But why is it an option in the GUI?

I needed to reduce the signal strength so the clients would roam to the closest AP. With a minimum signal from the AC2400 that I ever seen was around -67db. A -67db is still a very good signal for data. I started adjusting the direction of the antennas on the units. The best position that I found was by far the worst theoretical position for the the coverage area. Remember the apartment is a rectangle. One unit was on the West side on the lower level, the other was on the East side of the upper level. I ended up pointing the antennas to the outside wall that they were at, so the lower level pointed out a window West, the upper level until pointed at the East wall.

With the antennas in this position, there was enough signal loss to encourage the client to roam to the other AP to provide the higher data rates to the client.

Due to my enterprise experience I was able to use my knowledge of how a dipole antenna broadcasts the signal to reduce the signal strength by the position of the four antennas.

Even with the bad unit and the higher price tag on the AC2400, I do highly recommend it for use. The ability to link the two together is great for larger houses or an offices that requires a couple of APs. The signal strength was good and it includes Beam Forming to get the signal to the client better.

I know this review didn’t cover a comparison to other residential wireless routers, nor is it a complete review of it’s features I do hope that I have helped you in your search for the best wireless router for your needs.

If you have used the ASUS AC2400 and would like to make a comment, please reply and let us know what you think!!!

Dec 12

How to avoid the certificate error with Cisco’s WLC internal Web Authentication

Have you ever visited a business and you were given a username and password for their guest wireless access, only to get an SSL Certificate error when it sends you to the authentication page? Is it safe or not?

On the Cisco wireless controller there is a layer 3 security feature called Web-Auth. When the authentication is set to Web-Auth the user attaches to an SSID, then when they open their web browser it forces them to a login screen. The user then has to enter a username and password. After authenticating the user is allowed to use the wireless network.

The default settings on the controller is to force the user to https://1.1.1.1 (1.1.1.1 would be the virtual address on the controller). When this happens, the controller uses a self signed certificate and there for it gives the end users a certificate error.


I recently tried to import a public certificate to my Cisco 5508 controller (Version 7.6.130.0) to avoid this error. After working with my coworker that manages the certificates, along with Cisco TAC, I found this to be a very difficult task. Every time I tried to import the certificate file it errored out. Later I found out from TAC that version 7.6 had a bug that didn’t allow a certificate to be imported. I was forced to downgrade to 7.4 to load the certificate. I did the downgrade, I didn’t lose my config as I expected. I imported the certificate on version 7.4. My APs are 3702s so they are not supported in version 7.4, I had to upgrade to 7.6 in order to test the certificate. After upgrading, I still got the error. We tried it again and it failed again. Each time we modified the certificate, downgrade, then upgrade. This process took a long time only to have it fail. I’m not sure what was wrong, but with our certificate guy and Cisco TAC, we couldn’t get it to work. The certificate error continued. We did indeed have an address on the virtual interface with a DNS Host name and the address was in DNS.

After some more research I found that I could change that authentication page from https to http. On the controller go to MANAGEMENT –> HTTP-HTTPS. The third item from the top is “WebAuth SecureWeb”, the options are enable or disable. Mine was set to enable so I changed it to disable. You then need to go to CONTROLLER –> INTERFACES –> VIRTUAL make sure the “DNS Hostname” field is empty. The IP address does not matter, 1.1.1.1 is very common. If you change the virtual address you will need to reboot the controller.

After changing the WebAuth SecureWeb to disable and rebooting the controller your guests can access and enjoy an authentication screen without the SSL certificate error.

Does it matter that it’s not secure? For a guest that is getting a random or shared username/password, I don’t think so. What do you think?