Asuswrt-Merlin vs Cisco

I recently saw advice to buy a Cisco RV130W instead of buying an Asus router such as an RT-AC66U and souping it up with Asuswrt-Merlin. I can see both sides of the argument but in the end I favor the Asus solution when I consider Asuswrt-Merlin vs Cisco. Here’s why.

Now, if you’re arguing business vs personal use, there’s no contest. In a business setting, buy the Cisco.

Professional experience

The one place where I can really see using a Cisco solution is if you’re an IT professional or want to become one. When I’m interviewing for a job, if someone doesn’t ask me about my home network, it’s a big-time red flag to me. It means a guy who doesn’t have enough interest to have a computer at home can compete with me.

Talking about your home network is a chance to play up your skills when your on the job experience may be a bit lacking.  Chances are nobody else who’s interviewing for your job will have a Cisco router on their home network. And I’m talking true-blue Cisco, not a Cisco-Linksys device from when Cisco owned Linksys. There is a difference. Be sure to mention it.

If you want to be a network administrator, there’s some benefit to buying a Cisco router and using it.

That said, a good interviewer will also appreciate if you’re running a consumer router with aftermarket firmware on it and can explain why you’re running that aftermarket firmware. If you want to be a security pro like me, run something other than a bog standard router you can buy at Best Buy, explain what you’re running, what you did with it, and why.

Capability

Part of the argument is that the Cisco device is cheaper. But is it really? I can buy an AC-capable router from Asus for very nearly the same price as a N-capable router from Cisco. I would rather have the additional capability.

Reliability

Read the reviews on these low-end Cisco routers and you don’t have to look long before you find people talking about reliability issues. On the other hand, the Asus routers have overwhelmingly positive reviews. If you get a bad one, return it, and the odds are in your favor that the new one will last for years. I’ve compared the Asus routers to similar routers from Linksys, and the Asus routers run much cooler. Asus is charging a bit more than most of its competitors, but the difference I see tells me Asus is spending some of that money on better heatsinks, at the very least. That makes a difference. Running twenty degrees cooler can quadruple life expectancy.

Security

Eric Sauvageau is one of my security heroes because he applies security patches to Asus firmware and releases it.

Cisco, to its credit, updates the firmware on the RW130W pretty frequently. But not everyone applies those updates. I have several reasons to know that, but the reactions I get when I bring up Cisco updates in job interviews tell me plenty.

So, thinking like a bad guy, when I sweep the Internet looking for things to attack, Cisco devices look interesting. Someone with a Cisco device running in known ISP address space has an interesting network. It’s worth attacking, and there’s a pretty good chance that router isn’t completely up to date.

An Asuswrt-Merlin device blends in. It looks like any other Linux-based router, except most of the attacks won’t work since it’s up to date. To my way of thinking, it’s better to be one of a few thousand immune routers in a sea of billions. My chances of being singled out for attack are lower, and the attacks probably won’t work anyway.

Support

The guy who argued in favor of Cisco argued that it will take hours to upgrade to Asuswrt-Merlin and set it up. So why not just buy a Cisco device that’s ready to just plug in and configure?

I set up my Asuswrt-Merlin device under duress. I work from home. My router failed during the workday and my biggest client needed a lot of work from me. It took me 40 minutes to unbox the new router, install Asuswrt-Merlin, configure it, and wire it in place of my old dead router. That’s 40 minutes from having a shrinkwrapped box to having functioning wifi, ports forwarded to the Internet, and good security. And I’d never seen Asuswrt-Merlin before.

I know a bit about networking, but it’s not my specialty. I’m a vulnerability analyst, not a networking guy. A networking specialist might get it done in 20 minutes.

Installing and setting up a Cisco device would take the same amount of time. I’d still have to download the newest firmware and then set it up. Downloading and installing firmware takes 5-10 minutes. It’s finding all of the wifi settings you need, setting them, confirming terminology, and setting up port forwards that takes time.

Leave a Reply

%d bloggers like this: