Here we’ll discuss the differences between home networking equipment and business-class routers, switches, and access points. Nearly all networking manufacturers put to market equipment they say is appropriate for small business networks. What exactly sets business routers apart from home routers? We’ll look at how their features and functions help a business operate in the context of a small office network setup.
Quality of Service (QoS) traffic prioritization
A business router needs to differentiate and prioritize bandwidth across endpoints on a network. Usually this means prioritizing VoIP telephones over streaming video; or you might prioritize traffic to workstations, or for devices used to conduct videoconferencing, or wireless surveillance systems. SMB routers have configurable QoS settings built in them, and you’re able to differentiate network traffic by protocol—SMTP (mail), RTC (video calls), DNLA (streaming video), FTP (files) and others. You might use simple dynamic configurations by toggling buttons in a GUI, or with an Access Control List (ACL) to fine-tune QoS.
Network segmentation using VLANs
Virtual LANs reduce the amount of hardware you need for partitioning a physical LAN computer network. You would do this for security or regulatory reasons. Setting up a VLAN keeps endpoints from communicating with other endpoints on different VLAN, even if they’re part of one physical LAN. Routers and switches establish VLANs by “tagging” the traffic they send back and forth—a process laid out by IEEE 802.11q protocol. Many SMB routers make configuring VLANs simple using a web-based GUI.
Segmentation with Wireless VLANs
Businesses that want to set up a wireless network benefit from wireless routers and access points with guest network (SSID, or service set identifier) capabilities. Most current model wireless networking devices make it simple to set up one or more guest SSIDs. Wireless VLANs operate under the same 802.11q protocol that segments wired VLAN traffic. Users connected to the “guest” network cannot communicate with devices on the “employee” wireless, or access devices on the work LAN. If you have a public wireless network and don’t want guest devices communicating, using access point isolation features can thwart unscrupulous behavior like man-in-the-middle attacks.
Network monitoring via sFlow, NetFlow, or manufacturer-specific firmware
It helps to have application-based controls over access point management and configuration. When you’re looking after several networks, and perhaps hundreds access points across multiple physical spaces, it becomes a necessity. There are dozens of software applications that give you visibility using SampledFLOW (sFlow) or NetFlow (proprietary Cisco) packet sampling protocols. With these you get IP Address Management, and monitoring of Simple Network Management Protocol (SNMP) and Domain Name Service (DNS) functions among other features. A business class network switch has support for one or both types of collectors. Manufacturers may build their own flow-based solutions into managed switches, calling features something along the lines of ‘advanced traffic handling intelligence.’
Comprehensive VPN support
Business-class routers allow you to configure VPNs under more protocols, and the hardware supports a greater number of simultaneous users accessing the VPN. Most entry-level business routers support 10-15 VPN tunnels under each protocol.
A VPN provides users outside your physical network a secure link to applications, shared files, and other data on the internal network. The communication is encrypted with a Secure Socket Layer (SSL), the standard security technology for establishing a connection between a web browser and a web server. SSL VPN is built on open source technology and is compatible with a variety of operating systems, including iOS and Android.
An SSL VPN is one example secure tunneling, and there are others. Users might also access the company network using point-to-point tunneling protocol (PPTP) which takes advantage of specialized client software. Another is Generic Routing Encapsulation (GRE) tunneling, which passes traffic between two otherwise incompatible networks. Today GRE is mainly used for streaming media, web conferencing, or simultaneous use of applications among two or several users, across multiple local area networks. Entire branch office networks can communicate securely with main headquarters’ network using VPN technology. For this, networking equipment usually communicates via IP Security (IPSec VPN) protocol when establishing site-to-site communications. Layer 2 Tunneling Protocol (L2TP) is a more encrypted variant of PPTP.
Firewall and web filtering features
Small business routers have useful network security functions and acts as its own firewall in many ways. Think of a firewall as having two components: one hardware, and one software. Even a home router can function as the hardware part of that equation, with the software component running on your PC. Home users usually don’t need more than that. To an extent, a very small business is able to get by on something similar to home setup where each endpoint is running box antivirus software good for five or 10 users. You might subscribe to web filtering applications that manufacturers offer with the purchase of SMB networking hardware.
For very small branch offices with a few users on a LAN, you don’t need additional security hardware beyond an SMB router and software for endpoint protection. Anything more than 50 users, you’ll want to add server infrastructure for domain authentication—a setup we won’t get into here. But that’s when you’d add a hardware firewall or UTM device between the router and the WAN-facing modem. Read more about how UTM features protect larger networks.
Dual WAN ports for ISP failover
Many business-class routers offer two WAN ports. Why? What does a dual-WAN router do for you? Protects you against downtime should your internet service provider (ISP) experience technical difficulties. If your business stops when your ISP connection goes down, you’re well advised to have a backup plan. One way to stay up and running is by adding another method for connecting to the Internet. For some companies, that means piping in two cable, copper, or fiber connections. If you have the choice of two or more ISPs, you might get one from each company. Or, you might use a 4G adapter in a backup capacity using connectivity from your cellular provider. Want to have two copper, cable, or fiber connections AND a 4G backup connection? Find a 4G gateway that plugs in a router USB port.
Business-grade routers and wireless access points optimize connectivity for small business networks several ways: by offering QoS configurations, VPN access, secure VLAN setups, WAN redundancy, and lightweight features for firewall and web filtering.
Join the discussion One Comment
Thank you for helping me understand the alphabet soup of acronyms, and the use of each protocol!