Asus RT-AC86U home/gaming router

Asus RT-AC86U
 
Asus RT-AC86U
Asus RT-AC86U, front (top) and rear (bottom).
 

The Asus RT-AC86U is an Ethernet router with built-in WiFi access point, designed for home and gaming use. I used this router in my home LAN for about two years, and recently discarded it for reasons discussed below.

In physical aspect, the RT-AC86U is comparable to many other home routers. It is designed to stand in a vertical orientation on a table or shelf, and there is no provision for wall mounting or rack mounting. It has three orientable external antennas, and its external connectors, besides its antenna sockets, include a WAN Gigabit Ethernet socket, four LAN Ethernet sockets connected to an internal, unmanaged Gigabit switch, two USB type A sockets (of which one USB 3) for a hard disk or USB stick and for a compatible USB mobile modem, and a socket for an external wall-wart power supply. Two switches on its right side are used for WPS pairing and for switching off the WiFi. On the rear, a power switch, a recesset reset button and a relatively unusual momentary switch to turn off the front LEDs (normally this function is only implemented in firmware) complete the set of controls.

The only remarkable physical feature of this router is that its base is a little wider than usual for this type of router and internally weighted, so it is less likely than many other home routers to tip over if its cables are accidentally pulled. The angular black design of the case with red accents is slightly reminiscent of Japanese-style meka (giant robots) and Transformers.

There are no screws in sight. Two extremely hard-tightened screws are hidden behind the black plastic label on the rear, but removing them seems to do nothing. Several screws hold the front and rear parts of the plastic case together, but their heads are hidden under the front panel, which is securely latched or glued on. Clearly Asus does not want you to open the case. This is in strong contrast with network equipment of better quality, like Cisco's, where in principle everything is accessible for checking, dusting off and repairing, and at most a screw or two are covered by easily removed warranty stickers.

As customary, configuration of this router is done through a web-based GUI. A CLI seems to be available, but is poorly documented by unofficial sources, and Asus apparently does not want to support or document it.

The specifications and configuration features accessible from the web GUI are available in the user guide.

My experience

I bought this router shortly after we bought and moved into our current apartment in Västerås in 2021. For about four years before that, I used a ZD MF286-D 4G mobile router with a subscription from Telia, which I took with me when we moved house three or four times during this period to follow my wife's job (I myself am retired, so I have no problem at all moving around). This subscription was mobile only on paper. It required me to register each successive geographic address with Telia, lest the router stopped working within a couple of days after I moved it to a new location. The bandwidth was limited, and the monthly fees relatively high. Our new apartment was already wired with a Gigabit residential Ethernet network connected to the city broadband fiber network. This allowed me to terminate my Telia subscription (not without paying unreasonably high termination fees) and to get a significantly faster (250/100 Mbps) and cheaper subscription from another ISP.

Initially, the RT-AC86U seemed to work. Within a couple of months I noticed that, at random intervals of several days, the WiFi froze and required me to reboot the router. The wired network was more reliable and only happened to freeze once every other month or so. I tentatively chalked up the problem to a memory leak in the firmware, which is a common bug in this type of consumer-level network appliance.

Like many other home routers, the RT-AC86U can be scheduled to automatically reboot in the middle of the night, and doing this solved the stability problems for about one year, then the WiFi freezes started to come back. Apparently, they occurred more frequently now, so rebooting during the night was no longer enough. The router also started freezing completely now and then, requiring a power cycling to restart.

At my present location, the threat of hostile Internet activity targeted against my router is low, and the chance that the router behavior was caused by undetected network exploits is very low. Among other things, my router's WAN uses a non-Internet-routable IP address space. At least two dynamic NATs (in addition to the router's built-in NAT) are present between my router and the Internet, so the existence of my router is only known by my ISP and by those Internet servers my LAN hosts actively connect to, with essentially no way for an Internet server to "call back" a host on my LAN once a TCP session is terminated. My LAN's DMZ likewise hosts no real servers, only a honeypot recording suspicious network activity (it never reported any). The price for the protection afforded by multiple NATs is that it is not practical for my LAN to host an Internet-accessible server, or to remotely control a PC connected to my LAN from the Internet. Neither dynamic DNS nor port/address forwarding on the home router help in these cases. A VPN connecting a host on my LAN to a VPN server on the Internet can of course make the host accessible from the Internet, but the VPN connection must be initiated by the host.

Things got gradually worse with the RT-AC86U, and I was forced to switch off its WiFi and reconfigure the old MF286-D mobile router I originally got from Telia as a physically separate WiFi access point. In the last month, the Ethernet WAN connection of the RT-AC86U started to freeze more and more often. Then, one day the RT-AC86U froze completely over a dozen times in a couple of hours, each time requiring a power cycling. At this point, it was obviously time to ditch the RT-AC86U. The gradual worsening of these problems over two years and their occurrence independent of network load make it unlikely that the problems were caused by memory leaks in the firmware.

Hopefully, other users of the RT-AC86U have had a better user experience with this router. This Asus router model is quite recent and still marketed. My RT-AC86U might just be the occasional rotten apple in a case of good apples. If you are in the market for a new home router, today there are better choices, with added functionality and more cost-effective. Nonetheless, the above is my own experience with the RT-AC86U. I did not even try to contact Asus for repair, given their evident care in making the case unopenable.

I have had a far better experience with virtually all other pieces of network equipment I purchased in the past five years or so and I am still using. About half of them are far older than the RT-AC86U and purchased second-hand (especially Cisco equipment that would otherwise be far too expensive for me), so the age of the RT-AC86U should not be a factor in its gradual, unexplained deterioration. The RT-AC86U router is fanless and convection cooled, and other equipment in the same closet has no heat problems, so overheating should not be a cause of the RT-AC86U deterioration. Just out of caution, I plan not to purchase Asus network equipment in the future. I have had a good enough experience, instead, with Asus laptops and components for stationary PC workstations.

A good thing with the demise of the Asus router is that it prompted an overhaul of my home network. A newly arrived Netgear WAX214 WiFi access point is already in place on my LAN and working flawlessly. I temporarily used the MF286-D as an Ethernet router, which works well and without freezing also in this function. I am currently using as edge router a second-hand Cisco RV320, actually cheaper than the RT-AC86U. I plan to evaluate a more powerful and significantly more expensive RV340 to see if it offers sufficient advantages to justify switching to this model and keeping the RV320 as a fallback router.

My broadband connection throughput is nominally (and most often also in practice) 250/100 Mbps, and the RV320 keeps up with these specifications even with the firewall functions activated. VPN speeds are of course significantly lower (nominally 100 Mbps for IPSec and 20 Mbps for SSL), but a common workaround is to use VPN client software running on the LAN PCs rather than on the router, which effectively offloads the VPN processing from the router to the individual PCs and their much faster CPUs. In this case, except for allowing VPN pass-through, the router is not involved in the VPN, and all traffic between PC and router is encrypted and secured from snoopers on the LAN.

Both routers are configured through a modern web GUI similar to (albeit much more complex than) a typical home router, and much more intuitive and forgiving than the sometimes cryptic CLI of generic routers like the Cisco 1921 and 2921 routers. I used the latter a few years ago to refresh my knowledge of Cisco router configuration.

The RV router series is designed mainly for use as edge routers and lacks some of the functionality of core routers. For example, the WAN interfaces of the RV series, as well as its LAN interfaces, are dedicated to their respective roles (but one of the WAN ports or LAN ports is usually reconfigurable as DMZ). The RV routers can be configured to run in one of two modes, gateway and router as Cisco calls them. Gateway is equivalent to an edge router that routes all outward traffic to a single IP address, while router is more flexible and uses RIP. Most ISPs that provide a direct Ethernet connection to their customers expect their end users to run their routers in gateway mode, and typically to set their WAN port to IP parameters provided by the ISP via DHCP.

The interfaces of a core router, at least in principle, are functionally identical to each other and the administrator writes the routing rules that apply to each pair of interfaces. A core router also implements a variety of routing protocols not typically seen on an edge router. The simpler edge router, however, is expected to provide a high throughput in a more cost-effective way than a core router.

Cisco routers do require a more brand-specific knowledge of network technology than typical domestic routers. On the other hand, once you have acquired this knowledge, the reliability and value-for-money of second-hand Cisco equipment is unbeatable. My general strategy is choosing among those second-hand Cisco devices that are just a bit too old to be cutting-edge and to command a high price, but are still supported by Cisco for a few more years, just in case a critical vulnerability is discovered.

With these replacements and with D-Link supervised switches I have owned for a few years, essentially all pieces of network equipment on my LAN are now of small-business level, rather than consumer level.

Summary

The Asus RT-AC86U is a home/gaming Ethernet router with built-in WiFi access point. It is medium-priced, average-capable, and at the time of writing slightly outdated. My specimen of the RT-AC86U started displaying occasional freezing of the WiFi functionality shortly after its purchase, and during the course of two years it gradually deteriorated to the point of WiFi, Ethernet and WAN functions freezing multiple times in a couple of hours, each time forcing a power cycling. No external cause for this behavior was apparent, and memory leaks in the firmware do not explain the gradual worsening of the problem.