Cisco RV320 and RV340 Router/VPN

Cisco RV320 front
 
Cisco RV320 rear
Figure 1. Cisco RV320, front (top) and rear (bottom).
 
Cisco RV320 rear
Figure 2. Cisco RV340, mounted in open rack on wall above utility cabinet.
 

I recently overhauled my home network, prompted by the gradual failure of my Asus RT-AC86U home/gaming router. My goal with this almost complete overhaul was replacing all network devices that did not work satisfactorily, or that were of consumer-level quality, with equipment of better quality and reliability designed for small-business and office use.

As a background, in 2004 I took a set of several IT courses, leading to professional certifications in TCP/IP and internetworking. One of these courses was on the configuration of Cisco IOSCisco Internetworking Operating System-based routers. After retiring in 2019, I pursued full-time my various technical interests in IT and photography. To refresh my knowledge of Cisco routers, I purchased two second-hand routers (models ISR 1921 and ISR 2921), old enough to be cheap, but still powerful enough to be usable on a modern home LAN. Neither IOS nor network technology had substantially changed since my certifications, so I felt pretty much at home. I was also impressed by the build quality of these Cisco routers. On the other hand, in later years I had become used to the web-based interfaces of many small-business network devices, including D-Link switches (see also here). Compared to this, the IOS CLI felt pretty primitive.

Neither configuration method is perfect. A CLI forces you to learn a command syntax and a large array of different commands and parameters, and is a slow and error-prone way of entering configuration settings. An auto-complete system offering multiple choices in a drop-down that dynamically changes to display only the available alternatives (similar to the way Windows helps users to type Japanese text) could be a solution, but I have yet to see this type of CLI in a router.

A web interface forces you to learn where in a multi-level menu system each setting is located. With a modern router offering from one hundred to several hundred different settings and parameters, a given setting can be buried deep within the hierarchical structure of the menu, and I have yet to see a hierarchical menu structure that is completely logical and equally efficient for all administration tasks. A web GUI is also more time-consuming for developers to implement in firmware, and more difficult to modify afterwards.

Cisco RV320 home page
Figure 3, Cisco RV340, home page of web GUI.
 

In some of the routers configured through a web GUI, Cisco went part of the way toward solving the above problems by providing multiple configuration wizards and shortcuts for different configuration scenarios. The RV340 (Figure 3) provides no less than 15 such tools on its default administration home page.

The RV320, on the other hand, has an SSH CLI to configure some functions. This CLI only covers a small subset of the router's functionality (only the access-list and interface vlan commands), while the web GUI is used for the remaining types of configuration. I do not know why Cisco decided to provide this hybrid configuration method, but it looks like a quick fix to get a job done that was taking too much of the GUI developers' time.

SSH is disabled by default on the RV320, and can be enabled on LAN ports and/or WAN ports via the web GUI.

I designed the LAN topology described at the above links for a property with two detached buildings, connected to the Internet via the 4G mobile network. We are now living in a top-floor apartment of a building connected to the city fiber network via a residential Ethernet switch, which allows a much faster (nominally 250/100 Mbps, most of the time very close to this in actual speed), as well as cheaper, broadband subscription. The old Cisco routers mentioned above are too slow to fully utilize this throughput and, not being intended as edge routers, lack useful features like firewall and VPN capabilities. Therefore, it was time to let go of these routers. I decided to investigate whether a more modern, small-business Cisco edge router configured via a web interface could be a good upgrade from my short-lived Asus router. My target was, once more, a second-hand device a few years old, since the shop prices of new equipment of this type are higher than I can justify.

In 2003, Cisco purchased Linksys, a company specializing in small-business and home network equipment, as a way to expand into this market segment. For a decade afterwards, Linksys continued to produce the Cisco-branded equipment targeted to these market sectors. However, Linksys never was fully integrated into Cisco, and in 2013 Cisco sold Linksys. The RV family of routers, also developed by Linksys, was discontinued shortly thereafter.

This left a "hole" in Cisco offerings for small businesses. Some of the recent lower-tier Cisco-designed routers, like the Meraki series, require a cloud subscription for their configuration. This is out of question in my case, because I do all configuration within the LAN and for security I do not enable any form of remote administration. This restricted my choice to a few series of routers with firmware still actively supported by Cisco. In particular, the RV family of routers attracted my attention.

As discussed here, Cisco still has no current replacement for the RV family. In terms of capabilities, the C921-4P and C931-4P can be regarded as replacements/upgrades for the VR family, albeit at a higher price point. However, they are configured via the IOS CLI, and in this sense they are pure-breed, traditional Cisco products without Linksys influences.

My current apartment is wired with only four Ethernet wall outlets, with the cables leading to the electrical cabinet of the apartment that also contains a WAN Ethernet port. The electrical cabinet is located in a small storage room not optimally located for a WiFi access point. The router must be physically located near this cabinet, and is the only network device in this room. I briefly considered re-wiring the apartment by running two CAT.6 Ethernet cables, instead of the present single cable, to each Ethernet wall outlet. This, however, involves a substantial risk that the cable pipes in the walls are too narrow or too sharply bent to make the upgrade possible. The trouble I repeatedly run into while drawing two Ethernet cables in narrow corrugated pipes in the walls of our last house and a previous apartment is still fresh in my memory. It is much easier to use small Ethernet switches wherever two or more devices need to be connected to a single wall outlet. Thus, I have no real use for RV routers with 16 Ethernet LAN ports, and only the RV models with four LAN ports and no built-in WiFi are relevant to my use case.

In the Cisco RV family, the RV320 and RV340 series seem to be the most recent and capable. Therefore, I evaluated an RV320 and an RV340 before settling on one of these for permanent use as my home router.

RV320 versus RV340

Physical characteristics

The RV320 is housed in a metal cabinet 206 x 49 x 134 mm (including rubber feet and a fascia on the front panel). There is no provision for mounting this router in a 19" rack. The height of the case without the rubber feet is 44 mm, so in principle it can be placed on top of existing rack equipment in an empty 1U or higher slot. It does have two slots at the bottom of the cabinet for hanging on a wall via two screws, but placing the router with the slots exactly onto the screws is no easy feat.

The front panel (Figure 1, top) contains 18 LEDs and a recessed reset switch behind a hole wide enough to operate the switch with the tip of a pen or pencil (no need to look for a paper clip). The rear panel (Figure 1, bottom) contains 5 Ethernet LAN ports, 2 Ethernet WAN ports (one of them configurable as DMZ), a USB A connector, a rocker power switch and a connector for the external power supply. A second USB A connector is located on the left side, and a slot for a wire lock on the right side. The USB sockets are for connecting mobile modems, ideally shaped like a USB stick. The RJ45 ports on the rear panel have no LED indicators.

There is no electrical contact for grounding the metal chassis, and the power supply is not grounded, either.

The RV340 (Figure 2) is quite similar in design, but larger at 280 x 44 x 170 mm, and comes with rack ears for mounting in a 1 U slot of a 19" rack (only with the front panel outwards, not the rear panel). The power supply is also external, but connected to mains by a grounded cable. Also in this case, there is no electrical contact for grounding the metal cabinet. The RV340 front panel is completely flat, without the convex fascia on the left side of the RV320.

In the RV340, one of the LAN ports can be configured as DMZ, leaving both WAN ports available simultaneously with DMZ.

The RV340 power supply plugs into a mains outlet via a grounded cable, and is a small "brick" type with a power LED.

The RV340 additionally provides an RJ45 console/serial port, and even includes a DB9 to RJ45 cable in the box. However, Cisco states that the port is "for future use" and disabled. The RV320 has no console port.

The USB ports of the RV340 are USB3 and USB2 compatible, the ones of the RV320 only USB2.

In both cases, the power supplies are made by third-party companies, and replacements are easy to find.

Cisco support and firmware

These routers were designed by Linksys for Cisco and made in China.

The RV 320 will be supported by Cisco until 2023-07-31 (less than two months from the time of writing, which probably means no further firmware versions will be made) The last firmware version is 1.5.1.13, published on 2020-10-27.

The RV340 will be supported by Cisco until 2026-10-31. Current firmware is 1.0.03.29, published in 2022-1.

Once the support ends, Cisco will no longer patch the firmware for known vulnerabilities. The idea is that customers will then replace their no longer supported equipment with newly purchased, more expensive Cisco equipment.

Specifications

In home settings, the NAT throughput is by far the first specification to check out, especially if you have a fast connection. The second most important specification is probably the NAT throughput with firewall activated.

I did not find this specification for the RV320, but I can say that, on my 250/100 Mbps subscription, the router is not the bottleneck. IPsec VPN and SSL VPN throughput of the RV320 is 100 and 20 Mbps, respectively.

The RV340 provides a bidirectional NAT throughput of nearly 2Gbps (nearly 1 Gbps file download test via a LAN client web browser), bidirectional IPsec VPN of nearly 2 Gbps, and SSL VPN of 33 Mbps.

Other than these specifications, my impression is that the RV340 works more "smoothly" and causes no perceptible lag in communicating with Internet servers, while the RV320 feels slightly more sluggish on my fiber Internet connection. If you have a 4G mobile Internet connection, you are probably experiencing a lag of 1-2 seconds in responses from Internet servers, so the faster RV340 performance will not make a difference to you.

A couple of router settings may have an important impact on throughput and responsiveness. The first is WAN bandwidth management, where you must enter the throughput provided by the ISP. If you enter a lower value, the router will throttle its maximum throughput to comply with this setting. You can, however, enter a higher value (by default 1000000 Kbps on the RV340, no value on the RV320). In this case, the ISP will limit your throughput according to your subscription type and/or temporary traffic bottlenecks.

The second important setting is EEE on each LAN and WAN Ethernet port. Energy Efficient Ethernet is a feature that cuts down the power consumption of an Ethernet port when no traffic is detected. If you activate this setting, there will be a short lag whenever the port needs to power up after some time in low-power mode. Do not use EEE on a port that must respond to traffic as quickly as possible (e.g. a port connected to a 24/7 server). Only use EEE on ports that are expected not to generate traffic for extended periods of time, e.g. workstations that are switched off at the end of a working day. The actual energy savings may be important on a large scale, but are probably undetectable on a home utility bill for a device with only 6 Ethernet ports. It is a good idea, instead, to disable any ports that are permanently not in use, even if connected to a wall outlet.

Aside from raw throughput, the RV340 offers a multitude of settings and capabilities not available in the RV320. My impression is that the former model is also more secure, thanks to its better and more complete firewall. The RV320 is obviously designed as a scaled-down, less flexible precursor of the RV340 and meant to be sold at a lower price point.

Web interface

The web interface of the RV340 is rich in settings and options, many of them not available on the RV320. It also feels more mature.

Saving the configuration

In both routers, the configuration can be saved to a PC via the web interface. The RV320 configuration is in a proprietary format and contains no human-intelligible information. The RV340 is completely different and saves the configuration file in pridefully well-formatted XML.

SSL CLI

Administration with a CLI via SSL is disabled on the RV340, although part of the functionality for an SSL port seems to be present in some firmware versions. Some administrators have tried, unsuccessfully, to enable this port by saving the RV340 configuration, manually editing the XML file, then restoring it on the router. Cisco reacted to these attempts by removing the firmware code supporting this port in later firmware upgrades. The risk of unwittingly opening up the router to security exploits by activating this half-finished firmware code was probably judged to be too high.

Second-hand value

The significant difference in offered features by the RV340 vs. RV320 is usually reflected in a second-hand price difference (usually by a factor of 4:1) between the two models on eBay. As always with second-hand network equipment, US prices tend to be lower than EU prices, but EU import fees on shipments from the US more than make up for the lower price.

Scheduling automated searches on eBay is likely to eventually locate bargains. In the EU, one German seller continuously advertises several of these routers at too high a price point, provides a best-offer option, but systematically rejects all buyer offers. A couple of weeks of window shopping brought me a slightly scuffed RV320 and a never-used, still packaged RV340, for 35% less than a well-worn RV340 from the seller mentioned above.

My choice

Given the detectable improvement in performance of the RV340 over the RV320, the wider range of settings and options of the former (e.g. in firewall options), and the longer time-frame of the remaining Cisco support for the RV340, I decided to use this router for my LAN. As a whole, the RV340, in spite of being marketed in the same series as the RV320, feels like a full generation more modern than the RV320.

The RV320 is now sitting in a box, already configured and ready to plug into my LAN if a need to replace the RV340 should arise, or to lend out to some friend in need of an emergency replacement for their home router.

Summary

The Cisco-branded, Linksys-designed RV320 and RV340 are small-business VPN routers configured via a user-friendly web GUI. Although discontinued, they still pack a punch by today standards, and are far better than home and gaming Ethernet routers in virtually every respect. The RV 340 is more powerful than the RV320, and in spite of being placed in the same series is a whole generation more modern and more configurable than the RV320.