Future proof main router

anyone with 2gb connection to your isp .. what type of port is your modem using
looking to future proof my network upgrade . as i run a large firewall and have public ip block

is it using 10gb sfp 10, 2.5 or 5gb copper rj45..


i am just about to pass 1gb and looking to upgrade my main public facing router and would like enough bandwidth for the future .. right now the 1gb 10baset port would be the bottleneck.

i pretty much have it maxed out and can hit about 980gb/sec in speed tests.

from my searching ... i think most higher end routers (that go over 1gb and can handle a large 500 rule firewall with 35K address lists, and bridging) are sfp for the wan port. but most modems are not... so i may have to get a fiber to copper adapter or something.

or are they normal 1gb ports and support link aggregation?

i have orderd the new asus gt-ax11000 pro and plan to use the 10gb port to go to my internanal 10gb switch and the 2.5gb port to go out to my main public facing router..

i don't need multiple a quad channel router as this only provide the 2.4g and one 5gig channel to upstairs (no one currently living upstairs) and the downstairts router connects over coax for the back channel and uses the other 5g and 6g channels..

my internal network over the 10g seems ok at the moment.. i think most speed tests now are cpu bound.. this is a speedtest from my media server workstation (dell t7920) to one of my nas's over the 10g network

I have AT&T fiber on the 2 Gbps plan. They offer up to 5 Gbps. The gateway they use has a 5G copper ethernet port for providing WAN connectivity to an external router.

My "router" is a UDM Pro with a 10G SFP port. I'm using a copper SFP transceiver to handle the translation. It negotiates 5G on the copper side and 10G with the UDM on the SFP side.


thanks .. what model transceiver are you using.. thanks
i dont think the udmp pro has enough cpu horsepower to inspect all my packts. it is 3.5gb without a firewall in the way.

my current router has CCR1016-12G has 12g/sec throughput

It's a Mikrotik. I edited above and put in a link.

1 Like

Just to say. It's 3.5 Gbps with IPS enabled (advertised anyhow). Without IPS enabled, I think they rate it ~8 Gbps.

1 Like

Welcome to the ASUS club. Jealous over here with my lowly RT-AX68U :drooling_face:
Be sure to put Merlin on it: https://www.asuswrt-merlin.net/

my downstairs router is a gt-axe11000 .. the f/w is based on merlin what would pure merlin get me thanks

Well actually Merlins firmware is based on the Asus firmware, and Asus has back ported some of his fixes into their firmware over the years.

Merlin just gives you some additional settings and fixes for people who link to tinker like us all on here :wink: . Also gives you the ability to run custom scripts, and customize some of the built in services with add on scripts, etc... He has put a bunch of work into the OpenVPN implementation as well, if you run a VPN for remote access.

All I know is I setup one for a family member and figured I would just do the stock firmware but quickly got angry that is was missing some of the settings I am used to, and then flashed Merlin on it.


Thanks yes i run openvpn .. and watchguard

Palo Alto PA-460... but you might not like the price.

Good bit of kit though.

Which Watchguard are you running?

You mean what version? Its.built into the router.

Do you mean wireguard? Watchguard is an appliance. www.watchguard.com

Woo hoo new toy on the way. Didnt think it woild get here . New orders are showing feb.

Since you know the os well do you know off a command.line fx i can use to import my existing dhcp reaervations into merlin? I have over 100 and i know how to export thrm from dd-wrt.


Id.prefer not to have to .import them manually one at a time through the web interface

Yes, its saved on the nvram/jffs and can be copied over pretty easy. I will find one of the posts about it later today and get back.

Hmm... if you have over 100 I think Asus only allows up to 64 by default but there is a way to bypass that. I will have to find that also.

Just realized you are going from DD-WRT to Asus as well, so might have to reformat it a little but I think Asus uses a standard dnsmasq format so it should not be too bad. There is no "import" option but if its in the right format it can be dropped into place.

1 Like

ok got my current dnsmaq dumped in this format.. this is the file i used to set it in dd-wrt

nvram set static_leasenum=74
nvram set static_leases='C0:74:AD:3E:D8:E6=voip=
94:6A:B0:21:B3:98=rxv780= \



nvram commit

weird when i past in here it dropped the continuation character there is one backslash on each line not showing

This addon script is your best bet to allow more than 64 IP reservations and also it has an "Import" function for a csv file. The format does not seem to be documented, but if you put one entry into the UI and then export you should be able to see the format from there.

I do not use this one, but this dev makes some good scripts.

1 Like

Another alternative is to use a different DHCP server. I personally use pi-hole's so that I can more easily see from where traffic is being blocked. Synology NAS have a server too. Etc.

Download the Hubitat app