8 essential features you need in a business router

It's not enough to offer the latest wireless standard. Make sure the router that will support your office is up to snuff.

A router is the heart of your network, so it deserves to be chosen carefully. Any router will share your Internet connection amongst your computers and other networkable devices (smartphones, tablets, and so on), but better models provide features that will enhance your network and its performance. Whether you're seeking a business- or consumer-class router, here are the eight most essential features to look for.

1. Wi-Fi access point

Most routers targeted at the consumer and SMB market have a built-in Wi-Fi access point (AP) to provide wireless network connections for PCs and other devices equipped with Wi-Fi adapters. You can purchase additional APs to extend the router's range. A stand-alone AP can also add wireless capabilities to a wired router. There are several wireless standards in use, with IEEE 802.11a, 802.11b, and 802.11g considered to be legacy standards. IEEE 802.11n is the latest ratified standard, and 802.11ac is in "draft" mode with final ratification expected late this year or early next. There is a remote chance that devices based on this standard won't be compatible with the final standard, but most people in the industry consider that event highly unlikely.

Wireless routers operate on one of two frequency bands: 2.4GHz or 5GHz. The 2.4GHz band provides only three non-overlapping channels, so it can become crowded very quickly. There are 23 non-overlapping channels available on the 5GHz frequency band, so you'll encounter much less interference when operating a network there. Routers and access points capable of operating on both the 2.4- and the 5GHz frequency bands are described as "dual-band" products. 

If you're buying a router today, pick a model that's based on either 802.11n or the draft version of 802.11ac.


2. Guest Wi-Fi access

Some consumer-class routers include what vendors typically refer to as wireless guest access. This feature allows you to broadcast a separate wireless network name (SSID) with different security settings from your main wireless network. Since the two networks are virtually separated, guests can't see the traffic or access computers on your main network. This lets you easily offer visitors, contractors, and even the public wireless access while keeping your private network secure.

3. Virtual LANs and multiple SSIDs

Many business-class routers go beyond offering a simple wireless guest feature. They will allow you to create multiple, separate customized networks using what is commonly called virtual LANs (VLANs). They'll also enable multiple SSIDs to offer virtual wireless networks.

You can for instance, create a VLAN for management where sensitive company information can be shared, a VLAN for regular employees to share files, and a VLAN for guests providing limited Internet access. And then you can assign the router's Ethernet ports to the desired VLAN and broadcast a separate SSID for each VLAN. Or if you use 802.1X authentication you can assign users to a VLAN and they'll be dynamically connected to their VLAN when plugging into any Ethernet port or when connecting to a single SSID.

4. VPN Server and Client

Some business-class routers include a virtual private network (VPN) server and/or client. Many vendors market these devices as VPN routers. A built-in VPN server allows users to securely access your network and files while they're on the road or working from home. With a built-in VPN client, you can connect one router to another router with a VPN server to securely connect two networks together via the Internet, enabling you to share network resources and files between two or more physical locations.

5. USB port for printers or drives

Some consumer-class and business-class router include a USB port so you can share a USB printer or external drive with the network. This is useful if you don't already have a network-ready printer that can be used among all network users, or a network-attached storage (NAS) appliance for centrally storing and sharing files.

6. Malware and spam protection

Business-class routers that include additional security features are commonly called unified threat management (UTM) gateways. They typically include antivirus, anti-spam, and content filtering to block dangerous or inappropriate sites and email. Although individual computers should still have an antivirus tool installed, a UTM gateway can help catch malware before it reaches individual computers, providing double protection. Sometimes UTM gateways provide intrusion detection and prevention features to help block additional local network or Internet threats.

7. Dual or backup WAN port (or 4G support)

A business-class router that includes two WAN/Internet ports (or 4G support) gives you another Internet connection for backup or load balancing. Connect the router to two cable or DSL lines from different service providers, or plug in a USB 4G adapter, and you'll have a backup connection if one fails. Some routers allow you to increase your Internet bandwidth using both Internet connections simultaneously. This is commonly called load balancing.

8. RADIUS server

A few business-class routers include a built-in Remote Authentication Dial In User Service (RADIUS) server, enabling 802.1X authentication so you can use the enterprise mode of WPA or WPA2 security for the Wi-Fi. This is more secure than the pre-shard key (PSK) security that consumer routers provide using services such as WPA (Wi-Fi Protected Access). Using RADIUS, you can assign each user a unique user name and password and then change or revoke access in the event a user leaves or loses their Wi-Fi device.

Routers on the market

Now you should have a better idea if you want a consumer-level, off-the-shelf router from a store like Best Buy or Fry's, or a business-class router available from online retailers. Remember, consumer-level routers typically provide simple Wi-Fi access, as well as possibly guest access and USB printer and drive sharing. But business-class routers might also include VLAN and multiple SSID support, built-in VPN, malware and spam protection, support for two Internet connections, and an integrated RADIUS server.

For example, these two consumer-level routers are on the market now:

D-Link Xtreme N450 Dual Band Gigabit Router (DIR-665): Dual-band wireless router with a wireless guest feature and a USB port for sharing a drive or printer.

Netgear N750 Wireless Dual Band Gigabit Router: Dual-band wireless router with a wireless guest feature and a USB port for sharing a drive or printer.

Here are several business-class routers and APs to consider:

Cisco Wireless Network Security Firewall Router (RV220W): Dual-band Wi-Fi and gigabit ethernet router providing several VPN options, VLANs, and multiple SSIDs.

Netgear ProSecure UTM Firewall with Wireless N (UTM9S): A UTM gateway offering dual-band Wi-Fi and gigabit ethernet, offering anti-virus and anti-spam, content filtering, and intrusion protection. It also has dual WAN support, several VPN options, VLANs, and multiple SSIDs.

802.11a/b/g/n Business Access Point (NWA3160-N): An AP that can serve as a traditional AP, managed AP, and an AP controller to manage up to 24 APs. It supports VLANs, multiple SSIDs, and has an embedded RADIUS server.

Join the CSO newsletter!

Error: Please check your email address.

Tags Wi-FiEEserversNetworkingwirelessNetwork managementhardware systemsroutersmalwareOffice Hardwarenetwork securitynetworking hardwaremanagementsecurityvpnWLANs / Wi-Fi

More about CiscoD-Link AustraliaIEEENASNetgear Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Eric Geier

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place