Wednesday, December 19, 2018

Auspicious dates for marriage proposal or engagement in 2019

Before becoming the life partner, marriage is proposed by lover and engagement is made.

Here is the list of auspicious dates for marriage proposal or engagement in year 2019 (year of Boar), which is produced based on the Chinese almanac Tong Shu. (Click the image to enlarge)



Bear in mind that although the Tong Shu is a compilation of Chinese astrology and calendaring studies gathering wisdom of thousands of years, we should use it wisely and rationally, but not be too superstitious on it.


Tuesday, December 18, 2018

Auspicious dates in 2019 for signing contract, register for marriage, etc.

Here is the list of auspicious dates in year 2019 for signing contract, signing offer letter, register for marriage, receiving religious baptism, and other similar agreement-related activities.

It is produced based on the Chinese almanac Tong Shu. (Click the image to enlarge)



Bear in mind that although the Tong Shu is a compilation of Chinese astrology and calendaring studies gathering wisdom of thousands of years, we should use it wisely and rationally, but not be too superstitious on it.

Auspicious dates for renovation in 2019

Here is the list of auspicious dates for home or office renovation in year 2019, which is produced based on the Chinese almanac Tong Shu. (Click the image to enlarge)


Bear in mind that although the Tong Shu is a compilation of Chinese astrology and calendaring studies gathering wisdom of thousands of years, we should use it wisely and rationally, but not be too superstitious on it.

Monday, December 17, 2018

Auspicious dates for moving to new house / office in 2019

Here is the list of auspicious dates for moving to new house/office in year 2019, which is produced based on the Chinese almanac Tong Shu. (Click the image to enlarge)


Bear in mind that although the Tong Shu is a compilation of Chinese astrology and calendaring studies gathering wisdom of thousands of years, we should use it wisely and rationally, but not be too superstitious on it.

Auspicious dates for wedding / marriage in 2020

Many couples plan for their wedding more than 1 year ahead in order to have sufficient preparation time.

Here is the list of auspicious dates for wedding/marriage in year 2020 (year of Rat), which is produced based on the Chinese almanac Tong Shu. (Click the image to enlarge)


Bear in mind that although the Tong Shu is a compilation of Chinese astrology and calendaring studies gathering wisdom of thousands of years, we should use it wisely and rationally, but not be too superstitious on it.

If you are looking for auspicious dates for wedding / marriage in 2019 (year of Boar), click here.

You might probably also be interested with the auspicious dates for the following occasions in year 2020:

Wednesday, November 28, 2018

Avantree SP850 multifunctional wireless speaker with FM radio

I have purchased an Avantree SP850 multifunctional wireless speaker with FM radio for my father to replace his CD player that is now faulty and possibly reached its end-of-life.


This Avantree SP850 has many overlapping function with the BC-01 multimedia bluetooth speaker that I purchased 2 years ago. It costs higher at the price of RM96, but its sound quality is comparatively better, with a removable (and therefore replaceable) Nokia BL-5C Li-ion battery, and much straightforward and easier to use.


Note that this Avantree SP850 does not have alarm clock function and also unable to display the time.

Its 3 main functions are:
  • Play music and audio in MP3, WMA or WAV format
  • FM radio
  • Act as handsfree to answer/reject/hang-up incoming calls when connected to mobile phone using Bluetooth
It can accept audio source from the following:
  • FM radio
  • Micro SD card
  • AUX 3.5mm audio cable
  • Bluetooth
and it can output audio to headphone or external speaker via 3.5mm audio cable plugged to its headphone socket.

Its operation is menu driven with its LCD screen display. You can navigate the directory structure of the Micro SD card to pick the music file to play.

It supports the following music playing repeat modes:
  • Repeat all
  • Repeat folder
  • Replace once
  • Random
It has a built-in equalizer which you can set for the following music modes:
  • Natural
  • Rock
  • Pop
  • Classic
  • Jazz
  • Soft
It has 10 numeric buttons on top, makes it very easy to select song and to tune the FM radio.

You can get the FM radio to perform auto-searching of available channels, or to manually input the channel frequency number by using the numeric buttons. The manually set channels will be automatically memorized. This Avantree SP850 is able to memorize quite a lot of FM radio channels.

Due to its easy of use, this Avantree SP850 is suitable for everybody use, including elderly people.

You can watch the video below to have better understanding about this Avantree SP850.



Tuesday, November 27, 2018

Releasing handphone storage space by cleaning up WhatsApp files

Have you wonder what have silently taken up your handphone / tablet storage space? I bet the top culprit will be messaging apps such as WhatsApp.

WhatsApp stores all your individual and group chatting history in your phone storage, including all the media files and documents which you've sent out and also you've received from others. Over time, it will consume up gigabits of your phone / tablet storage.

Within the WhatsApp application itself does not have any mechanism for you to clean up old files or large files in order to release your handphone storage space.

Anyhow, you can easily locate those files stored by WhatsApp in your phone by using a file manager app such as File Manager + and navigate to the /WhatsApp/Media folder in your phone storage. The files are all there! You can then manually backup and/or delete the files there.

In fact, you can also program an Automate script to perform some sort of automated WhatsApp files housekeeping to release your handphone storage periodically.

Another easier way is to make use of an Android app called Cleaner for WhatsApp by LookAndFeel Lab to do the housekeeping.

Note that there are multiple Android apps call themselves as Cleaner for WhatsApp in the Google Play Store, and I am referring to the one developed by LookAndFeel Lab with the app icon as below:


This Android app is like a specific version of file manager to release handphone storage space taken up by WhatsApp files.

It shows you the total WhatsApp files found and the total storage space taken.

According to the WhatsApp directory structure, Cleaner for WhatsApp is able to list down the number of files and storage space taken by file types:
  • Videos
  • Images
  • Documents
  • Databases
  • Voices
  • Audios
  • Gifs
  • Stickers
  • Profile Photos
  • WallPapers


By entering the folder, it can let you review those files that you sent to others, those that you received from others, and duplicated files.

With a single tap, you can select all the files within the category (received, sent or duplicated), or you can manually select the files one-by-one, for you to perform the delete action. The files can be sorted by size (either large size first or small size first) or date (either oldest first or newest first) to make it easy for batch selection for deletion.

The function that makes a real difference from ordinary file explorer is its auto-clean function, which you can select to periodically check for the WhatsApp file and clean them by date or by size. It provides option for you to select which types of files you want to auto-clean.

With Cleaner for WhatsApp, you are able to release quite a number of handphone storage space occupied by those WhatsApp files. I would suggest LookAndFeel Lab to also provide achieve function beside cleaning to make it even better.

Thursday, November 22, 2018

Using Travel Recommends WiFi Router to access Google, Whatsapp, Facebook, Instagram, Snapchat, Youtube, etc. in China

If you are travelling to China, you will expect your Internet access to Google services (including Gmail, Google Maps, Google Calendar, Google Drive, etc.), WhatsApp, Facebook, Instagram, Telegram, Twitter, Snapchat, Blogspots, Wordpress, YouTube, and thousands over websites and Internet services be blocked and rendered inaccessible by the Great Firewall of China (GFW).

One common way to gain access to those websites and Internet services in China is to subscribe to a dependable and reliable VPN service before you enter into China. There are VPN solutions in the form of computer software as well as mobile apps to tackle the GFW restrictions, but such solutions might be limited to single device usage, not a good idea if you carry several devices (laptop, tablet, smartphone, smart watch, etc.) with you, or if you are travelling with a small group of people (family, friends, colleagues, etc.) in which each of you has one or more devices that need to access to those websites and/or Internet services.

In such case, a portable WiFi router with built-in VPN specifically for use in China is a better solution. The WiFi router is even more important than a local SIM card or roaming service, because as long as you have full Internet access, you can make voice or video calls using WhatsApp, Telegram, WeChat, Line, and other messaging apps.

I have searched around the Internet and found several providers of portable WiFi router available in the market. Some don't specify whether their portable WiFi router has workable VPN function for use in China or not. Some received customers' review about having mobile signal coverage issue, VPN connectivity issue, battery drainage issue, etc.

I have chosen Travel Recommends portable WiFi router as most of its customer's reviews are positive. It might not be the cheapest one in the market, but I believe it is dependable and reliable to ensure my Internet connectivity in China. Its rental price for China of RM28 per day is quite reasonable too. In fact, I really had enjoyable experience with this Travel Recommends portable WiFi router while I was in China, and I am pleased to have made a right choice.

In order to successfully rent a Travel Recommends portable WiFi router, you need to make your reservation at their website at least several days before your departure date.

During reservation, you can choose to have the device courier to you (with additional charges), or to self pick-up at their service counter available at the arrival hall of KLIA, KLIA 2 or Penang Airport. Self pick-up is also available at specific location in Johor Bahru and Kota Kinabalu. For device returning after your travel, you can also choose to courier it back to the company, or to self drop-off at either one of the 5 service counters available.

The package comes with:

  • The portable WiFi router, sharable by up to 5 connected devices at the same time
  • A travel adapter for you to charge the portable WiFi router (which you can use it to supply power to your other devices too)
  • A USB charging cable
  • A pouch to store all the components nicely at one place
You can also opt to include a power bank in the package, with additional charge. If you carry your own power bank, then you won't be necessary to rent the power bank from Travel Recommends.

There is a RM200 deposit collected by Travel Recommends upon making online payment to confirm your rental unit. This deposit will be banked in to your bank account several days after you returned all the rented components to the company.


The portable WiFi router has built-in Li-ion battery, which can last for about 6-8 hours of continuous usage. Whenever you are indoor with available wall socket, just charge it up, and it should be able to last the whole day from morning until midnight without much problem.

For portable WiFi router to be used in China (with or without VPN), Hong Kong and Vietnam, there is a fair usage limit of 1 GB per day. Exceeding the limit will cause your Internet access to be very slow, although still can stay connected. The quota usage is shown in real time on its display for easy check up.

There is unlimited usage for portable WiFi router to be used in Japan, South Korea and Taiwan, whist for other countries such as Singapore, Europe, Australia, Canada, USA, Thailand, Indonesia, Cambodia, India and Macau, the daily fair usage limit is capped at 500 MB only.

Rental prices for different countries are not the same, and can be found at their website. On and off they will have promotional price for specific countries.

I think portable WiFi router is an important oversea travelling component for you to carry along while you are abroad, to stay connected to the Internet and remain contactable via messaging apps. This is particularly crucial for travelling in China, as you need a portable WiFi router with dependable and reliable built-in VPN to stay connected to your favourite Internet services.


Sunday, November 18, 2018

Configuring IPv6 settings in Asuswrt-Merlin for TM UniFi

All the IPv4 blocks have already fully allocated, and IPv4 should be exhausted any time from now. Although the Internet transition from IPv4 to IPv6 has been prolonged, it is advisable to make use of IPv6 now in parallel with IPv4.

In fact, many websites are found to be faster when accessed using IPv6.

Below are my settings on IPv6 for TM UniFi for your reference:

  • Connection type: Native
  • Interface: PPP
  • DHCP-PD: Enable
  • Release prefix on exit: Enable
  • Auto Configuration Setting: Stateless
  • Connect to DNS Server automatically: Disable (you can choose Enable to use the DNS servers of TM UniFi)
  • IPv6 DNS Server: you can choose to use any of the public DNS servers below:
    • Google: 2001:4860:4860::8888, 2001:4860:4860::8844
    • OpenDNS: 2620:0:ccc::2, 2620:0:ccd::2
    • CloudFlare: 2606:4700:4700:0:0:0:0:1111, 2606:4700:4700:0:0:0:0:1001
    • UncensoredDNS: 2001:67c:28a4::, 2a01:3a0:53:53::
  • Enable Router Advertisement: Enable
If your IPv6 is working, you will be able to see your LAN IPv6 Address, LAN Prefix Length and LAN IPv6 Prefix shown on the screen. More information can be found in the System Log > IPv6 screen.

Saturday, November 17, 2018

Configuring WAN settings in Asuswrt-Merlin for TM UniFi

Below is my Internet Connection setting for TM UniFi:

  • WAN Connection Type: PPPoE
  • Enable WAN: Yes
  • Enable NAT: Yes
  • NAT Type: Symmetric
  • Enable UPnP: No (for better security control)
  • Get the WAN IP automatically: Yes
  • Connect to DNS Server automatically: No (set as Yes to use the DNS servers of your ISP)
  • DNS Server: you can use the DNS servers of your ISP, or any of the public DNS servers below:
    • Cloudflare: 1.1.1.1, 1.0.0.1
    • FreeDNS: 45.33.97.5, 37.235.1.177
    • Google: 8.8.8.8, 8.8.4.4
    • Level3: 209.244.0.3, 209.244.0.4
    • OpenDNS: 208.67.222.222, 208.67.220.220
    • Quad9: 9.9.9.9, 149.112.112.112
    • UncensoredDNS: 91.239.100.100, 89.233.43.71
    • Verisign: 64.6.64.6, 64.6.65.6
  • PPP Username: your username given by the ISP
  • Password: your password given by the ISP
  • Disconnect after time of inactivity: 0 second (never disconnect)
  • MTU: 1480
  • MRU: 1480 (same value as MTU)
  • Internet Detection: PPP Echo
  • PPP Echo Interval: 30 seconds
  • PPP Echo Max Failures: 5 times
  • Enable VPN+DHCP Connection: Yes
  • Spoof LAN TTL value: No
You can use the ping command to find out the maximum possible MTU value for your WAN connection. Just ping to any external server that accepts ICMP echo, with the parameters "-f -l xxxx" where xxxx is a number you try to get as large as possible, while the ping result will remain to have 0% packet loss without packet fragmentation. Any number greater than it will cause packet fragmentation.

Your MTU will be this xxxx number added by 28.


In the ping results shown above, the maximum number is 1452. Therefore, the MTU is 1452+28=1480.

Dual WAN: if you only have single Internet connection, set this to Off. If you have two Internet connections, set this to On. Your secondary WAN connection can be configured as fail over backup link which only active when the primary WAN is down, or as load balancing link which active together with the primary WAN and share the Internet traffic.


Port Trigger: Disabled. You can enable it if required.

Virtual Server / Port Forwarding: Disabled. You can enable it if required. Note that if you have enabled Parental Control function of the router, there will be some Port Forwarding rules automatically set here for the Parental Control function.

DMZ: Disabled.

Enable DDNS Client: Yes.

Method to retrieve WAN IP: Internal.

Server: just pick one of your favourite. Use Asus if you have no preference.

Host Name: pick a name for your router to be accessible from the Internet. As long as the name is not in used by other user in the DDNS server, it can be used.

HTTPS/SSL Certificate: Let's Encrypt (this is the easiest to use)

NAT Passthrough:
  • PPTP Passthrough: Enable
  • L2TP Passthrough: Enable
  • IPSec Passthrough: Enable
  • RTSP Passthrough: Enable + NAT helper
  • H.323 Passthrough: Enable + NAT helper
  • SIP Passthrough: Enable + NAT helper
  • Enable PPPoE Relay: Disable
If you don't use any VPN client and VoIP in your LAN, you can configure the NAT passthrough to be Disabled.

Thursday, November 15, 2018

Configuring LAN settings in Asuswrt-Merlin

For LAN IP Address and the corresponding subnet mask, pick one from the following private IP address ranges:

  • 192.168.0.1 to 192.168.255.254 (subnet mask 255.255.0.0 for fixed first 2 numbers 192.168 in the available LAN IP addresses; subnet mask 255.255.255.0 for fixed first 3 numbers in the available LAN IP addresses)
  • 172.16.0.1 to 172.31.255.254 (subnet mask 255.240.0.0, or 255.255.0.0, or 255.255.255.0)
  • 10.0.0.1 to 10.255.255.254 (subnet mask 255.0.0.0 or 255.255.0.0 or 255.255.255.0)
For home network, using a subnet mask of 255.255.255.0 with 254 allocable IP addresses is sufficient.

If you want to allocate less usable IP addresses, you can refer to the subnet masks below:
  • 255.255.255.128 (126 allocable IP addresses)
  • 255.255.255.192 (62 allocable IP addresses)
  • 255.255.255.224 (30 allocable IP addresses)
  • 255.255.255.240 (14 allocable IP addresses)
Below is my LAN configuration for your reference:
  • Enable the DHCP Server: Yes
  • Hide DHCP/RA queries: No
  • IP Pool Starting and Ending Address: for easier management, it is advisable to allocate this dynamic IP range to be different from the IP range used in manual assignment. Make sure this IP range is within the allocable IP addresses as defined by the subnet mask.
  • Lease time: 86400 seconds
  • Default gateway: the internal IP address of the router
  • DNS Server: you can use the DNS servers of your ISP, or any of the public DNS servers below:
    • Cloudflare: 1.1.1.1, 1.0.0.1
    • FreeDNS: 45.33.97.5, 37.235.1.177
    • Google: 8.8.8.8, 8.8.4.4
    • Level3: 209.244.0.3, 209.244.0.4
    • OpenDNS: 208.67.222.222, 208.67.220.220
    • Quad9: 9.9.9.9, 149.112.112.112
    • UncensoredDNS: 91.239.100.100, 89.233.43.71
    • Verisign: 64.6.64.6, 64.6.65.6
  • Advertise router's IP in addition to user-specified DNS: Yes
  • Forward local domain queries to upstream DNS: No
  • Enable DNSSEC support: No (unless you are sure your ISP and your DNS servers support this feature)
  • Enable DNS Rebind protection: No (unless you are sure your ISP and your DNS servers support this feature)
  • WINS Server: the internal IP address of the router
  • Enable Manual Assignment: Yes
Note: For the hosts configured in the manual IP assignment table, you can edit their name and change their icon by clicking on their icon.

  • Enable static routes: No (normally you don't need this, unless you have a complex network with several routers)
  • IPTV: select the correct ISP Profile to auto-configure the IPTV settings for the corresponding ISP
  • Switch Control:
    • Enable Jumbo Frame: Disable
    • Spanning-Tree Protocol: Enable

Tuesday, November 13, 2018

Configuring WiFi settings in Asuswrt-Merlin

Smart Connect is a feature in Asus wireless routers to automatically steer the WiFi clients to the most appropriate band of 2.4GHz and 5GHz. If you make use of Smart Connect feature, you will need to have the same SSID and Pre-Shared Key (WiFi password) for all the bands available.

If you prefer to have more control on which band your WiFi clients should connect to, you can disable Smart Connect.

For 2.4GHz band:

  • There are 3 wireless modes available. "Auto" allows 802.11b/g/n devices to connect to the WiFi network. In this mode, 802.11n devices can connect with optimum speed (up to 250Mbps per stream). "Legacy" mode also allows 802.11b/g/n devices to connect to the WiFi network, and the 802.11n devices can only connect with a maximum speed of 54Mbps (same as 802.11g). If all your wireless devices support 802.11n, you can select "N only" wireless mode for optimal performance. This mode does not allow 802.11b/g to connect.
  • Tick the "optimized for Xbox" if your WiFi network has Xbox 360 connected, otherwise just leave it unticked.
  • If your WiFi network has old 802.11b and/or 802.11g devices, tick the "b/g Protection". This will protect those devices from interferences which will also affecting the 802.11n devices.
  • Set channel bandwidth to 20/40 MHz to allow 802.11n connections to combine 2 channels for faster transmission speed, provided there is minimal channel interference with your neighbours. The router will device whether to use 20 MHz (one channel) or 40 MHz (dual channel) based on actual situation.
  • Try to use control channel 1, 6 or 11 if none of your neighbours is using it. These 3 channels are non-overlapping.

For 5GHz band:
  • Try to use a different SSID from 2.4GHz to have more control on which band you want your device to connect to.
  • There are 4 wireless modes available. "Auto" allows 802.11ac/n/a devices to connect to the WiFi network. "Legacy" only allows 802.11n/a devices to connect, and the 802.11n devices can only connect with a maximum speed of 54Mbps. "N only" will exclude all the 802.11 ac/a devices. For most of the users, you should choose "N/AC mixed" because only very old device will use the 802.11a connection on 5GHz band, you probably don't have such device at home.
  • Tick the "optimized for Xbox" if your WiFi network has Xbox 360 connected, otherwise just leave it unticked.
  • Set channel bandwidth to 20/40/80 MHz to allow the router to make use of either single channel, 2 channels or 3 channels, based on the actual situation.
  • The best control channel for most Asus routers is channel 48. Channels 36/40/44/48 belong to the UNII-1 low band channels, with channel 48 having the best transmission power. Other channels above are belonging to the UNII-2 or UNII-3 channels, which availability for use is depending on the country's regulation. Those higher band channels are in the Dynamic Frequency Selection (DFS) spectrum, and the router will simply disable using them if any radar systems is detected using the same spectrum.

For both 2.4GHz and 5GHz bands:
  • Extension channel is the second channel for 40 MHz bandwidth (and third channel for 80 MHz in 5GHz band), which you can specify it to be either above the control channel or below the control channel.
  • For most home users, set your authentication method to "WPA2-Personal" and WPA encryption to AES. If you have a RADIUS server in your local network, you can use "WPA2-Enterprise" for better security.
  • WPA pre-shared key is a passphrase, which you can use a short sentence of words instead of a single word.
  • For most of the users, you can leave protected management frames to be disabled. You can enable it for better security, but wireless clients that don't support this feature might not be able to connect to your WiFi network.
  • In WPA WiFi connections, the group key is a shared encryption keys among all the connected devices to secure multicast/broadcast traffic. It is more secured to change this group key at certain time interval, although for most home user, there is usually no harm for not to change it. For group key rotation interval, the figure is in seconds. You can set it to 0 to use the same key without any periodic change required. The interval can be from 1 second to 2,592,000 seconds. 3,600 seconds should be good enough for most users.

WPS (WiFi Protected Setup) provides an easy way to connect new device to the WiFi network. For most home user, you can just disable this function, as your wireless devices at home is pretty fixed.

WDS (Wireless Distribution System) is a kind of wireless bridging function to extend your WiFi coverage with additional access points (AP). If your home network only has one wireless router, you can ignore the settings here. Besides, Asus routers has a better way of interconnection called AiMesh.

If you discovered your neighbour is stealing your WiFi network, you can block their device with Wireless MAC Filter. It is very straightforward to configure.

RADIUS Setting is for WPA2-Enterprise network. Most home users can just leave it as it is.

Below is my configuration for Professional Wireless settings, for your reference.

For 2.4GHz:
  • Enable Radio: Yes
  • Enable wireless scheduler: No
  • Set AP Isolated: No
  • Roaming assistant: Disable (enable if you use Smart Connect function)
  • Bluetooth Coexistence: Pre-emptive (if you use Bluetooth keyboard/mouse/speaker nearby your router)
  • Enable IGMP Snooping: Disable
  • Multicast Rate(Mbps): Auto
  • Preamble Type: Long
  • AMPDU RTS: Enable
  • RTS Threshold: 2346
  • DTIM Interval: 3
  • Beacon Interval: 100
  • Enable TX Bursting: Enable
  • Enable WMM: Enable
  • Enable WMM No-Acknowledgement: Disable
  • Enable WMM APSD: Enable
  • Optimize AMPDU aggregation: Disable
  • Modulation Scheme: Up to MCS 11 (NitroQAM/1024-QAM)
  • Airtime Fairness: Enable
  • Multi-User MIMO: Enable
  • Explicit Beamforming: Enable
  • Universal Beamforming: Enable
  • Region: make sure you select correctly

For 5GHz:
  • Enable Radio: Yes
  • Enable wireless scheduler: No
  • Set AP Isolated: No
  • Roaming assistant: Disable (enable if you use Smart Connect function)
  • Enable IGMP Snooping: Disable
  • Multicast Rate(Mbps): Auto
  • AMPDU RTS: Enable
  • RTS Threshold: 2346
  • DTIM Interval: 3
  • Beacon Interval: 100
  • Enable TX Bursting: Enable
  • Enable WMM: Enable
  • Enable WMM No-Acknowledgement: Disable
  • Enable WMM APSD: Enable
  • Optimize AMPDU aggregation: Disable
  • Modulation Scheme: Up to MCS 11 (NitroQAM/1024-QAM)
  • Airtime Fairness: Enable
  • Multi-User MIMO: Enable
  • 802.11ac Beamforming: Enable
  • Universal Beamforming: Enable
  • Region: make sure you select correctly

WiFi Radar enables you to check for the WiFi channels usage and congestion state around your area, so that you can set your control channel to the least congested option. Before using it, you need to go to the Configure tap and click on the Start Data Collection button, wait for a few seconds, then click on the Stop Data Collection button.

Friday, November 9, 2018

Tweaking network settings in Asuswrt-Merlin

The Tools > Other Settings in Asuswrt-Merlin firmware is a menu not found in the stock Asuswrt firmware. It enables us to tweak some network settings to the router, which most of the time we can just keep them at default value.


Traffic history is a small database storing information required by the Traffic Analyzer. By default it is stored in RAM, which will be lost after the router is restarted.

You can set the traffic history location to NVRAM to preserve the data after router restart, and set the frequency whereby the database will be copied from RAM to NVRAM. Note that the NVRAM in the router has a finite times of read/write cycle. It is advisable to set the save frequency not to be too frequent to prolong the wear-and-tear of the NVRAM.

A better way is to save it to custom location, which can be a mounted USB storage device.

If your ISP billing cycle is not on the first day of the month, you can change the default starting day of monthly cycle from the default 1 to the first day of your billing cycle. This will enable you to have better view of your monthly traffic based on your billing cycle.

Asus routers such as the RT-AC86U have a physical button for you to turn off all its LED lights. This is a feature for you to conceal the router, particularly at night or in dark condition. Asuswrt-Merlin provides you the software option to turn off the LED lights by enabling Stealth Mode in miscellaneous options. In fact, you can further tweak your router to automatically turn off the LED lights during certain time, and make them function as normal during other period of time. You can click here to learn more about scheduled LED control.

New firmware version check will alert you when you login to the router and there is new Asuswrt-Merlin firmware available. You will still need to manually download the firmware after getting the alert, and perform the update accordingly. You are given the option not to check for beta firmware releases.

For TCP/IP settings, just keep the default values unless you have certain network application, such as VoIP, that need the tweaking. TCP connections limit is in quantity. All the timeout values on the screen are in number of seconds.

In IPv4, Address Resolution Protocol (ARP) is used to find out and associate the Media Access Control (MAC) address of a network interface with its IP address. It was done by a broadcast in the Layer 2. In IPv6, ARP is replaced by Neighbour Solicitation. By default, IPv6 neighbour solicitation broadcast is allowed by the internal firewall of the router, and Asuswrt-Merlin allows you to instruct the internal firewall to drop such broadcast, if it bothered you.

The Asuswrt firmware has a program called WANduck, which handles tasks related to your Internet (WAN) connections. WANduck is "inherited" in Asuswrt-Merlin firmware.

By default, WANduck will keep on sending DNS queries every few seconds to check if your WAN link is connected or not. You can disable this in the advanced tweaks and hacks settings. It is advisable not to change the default setting, unless you are clear about your reason to disable it.

Asusnat tunnel is a special NAT tunnel built-in to enable access to the router from the WAN side, even under NAT network. It is used by certain features, and the Asus Router mobile app. If you are paranoid about this kind of tunnel, you are given the option to disable it.

The Web Proxy Auto-Discovery (WPAD) protocol is a technology which aids a web browser in automatically detecting the location of a Proxy Auto Config (PAC) file using DNS or DHCP. The PAC file contains information of web proxy server.
By default, the DHCP server in the router will send empty WPAD with a carriage return to the requester. If this behavior causes problem, you can disable the sending of carriage return in empty WPAD.

Tuesday, November 6, 2018

Configuring AiCloud 2.0 in Asuswrt-Merlin

Asus AiCloud 2.0 is a "personal cloud" feature available in Asus wireless routers, enabling you to have easy access to your shared files either inside your home network or externally from the Internet.

External access to AiCloud is still unaffected even if you have disabled web access from WAN, i.e. remote access to your router's configuration web interface is disabled from the Internet (configured the Administration > System > Remote Access Config > Enable Web Access from WAN to "No", which is a good security measure to prevent unauthorized remote access to your router).

AiCloud is best to be used with a Cloud Disk USB storage device plugged in to your router's USB 3.0 port. It can be a USB thumb drive or a USB external harddisk. You can either format it with NTFS or EXT4 file system.

In my experience, AiCloud for Asus RT-AC86U router can work properly with the following combination of file systems:

  • NTFS only, single partition
  • EXT4 only, single partition
  • NTFS + EXT4. The EXT4 is to be used by Entware or Optware
  • NTFS + EXT4 + SWAP
Inside AiCloud 2.0 menu option, there are 3 settings. You need to turn on Cloud Disk in order to share the attached USB storage device to both your Intranet and the Internet.

I recommend to disable Smart Access, unless you want all your shared resources in your internal network to be remotely accessible from the Internet via AiCloud.

Smart Sync is said to be able to sync your attached USB storage to Asus Webstorage in the cloud, or AiCloud of another router in the Internet. In order to use Smart Sync, you need to enable both Cloud Disk and Smart Access. I found this function to be still buggy, and haven't found the way to make it work properly with Asus Storage yet. Therefore, I just keep it off.



In order to access your AiCloud from the Internet, particularly when you don't have a fixed IP address allocated by your ISP, you will need to have your DDNS service up and running. It is configured inside WAN > DDNS, and you have quite a wide variety of DDNS servers that you can choose to use.


You can access to your AiCloud using:
  • Web browser connecting to your router's AiCloud Web Access Port, configured in AiCloud 2.0 > Settings > AiCloud Web Access Port. It is advisable for you to change this port number from the default to your own.

Asus Download Master is a utility in the router that enable you to download Internet files using torrents to your attached USB storage device. It is not installed by default, and when you install it, the router will setup optware in your USB storage device and install the Download Master utility there. It can then be accessible using its web interface by browsing to its port in your router.

I think Internet files downloading is much better to be handled by proper software in your computer, rather than using the utility in your router. It will consume your router's CPU and memory resources, reduce its stability and reduce its security level.

Inside USB Application > Media Services and Servers, you can make use of the built-in media server functionality in your router (miniDLNA) to stream media stored in the attached USB storage device to computers, tablets, smartphones, smart TV, media player, etc. Supported media content includes video, music and pictures.


If you enable iTunes Server, you can stream the media content to iTunes app and Apple TV in your intranet. Disable this if you don't need it.

By using Manual Media Server Path, you can specific only media files resided in certain folders in the attached USB storage device be accessible with the media server. For each of the folders, you can further specify whether to share the audio, image or video in it.

For Samba network file sharing, the following settings are recommended:
  • Allow guest login: Off
  • Maximum number of concurrent connects: 5
  • Samba protocol version: SMBv2
  • Simpler share naming: Yes
  • Force as Master Browser: Yes
  • Set as WINS server: Yes, unless you already have a WINS server in your local network
SMBv2 is more secured against Windows malware attack. However, you might see the following log entries in your router, which is caused by one or more clients trying to access using the old SMBv1 (CIFS) protocol.

 
To eliminate these log entries, you can either set the Samba protocol version to "SMBv1 + SMBv2", which is not recommended due to malware security issue with SMBv1, or to turn off SMBv1 clients.

In Windows, you can turn off its SMBv1 client by going to Control Panel > Programs > Programs and Features > Turn Windows features on or off > SMB 1.0/CIFS File Sharing Support and uncheck the SMB 1.0/CIFS Client.


The settings for NFS exports and FTP Share is pretty straightforward. You can just disable them if not in used.

Tuesday, October 30, 2018

Configuring Adaptive QoS in Asuswrt-Merlin

When your Internet connection is congested (most or all of its allocated bandwidth is used up) either from time to time, or most of the time, Quality of Service (QoS) is a mechanism for you to prioritize bandwidth usage based on network tasks and applications.

However, if your Internet connection is not congested most of the time (allocated bandwidth is hardly used up), it is advisable for you to turn off QoS function. This is because QoS won't make your Internet connection become faster, as your Internet connection is limited by your ISP allocation of maximum upload and download bandwidth. In fact, enabling QoS will incur additional workload to your router and your local network.

QoS is essential for a congested network to ensure that certain network tasks and applications will not be severely affected by the congestion by giving priority to their network traffic, at the sacrifices of those with lower priority. Turn on QoS when your Internet is congested will give you a better Internet experience if you configure it properly.

Bear in mind that QoS normally won't work together with Hardware Acceleration. Enabling QoS will cause the router to automatically shut down partial or all of the Hardware Acceleration function.

In the Asuswrt and Asuswrt-Merlin Game Boost screen, there is a LAN Boost - One Click Game First mode. That is actually a short cut to an adaptive QoS setting that turn on adaptive QoS and set Online Gaming with the highest priority of all network traffic. If you want to give the highest priority to other tasks such as Media Streaming instead of Online Gaming, make sure you turn off this LAN Boost - One Click Game First mode.

When you click into the Adaptive QoS menu, you will be presented with the Bandwidth Monitor screen. This screen is functioning regardless QoS is switch on or off in your router. It is a very useful screen to tell you the real time bandwidth usage of your network between the router.

Upload Bandwidth and Download Bandwidth is visually shown in the form of a speedometer. From this display, you can immediately know whether your Internet link is congested or not.

The same information is also obtainable in the Asus Router mobile apps connected to the router.


Below it is a list of hosts connected to the router, and their real time upload and download bandwidth usage respectively.

If you turn on Apps analysis, you can click on the icon of any of the hosts, and the screen will show a breakdown of bandwidth usage by the applications running in the host.


If you would like to turn on QoS function, recommended settings are as below:
  • QoS type: Adaptive QoS
  • Bandwidth Setting: Automatic Setting
  • Queue Discipline: fq_codel
  • WAN packet overhead: select the correct preset according to your Internet connection type
Click here if you are interested to understand more on the technical among the 3 queue disciplines of Stochastic Fairness Queueing (SFQ), Controlled Delay (CoDel) and Fair Queueing Controlled Delay (fq_CoDel).

You can then determine which kind of applications are going to have the highest priority to access the Internet: Games, Media Streaming or Web Surfing.

If you choose Customize, you are given control to customize the priority among the following traffic types:
  • Gaming
  • Video and Audio Streaming
  • VoIP and Instant Messaging
  • Web Surfing
  • File Transferring
  • Others
You can mouse over to each of them for more description of the traffic type respectively.

If you have QoS enabled, you can view the QoS Statistics screen to have an idea of the bandwidth usage by each of the traffic types.

Web History records down a log on the websites visited by the hosts. I find it no harm to enable or disable it. Even if you disabled it, it seems that the logging still be ongoing behind the scene. I also noticed that this Web History does not display every single website visited by the hosts.


Saturday, October 27, 2018

Configuring AiProtection in Asuswrt-Merlin and Asuswrt

One of the selling points for Asus wireless routers is their AiProtection feature, providing real-time network monitoring and protection with its Trend Micro Deep Packet Inspection engine. This is a kind of enterprise-level security made available in Asus home routers.

AiProtection is signature based, which you can update its signature in Administration > Firmware Upgrade > Signature Version > Check. This is of no rival to today's enterprise-level security that uses machine learning and/or deep learning technology, but it is much better than none.

Router Security Assessment check your router settings for security best practices. If you enabled something that has potential to decrease the security protection, it will warn you by flagging that setting as a risk. It will provide you a direct link to disable that particular setting.

However, if you are clear on your requirement to enable certain settings, such as port forwarding, you can just ignore the warning.


To get the best from AiProtection, you should enable all the features of Malicious Sites Blocking, Two-Way IPS and Infected Device Prevention and Blocking.

Malicious Sites Blocking will prevent any computer in your local network to access to known malicious websites that can bring harm to your computer, such as infecting your computer with trojans, viruses, malwares, ransomwares, etc. Your computers should be installed with antivirus and Internet security software that performs this job. However, you will be surprised that there might be still some sites not detected by your computer's Internet security software but eventually blocked by your Asus router. Enabling Malicious Sites Blocking will provide double-layer protection from malicious websites on top of your computer's Internet security software. If you have a firewall with similar function behind your router, then you will have triple-layer protection.

Two-Way IPS will detect and block exploitation of a known network vulnerability, either from the Internet into your local network, or from compromized computers or IoT devices in your network trying to attack other computers or IoT devices in the Internet. This will, to certain extend, help you to protect unpatched vulnerability of your computers or IoT devices from being exploited and hacked.

Infected Device Prevention and Blocking will try to block the communication between compromised computers or IoT devices in your network and the hacker's command and control server. In this way, the hacker will not be able to easily take remote control of your compromised computers or IoT devices.

If you click on the Alert Preference button and set your email (Gmail / AOL / QQ / 163) there, you will be able to receive email alerts from your router whenever AiProtection alert is triggered.


The firmware actually provide reports for these AiProtection features in their respective tab so that you can known what threats have been intercepted, and which hosts are affected.

Parental Controls consist of Web & Apps Filters and Time Scheduling.

Parental Controls are host based and block traffic based on the source MAC address of the host accessing to the Internet. It is automatically enabled if you set one or more family members in Asus Router mobile apps as below 18 years-old and assign one or more hosts under them. The mobile apps will block them from accessing to Adult websites.

Beside adult websites, Web & Apps Filters can also block a host from accessing to Instant Message and Communication, P2P and File Transfer, and Streaming and Entertainment in the Internet.

Note that you can expand each of the 4 categories for finer blocking settings. For example, Adult category consists of Pornography, Illegal and Violence and Gambling sub-categories.

Enabling Web & Apps Filters will consume some of your router's CPU and memory, and will make web browsing slightly slower.

If you are using Asuswrt-Merlin firmware, there is another alternative called DNS Filter to do the filtering at the DNS server.

Time Scheduling function allows you to set time blocks in each of the days in a week that a particular host is allowed to access Internet. Internet access will be blocked for that particular host when the time is outside the allowed timeframe. You can set multiple blocks within a day.

This is only useful if the host is dedicated to a person or some persons that need to obey to your time scheduling. If it is a shared computer used by the whole family, then every family member will need to obey to the time scheduling when using that computer. There will be no exception.

You will notice that if you have any of the Parental Controls settings enabled, there are additional Port Forwarding entries automatically defined in your router. Those Port Forwarding entries will disappear after you disabled the setting.

Parental Controls are nice features to have. For better router performance, you might want to disable them, unless necessary to use them to guard your children Internet access.

Friday, October 26, 2018

Configuring Guest Network in Asuswrt-Merlin and Asuswrt

If you are reluctant to give out your WiFi password to your guests who want to borrow your WiFi to get their mobiles devices to connect to the Internet when they are visiting your place, you can set up a Guest Network for them.

Guest Network is a useful function to allow guest or public Internet access while separating them from your own internal network. Asus Guest Network also has some advanced features for you to impose restrictions such as access time, bandwidth limiting, MAC filter, etc.

The Guest Network function in Asuswrt-Merlin firmware should be the same as in original Asuswrt firmware. It allows you to configure up to 3 separate Guest Networks for 2.4GHz wireless band and up to another 3 separate Guest Networks for 5GHz wireless band.

If your Asus router has two 5GHz wireless bands, then you'll have yet another 3 separate Guest Networks for your second 5GHz wireless band.


It is advisable for you to set an SSID for Guest Network that is different from your regular WiFi SSID.

If you set the Authentication Method to "Open System", anyone around your wireless router can connect to your Guest Network without the need of any password. It is advisable to set the Authentication Method to "WPA2-Personal" and set the WPA Pre-Shared Key as the password to connect to your Guest Network, which can be different from your regular WiFi password.

You can optionally restrict the Access Time of this particular Guest Network. For example, if you set the Access Time to 2 hours, the Internet access for this Guest Network will be cut off 2 hours after you clicked on the Apply button.

You can also optionally limit the Download Bandwidth and/or Upload Bandwidth for this Guest Network. If you set the value to 0 Mb/s or higher than your Internet access bandwidth assigned by your ISP, then it is not restricted.

If you enable Access Intranet, the devices connected to this Guest Network is able to access to networked devices connected to any of the LAN ports of your Asus router. If you use a switch to expand the network linked to a LAN port, all the devices connected to the switch are also accessible by the Guest Network. In this way, your Intranet is exposed to your guest.

If you disable Access Intranet, your guest won't be able to access to any networked devices connected to the LAN ports of your Asus router. However, they can still access to the devices connected to your WiFi, including those connected to your regular WiFi network.

If you want to also disable access to your WiFi connected devices, you can Set AP Isolated for a particular wireless band under Advanced Settings > Wireless > Professional. However, this setting is not Guest Network specific, and will affect all the devices connected to that particular wireless band.

If you want to only isolate the Guest Network from other wireless devices, you can explore into YazFi expansion for Asuswrt-Merlin. You can click here to find out more information about YazFi expansion in SNBForums, including its installation method and sample configuration file.

You can also optionally make use of MAC Filter to specify which mobile devices is allowed or not allowed to connect to this particular Guest Network.


Thursday, October 25, 2018

Update firmware of Asus wireless router to the enhanced Asuswrt-Merlin version

Asuswrt-Merlin is a 3rd party enhanced version of Asuswrt, which is the official firmware in used by all recent Asus wireless routers. Asuswrt was originally forked out from the Tomato-RT/Tomato-USB firmware, which in turn developed base on the codes of Linux-based HyperWRT, a 3rd party enhanced firmware for Linksys routers.

Asuswrt-Merlin is mainly developed and maintained by Eric Sauvageau (a.k.a. RMerlin) based on the Asuswrt firmware developed and maintained by Asus technical team.

Asuswrt consists of open sourced GPL codes as well as closed source proprietary components. Asus releases the source codes of Asuswrt firmware in their website, with the closed source portion included as compiled binary codes. This GPL release includes everything needed to completely recompile a working firmware, with the exact same features as found in their firmware releases, making it possible to enhance it into Asuswrt-Merlin firmware.

The general goal of Asuswrt-Merlin project is to provide an alternative to the original firmware, and remain in sync with Asus's own development of each firmware release, so that new features and bugfixes development in original Asuswrt firmware can be trickled down into the subsequent Asuswrt-Merlin firmware.

Asuswrt-Merlin is intended to improve but not to replace the original Asuswrt firmware functionality. Its priorities are: Stability > Performance > Additional Features.

The website of Asuswrt-Merlin is https://asuswrt.lostrealm.ca, and you can click here to view the list of its enhancements made on top of the original Asuswrt firmware.

There is an Asuswrt-Merlin forum in the SNBForums for community discussion and support of this firmware, and RMerlin himself is an active participant and moderator there.

To date, Asuswrt-Merlin is made available and supported for the following Asus wireless routers:

  • RT-AC66U_B1
  • RT-AC68U, RT-AC68P, RT-AC68UF, RT-AC1900, RT-AC1900P
  • RT-AC86U, RT-AC2900
  • RT-AC87U
  • RT-AC88U
  • RT-AC3100
  • RT-AC3200
  • RT-AC5300
You can check for new release of Asuswrt-Merlin firmware at the following places:
  • If your router is already installed with Asuswrt-Merlin firmware, you can check for new firmware version by clicking the Check button in Administration > Firmware Upgrade > Firmware Version in the firmware's web GUI.
  • By manually searching for new topic in Asuswrt-Merlin forum with title "[Release] Asus-Merlin 384.x is now available".

You can click here to go to the download webpage of Asuswrt-Merlin firmware in its website, or click here to go to its main download site at SourceForge.

At the SourceForge download site, select your Asus router model correctly, then select Release, and download the latest version of firmware accordingly. The firmware is packaged in a ZIP file.

After the download, you need to unzip the file. Before uploading the firmware file to your Asus router, it is advisable for you to check for its SHA256 signature and match it with the checksum information inside the sha256sum.sha256 file. This is to make sure you won't upload a corrupted file to your router and potentially brick the router.

The easiest way to perform a file checksum in Windows is by using 7-Zip. Once you have installed 7-Zip in your Windows computer, you can right click on the file, select "CRC SHA" and then select "SHA-256" to get the SHA256 signature of the file.



If you want to install Asuswrt-Merlin firmware into a new router, make sure you have gone through the Quick Internet Setup wizard to get the initial configuration of the original firmware. You don't need to do this if you are installing to router already in used, be it currently running on original Asuswrt firmware or Asuswrt-Merlin firmware.

It is advisable for you to manually record down your major settings by using printscreen, and also make a backup of your existing settings by going to Administration > Restore/Save/Upload Settings. Save both your Router Settings and JFFS Partition (the later might not be applicable to stock firmware) to your local computer.

Then, you can proceed to go to Firmware Upgrade section, click on Choose File, select the Asuswrt-Merlin firmware file which you have downloaded, and Upload it to your router. The firmware updating process will begin, and your router will be rebooted.

Normally, your router will be up-and-running with no lost of previous settings after the firmware update. If you find it not working properly, you can try to Initialize your router to Factory Default, take out your printed screens and redo all your settings from scratch. If you still facing any problem, you can go to SNBForums and seek for help there.


Tuesday, October 2, 2018

Heat dissipating solution for Asus RT-AC86U router with USB cooling fans

The Asus RT-AC86U wireless router has a stand-up design and its heat management is relying on passive cooling.

Unlike those flatbed routers which we can easily provide heat dissipating solution to them by using normal laptop USB cooling fans, the temperature management solution for this stand-up router needs some tweaking to attach external fans to it. Luckily, there is ready made solution in the market, and it is quite cheap too.

If you are using AsusWRT-Merlin firmware in the router, you are able to read the runtime temperature reported at its Broadcom BCM4709 processor (CPU), Broadcom BCM4365E 2.4GHz WiFi SoC chipset and Broadcom BCM4366E 5GHz WiFi SoC chipset respectively.

In normal operation, the temperature at 2.4GHz WiFi chipset stays around 50-55 degree Celsius and the temperature at 5GHz WiFi chipset stays around 55-60 degree Celsius. However, the dual-core CPU temperature is always on the high side, staying above 70 degree Celsius, and there are users reporting that it can go up to above 90 degree Celsius.

If you are feeling uncomfortable with these kind of temperature readings and would like to lower them down to a more comfortable level, you just need to install a pair of external USB cooling fans at the back of the router.


The two 7cm fans are powered by 5V DC from the USB 2.0 port of the router itself. You can also plug it to the router's USB 3.0 port, but that port is normally used by external storage, USB Internet dongle, etc.

It is attached to the back of the router using 3M double-sided tape provided in the cooling fans set package.

Within 20 minutes, the pair of fans are able to cool down about 5 degree Celsius to both the 2.4GHz and 5GHz chipsets respectively. They can effectively cool down the temperature of the CPU by a whopping 20 degree Celsius.


With this heat dissipating solution, now the temperature at the 2.4GHz chipset reduced to around 45 degree Celsius, and the temperature at the 5GHz chipset reduced to around 52 degree Celsius. The CPU temperature greatly reduced to around 53 degree Celsius.

If I power down the fans by unplugging it from the router's USB port, all the 3 temperature readings will gradually increase, and went back to the previous high level within 20 minutes.


The fans are rotating at relatively low speed at 2100 RPM, making them pretty quiet. You can hardly hear their noise unless putting your ear very close to them during silent night.

According to their specifications, their noise level is at 18 dBA only. Their lifespan is around 50,000 hours, which is equivalent to over 2000 days, long enough to serve for the entire lifespan of the router.

Other than Asus RT-AC86U, this pair of USB cooling fans can also be used for Asus RT-AC68U router as both of them are having very identical size and casing build.



Monday, October 1, 2018

My Asus RT-AC86U AC2900 wireless dual-band MU-MIMO gigabit router with TM UniFi and Maxis Home Fibre support

The Asus RT-AC86U is a multimedia wireless router with gaming support, which you can also classify it as an entry level gaming router. For more powerful gaming router that gives you great online gaming experience, you should look for the ROG series instead.

It is the successor of the popular Asus RT-AC68U router, with similar stand-up design, identical front LED panel, rear connectors and buttons, but the internal circuit board is totally different. Thanks to this stand-up design, it has a much smaller footprint compared with those flatbed routers.


The CPU of this Asus RT-AC86U is powered by a dual-core Broadcom BCM4906 64-bit processor clocked at 1.8GHz (ARM v8 Cortex A53 architecture built with 28nm technology), which is apparently more powerful than the Broadcom BCM4709 processor used in Asus RT-AC88U AC3100 wireless router.

More powerful CPU provides better user experience for the more CPU intensive tasks, such as when using USB 3.0, SMB v2, data encryption, etc.

This Asus RT-AC86U is an AC2900 wireless dual-band MU-MIMO gigabit router. Oddly, it has lesser number of antennas compared with most of its counterparts in the market. It has 3 dual-band external antennas and 1 more internal antenna for the 5GHz radio band. Well, do not be fooled by this appearance. Indeed, its wireless signal strength and reach is pretty powerful.

Powered by Broadcam's NitroQAM support with 1024-state quadrature amplitude modulation (1024-QAM), if the connecting wireless device is also supporting 1024-QAM, each data stream of its 2.4GHz band can have a maximum data transfer rate of 250Mbps, and each data stream of its 5GHz band can have a maximum data transfer rate of 541Mbps. Both are 25% higher than the older TurboQAM technology (each 2.4GHz band = 200Mbps, each 5GHz band = 433Mbps) in used by predeccessing wireless routers such as Asus RT-AC68U.

Its 2.4GHz radio band is powered by a Broadcom BCM4365E 3×3:3 SoC chipset, able to serve a combined maximum data transfer rate of 3 streams of 250Mbps = 750Mbps.

Its 5GHz radio band is powered by a Broadcom BCM4366E 4×4:4 SoC chipset, able to serve a combined maximum data transfer rate of 4 streams of 541Mbps = 2,164Mbps.

However, most of the mobile devices nowadays are still using the 256-QAM technology, which supports maximum data transfer rate of 600Mbps in 2.4GHz and 1,733Mbps in 5GHz. Only the latest mobile devices with 1024-QAM support are able to unleash its full potential of serving 750Mbps in 2.4GHz and 2,164 in 5GHz.

The 2.4GHz wireless network of this router just performs a decent job, on par with other good quality wireless routers. Its main strength is on the 5GHz wireless network, which surprisingly having a very strong, far and stable reach. It is still detectable and accessible in locations which are beyond the reach of the 5GHz wireless network of my previous router.

With this Asus RT-AC86U router serving from the middle of my house, I don't even need to use any range extender to have stable and fast WiFi in every corner of my house. The WiFi signal, powered by Asus Range Boost technology and AiRadar beamforming, can also be detected further away from outside the house.

This Asus RT-AC86U has a total flash memory of 256 MB, and RAM of 512 MB. Both are doubled when compared with Asus RT-AC68U. It is pretty feature rich, configurable through Asus' famous AsusWRT web interface.

It has dual WAN support, which the second WAN link can be supplied using a 4G USB dongle or USB modem, or making use of one of its gigabit LAN ports for WAN purpose. The secondary WAN link can be configured for load-balancing or standby as failover backup link.

It supports TM UniFi IPTV by simple setting and connecting its LAN Port #4 to the TM UniFi set-top-box. It also supports IPv6 flawlessly.

It supports up to 3 separate Guest Networks in the 2.4GHz band, and up to another 3 separate Guest Networks in the 5GHz band.

Being a multimedia wireless router, it has features such as AiCloud 2.0 which enables the router to provide file server function and even media server function by attaching USB storage device such as USB thumb drive or USB external harddisk to its USB 3.0 port.

You can configure for the file server function and/or media server function to be accessible from local network only, or even from the Internet. Having dynamic WAN IP is not a problem, as you can configure the router to make use of DDNS service, so that you can always connect back to your router with its DDNS domain name.

By making use of Samba service, it can also provide Smart Access function for you to remotely access through Internet to the shared files and resources in your local network.

Access to AiCloud 2.0 can be made via its web interface, or by using the free AiCloud Android or iOS mobile app.


Its USB 3.0 file sharing is pretty fast. Accessed from LAN, my Transcend StoreJet 5400 rpm 1TB portable hard disk with NTFS partition attached to the router is accessible with a read speed of 101 MB/s (808 Mbps) and a write speed of 89.9 MB/s (719.2 Mbps).



It provides AiProtection feature with Trend Micro, with malicious sites blocking, 2-way IPS and infected device prevention & blocking. This is able to give you an additional layer of protection at the network perimeter, on top of the antivirus/anti-malware protection that you installed in your computers. You would not be surprised to see AiProtection successfully intercepted some malicious website accesses that skipped through your computer's antivirus/anti-malware screening.

It also equipped with Parental Controls function that enable you to block access to websites of certain criteria (such as adult websites). In addition, you can set time scheduling for the computers and network devices in your network so that they are restricted to access the Internet during certain time period.

Parental Controls works best together with the free Asus Router mobile app available for Android and iOS. In the mobile app, you can define which network devices are used by which family member, and the mobile app will block the adult websites for your children under 18 years old.


Its Adaptive QoS function enables you to set priority for certain network traffic, useful for online gaming. You can also configure it to make use of WTFast Gamers Private Network for faster online gaming experience.

This Asus RT-AC86U has quite frequent firmware updates, particularly to patch up security issues or to fix performance issues. Other than using the stock firmware, you also have option to install customized firmware such as the AsusWRT-Merlin firmware which is developed based on the stock firmware and more emphasis on security, usability and stability.


Hint: Click on the "Older Posts" link to continue reading, or click here for a listing of all my past 3 months articles.