Low end business gear is universally shit. My comcast business router is absolutely awful. I need to get around to putting it in bridge mode and putting a real router behind it. The best thing it could possibly be for me is a coax to ethernet paperweight.
Low end business hardware is just consumer hardware with "business" written on the box and a couple of strings changed on the web interface.
I won't even buy an AP unless it has a DD-WRT/OpenWRT/Tomato image. I've had way too much pain with whatever shit the vendor crapped into the box before they shoved it out the door.
I keep seeing DD-WRT/Tomato/OpenWRT coming up in these discussions; how about an option you could actually deploy to home or business customers and be proud of it.
> The best thing it could possibly be for me is a coax to ethernet paperweight.
This is great! Maybe we can repackage old Wi-Fi routers and sell them as connected IoT paperweights! Makes about as much sense as every other IoT device on the market.
> My home "router" doesn't even have fucking bridge mode.
Maybe you mean your modem? Bridging a router doesn't make much sense... since it's not a router then.
Although I suppose you could have one of those dreaded "combo" modem/router things ISP's peddle these days. There certainly should be a bridge option in that case, and you're rightfully mad if it doesn't!
I mean one of these dreaded combo modem/router thingies, hence the quotes. There is no bridge mode, and I cannot turn off NAT. It's also doubles as a completely fucked up DNS server which I have to override for resolv.conf.
I did this recently at home (saves money after owning it for a year, as it's "paid off" then in monthly modem rental fees), and although I have problems with the level of control my ISP has over the modem (there's no configurations or login, you activate it on their network and they control it fully), it's now just a "dumb modem" and does nothing else.
Then you knowingly bought a combo shitbox. There have always been quality consumer wireless access points, modems, and routers available, but you chose to buy the combo shitbox.
Mikrotiks are an amazing value! Usually they are way over spec'ed for their intended purpose as well, which means you're getting even more bang for your buck.
They have models for home users, businesses, all the way up to ISP "carrier grade" equipment.
They used to be difficult to configure (you needed to know quite a bit about networking and how Mikrotik's do things, since they originally targeted only WISP and more traditional ISP customers), but that's changed significantly in the past few years. They have 1-click setup wizards now, so even people with no networking experience can get up and running quickly, just like your run-of-the-mill Netgear router.
Also, you can run RouterOS (the OS on Mikrotiks/Routerboards) on x86 hardware, so you can build your own router if you have the need.
WebFig, GUI WinBox, and SSH/Telnet feature parity and a config I can export and read as text, fully featured boxes with gigabit for ~$50 USD, need I go on?
Even so, I'd setup my own router/firewall and handle the ISP supplied device as essentially untrusted. It won't be pretty, but its at least tolerable solution until you can work out a better setup.
not saying its the case for you, but it might be interesting to some:
some ISPs don't allow you to enable the bridge mode on the management website of the device. you need to logon to their website with your service account and either open an actual ticket or go through an automated process to "unlock" bridge-mode.
its kinda silly but understandable, as you need to have some understanding of networking for this but most people dont have any at all. and incorrectly configured bridge mode kills any chance of internet for consumers.
But even if you do that properly there is always a high chance your router will be compromised and you won't be able to fix it.
To be extra sure just treat it as such and put a firewall between it and your LAN. That requires time to configure, but may satisfy the paranoid.