You can for instance, create a VLAN for management where sensitive company information can be shared, a VLAN for regular employees to share files, and a VLAN for guests providing limited Internet access. And then you can assign the router's Ethernet ports to the desired VLAN and broadcast a separate SSID for each VLAN. Or if you use 802.1X authentication you can assign users to a VLAN and they'll be dynamically connected to their VLAN when plugging into any Ethernet port or when connecting to a single SSID.
4. VPN Server and Client
Some business-class routers include a virtual private network (VPN) server and/or client. Many vendors market these devices as VPN routers. A built-in VPN server allows users to securely access your network and files while they're on the road or working from home. With a built-in VPN client, you can connect one router to another router with a VPN server to securely connect two networks together via the Internet, enabling you to share network resources and files between two or more physical locations.
5. USB port for printers or drives
Some consumer-class and business-class router include a USB port so you can share a USB printer or external drive with the network. This is useful if you don't already have a network-ready printer that can be used among all network users, or a network-attached storage (NAS) appliance for centrally storing and sharing files.
6. Malware and spam protection
Business-class routers that include additional security features are commonly called unified threat management (UTM) gateways. They typically include antivirus, anti-spam, and content filtering to block dangerous or inappropriate sites and email. Although individual computers should still have an antivirus tool installed, a UTM gateway can help catch malware before it reaches individual computers, providing double protection. Sometimes UTM gateways provide intrusion detection and prevention features to help block additional local network or Internet threats.
7. Dual or backup WAN port (or 4G support)
A business-class router that includes two WAN/Internet ports (or 4G support) gives you another Internet connection for backup or load balancing. Connect the router to two cable or DSL lines from different service providers, or plug in a USB 4G adapter, and you'll have a backup connection if one fails. Some routers allow you to increase your Internet bandwidth using both Internet connections simultaneously. This is commonly called load balancing.
8. RADIUS server
A few business-class routers include a built-in Remote Authentication Dial In User Service (RADIUS) server, enabling 802.1X authentication so you can use the enterprise mode of WPA or WPA2 security for the Wi-Fi. This is more secure than the pre-shard key (PSK) security that consumer routers provide using services such as WPA (Wi-Fi Protected Access). Using RADIUS, you can assign each user a unique user name and password and then change or revoke access in the event a user leaves or loses their Wi-Fi device.
Sign up for Computerworld eNewsletters.