VOZ logo
18647

Review: Grandstream GCC6011 – The Most Comprehensive All-in-One Router

We have had the opportunity to test one of those products that makes you an unconditional fan as soon as you see it, and you realize the great work and extensive experience behind it. The Grandstream GCC6010 is an “All-in-One” router with which Grandstream hopes to break the hegemony that certain brands like Mikrotik, Ubiquiti, or DLink have in the business environment.

In a company (needless to say, also in a personal environment), it’s no longer enough for the operator to provide us with a router that gives us Internet access; it’s mandatory to have tools that offer us a minimum level of security such as: IDS/IPS (which detect suspicious or unauthorized activities, such as phishing attacks, virus infection and distribution, malware and ransomware installation and download, denial of service (DoS), zero-day attacks, SQL injection, etc.), DPI (monitors network traffic for signs of potential threats or malicious activity and takes steps to prevent or block these threats), and other tools that are necessary and mandatory in any company today.

And nowadays, if you’re lucky, the operator installs a router (usually one that’s quite economical for them and allows them to retain the client as long as possible) to provide Internet access, some basic firewall functionality to filter and map ports, and not much else. So, what a company usually does first is to replace the router with a better-quality one, and that’s where Grandstream comes in to challenge the traditional brands.

Grandstream has launched three router models in its GCC6000 series:

  • GCC6010 (2 x 2.5 Gigabit SFP ports and 5 Gigabit Ethernet ports. All ports are configurable as WAN/LAN, maximum 3x WAN)
  • GCC6010W (with Wi-Fi 6 and 5 Gigabit Ethernet ports. All ports are configurable as WAN/LAN, maximum 3x WAN)
  • GCC6011 (the one we’re going to analyze) (with 2 x 2.5 Gigabit SFP ports and 10 Gigabit Ethernet ports
    3 fixed WANs)

To save costs, many operators also integrate the ONT with the neutral router, making things more complex. Even so, the Grandstream GCC6011 includes two SFP modules to incorporate fiber: one for the WAN side and another for the LAN side. Of course, both connectors are perfectly configurable, and you only need to add an SFP module compatible with the type of fiber you want to connect.

The router is always in a “privileged” position within the network. It has Internet access, and the entire network depends on it, so Grandstream has taken advantage of this to incorporate several tools that are usually in other privileged positions. The Grandstream GCC6011 emerges as a response to this need, presenting itself as an All-in-One router that promises high performance, security, and versatility. Let’s review in detail the technical characteristics and capabilities of this device, thanks to a unit sent to us by InstantByte along with the article they have written about the Grandstream GCC6011 to whet our appetite even more, if possible.


Aspects and Dimensions

The first thing we notice is that it has the same format as other Grandstream devices (gateways, routers, PBXs, etc.), so if we have more devices from this brand, it won’t stand out much. The size is small enough for us to have it on the table without taking up much space, although it comes with adapters to fit it into a standard 19″ rack cabinet.

The package includes the mounts to install it in a rack cabinet.

Installation and Configuration

Dashboard of the Grandstream GCC6011

Before starting, it’s important to keep in mind that this is a router, meaning it comes with a DHCP server activated on the LAN side. So as soon as you connect something to that port, it will attempt to assign an IP to any device that requests an IP address.

Initially, and for your information, the router uses the 192.168.80.x range for the LAN network, so we’re unlikely to have any collision, and it will allow us to connect to its interface to configure the range and address pool we want to set up.

Important Note: The entire multilingual interface is in perfect Spanish/Castilian and many other languages. However, since there are concepts I’ve learned in English, I usually configure it in that language to avoid different translations possibly confusing me about what is what.

I’ve been fortunate to try other Grandstream routers and, in fact, I used one for quite some time. The interface is designed to be as powerful and flexible as needed but with aids and descriptions that allow someone to understand what they’re doing. Compared to other more well-known models in this field, Grandstream routers have nothing to envy in terms of configuration and power. The hardware is quite oversized for the tasks they need to perform as a router since, as we’ll see, it performs many other tasks that may require even 20 times more processing.

As you can see on the Dashboard, the system comes with 5 major blocks (the last two related to VoIP are disabled by default, although I’ve activated them because I didn’t want to miss the chance to see a UCM within the router).


Networking (Network Configuration and Routing)

Grandstream has a lot of experience with their routers, so much so that they have managed to create an interface that’s easy to handle but with the power of the big players. Accessible via web to facilitate use, it also has the possibility to configure it via SSH or through its remote cloud interface called GDMS, mobile application, and SNMP.

The configuration, besides being very visual, includes everything necessary to set up a multi-port, multi-WAN router that, in addition to being fully Gigabit, also has PoE ports to connect IP phones, cameras, or antennas of any type.

In this section, it’s also possible to configure VPNs, as the Grandstream GCC6011 includes support for the main known types of VPN: LLTP, OpenVPN, Wireguard, L2TP, and IPSec.

The possibility of having multiple WANs is very interesting, but the option to have load balancing between the different WANs makes it work wonderfully well.

This, which seems so “nice and easy,” I had to configure by hand many years ago, and after seeing how incredibly simple they’ve made it in the GCC6011, I almost cried.

In the Traffic Management section, it’s as beautiful as a traffic management system can be today, with the latest applications, protocols, and bandwidth control for each IP or MAC address.


Firewall (Network Security, Antivirus, Anti-Threats)

In relation to cybersecurity, we have just obtained the ISO27001 certification, which has allowed us to evaluate the good practices we have in place and correct others that were lacking, while also requiring us to have a system for threat monitoring, intrusion detection, antivirus, and much more. The advantage in my case is that we already had a lot implemented, so the adaptation to obtain the certificate was minimal. However, the larger the company, the more difficult and costly (economically) it becomes to add these types of mandatory solutions to achieve any kind of cybersecurity certification.

Grandstream GCC6011 includes in the “Firewall” section several tools that are mandatory in any company:

Firewall

The firewall is a feature of any router; it allows configuring NAT, port blocking and masking, as well as port mapping in DMZ systems, etc. This is something standard and necessary in any router. What stands out, unlike other commercial systems, is the simplicity it offers in its configuration (ideal for someone not so professional) yet it doesn’t lack a single detail and is perfect for someone who needs to control even the smallest aspects.

Active Security

Another important point is the detection and active blocking of attacks coming from the outside. At this point, you can configure the detection and blocking of DoS attacks.

Antivirus

The router analyzes the traffic that passes through your network to such an extent that it is capable of identifying the signatures of various viruses, trojans, and malware, blocking them to prevent exposure, while also alerting us of an attempted infection or communication with some external host, botnet network, etc. These signatures are updated automatically, so it can recognize any type of malware even if it’s new.

Intrusion Detection (HIDS)

Recently (with the Crowdstrike failure), we talked about different types of intrusion detection, and in this case, the GCC6011 includes a very comprehensive intrusion detection system:

  • IDS/IPS systems identify suspicious or unauthorized behaviors, such as phishing attacks, virus propagation, malware and ransomware download and installation, denial of service (DoS) attacks, man-in-the-middle attacks, zero-day vulnerabilities, and SQL code injection.
  • Botnet Detection to identify when a system is controlled by an external third party.

Content Control

This is another interesting point, as we can manage the systems accessed to control the type of websites visited and avoid accessing phishing pages or disallowed content.

This type of filtering is common in firewalls like pfsense that control where the network systems connect, thus preventing unauthorized access to certain pages.


Unified Management (Network Nodes)

One of the most interesting features of the router is the absolute control over any device on the network. To achieve this, the Grandstream GCC6011 has combined not only what it did in its routers and firewalls but also the unified management of other routers or Wi-Fi antennas. If we have Grandstream Wi-Fi antennas or the GCC6011W (which is the model with Wi-Fi), we can control any device connected to any of the network devices in a visually simple and very, very comprehensive way.

The advantage of all this is that we can control (block, allow traffic, configure bandwidth, etc.) all the systems connected to the network, whether via wired network or Wi-Fi.

Additionally, we can configure a Captive Portal, a web page where anyone who connects to the network is required to identify themselves either with a username/password, with a code, or by filling out a form, just as is done in a hotel when we are given the room and want to connect to the Internet.

From there, any aspect of the connection of that system/device can be configured, from the VLAN, IP address, bandwidth, or any other.


VoIP PBX (aka Integrated UCM)

For professionals dedicated to communications and VoIP, the PBX system it includes will sound familiar, as the GCC6011 represents a comprehensive solution that incorporates the famous Grandstream UCM within the router. Its QoS features ensure that voice traffic takes priority within the network, reducing latency and jitter. Additionally, its ability to handle multiple VPN tunnels facilitates the secure connection of remote IP phones or other branches.

Undoubtedly, the inclusion of the UCM PBX in the router is truly something extraordinary for companies that want to have everything within their system without the need for large servers running and consuming energy. Moreover, it should be remembered that the UCM is a very complete PBX that serves practically any small company and offers the same features as a well-configured Asterisk.

In this case, the UCM comes by default limited to 12 users and 4 simultaneous calls, expandable by purchasing a license up to 50 users and 12 simultaneous calls, and up to a maximum of 200 users and 24 simultaneous calls—something unthinkable a few years ago for a device of these characteristics.

As the Grandstream UCM PBX has been doing, the ability to integrate the PBX module of the GCC6011 with third-party software like CRM or hotel systems like various PMS can make the difference. While someone might think that “jack of all trades, master of none,” in this case, Grandstream has made a great effort to “master” all the points on which this product focuses.

The fact that it integrates some CRMs with its PBX, as well as some PMS (hotel management software) and systems like QueueMetrics, Google, or its own Grandstream Wave system, is something that can truly be a significant differentiator for a company looking for something integrated and very easy to implement.


Advantages and Considerations

Advantages:

  • High performance: Suitable for networks with high traffic volume.
  • Robust security features: Protects against a wide range of threats.
  • Flexibility and scalability: Supports a large number of VPN connections and devices.
  • Ease of management: Intuitive user interface and support for standard management protocols.
  • Price: The entire system is priced to compete with MikroTik and Ubiquiti—a price with which Grandstream wants to give it all and shake up the router market against other more established but increasingly less reliable professional systems. It will depend on whether you buy it from a wholesaler, a retailer, or a general web store, but I can tell you that it ranges between €150 and €200.

Considerations:

  • Complexity in advanced configuration: Advanced features may require specialized technical knowledge for optimal implementation.
  • Grandstream has focused on offering a lot of power and flexibility but adapting it for users without advanced technical knowledge. This means it truly serves both types of users: those who need to configure something advanced will find that this system allows them to do practically whatever they want, but a user without such knowledge will also feel comfortable in a much more user-friendly environment than with other more “commercial” brands.
  • The security part requires an annual subscription to keep traffic signatures, malware, botnets, etc., data updated, but it is not expensive for the necessary and mandatory security in a company.
  • The PBX part may also require a one-time payment to expand the number of extensions and/or simultaneous calls.

Conclusion

Personally, I have been impressed by having a high-quality device (metal materials, fiber connectors, simple and without fans that could cause future problems), with easy-to-use software, well-organized, with hundreds of parameters, hundreds of possibilities, and each option with its explanatory help, examples, etc., aimed at any level, both basic and professional.

The routing part is great, 100 times easier than a MikroTik but just as flexible and powerful. I’m sure Grandstream set this goal when designing and creating this system, and it’s a system with a lot of power, memory, and resources to handle the traffic of an entire network that can be small or very, very large. It has systems that learn (thanks to AI) and prioritize traffic based on system load.

Many times we see complex systems, and we get the feeling that they are more professional than other simpler systems, but nothing could be further from the truth. I’ve learned that there are manufacturers who simply don’t know how to design for the user and design for themselves. Just look at some German products or the font used by Chinese products. Many design interfaces for themselves and don’t think about which users might use them. Grandstream has made a great effort to adapt a complete system to be easy and intuitive to configure.

I have had to set up several systems to control intrusions, malware, threat management, antivirus, and a long list of tools, many of which, surprisingly, come standard with this device. So you can imagine my face when I saw that the 4 or 5 specific systems to control these aspects are inside the router as just another tab: easy to configure, well-documented, and available for the entire network. It’s not a 100% substitute, but it’s a great help that would have been fantastic at the time.

The part of controlling network and Wi-Fi devices is great when the entire network is from the same ecosystem. Something that would be perfect in this case, but it’s not the most common, especially when it comes to attracting other professionals who already work with other brands of antennas or routers.

Finally, the fact that it includes the UCM has been a complete surprise since just a UCM PBX already costs the same as the GCC6011, so it’s a great device, very robust, very well made, and also at a great price. The UCM was already a great product designed for a small PBX, capable of doing very interesting and complex things for companies of any type, so really, incorporating it into the router is a fantastic idea.


Interesting Links:

InstantByte Logo
Anterior artículoArtificial Intelligence is a bubble that will burst differently from others
Siguiente artículo 18683-18647If you use GDMS, update your credentials.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.