REPLACED BY CHOOSING A WIRELESS ROUTER 2019
Checklist for Wireless Networking
|TP-LINK Archer C7|
- Don't settle for a "wireless gateway"
A "wireless gateway" is an all-in-one device that combines a modem (cable or DSL) with a wireless router. They tend to be mediocre, poor performers, especially those supplied by Internet providers.
- Insist on a pure modem. Buy your own separate wireless router.
- Make sure the modem is configured in "bridge" (not routing) mode. Otherwise you can have "double NAT" problems.
- Simultaneous Dual Band
The low 2.4 GHz band, commonly found in consumer-grade devices, is increasingly crowded, which can severely limit performance. The high 5 GHz band tends to be much less crowded, and will often provide much better performance. But don't just get a single band 5 GHz device, since some wireless devices only support 2.4 GHz, and avoid dual band devices with a single radio that can only work on one band at a time. In other words, not just dual band, but simultaneous dual band.
- 300 Mbps Speed
Wireless "n" devices work at multiples of 150 Mbps (150 Mbps, 300 Mbps, 450 Mbps, etc), but most consumer wireless devices only support 150 Mbps or 300 Mbps, making 300 Mbps a good baseline, so choose a device with at least 300 Mbps speed on both bands (N600). If you choose a wireless "ac" device, anything greater than AC1750 is overkill.
- Gigabit Ethernet
Although Fast (100 Mbps) Ethernet is comparable in real world performance to 300 Mbps wireless (actual wireless performance is usually much less than the advertised maximum), Gigabit (1000 Mbps) Ethernet provides much faster wired networking for not much more money and is otherwise good "future proofing".
Nice To Have
- Guest feature
A guest feature is a separate wireless network for guests that lets them connect to the Internet but not to any of your own networked devices. It's a bad idea to give guests access to your own network.
USB can be used to attach USB storage or USB printer to the wireless router for network access.
- ASUS RT-AC87U
Best. AC2400. Outstanding range and performance. High processing power for gigabit throughput. Excellent support.
- ASUS RT-AC68U
- ASUS RT-AC66U
Very good. AC1750. All that most people need.
- TP-LINK Archer C7
Best Buy. AC1750. All that most people need.
- ASUS RT-N66U
- TP-LINK TL-WDR3600
Good Buy. N600. Good range and performance.
- Apple AirPort Extreme
If you're into Apple products, this is the wireless router to get. Expensive but Recommended. Save money safely with an Apple refurbished unit.
- Apple AirPort Time Capsule
Essentially an AirPort Extreme with backup storage built in, so you can keep all your Apple devices backed up over your network. Highly Recommended. Get the largest size you can afford. Save money safely with an Apple refurbished unit.
- Update Firmware
Check the support website for updated firmware before installing, and regularly thereafter (e.g., quarterly).
- Don't "cheap out"
A cheap wireless router can reduce performance due to poor internal routing speed.
- Use WPA2 AES Security
Identity theft is just one of the risks from getting hacked, and WEP "security" is essentially useless. Use a different (and equally strong) password for a Guest network.
- Set a Strong Password
Use a random combination of 12 or more mixed case letters and numbers that you don't use for anything else, and do not use common words, names, numbers, etc.
- Don't fool yourself
Network name (SSID) hiding and MAC address filtering are too easily circumvented to provide even minimal security, and they can lead to network problems, so don't use them.
- Network Backup
Network storage is an excellent way to keep your devices backed up. Highly recommended. (WD My Cloud is a very good alternative to network storage on the wireless router.)
- Apple AirPort Express
The AirPort Express is a great way to extend iTunes music to remote speakers.
How do you configure the WAN side connection of these wireless devices to work with a cable modem such as SB6121 or SB6141? I am confused why some routers appear to work on the WAN side with cable modems whereas other routers or firewalls do not appear to work, even when configured as DHCP clients to the cable modem.ReplyDelete
The SB6121 and SB6141 are pure cable modems, network bridge devices, that will work with any network device attached to the Ethernet port, including any wired or wireless router. The usual problem is that when a given device (like a computer) has been used on the modem it gets registered with the cable Internet account, and a different device (like a router) won't work on the account until the first device has been unregistered. In the case of Comcast, call for the modem to be reset.Delete
I usually overcome the problem you are referring to by cold booting the cable modem. Then it can work with a new MAC address of a new computer or router.Delete
As an example of a product that does not work, consider the Fortinet firewalls, older models like the 60A. If you put a cable modem on its external WAN interface, then configure the WAN interface as a DHCP client, it does obtain a public IP from the cable modem as well as a default gateway. But try to ping or traceroute from the console of the firewall, and it appears to be unable to get any packets out of the firewall on the WAN segment.
I wonder if there is some kind of proprietary protocol - or non-standard use of ARP - on the cable modem, and maybe some routers are not aware of that and cannot work around it? For example, are the default gateways provided by the Arris SB6121 and SB6141 cable modems always on the same segment as the public IP address their DHCP servers hand out? If they are not on the same segment, then maybe some firewalls simply don't understand how to reach the default gateway, incorrectly assuming that an ARP will not work since the gateway is in a different segment from the public IP?
1. The connectivity issue is at the cable provider, not the modem, and while power reset of the modem will sometimes work, it doesn't always work. It's more reliable to have the provider reset.Delete
2. DHCP addresses come from the provider DHCP server, not the cable modem, which is just a network bridge.
3. Many providers block ping as a security risk, so it's not a reliable way to test a connection.
4. Any decent router will work properly on a DOCSIS cable modem.
5. DOCSIS cable modems are standards compliant, do not use proprietary or non-standard network protocols on the LAN.
6. The SB6121 and SB6141 are pure cable modems, network bridge devices, not gateways. The gateway is at the provider.
7. "Assumption is the mother of all screw ups." [Wethern’s Law of Suspended Judgement]
John, I follow your points, especially regarding bridge versus router in the cable modem.Delete
Are you saying that just because the DHCP server agrees to hand out an IP to a new device does NOT necessarily mean that the cable vendor is able to work with the new device's MAC address? Asking the cable vendor to reset the device guarantees that the new MAC will be accepted?
Since you are saying ping and traceroute and not reliable, then what is reliable as a way to test a device connected to a cable modem? I tried traceroute at the console of the Fortinet, and what is strange there is the packets never leave 127.0.0.1. I don't see any attempt to move packets upstream. The situation you describe would show a traceroute trying to get packets to the next host upstream and timing out. I don't see that at all.
Can you think of any reason why a router would work with a DOCSIS cable modem using dynamic IP/gateway whereas a firewall would not? Several people are saying that we should put a router in front of the firewall in order to give the firewall a static IP to work against upstream, but this begs the question why the router works on the WAN side with the dynamic IP of the cable modem whereas the firewall itself does not.
1. A cable ISP does often control access by client MAC even when an IP address has been leased to that client by DHCP.Delete
2. ISP Support can often tell if a modem is working properly and what client device (MAC) has been registered to the account, in addition to being able to reset the modem and account as needed.
3. If DHCP has worked, then the client device has access to the ISP network. Likewise DNS.
4. Speed test to the ISP is another way to confirm connectivity when the ISP provides that capability, as many do.
5. Connectivity to the Internet can be tested by trying connections to popular hosts like Google.
6. When router A works properly with a popular, excellent cable modem, but router F does not, then the most likely culprit is router F, not the modem.
7. If the router does work with some other service, then my guess is that it's not configured properly for the cable service.
8. The unidentified Fortinet device is probably a combo firewall router, not just a pure firewall.
9. This is an informational blog, not a tech support resource.
With one of the ASUS NAT routers you recommended, the cable box immediately works. I did not reset the connection.Delete
So there is something in the Fortinet firewall/router that apparently just doesn't like how the cable modem works.
Or the Fortinet is not configured correctly.Delete
It is likely that some configuration of the Fortinet works but the default does not, whereas the ASUS picked it up immediately and seems purpose built to work instantly with a cable modem.Delete
The Fortinet is a mystery because traceroutes from the console of the Fortinet do not get past 127.0.0.1. Even with a misconfiguration, the traceroute should at minimum go out on a default route on *some* interface.
Not necessarily. If the port on the Fortinet is not configured properly, packets won't go anywhere. If you want to troubleshoot it, snoop the network to see if the Fortinet is using DHCP and getting a proper response.Delete
Fortinet on WAN2 is set as a DHCP client and does acquire IP and gateway from the cable modem.ReplyDelete
Then you have some other configuration problem.Delete
Can you comment on why you like the ASUS routers so much?ReplyDelete
I have good experiences with hardware from ASUS myself, but I have only bought one router in my life, and that was about a decade ago, so I am keen to hear your reasoning about what makes a good router. (In other words, what quirks will a bad router typically have).
Reliability, stability, support: ASUS generally uses higher quality components that are more reliable, does a better job with stable firmware, and has good support. Most router manufacturers take "reference designs" from Wi-Fi chipset vendors, add a case, minimally customize firmware, and cheapen as much as possible, which tends to make them less stable and reliable. That said, TP-Link does a pretty good job at a lower price point.Delete
Interesting, thank you.Delete