MacInTouch Amazon link...

AirPort issues/alternatives

Channels
Apple, Security, Products
Could you share some of those MAC addresses?
Here's what iStumbler sees:
CenturyLink0334,69d273df82a38567d13df6e6cb539d2a
CenturyLink2304,364ce7bae83c8eae3764ae9532107e6e
NPB5-EXT,f4d2ae156246808d23b9f5b179bd57c7
denanna,d85c3287d379bf4a601d82422b5aebb2
Dining Room Speaker.o,6fda4cfd0ffbf10f584520e79974f3a8
NPB2,b204ee13e7b2a66acfd6ae36946aa095
Dutchharbor/5g2,1b141f8f702ba147afd13d02c2d3e68b
NETGEAR96,49f1af2bc497789e2712f1f31f51a8ba
NPB5,37539c0babe3174023b65104de8772e0
DIRECTV_WVB_23839403906,34a7bd647b34bb6acb17a80bc3ca7cfe
Dutchharbor/2.4g,105baddfda6312de3f2a3fd9c68b5933
xfinitywifi,c6b4a76063d2de499a41a1eae9b0e5c8
NETGEAR96-5G,c092019c110de57dfc61b0c4b1a4f34b
Dutchharbor/5g1,3536d04325a2addae32382c8a1e4a535
NETGEAR55,5fcf3384f6a481c164138b3cd26b132b
BlueHeaven,119cf52e628b0253b4475a22a638cc0c
HOME-08B2,5fbf3cc30cfb2e51d84bf744cf4a9b49
NewThermostat_77FC07,2c6ada37aa0e86ab3ce157ba0cc43b14
NPB2-EXT,bde4f9c04113f0279a359cf9b4a543fe
proy2.4,ff00d2a970ac65f7209d2762867cc98f
The other xfinitywifi MAC number (the log didn't catch it) is 104f73fed566674ac01097222c5f9a013

Don't seem very useful though. Even the MAC's from my two devices don't seem to have any common bytes. There are two "xfinitywifi" nodes that appear and disappear frequently during just a few minutes monitoring (presumably due to weak signals?). But I was mistaken, their numbers do not change. I am pretty certain they aren't from my modem/router though. The signal levels are much lower.
 


Comcast kept sending me mail about how my brand-new modem was too slow. Then they changed their modem page, raising the rated speed of the TM822G, and stopped sending me mail. So far, it has been working fine at 120Mbps down, 11Mbps up.
There could be a legitimate technical reason for this. DOCSIS involves multiple channels of data (similar in concept to Wi-Fi channels). Each one has a particular frequency and bandwidth and encodes data using various kinds of QAM (very similar to mobile phones, actually). A modem typically connects to multiple channels at once ("channel bonding") in order to increase your overall bandwidth.

According to Wikipedia (DOCSIS: Throughput), DOCSIS 3.0 supports up to 42 Mbit/s per downstream channel and up to 30 Mbit/s per upstream channel. These are maxima - Comcast may or may not be serving up those rates.

That having been said, Comcast is supporting 25M per downstream channel, in which case, an 8-channel modem would max out at 200M (but would probably not be recommended for more than 100M, because network congestion might not let you realize the full bandwidth of every channel). A modem with more channels would let you realize more throughput, up to the maximum number of channels Comcast is serving on your segment of the network.

If Comcast later changes their infrastructure (e.g. bumps the per-channel speed from 25M to 40M), then all of a sudden that 8-channel modem has a theoretical maximum of 320M (and should probably work reliably at 150-200M).

Of course, this is all just speculation. My point is that it might not just be marketing when they said your modem was too slow and later said it was OK.
 


Well, for that kind of $, it had better be more than wishful thinking! :-)
I did run some modest tests against a few things, when I first got it (it seemed to work), and the online log says it has blocked several things in the past week. That said, yes, it also requires a BitDefender annual license and software. It's $99 per/year for all the bad guys you can eat.
There are some 60+ items in my house connected to the net (not just computers, but media boxes, amps, light switches, DVD player, Tivos, iPhones, iPads and on and on), so it amortizes well.
If you have suggestions as to how to test the Box per se, I'd be happy to hear them.
Tom's has a review here:
I read this exchange with interest, since I just replaced a Verizon router and an AirPort Extreme behind it with a $200 Synology RT2600ac. Among the “packages” Synology provides (free) is some Threat Prevention software that appears to do just about everything the BitDefender Box2 does. (And according to the log it provides, it’s raining threats in the Boston area! Many of them, a handy mapping feature shows me, apparently originating from nearby Kendall Square.)

The software also provides Parental Control, and the RT2600ac can act as a VPN and a server. No subscription, but Synology seems diligent about sending security advisories (two in the last month) and patches to registered owners.

I have no idea how something like the RT2600ac compares to the stand-alone BitDefender, and I'd be interested in hearing what someone who actually knows what they're talking about (not me) thinks about them.

Oh, and FWIW, I also have an Ooma Telo plugged into the thing - no issues related to latency or anything else as far as I can tell.
 



I read this exchange with interest, since I just replaced a Verizon router and an AirPort Extreme behind it with a $200 Synology RT2600ac. Among the “packages” Synology provides (free) is some Threat Prevention software that appears to do just about everything the BitDefender Box2 does.
That's the same router I have, and I am very happy with it. Glad to hear I'm not the only one.
The software also provides Parental Control,...Synology seems diligent about sending security advisories (two in the last month) and patches to registered owners.
The parental control module (which Synology calls "Safe Access") also seems to incorporate some of its security features, among them Google Safe Browsing, the database for which the router automatically downloads. I enabled it once to see what it did, not using any of the features specifically geared towards parental control but thinking the other security-related features might be handy.

It seems to be overzealous. When I was doing some research on early Macs, I found mac128.com, which just has some how-to articles and related info, as far as I can tell, with the individual entries playfully laid out to resemble the 128K user manual! When I went back there a second time after enabling the feature, it was blocked. The screen did not mention Synology at all, but the color was the same as the router's wonderful GUI. The wording was very vague, yet it would scare a novice:

"This connection is not secure! The website is blocked because it is recognized as dangerous. If you proceed, your computer may be exposed to harmful programs."
There is a button to "Proceed anyway." This blocking would be a useful feature if it explained why a site has been blocked, so that one may know if it is indeed safe to proceed. The only thing I know is that it is not related to Google Safe Browsing, because their lookup site has no problem with that domain. I have no idea where to report a possible false positive. So I'm happy with the router, but not that feature. I would hope the BitDefender Box2 is more informative with regard to why it blocks what it blocks.

I first went to the mac128 site a couple months ago, but I re-enabled the feature today as a test and went back there again today; it was still blocked.
Oh, and FWIW, I also have an Ooma Telo plugged into the thing - no issues related to latency or anything else as far as I can tell.
I am very happy to read that. While I don't mean to veer the thread off-topic, did you have to do any QoS settings adjustments to get good quality, or just plug it in and go?
 


... It seems to be overzealous. When I was doing some research on early Macs, I found mac128.com, which just has some how-to articles and related info, as far as I can tell, with the individual entries playfully laid out to resemble the 128K user manual! When I went back there a second time after enabling the feature, it was blocked. The screen did not mention Synology at all, but the color was the same as the router's wonderful GUI. The wording was very vague, yet it would scare a novice:
"This connection is not secure! The website is blocked because it is recognized as dangerous. If you proceed, your computer may be exposed to harmful programs."There is a button to "Proceed anyway."​
This blocking would be a useful feature if it explained why a site has been blocked, so that one may know if it is indeed safe to proceed.
It looks like it is blocking the site due to certificate issues. Try turning off the safe blocking and use the https:// prefix when trying to access the mac128.com. You will get a "This site is not private" error in Safari, as well. When I examine the certificate, it looks like certificate is not properly issued for the website.

Considering the site apparently has not been updated in over 10 years, it sounds like it is pretty much abandoned.
 


... I am very happy to read that. While I don't mean to veer the thread off-topic, did you have to do any QoS settings adjustments to get good quality, or just plug it in and go?
Plug and go, and I remember saying to myself, "What's he's talking about?", when I read your question. I've never had any QoS problems with my Telo, and wasn't aware there were any - maybe because I'm on FiOs in the Boston area?

I did notice that, when I plugged it in, it (and my wired printer) downgraded the RT2600ac's ports to Fast Ethenet (orange LED). Not unexpected, but being mildly paranoid about the speed of my LAN, I put them both behind an old gigabit switch I had lying around and, voila, all (including the switch) went green for gigabit. Go figure, and probably unnecessary but...

Returning to topic, I should add that in my small one-story condo with plaster walls laid out in a way that puts the router at one end, not ideal, the RT2600ac's wireless coverage is much better than the AirPort Extreme's (802.11n) was - band-steering and beam-forming all being new to me and all performing as advertised - and the set-up is easy unless you want to delve into the settings and features. Upgradeable to mesh, iPhone app, etc. - see Wirecutter. I'd recommend one to anyone as a replacement for AirPort, especially if you want a BitBox for free.
 


FYI - I can see 3-4 Xfinity boxes. Here is the BSSIDs of just one of them. I thought it was interesting how many BSSID were available for one box.
Thanks. The ones starting with 5C (01011100) are globally-assigned addresses. 5C:B0:66 is assigned to Arris, which makes sense, since the SSID ("Internet1") sounds like a customer's LAN.

They others begin with 6E (01101110), 7E (01111110), 8E (10001110) and 9E (10011110). So we now know that Comcast is generating unique self-assigned MAC addresses for the networks they create.

It also looks like Comcast's algorithm is to replace the first byte and leave the rest unchanged. All of them (except for "XFINITY") seem to come in pairs (ending in "3F" and "40") here, which probably means the router has two radio interfaces (2.4GHz and 5GHz, I would assume).

If this holds true for others, then you can probably identify whose router each "xfinitywifi" network corresponds to by comparing the last 5 bytes of its MAC address with some other network's MAC address.
 


It looks like it is blocking the site due to certificate issues.
Interesting! This possibility never crossed my mind because none of my browsers report that the site even has a certificate, expired or otherwise, let alone attempt to use it. They will happily navigate to it as long as Safe Access is off, never attempting to establish any secure connection.

To my knowledge, trying to force secure connections isn't among the Safe Access feature set. Even with Safe Access on, https never even enters the picture from a user perspective. While your reasoning is likely spot-on, Synology's methodology and presentation in this area leave much to be desired.

As old as the site is, I never tried manually navigating to a secure version of it.
 


Plug and go, and I remember saying to myself, "What's he's talking about?", when I read your question.
Briefly, so as not to go off-topic... At some point in the past, Ooma used to recommend making QoS adjustments in your router to give the Telo priority, if the Telo was placed behind it; maybe that has changed. In any event, I am glad it's working well for you.
I did notice that, when I plugged it in, it (and my wired printer) downgraded the RT2600ac's ports to Fast Ethenet (orange LED).
It downgraded all the ports? I have a TiVo Premiere that did that because that's all it supports, but only that one LED is orange. Everything else is happily green. Should I invest in a switch just in case? (And if so, does anyone have any recommendations?)
the RT2600ac's ... upgradeable to mesh
Wow... I didn't realize that. Thanks! I thought I'd have to replace my RT2600ac with the MR2200ac, but after going to their site, I see that they can indeed work together. Amazing!
 


At some point in the past, Ooma used to recommend making QoS adjustments in your router to give the Telo priority, if the Telo was placed behind it; maybe that has changed. In any event, I am glad it's working well for you.
It downgraded all the ports? I have a TiVo Premiere that did that because that's all it supports, but only that one LED is orange. Everything else is happily green. Should I invest in a switch just in case? (And if so, does anyone have any recommendations?)
No, only the ports they plugged into and, as I said, the switch was (in my very limited but evolving understanding of networking hardware) probably unnecessary. Why all its LEDs are green mystifies me though. It's a D-Link DGS2205 that in the past has always shown any fast ethernet connections as orange.

I think I do now remember the Ooma caution about priority and would have probably acted on it, if I'd had QoS problems. Good to be reminded if I ever do, thanks!
 


To my knowledge, trying to force secure connections isn't among the Safe Access feature set. Even with Safe Access on, https never even enters the picture from a user perspective. While your reasoning is likely spot-on, Synology's methodology and presentation in this area leave much to be desired.
I opened a ticket with Synology, hoping to gain some insight as to why Safe Access would block access to the mac128 site, reporting it as a potential false positive. The reply stated the painfully obvious, that Safe Access blocks traffic when the mechanisms it uses detect what it thinks is malicious traffic. They then suggested it could be due to third parties spoofing IPs... and, of course, included a link on how to add an exception.

I pointed out that the complete lack of information as to why something is blocked makes it much more difficult to determine whether or not it is truly safe to add any given exception. They replied they would submit a request to provide more detailed information when something is blocked. I won't be using Safe Access unless and until that happens. While I still love and recommend the product, I'm not holding my breath for the Safe Access feature to improve.
 


I have a 3rd-generation Time Capsule, and for many months now it has been dying. The symptom is that it is unresponsive, with the status light out. Unplugging it and plugging it back in fixes it for a day or two, and then it dies again.

I figured this was due to the known problem with the capacitors in the older Time Capsule's power supply, and it would need to be replaced. Note that the recent firmware upgrade did not help.

Apparently not! On July 1st Apple turned off the Back to My Mac service, so I removed the BtMM sign-in in the Time Capsule settings. The Time Capsule has been up ever since!
 


... On July 1st Apple turned off the Back to My Mac service, so I removed the BtMM sign-in in the Time Capsule settings. The Time Capsule has been up ever since!
Arrgh, I posted too soon. The Time Capsule has crashed again. I swear, though, that it stayed up longer since I turned off Back to My Mac.

Since the Time Capsule log isn't persistent across boots, there's no knowing what's actually going wrong, unless I can figure out how to get the remote syslogging to work. In AirPort Utility 5.6, it is simple: just enter the Syslog Destination Address. But how do you configure a High Sierra Mac to be a syslog server? Is this the correct procedure?
Brett Hallen said:
Or is there a way to do it without bypassing SIP?
 


About 15 years ago, I set up a wireless network in our home. This was necessary because our house was built in 1925 with lathe and plaster walls. The network consists of an Apple AirPort Extreme base station (6th Gen with Time Capsule) and three Airport Express routers — one rectangular (A1084) and two square (A1264).

Using the AirPort Extreme to distribute WiFi with Bridge Mode off, the Expresses are on a LAN with Ethernet links. Our WiFi speed for our two Macs (iMac and Mac Mini) wired directly to them was about 125 Mbps. All portable devices also registered similar speeds when measured next to the Extreme router.

Now, away from the main router, it seems to take longer to download material from the Web to my MacBook Pro and our two iPhones, and three iPads. Away from the AirPort Extreme and in the same room with one of the Expresses, the download speed is about 6 Mbps down and 8 Mbps up. If you unhook the Ethernet feed from the Expresses, the green light turns yellow, and there is no signal to be had, so the 6Mbps signal was not being picked up directly from the Extreme, it is being delivered by the Express units.

There is the slim possibility that all three Expresses had never broadcast more than 6 Mbps, but I doubt it. Does anyone have any idea what could be wrong with this LAN? I’d appreciate any help or any suggested lines of investigation that might improve our WiFi signal around this old house.
 


I’d appreciate any help or any suggested lines of investigation that might improve our WiFi signal around this old house.
Apple's support page on extending AirPort networks notes that
Adding Wi-Fi base stations when it is unnecessary can reduce Wi-Fi throughput because the Wi-Fi network will require more data management overhead. The network configuration also becomes more complex. In the case of a wirelessly extended network, throughput may be reduced to less than 60 percent of that of a single device.
But that shouldn't apply to your (Ethernet-connected) Expresses.

Your "rectangular" AirPort Express (model A1084) offers 802.11b/g. With g, that should give you up to 54 Mbps, though C|Net's 2004 review showed it only delivers a maximum of 16 Mbps with mixed b and g clients.

If, as appears likely from your description, you have no 802.11b-only clients (seems unlikely unless you have an older device on your network that you didn't mention), I wonder whether the old Express is operating in b mode only. Seems as though you could test whether it's the bottleneck by disconnecting it and seeing if your throughput improves.

Another possibility is that the switch or hub or router that provides the RJ-45 port to which your Expresses are connected is for some reason delivering only 10Mbps Ethernet to those ports. Turning it off and on again is probably the the best way to test that, though it's the sort of thing that should nominally only happen on a per-port basis if the ports are auto-sensing. Had any electrical storms lately?
 


three Airport Express routers — one rectangular (A1084) and two square (A1264) ... Does anyone have any idea what could be wrong with this LAN?
... I still have my Expresses. They're pretty good paperweights for when the fan's aimed at the desk. But abandoned as they are by Apple, and not receiving security updates, they probably should be by you, too.

[To rule out potential encryption overhead], if you can access settings for your Expresses, you could test their highest potential by making them fully open instead of requiring a password. Try that, one at a time.

Again, if you can access settings, you could try defining each Express as its own access point with unique SSID. If they're sharing one SSID now, so you can wander around the house on one SSID, their signals could potentially be colliding. My Airport Extreme WiFi started having issues. It was on the North wall of my house. New neighbors had just installed their own WiFi router on the South wall of theirs, within 15' of my AirPot Extreme. Both routers were on the same WiFi channel, and theirs seemed more powerful. Changing the channel of mine helped.

It's helpful to have a WiFi diagnostic tool that reports on what networks are in range, their channels, and signal shape.
 


I rebooted each of the AirPort Expresses to no avail. The only dramatic result was when I turned off the rectangular Express, the signal in the room increased by a factor of 4. I think that the my iPhone responded to the station in the room, and when it was turned off, it picked up the AirPort Extreme on the floor below.

I tried just unplugging and replugging the hub. Nada. After many trips across the house, the only thing that seems to make sense is a bum internet cable to the hub. There are some things I could try, but the Ethernet lines were put in 15 years ago. Swapping lines, some snaked behind lathe and plaster walls, present a mountain I'm not ready to climb.

So, I'm looking at an Eero mesh net. Considering that I've got Ethernet lines to all the strategic areas and those walls, I'm inclined to go with 3 of the Eero Pros instead of the set of a Pro and 2 Beacons.

Thank you, Joe.
 


Ric Ford

MacInTouch
Another possibility is that the switch or hub or router that provides the RJ-45 port to which your Expresses are connected is for some reason delivering only 10Mbps Ethernet to those ports.
I tried just unplugging and replugging the hub. Nada. After many trips across the house, the only thing that seems to make sense is a bum internet cable to the hub. There are some things I could try, but the Ethernet lines were put in 15 years ago.
Joe's comment made me wonder if you might have a very old Ethernet switch/hub. If so, it might be subtly failing (I've seen that happen — very frustrating) or even be so old it doesn't handle 100+ Mbps. In either case, it might be worth just buying a new Ethernet switch, considering how cheap they are now.
 


... bum internet cable
Simple test: plug each cable separately into a computer with an Ethernet port.

This network cable tester is $11.79 on Amazon. Not endorsing this particular product, just suggesting the product type:
It'd be a shame to abandon working cables if they're not the problem.

Wirecutter prefers the Netgear Orbi to the Eero
Wirecutter said:
The Best Wi-Fi Mesh-Networking Kits
We gave Orbi the nod for its slightly easier setup and placement and lack of dependence on the cloud ...
 



My Time Capsule radiates spurs in the 50 to 51 MHz range that produce interference on my 6 Meter ham rig. I realize not many can answer this question, but might there be anyone who can recommend a wireless router that does not have this problem?

My coax cable is double-shielded (copper braid plus aluminum foil), and it's my belief that the interference reaches my antenna about 100 feet from the Time Capsule. While I might be able to place the router elsewhere, it is close to where our Internet connection enters my house.
 


My Time Capsule radiates spurs in the 50 to 51 MHz range that produce interference on my 6 Meter ham rig. I realize not many can answer this question, but might there be anyone who can recommend a wireless router that does not have this problem? ...
I ran into 2m interference with an older Airport Extreme (one of the 'short' ones - 5th gen?), which I deduced was due to the power supply.

Happily, simply dorking around with the orientation of the Airport Extreme removed the interference. The best was standing the Airport Extreme on edge, at about a 45° angle from the LMR-400 run it was near.

I tested a recent Nighthawk, and while it was better for WiFi, it still produced interference. Again, changing positions helped. The interference is a raised noise floor, quite high.
 


My Time Capsule radiates spurs in the 50 to 51 MHz range that produce interference on my 6 Meter ham rig. I realize not many can answer this question, but might there be anyone who can recommend a wireless router that does not have this problem?
Who knows if it will help, but you might try putting appropriate ferrite beads on the power supply and ethernet cables, as close as possible to the Time Capsule...
 


Thank you all. MacInTouch is such a great resource!

After testing all the cables that I could test, I decided to upgrade my Farallon Starlet/8 !0 Base-T to a Netgear 8-Port Gigabit hub. It was in the process of switching the cables from one hub to another that I found that one of the Ethernet ports had died. Luckily, when I had the Ethernet wiring installed, I distributed the ports across the house. In the same room behind our upright piano, was a live port. Also, another bit of luck, the Netgear hub fit snugly into my crude wooden rack I had made for the Farallon over 15 years ago!

One of the things this episode taught me is that the Airport Utility display is not a "wiring" diagram, but a "connectivity" diagram. It’s therefore dependent on where you are standing and how strong the signal is, as to what you will see. In retrospect, duh!
 


Ric Ford

MacInTouch
I had my first experience today with a Ubiquiti AmpliFi HD, which I got based on recommendations from other folks on MacInTouch. I hope I'm not jinxing things, but I was stunned by how nice it is — like the very best products Apple ever did in the past and way, way better than AirPort — in every detail from packaging to software to documentation to hardware design.

The idea was to move to a mesh system for hopefully better performance in a largish 2-story house with lots of competing WiFi in neighboring houses. The jury is still out on the amount of improvement, partly because WiFi is so frustratingly inconsistent in general, but I am getting very good performance (around 20-25 Mbps), given the FiOS service at the location.

As mentioned previously, I'd switched from 5GHz back to 2.4GHz after test results were better at the slower speed, but the AmpliFi is at 5GHz and seems OK on the opposite end of the house from the router (and near a neighbor's WiFi).

Other notes:
  • The remote mesh points take a while to get up and running after being powered up (including when they're moved from one wall plug to another).
  • The management app needs to be on the same LAN as the AmpliFi (of course), and a VPN can interfere with that (i.e. needs to be disabled).
  • The installation guide says the ISP router needs to be turned off when connecting the AmpliFi, but that wasn't necessary. (I did have WiFi disabled already on the Verizon router.)
  • The iOS app, beautifully designed, provides a wealth of information, although it's not clear exactly how clients are assigned to access points (though you can work out which one each client is connected to).
  • There's a web interface (http, not https) that provides access to some "advanced" settings (802.11k, 802.11v, A-MSDU, etc.).
  • I shut down an AirPort Extreme and an AirPort Express, hoping to improve results by eliminating contention from them, but it didn't seem to have much effect.
Additional tips:
  • The Backblaze Bandwidth Test is a handy tool to check performance.
  • As has been noted before, you can hold down the Option key while selecting the WiFi menu in the macOS menu bar to get extra useful information (e.g. signal levels, transmission rates, channel, security, etc.) in faint gray text.
 


Ric Ford

MacInTouch
The idea was to move to a mesh system for hopefully better performance in a largish 2-story house with lots of competing WiFi in neighboring houses. The jury is still out on the amount of improvement, partly because WiFi is so frustratingly inconsistent in general, but I am getting very good performance (around 20-25 Mbps), given the FiOS service at the location.
For comparison, I tested Ethernet over power-line adapters*... which were slower than the AmpliFi set-up.


* 2015 MacBook Pro to Thunderbolt 2-3 adapter to CalDigit TS3+ to Zyxel to Zyxel to FiOS router.
 


Ric Ford

MacInTouch
For comparison, I tested Ethernet over power-line adapters*... which were slower than the AmpliFi set-up.
For good measure, I connected the Intel NUC directly to the Internet router with an Ethernet cable (since, gee, it actually has an Ethernet port...). No improvement from the direct connection vs. AmpliFi wireless at the other end of the house from the router and base station with intervening walls/floors.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts