MacInTouch Amazon link...

AirPort issues/alternatives

Channels
Apple, Security, Products
This thread has motivated me to finally test the D-Link Powerline AV2 1000 adapters that I've had in use for a couple of months. I've had no complaints with them; they're certainly miles ahead of the prior generation of powerline equipment that I tried to use some some years ago. The earlier units would barely maintain an "LED red" connection between my Mac Pro and the Apple Time Capsule a few rooms away, and would often need to be pulled from the wall and re-inserted to reset the connection.

In contrast, these new units show three green lit LEDs 100% of the time. I set up an iperf3 host on an old Core 2 Duo iMac running Linux Mint 19, and then installed iperf3 as a client using Homebrew on the Mac Pro. So, in a sense, the aging 2nd-generation Time Capsule or the aging 2007 iMac may be influencing these results (full disclosure). Anyway, these "Gigabit" powerline adapters are consistently passing traffic at 56 MBits/sec - quite a far cry from Gigabit, but a decent match for my Comcast rate, which coincidentally is 60 MBit.

Verdict: I would still recommend the D-Link adapters for situations like mine.

(The Mac Pro wifi performance is abysmal: 2.5 Mbit/sec through a couple of walls and the Mac Pro aluminum case, at 802.11n speeds).
 


I replaced my franken-net with a Google mesh 3-pack, and it has been absolutely fabulous. Best unknown feature is that you can dim the light display on individual units. The one near the bedrooms is off, livingr oom on full, hallway only dimly - working as a nightlight! And get some add-on mounting brackets, and things are sweet.
your milage may vary.
 


I have AT&T Fiber service at 125Mbps, both ways. I use 3 Netgear Orbi's. I've had the system up and running for 2 years and 2 months. I have had no down time at all related to Orbi. I believe I can say I've had 100% uptime with the Orbi. I've had a few service interruptions from AT&T that lasted approximately 5 minutes. But 99%+ uptime overall. I have many devices, iPhones, iPads, MacBooks, Apple TVs, Samsung TVs, thermostats, etc. attached. Throughput is constant throughout both floors of the house. All around the front yard. By the pool. In the backyard beyond the pool. My house is 100% rock/brick on all 4 sides, minus windows. I could not be more happy with the Orbi product, in my application.
 


I replaced my franken-net with a Google mesh 3-pack, and it has been absolutely fabulous. Best unknown feature is that you can dim the light display on individual units. The one near the bedrooms is off, living room on full, hallway only dimly - working as a nightlight! And get some add-on mounting brackets, and things are sweet.
your milage may vary.
Thanks for the tip.

I see that Google supports bridging the mesh via Ethernet and supports switches in between the nodes. Is yours connected in this way? If so, have you encountered any problem with the network coming up properly after a power outage?

My only possible issue here is that it appears that the Google Wi-Fi system must be configured via an app and the app requires a Google account. Does anyone know if there are any privacy issues here? I don't want Google running analytics over my entire LAN as a consequence of installing their routers.
 


What's your topology? I would expect this if you have it wired with:
Modem --- Ethernet Switch --- Velop​
I would not expect this with:
Modem --- Velop --- Ethernet switch​
If the latter allows any device on the Ethernet LAN to grab the public IP address, then it means Linksys is bridging those two ports together, which also means there is no firewall isolation between your LAN and the Internet, which strongly implies that Linksys wants all networks to be Wi-Fi only and that if I want to use their product, I'll need to put it in bridge mode and get yet another router. Sounds like I need to look for a completely different product.
The Velop has two Ethernet ports, which are interchangeable, whereas most routers have a WAN port and one or more LAN ports.

I have a Cat 6 cable attaching the Velop directly to the modem. I have an Ethernet switch on the other port, which extends the LAN to the TV set, Apple TV, VoIP adapter, etc. The modem is not behind the switch.

The other Velop at the other end of the house extends the network via WiFi (not a cable backbone) and has an Ethernet cable that goes directly to my HP printer.

I do not follow how there is "no firewall isolation" between the WAN and the LAN. They are on different addressing schemes and could not, so far as I am aware, be logically connected; the Velop presumably decides in software which one is WAN and which one is LAN in software.

Other networks I administer, which use more traditional routers with separate WAN and LAN ports, do not preclude me from addressing the upstream router or modem from the LAN if I know its IP address, so there does not seem to be any difference in security that I'm seeing: once the router is up and properly configured, the LAN and WAN are properly separated.

The issue as I see it with the Velops' unusual Ethernet ports is, that until it has booted and configured itself to the modem, all ethernet ports are on the same physical interface, meaning that my VoIP device or TV set is grabbing the modem's'] DHCP for the WAN. So far, this is a problem only when everything reboots at once.

The only upside I see to this arrangement is that the two Velop units are interchangeable (whereas with Netgear Orbi there are separate primary and satellite units). When one of the Velops is acting as a satellite, both ports are available for attached devices.

Because blackouts do happen, I would have to say that the Ethernet port design of the Velop would stop me from recommending it at a client site: I want that reliability, so that after a power fail things can be expected to come back up properly without needing me to mollycoddle anything. So far, I have not found a way to do this with Velop, and until I do, that is going to be a showstopper on my recommending the product.
 


In the discussion of wireless network equipment, please include how they are updated for security. in my opinion, it negates ease of use or speed if the manufacturer does not patch security holes and push them out to the installed units, especially the router part of the network. Or have the equipment fetch updates regularly and securely. I am reluctant to depend on the internet provider to update their routers regularly,
 


...which strongly implies that Linksys wants all networks to be Wi-Fi only and that if I want to use their product, I'll need to put it in bridge mode and get yet another router.
Velop supports Ethernet backbone and Wifi-To-Ethernet via these two ports, as I described in my earlier post. I do not see how those facts suggest that they "want" me to be Wifi only. Nor do I see what the utility would be in putting a Velop in "bridge mode." Velop is not a modem/router - if you put it in "bridge" mode, you basically would have a $200 2-port Ethernet switch. Not very useful.
 


Here's another possibility.

One of Linksys's (presumably newer) routers, the MR8300 (Amazon link), is a traditional standalone Wi-Fi router that includes Velop-compatible mesh capabilities.

This should solve the problem of a Velop's master node not isolating the LAN from the modem, since all the Velop nodes will be on the LAN and there will be a proper router acting as gateway. It's also not too expensive ($150 for the MR8300 and $130 for a 2-node dual-band Velop package.

What do others here think?
 


Does anyone have any experience with Synology's mesh router, the MR2200ac?

I can say that I have been extremely satisfied with their RT2600ac, even though it's non-mesh.
 



I had been looking at the Netgear Orbi, too. Then I read the user reviews on Amazon...
Well I have had the Netgear Orbi with only one satellite for over two years. It's combined with a gigabit wired network, I have two set up where the router is in an adjacent building to my house. Downstairs I am hardwired, and upstairs in the house I have the satellite with two MacBook Pros and four iPhones and couple of iPads using the wireless network. Have speeds of over 300 mbps on the wireless side in the house utilizing the sattelite and over 800 mbps using the wire network. Solid as a rock. The best solution I have ever had. I had an AirPort router running at my business with repeaters, and it was quite underwhelming compared to this solution
 



I have the LinkSys Velop 2-node system. It has been rock-solid, fast, and reliable with one irritating exception: because each interchangeable unit has 2 Ethernet ports, any of which can be the one that connects to the modem, when the power goes out and everything reboots... it's at least a 50/50 shot that something other than my Velop router will grab the DHCP from the modem, crippling Internet access for everyone. To get out of this, I have to isolate just the Velop and the modem, restart with everything else disconnected, and after everything comes back up, then I can hook up the rest of the network. No big deal you say, but it caused my wife to have to endure a day without Internet access when I was not home...
Why not assign static IPs or a DHCP lease to the Velop router?
 


Why not assign static IPs or a DHCP lease to the Velop router?
I think he's talking about the public IP address normally assigned to the router's WAN port by your service provider. A service provider that uses DHCP to provide this address typically only allows one address at a time per customer, so once one device gets it, no other device can until the modem is rebooted.

But I would like to hear more about David Farrow's topology, because it isn't 100% clear how his devices are physically connected. As I previously wrote, you should expect this kind of problem if your LAN comes between the modem and the Velop/router, but I would consider it a bad design defect if this happens with the Velop/router coming between the modem and LAN.
 


I'm another Orbi user: I've installed the 3-unit Netgear Orbi at my father's home. It was a bit frustrating with setup, since there was a really poor cellular/LTE signal at the home, and you have to setup initially with an app - with the caveat that it took 20 minutes to download. I did realize afterward, I could manage with a browser (www.orbilogin.com).

Once configured, it takes a while for the unit to recognize the satellites, plus update each one's firmware. I also ran into a user problem (my own, admittedly) where the main PC that I set up for my father lacked WiFi. I was able to run a Cat5e cable up from the ONT (FiOS) gateway, that I asked to be provisioned for ethernet, not MoCA, and plug in the Orbi base station next to the PC. Then, connecting another Cat5e from the LAN port of the Orbi, I went right into the PC. The rest of the home required some skillful location and being near an outlet for power.
 


One of my colleagues recommended Ubiquiti ceiling-mounted access points, when my client was moving to a new premise. At under $100 each, they take power over Ethernet with an included adapter, can be configured from a web interface or an iPhone app, and best of all they have been super-fast and problem-free. Note that these are access points, not routers; you hook them up via 1000-Base-T Ethernet (note you won't get full speed if you use crappy old wires).
They use the Ubiquiti APs where I work, and their Amazon prices pleasantly surprised me. Maybe it’s my more modest-sized homes (the last two were both only about 2K square feet), but its reach has greatly exceeded the aging AirPort it replaced. I don’t mount it on the ceiling, but rather have it deployed vertically. The “donut” of most effective coverage seems to cover everywhere, including outside. The iOS app to manage it is not bad, either. I highly recommend it for those who simply need a really good access point.
 



Why not assign static IPs or a DHCP lease to the Velop router?
I would have to pay Comcast for a static IP. I don't get to control that, otherwise. The router already has a static IP on the LAN side by definition. I suppose I could make sure that every single other device on my LAN had a static IP so that nothing else besides the Velop responded to DHCP, but that seems kinda impractical. I think the "shared" Ethernet port on the Velop has more downsides than upsides, so I don't recommend it. As for my house, my wife and I both know how to deal with the idiosyncrasies now, so we're not looking for a solution.
 


I would have to pay Comcast for a static IP. I don't get to control that, otherwise.
And even if you did, many ISPs (don't know specifically about Comcast) make you use DHCP even when you are assigned a static address. The static address goes into their database so DHCP always gives you the same address, but that's the extent of the change. I think they want you to do this so they can change their upstream addresses (gateway, DNS, etc.) dynamically.

This has the side-effect that if your ISP does this, then a static address won't solve the problem - a host can still snipe the address if it is the first to issue the DHCP request.
 


I think I'm in a different situation than most of you, but let's see: I also have an aging Airport Extreme (N, not AC) in a ~2002 suburban home that has 3 levels. A second Extreme N acts as a bridge in the basement. We have the usual Apple TVs, iPads, iPhones, wireless printing, and Macs. We have Xfinity service (I know, I know) and the cable router also has the ability to serve up wifi. Now then: suppose I just go get the latest Xfinity box (or another box that will serve as both a cable modem and a wifi router) and go from there? Dump the Extremes and indeed dump all other dedicated routers? I'd have to use a web page to configure the router instead of the Airport Utility but I think I can manage that.

I have no special needs and the range should be okay. Do I really need a separate router like I have now?
 


suppose I just go get the latest Xfinity box (or another box that will serve as both a cable modem and a wifi router) and go from there? Dump the Extremes and indeed dump all other dedicated routers? I'd have to use a web page to configure the router instead of the Airport Utility but I think I can manage that.
No problem. Given the size of your house, there may not be a place where you can put a single Wi-Fi access point and get whole-house coverage. For this reason, you may still want one or more additional router, or range extenders or a mesh system.

That having been said, it is not difficult to configure third-party routers (including the ones Comcast leases). As you said, they generally have web interfaces for management. So you point a web browser at the router's IP address, log in and configure it via those pages. Basic configuration should be easy. More advanced configuration may be easy or hard depending on the model router.

Some of the newer routers (especially mesh systems like Linksys Velop, Netgear Orbi and Google Wi-Fi) have an iOS app for configuration. This app may be in addition to a web interface or it may be the only management interface. Whether or not this is a good thing is, in my opinion, a matter of personal preference.
I have no special needs and the range should be okay. Do I really need a separate router like I have now?
No, you don't need a separate router. A combined modem-router will do the job, but I would recommend you keep them separate.

The main reason is that router (especially Wi-Fi) technology evolves much faster than cable modem technology. Or more accurately, consumer routers get new features much faster than your service provider adds advanced features to the cable infrastructure (which would require a new modem to take advantage of). By using separate devices, you can upgrade one without having to replace the other.

A second reason is a weird quirk of the way cable networks operate (which may have the force of law behind it). You can not upgrade a cable modem's firmware yourself. It only gets upgraded when your cable company pushes an update into it. If you have a combined modem/router, this means you can't install any router upgrades either. If your router manufacturer publishes security updates, you have to somehow convince your cable company to get and push out the updated firmware.

If, on the other hand, your modem and router are separate devices, then there's nothing stopping you from upgrading your router's firmware whenever you want, even though you will still have no control over updating the modem's firmware.

If you've already got a cable modem that is working well, you can usually configure it for "bridge mode" (or some other similar buzzword) that disables all the router functionality, turning it into a dumb cable modem. Then you can attach the WAN port of your new router (whatever kind you get) to the modem's LAN port. When you later decide you want/need a more advanced modem, you can just replace it (ideally for a modem-only device - no need to pay for a router you'll be disabling).

Regarding the modem itself, I strongly recommend you buy one yourself. Comcast's price for leasing is such that a purchased modem (especially one without a router) will pay for itself in less than a year. If you are concerned about what is compatible, Comcast's My Device Info page will show you all of the modems/routers that Comcast has certified for use with your service. Once you get it, self-activation is pretty straightforward and if you have a problem, Comcast's customer service should be able to help you get it working.
 


suppose I just go get the latest Xfinity box (or another box that will serve as both a cable modem and a wifi router) and go from there? Dump the Extremes and indeed dump all other dedicated routers? I'd have to use a web page to configure the router instead of the Airport Utility but I think I can manage that.
No problem. Given the size of your house, there may not be a place where you can put a single Wi-Fi access point and get whole-house coverage. For this reason, you may still want one or more additional router, or range extenders or a mesh system.

That having been said, it is not difficult to configure third-party routers (including the ones Comcast leases). As you said, they generally have web interfaces for management. So you point a web browser at the router's IP address, log in and configure it via those pages. Basic configuration should be easy. More advanced configuration may be easy or hard depending on the model router.

Some of the newer routers (especially mesh systems like Linksys Velop, Netgear Orbi and Google Wi-Fi) have an iOS app for configuration. This app may be in addition to a web interface or it may be the only management interface. Whether or not this is a good thing is, in my opinion, a matter of personal preference.
No, you don't need a separate router. A combined modem-router will do the job, but I would recommend you keep them separate.

The main reason is that router (especially Wi-Fi) technology evolves much faster than cable modem technology. Or more accurately, consumer routers get new features much faster than your service provider adds advanced features to the cable infrastructure (which would require a new modem to take advantage of). By using separate devices, you can upgrade one without having to replace the other.

A second reason is a weird quirk of the way cable networks operate (which may have the force of law behind it). You can not upgrade a cable modem's firmware yourself. It only gets upgraded when your cable company pushes an update into it. If you have a combined modem/router, this means you can't install any router upgrades either. If your router manufacturer publishes security updates, you have to somehow convince your cable company to get and push out the updated firmware.

If, on the other hand, your modem and router are separate devices, then there's nothing stopping you from upgrading your router's firmware whenever you want, even though you will still have no control over updating the modem's firmware.

If you've already got a cable modem that is working well, you can usually configure it for "bridge mode" (or some other similar buzzword) that disables all the router functionality, turning it into a dumb cable modem. Then you can attach the WAN port of your new router (whatever kind you get) to the modem's LAN port. When you later decide you want/need a more advanced modem, you can just replace it (ideally for a modem-only device - no need to pay for a router you'll be disabling).

Regarding the modem itself, I strongly recommend you buy one yourself. Comcast's price for leasing is such that a purchased modem (especially one without a router) will pay for itself in less than a year. If you are concerned about what is compatible, Comcast's My Device Info page will show you all of the modems/routers that Comcast has certified for use with your service. Once you get it, self-activation is pretty straightforward and if you have a problem, Comcast's customer service should be able to help you get it working.
Expanding on this topic:
  • Unless you have Comcast Voice service, the leased gateway (modem + router) is not a requirement. Though I have had good results with the DPC3941B gateway, my current local network uses a Motorola SB6121 and an AirPort Extreme AC (tower).
  • If the coverage of your new main WiFi is insufficient, it is perfectly reasonable to continue using one or more of the old AirPort devices in bridge mode as wireless access points. This works with any hub router and supports both IPv4 and IPv6.
 


I've using Ubiquity's Amplify-HD kit (router with touchscreen and two mesh points) for about 2 years now.

Performance is great. When sitting at our table about 3-4 meters away from the router, my MacBook Pro performs at about 550-600 Mbit/sec (using fibre 750 Mbit up/down), and at the attic using the second mesh point (the first one is on the first floor), it gives about 60-80 Mbits.

I really like the design of the router and the app that you have to use on your phone to configure the router (very clean design and easy to use).

The only thing that's a disadvantage is the USB port on the router (it can't be used for sharing a USB printer or disk), and the web menu of the router lacks advanced settings like other routers have (it's very basic).

Firmware updates are very easy to install (the touch panel gives a message if one is available), and support via chat is great.

Also, when running in bridge mode you can't create a guest network (by design, I think), but I'm very happy with it.
 


Unless you have Comcast Voice service, the leased gateway (modem + router) is not a requirement.
Although it used to be impossible to legally buy a cable modem with built-in eMTA, that doesn't seem to be the case today.

Visiting the My Device Info page and searching for "Voice/Telephone enabled" devices (for my address), it presents six different models with voice/eMTA capability, all of which are available for sale on Amazon. Listed alphabetically:
 



Although it used to be impossible to legally buy a cable modem with built-in eMTA, that doesn't seem to be the case today.
Finally, now that we are just months away from switching to the new city-provided service... ;-}

Comcast also used to provide a modem/voice (no router) box (by Arris), but they were unreliable. We went through three of them; Comcast finally switched us out to a modem/voice/router. Comcast told me that the new modem/router didn't work well in bridge mode. I immediately put it in bridge mode; it works fine.

Although, initially, the new router had an obnoxious habit of turning the wireless back on (I suspected it was firmware updates), it hasn't done that in quite a while now.
 


And from the security and support standpoint, there are good reports here:
That site highlighted the fact that Peplink is in the business of selling well-maintained router software, whereas other manufacturers are vendors of commodity hardware with little support for firmware updates. For me, responsive fixes for security issues is a big plus.

Another nice feature of my Pepwave SOHO router is that it saves the last firmware version in the device whenever an upgrade is applied, so I can revert to it if the newer version goes south.

The current firmware has a known issue in which wi-fi connectivity is lost every few weeks, and a UI bug that truncates the admin password even though a user might have entered more than the maximum allowable number of characters. But these should be fixed in the next release. I've been really happy with this unit.
 



That site highlighted the fact that Peplink is in the business of selling well-maintained router software, whereas other manufacturers are vendors of commodity hardware with little support for firmware updates. For me, responsive fixes for security issues is a big plus.
Another nice feature of my Pepwave SOHO router is that it saves the last firmware version in the device whenever an upgrade is applied, so I can revert to it if the newer version goes south.
To build on this: Peplink has a very active forum which is rich in knowledgeable users, vendors and Peplink technical support personnel - they actually respond to individual user questions and assist in troubleshooting.

In addition to keeping the previous firmware around, if one makes use of their cloud-based management system it’ll keep track of all the configuration changes as you refine your system configurations. Invaluable when I (sooner or later) regret a change I’ve made.

We’ve been deploying Peplink routers and access points in rather remote areas (where cellular and satellite combined multi-WAN connectivity is necessary), as well as in urban environments, ranging from small residential deployments to significant hubs. The access points can function as WiFi routers by themselves, but Peplink really shines when you start adding more sophisticated routers.

Peplink is not the cheapest (access points start at approx. $120).
 


I’ll second the recommendation for Ubiquiti AmpliFi.
I’ll third... Mine’s been running reliably for 6 months now. Because I spend a great deal of time outside on the back porch, I went with the satellites, and my performance for 25-50’ away is excellent. The system has been rock solid, and the updates have all been applied without an issue/hitch. It performs like a once-upon-a-time Apple product.
 


I would have to pay Comcast for a static IP. I don't get to control that, otherwise. The router already has a static IP on the LAN side by definition. I suppose I could make sure that every single other device on my LAN had a static IP so that nothing else besides the Velop responded to DHCP, but that seems kinda impractical. I think the "shared" Ethernet port on the Velop has more downsides than upsides, so I don't recommend it. As for my house, my wife and I both know how to deal with the idiosyncrasies now, so we're not looking for a solution.
It really sounds like something is really poorly done in the interest of making it more flexible. But I would bet that sticking a simple router in between the modem and the Velop (and turning off DHCP distribution on the Velop and letting the router handle it) would solve the issue once and for all.

An inexpensive Ubiquiti Edgerouter (under $50) would do that well, and be quite small. It will always get the ISP's DHCP assigned address, and they are quite reliable (I have numerous Ubiquiti devices installed and have only one router failure; and because the config was stored on an internal USB flash drive, I was able to pull the config files when I realized my last downloaded files were incomplete).

Anyway, that a Velop router would get its switch up and running before its router functions are on makes absolutely no sense from a security standpoint. If anything, that’s an attack vector to something behind the Velop. Yikes.
 


I’ll second the recommendation for Ubiquiti AmpliFi. When my AirPort Extreme gave up the ghost, I chose it for the combination of good reviews on Amazon and the option of getting just the base station with no satellites. I figured I could add them if needed, but in my small house, it has performed great stand-alone.
I'll 4th Ubiquiti. I went to replace my Time Capsule (which I'd used in access point mode for a long time) and first bought a Netgear. Netgear was a mistake, it kept dropping wifi connections and not accepting new connections after about 24-48 hours when in Access Point mode (not non-access point mode). The replacement did the same, so I think it is a common problem.

So, about 6 weeks ago I got a Ubiquiti Networks Unifi 802.11ac Dual-Radio Pro Access Point (UAP-AC-PRO-US). It has been rock solid and the range is better than the Netgear had, seems to be around the same as the Time Capsule was. Knock on wood, it has been flawless for about 6 weeks now. I am still using the Netgear R8500 as the router and the Ubiquiti in access point mode.

Whenever Ubiquiti releases a Wifi 6 (802.11ax or whatever) router with WPA3, I will likely replace the R8500 router.
 


It really sounds like something is really poorly done in the interest of making it more flexible. But I would bet that sticking a simple router in between the modem and the Velop (and turning off DHCP distribution on the Velop and letting the router handle it) would solve the issue once and for all. An inexpensive Ubiquiti Edgerouter (under $50) would do that well, and be quite small. ...Anyway, that a Velop router would get its switch up and running before its router functions are on makes absolutely no sense from a security standpoint. If anything, that’s an attack vector to something behind the Velop. Yikes.
I agree on all points, and I just might try something like what you suggest.
 


One of Linksys's (presumably newer) routers, the MR8300 [Amazon link], is a traditional standalone Wi-Fi router that includes Velop-compatible mesh capabilities.
For those who are curious, I bought one of these this week. I put my old Zoom modem/router into bridge mode and installed the Linksys router between it and the rest of my LAN.

I have not yet gotten any Velop nodes to extend the network. Right now, I'm still using an old Linksys EA2700 router in bridge mode as a secondary access point for the parts of my home where the primary Wi-Fi signal won't reach. That seems to work OK. The only downside is that I need to manage the two devices independently. But there's very little to manage on an access point in bridge mode. I may end up getting one or two Velop nodes to simplify the network setup, but I don't see a need to do so at this time.

The MR8300 seems to work well. I get good throughput and it was pretty simple to set up. My only complaints are:
  • I wish I could perform the initial setup via the web interface. That's not possible. You need to create a Linksys Smart Wi-Fi account and use it with the mobile app to perform the initial configuration. Afterward, there is a web interface you can use.

  • The default configuration interface (app or web) is missing many options that may be important, like SSID broadcast, channel selection, the ability to independently configure the two 5GHz radios, etc. There is a small (and apparently undocumented) "CA" link in the lower-right corner of the screen which makes these options available. Now that I know about it, this isn't a problem, but I don't think it's very friendly to do this.

    Unfortunately, even in this mode, some stuff remains hidden, like the channels actually being used for Wi-Fi when the radios are configured for "auto". But I don't think this will affect my actual usage.

  • There is very little status indication on the device. There are link lights on the Ethernet ports, but aside from that, there's just one single multicolor LED to indicate the router's status: purple for unconfigured (needs setup), blue for connected, red for no Internet access, and a few blinking colors for intermediate states. You are expected (it seems) to use the app, the web interface, or Linksys's web/cloud console for monitoring it.
I was also very surprised to see that my cable modem allows you to leave the Wi-Fi enabled even when in bridge mode. Maybe there are service providers that will provide multiple IP addresses for a household, but it seems pretty pointless to me. I disabled the Wi-Fi once I discovered this, in order to close a potential security hole.
 


...I was also very surprised to see that my cable modem allows you to leave the Wi-Fi enabled even when in bridge mode. Maybe there are service providers that will provide multiple IP addresses for a household, but it seems pretty pointless to me. I disabled the Wi-Fi once I discovered this, in order to close a potential security hole.
Comcast routers have two SSIDs: one for the customer and one for "xfinitywifi"; the semi-public network that anyone with a Comcast account can use when out and about (full disclaimer: I use them!). Generally that one cannot be turned off without a specific request to customer support, e.g., the control is NOT on on the customer side of the interface. The good news is they will turn it off if you ask.
 


Comcast routers have two SSIDs: one for the customer and one for "xfinitywifi"; the semi-public network that anyone with a Comcast account can use when out and about (full disclaimer: I use them!).
The "xfinitywifi" SSID is the open WiFi intended for customer use. The "XFINITY" SSID provides secure, encrypted connections to customers who have installed the Xfinity WiFi secure profile on their smartphone and/or tablet. Info here:

I also briefly used a Comcast-supplied gateway (all in one modem/router/WiFi). I was able to turn off the "xfinitywifi" SSID. I don't remember details about the "XFINITY" SSID.

However, I'm 99% sure the gateway was broadcasting one or more hidden SSID's for customers that use Xfinity features like home security. I don't use their home security and wasn't happy about not being able to turn those SSIDs off.

I also had performance problems with the Xfinity gateway and went back to the modem I own, an Arris SB6183. It provides great perfomance and reliability. I use a Netgate router running pfSense for security and routing and a Ubiquiti UniFi access point for WiFi.
 


Comcast routers have two SSIDs: one for the customer and one for "xfinitywifi"; the semi-public network that anyone with a Comcast account can use when out and about (full disclaimer: I use them!). Generally that one cannot be turned off without a specific request to customer support, e.g., the control is NOT on on the customer side of the interface. The good news is they will turn it off if you ask.
I am well aware of this, but I am not using Comcast equipment. This is a Zoom 5352 modem/router that I purchased four years ago, soon after getting my service. It has no support whatsoever for Comcast's public guest-login features (e.g. the "xfinitywifi" SSID).

Nevertheless, the Wi-Fi remained active after putting it into bridge mode and needed to be explicitly disabled, which was easily done via the web interface (still reachable in bridge mode, but its IP address changed from 192.168.1.1 to 192.168.100.1).
 


Comcast routers have two SSIDs: one for the customer and one for "xfinitywifi"; the semi-public network that anyone with a Comcast account can use when out and about
I'm a Comcast cable and internet customer (no longer use them for phone service). I stopped renting their router several years ago but became aware of the embedded SSID in those modems, because my Menubar WiFi dropdown listed both "xfinitywifi" (open) and "XFINITY" (protected) networks on my computers at home, and occasionally, my iMac would attempt to join one of them instead of my own SSID provided by my latest generation 802.11ac "minitower" Airport Extreme Time Capsule. (Communications within my LAN, extended by an Airport Express, would remain intact, but I'd lose internet connectivity, with no onscreen indication that this was happening other than discovering that I was no longer linked to the internet via my own Wireless LAN when I dropped down the WiFi menu.)

Using the iStumbler tool, I was able to superimpose the approximate location of the Comcast SSIDs on a local map. In order to stop my own router's "wandering" search for internet connectivity, I had to go into the "Advanced" section of the Network > WiFi pane in System Preferences, "forget" the Comcast SSIDs, and order the preference of networks to attempt joining.

I was a bit surprised that Comcast doesn't explicitly tell customers who rent its cable modems that they're helping Comcast to create an omnipresent WiFi network. I think a case could be made that Comcast customers should be compensated for (or at least not charged for) renting access points that advance Comcast business as well as providing the customers their internet access!
 


The "xfinitywifi" SSID is the open WiFi intended for customer use. The "XFINITY" SSID provides secure, encrypted connections to customers who have installed the Xfinity WiFi secure profile on their smartphone and/or tablet. Info here:
Thank you; I was wondering what the 'XFINITY' SSID was for. I see that they also have a secure profile for Macs that will ostensibly let me use the secure version; installing that as we speak!

FWIW, there are also Xfinity hotspots mounted on poles in select areas, often strategically near coffee shops etc. In my experience, those work a whole lot better than the same SSIDs as produced by end-user equipment. I have a couple of "go to" parking spots near those that I visit when I need fast connectivity out and about.
 


I was a bit surprised that Comcast doesn't explicitly tell customers who rent its cable modems that they're helping Comcast to create an omnipresent WiFi network. I think a case could be made that Comcast customers should be compensated for (or at least not charged for) renting access points that advance Comcast business as well as providing the customers their internet access!
Call me cynical, but what are the odds that Comcast's reply would be that your discount has already been applied and that you'd be paying more otherwise?
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts