I just upgraded from Extreme Plus to HF 250/20 and of course as part of the upgrade I had to return my Cisco modem and take the Hitron CGN3 instead. Other than the fact that for the second time in 2 modems the . at the Rogers store failed to actually *activate* my new modem and I had to go through Tech Support to get it online, all has been good (granted only about 2 days). Speeds are good, all is functioning (in gateway mode) as it should.
My questions relate to why so many people want to use this in bridge mode. I understand that the Hitron does not function so well in bridge mode, and I have read a lot on that, but I have not really seen why so many people are so unhappy with the the out-of-the-box gateway mode.
I assume that the firewall and security of the Hitron are standard etc, so what is wrong with the router part of this per se? Do I really need a fuller-featured router that the Hitron provides? I guess that is hard to answer when you don't know my usage and setup etc, but perhaps some experienced users can list a few of the major deficiencies of the Hitron as router that are driving so many users to bridge mode and a stand-alone router? I want to learn what I am missing 🙂
I agree that there probably is a pretty low risk of someone at Rogers playing around with your network with malicious intent.
But that is not my main worry.
The knowledge level of many CSRs is fairly low - I am more worried about ignorance than malevolence. If I call in with a problem with my internet service I worry that they are going to try to "fix" the problem by changing something in my network configuration. Don't forget the case a couple of months ago when Rogers continued to insist that there was no problem with this device in bridge mode when dozens of users were having persistent crashing.
For example, I believe the default subnet for this gateway is 192.168.0.X and the router gets an IP of 192.168.0.1. Let's say I decide to change this to 192.168.1.1 and my subnet to 192.168.1.X or I decide to change my subnet mask to 255.255.254.0. If the Rogers CSR changes these back to the default then they will likely F up my LAN.
Another reason to not use this device in gateway mode is that it seems to screw up VOIP devices, like my Vonage adapter. I have used Vonage for many years with multiple Rogers modems and in a default state with the CGN3 I got one way voice with Vonage - I could hear the other party but they couldn't hear me, or vice-versa. I have never had this problem in bridge modem using at least three different routers (Linksys WRT54G, Asus RT-N16, Asus RT-N66U).
I can most certainly attest to the "ignorance" factor re: CSR's. My rule of thumb is to try to call at least 3x and hopefully there will at least be a 2 out of 3 answer that makes sense... Kidding, but not really. I am consistently amazed at how much more I know about many of my issues than they do, and it should not be that way since I am not an expert!
That said, if the defaults work OK for me, is there an inherent "good practice" reason for me to change away from defaults if I don't need to? Does this compromise my sytem in any tangible way (i.e. re: secutitry among others?)
While may not remove it fully.. there are/were some WPS vulnerabilities out there..
Turning it off MIGHT lessen the chance of one of these happening.
(this can happen on ALOT of 3rd party routers as well with WPS)
You could change it over from WPA/WPA2 to just straight WPA.
Is WPA bad? No.. just WPA2 is better.. and if you dont have any devices which specifically need just WPA only.. may as well remove it from there any chance of something exploiting it, etc.
I have disabled WPS on both WiFi bands, and have changed the security from WPA/WPA2 to straight WPA2. Encryption method is TKIP/AES with a strong passphrase.
With reference to other parts of the thread, I did see in the user admin screens that there is a way to chage DNS at the hardware level if I choose to/need to. For now I will leave it as "auto" until/unless I have any problems.
BTW it is now more than 72 hours and no firmware upgrade from 220.127.116.11 so I think I will call them later and ask about it.