03-15-2023 01:05 PM - last edited on 03-15-2023 01:16 PM by RogersJo
Hi all,
Wanted to get the collective wisdom here. Sorry if this has been dealt with previously.
When I had the older Hitron modem I always used it in bridge mode and had an ASUS AC68U Gigabit router (which I still have boxed away). When I switched to Ignite and had the XB6 it seemed adequate for my needs to just use the Rogers Gateway - I got my Gigabit speeds and with no mesh or any other boosters had a good strong WiFi signal throughout my (3 level) house. When I upgraded my Ignite to 1.5 GB speed and got the XB7 swapped in for the XB6, I similarly have so far been using it in Gateway mode and for the most part everything seems OK. I have purchased a USB 2.5GB Ethernet adapter for my PC and routinely get 1800+ download speeds.
My WiFi signal strength still seems OK throughout the house although I am not positive that the XB7 is giving *quite* as strong a Wifi signal at the extremities of the house as was the XB6 - even though it is located in *exactly* the same spot as the former XB6 was. But I have noticed that one of my smart home things - a Google Nest (battery operated) doorbell seems to go offline several times a day (not for long - seems like a signal interruption?) when I never noticed that with the former XB6.
So it all got me to thinking about gateways vs routers. If I am really not experiencing much if any problem, my speeds are OK and my WiFi signal/coverage seems excellent for the most part, and adequate at worst, is there any incentive for me to think about going back to a stand-alone router?
I likely would not use the old ASUS one since it is several years old and has a 1 GB speed limit, but purchase a new one. Is that just a waste of money given the otherwise adequacy of my setup? We have many devices connected throughout the house, but so far all seems to work OK?
If I *was* to think about a new router, any recommendations? Is the XB7 straightforward to even set up in Bridge mode?
Many thanks.
**Labels Added**
03-15-2023 03:55 PM - edited 03-15-2023 04:03 PM
@DrMike This is not a simple question to answer.
From what I see, your network design consists of having a single Wi-Fi router, and you are trying to deal with a situation where you have network devices at the edge of your network that have marginal Wi-Fi connections.
Switching to a different Wi-Fi router won't provide you with more power because transmit power is capped by government regulations. Another problem is that a good Wi-Fi connection is dependent on both sides of the connection able to transmit and receive at a high-enough quality and at a high-enough data rate. You can try to find a router that has a better antenna design. However, the real solution is to implement a more sophisticated Wi-Fi setup, with more Wi-Fi Access Points, ideally in a mesh configuration (or one that allows for seamless roaming), so that devices in all areas of your home have a very high-quality Wi-Fi connection.
Another challenge of using your own gear, with your Ignite Gateway in Bridge Mode, is that you will need to implement and support this network on your own. If you run into problems, you will need to be able to troubleshoot and fix any problems that crop up.
Another thing to consider is that routers with 2.5 Gigabit Ethernet LAN and WAN ports are rather pricey.
Another option is to continue to run in "gateway mode" and add Ignite Pods to have good Wi-Fi coverage in your home. However, this will require implementing a single network name for both the 2.4 and 5 GHz bands, with Band Steering. If you have devices that require their own dedicated network on the 2.4 GHz, add an external Wi-Fi Access Point. One option is to put your old router into AP Mode. You can also pick up something like a TP-Link EAP245 from Amazon for less that $100, and they often go on sale for $80.
Going back to your original question, the "Pros" to running on your own network gear is that you have complete control over your network, and you have access to features and settings that are not available on the Ignite Gateway. Some people have very sophisticated networking requirements that the Ignite Gateway cannot support.
The "Cons" to running in Bridge Mode is that you might run into technical issues, and Rogers will not be able to support you if you should run into problems with Ignite TV; they will insist that you revert back to a Rogers-supported configuration.
If the Ignite Gateway meets your needs and you value the ease and simplicity of a network that pretty much runs itself, with full support from Rogers, then definitely keep running in "gateway" mode.
03-15-2023 11:32 PM - edited 03-15-2023 11:35 PM
@DrMike wrote:
If I *was* to think about a new router, any recommendations? Is the XB7 straightforward to even set up in Bridge mode?
I also happen to be looking for new hardware so that I can also run in Bridge Mode again. At the moment, I am running my Ignite Gateway in "gateway" mode.
For years, I also used my own router (running OpenWrt) and business-grade Wi-Fi access points. Unfortunately, my router was based on Marvell hardware, and OpenWrt 22.03.3 got released with a badly broken Ethernet/switch driver for that chipset, making my router hardware useless... unless I opt to run my home network on an unreleased OpenWrt developer snapshot with a back-ported switch driver. I also really need to upgrade to newer, faster hardware that can handle multi-gigabit speeds.
I'm currently looking as ASUS routers. Ideally, I would like one with (at least) dual 2.5 GigE ports (for LAN and WAN connectivity) and Wi-Fi 6E... but to get that, I would need a GT-AXE16000. However, I don't really want to shell out that much money for a product that is a bit over-kill for my needs, and whose Wi-Fi technology is on the verge of being obsoleted. I'm also not a fan of Broadcom Wi-Fi 6E hardware and drivers. Instead, I'll wait for 802.11be to be ratified and see what higher-end gear is available at that time.
If I go ASUS, I would probably forgo Wi-Fi 6E and get either the RT-AX86U Pro or the RT-AX88U Pro... but every retailer currently shows them as out of stock, while they try to clear their inventory of now-obsolete RT-AX86U and RT-AX88U gear.
I'm also looking at the eero PoE Gateway but it's currently only available through professional installers and there is not much public documentation available. The hardware looks capable. However, if it requires cloud-based management, that will be enough to remove it from consideration.
Another thing that I am considering is building a router/firewall from scratch (yes, I know what I am doing. yes, I know that pfSense, OPNsense, IPFire, etc. exist.) and continuing to use dedicated Wi-Fi Access Points for my Wi-
Fi connectivity. Why? Commercial products, in both Consumer and Enterprise markets focus too much on bells and whistles and not enough on quality management and the fundamentals of getting the security aspects of their products right. I have also been burned too many times by vendors that abandon their products with unpatched critical bugs, security vulnerabilities, and hardware design flaws.
03-16-2023 07:13 PM
Would another consideration be the ability to segment the network?
Even the NSA is now specifically recommending - "At a minimum, your wireless network should be segmented between your primary Wi-Fi, guest Wi-Fi, and IoT network. This segmentation keeps less secure devices from directly communicating with your more secure devices." Although I think their focus on just wireless was a mistake.
I'm considering adding a firewall to my XB7 and Samsung SmartThings WiFi mesh so I can get better control of my security. Currently looking at Firewalla, or re-purposing an old PC with the free Sophos Firewall home edition, but concerned about the support implications of bridge mode as described by you on this forum here.
Thanks for the always insightful info!
03-16-2023 08:31 PM - edited 03-16-2023 08:35 PM
@jbww wrote:
Would another consideration be the ability to segment the network?
Oh, absolutely! (And if you work from home, I would also segregate that business traffic as well.)
One of the reasons why I like business-grade Wi-Fi APs (in addition to providing superior performance and rock-solid stability, that cannot be matched with consumer network gear) is that you can set up multiple SSIDs (usually 8 on each of the 2.4 and 5 GHz bands) and have them on separate VLANs. You can then implement sophisticated security policies in your router/firewall to enforce those different security levels and trust boundaries.
As for Ignite TV, you just need to implement a fall-back plan as part of your design. I have found it helpful to created a dedicated SSID for Ignite TV on the Wi-Fi AP. Then, when I need to revert back to a Rogers-supported configuration, all that I need to do is power-off the Ignite STBs, disable the Ignite SSID on my AP, disable Bridge Mode, restart the WAN interface on my router. When I power up the Ignite STBs, they will reconnect to the Ignite gateway; the rest of the devices on my internal network will remain connected to the AP. (Yes, this will temporarily break IPv6 connectivity on your internal network but, again, it's temporary.) Reverse these steps to revert back to your Bridge Mode config.
03-18-2023 07:00 PM
@-G- Thanks for the suggestion re fallback plan. I'll build this into my strategy for hardening my network with a third-party firewall and will also take a look at the upgraded APs. So here's a first cut at what I think my install/operating procedures are starting to look like (but will likely change when I figure out the firewall piece :).
03-18-2023 10:55 PM
@jbww That looks like a good plan.
FYI, when you disable Bridge Mode on the Ignite gateway, its internal Wi-Fi network will get activated immediately, even if you disabled Wi-Fi prior to switching to Bridge Mode. This doesn't really affect your plan as you documented it but it is something to be aware of if you should ever want to momentarily disable Bridge Mode for any reason, say to view configuration options that are not visible in Bridge Mode..
03-20-2023 05:48 PM
Thanks @-G- , good to know.
If/when I settle on a Firewall/router I'm thinking about blogging about why I have to do this. Likely reasons are:
Maybe other reasons as I dig into the benefits. Any suggestions appreciated.
But the ideal would be for ISPs to just support these capabilities directly 😐.