Linksy Router question?

[fivealive]

I Have finally bit the bullet, and I just purchased the linksy na2700 n600 router, I was wondering peoples thoughts on it,

 

 

Reason  I bought it, is because in the last year and a half alone, I have had to replace the router/modem. that the ISP gives me about 30 times.

 

The last time, because of a firmware update they did that crashed the wifi in it completely.

 

 

 

 

[CWB]

"I have had to replace the router/modem. that the ISP gives me about 30 times."

 

that must be a real POS-1 ... what was the make and model ?

[fivealive]

The isp provided router/modem is Cisco DPC3825 DOCSISa

[fivealive]

Router showed up, about 10 minutes ago, all set up. Turned off WPS, and put in a long long password for wifi, and changed the default router password, not really sure what else to do at this point.

[David H. Lipman]

You can disable Remote Management from the POV of the Internet.  Management of the Router should only be done from the POV on the LAN side. 

{ Hopefully this is already disabled }

[fivealive]

I am not sure if it is, that is something I would want to do, that being said, I didn't use the Cd that came with it nor did I make an account with them, using my email.

I accessed the router thru Lan and set it up that way.

The whole idea of being able to access the router from over the net just sounds like a bad plan to me.

[David H. Lipman]

Yes, that's why it should be disabled.

[John L. Galt]

I go a lot further than that, and David might disagree with some of my peculiarities in my setup, but here goes.

 

• I change the default LAN IP from 192.168.0.1 / 192.168.1.1 to 192.168.XXX.YYY, where XXX and YYY are number I choose that mean something to me.
• I set the DHCP server to offer only IP addresses from 192.168.XXX.240 forward.  I don't think I'll ever have 14 random devices connecting to this router, ever, considering all my devices get assigned IPs through DHCP reservations - see below.
• I set reservations for all my known devices in the 192.168.xxx.200 through 192.168.xxx.239 (there are some open values here, I don't have 40 devices connecting - close, but not quite )
• I set my Vonage to always get 192.168.XXX.254, and declare that IP as the DMZ in the router (Vonage seems to work a lot better that way for me, in the past, and I've just left it like that since)
• I set up the default login with a uniquely long password (20 chars, generated by KeePass for me).
• I set up all WiFi connections using a similarly long 26 character password.
• I have my modem, router, and computer on an APC 1500 VA UPS - handy if the power goes out temporarily, or flickers, or browns out, my connection remains active and I don't have to wait (Computer set to shut down within 5 minutes of going on battery, to save power for the router and modem, as, again, Vonage is my home phone system, may need it more than the computer, even with a cell phone handy).
• I completely shut down guest access to my router in all forms.  I realize that I could, instead, enable guest and also enable WiFi isolation for the guest account, but I'd rather not have anyone else have access - it's pretty strong, and I can receive a signal halfway into my back yard and all the way to the street in my front yard, so....
• Keeping the router up to date is important, but I always check the forums first to make sure that the new update does not have any 'issues' before I install an update  to the firmware.
• Finally, I don't install the software that comes with the router at all, like you.  I use NetGear myself, and it comes with a (JAVA-based) app called Genie - the worst interface I have seen for  an external interface.  I just log in directly to the router via the console.

My router does support DD-WRT, from what I have read, but it takes a good hour+ to set everything up as it is, and I have not taken the time to actually try DD-WRT on it.  I won't get any performance increase, from what I have read, just a more functionality.  That is not for the faint of heart, though.

 

David, your thoughts?

Edited April 2, 2014 by John L. Galt

[David H. Lipman]

1.  I change the default LAN IP from 192.168.0.1 / 192.168.1.1 to 192.168.XXX.YYY, where XXX and YYY are number I choose that mean something to me.
 
Nothing wrong with leaving the defaults.  Doesn't help with security but adds a layer of complication.  If one is comfortable with it - Go for it !

2.   I set the DHCP server to offer only IP addresses from 192.168.XXX.240 forward.  I don't think I'll ever have 14 random devices connecting to this router, ever, considering all my devices get assigned IPs through DHCP reservations - see below.
 
Usually the lowest IP address is the Router and one will start the DHCP range at some predetermined higher number such that IP addresses below the DHCP starting address are applied to nodes for Static IP Assignments.
 
3.  I set reservations for all my known devices in the 192.168.xxx.200 through 192.168.xxx.239 (there are some open values here, I don't have 40 devices connecting - close, but not quite )
 
See above
 
4.  I set my Vonage to always get 192.168.XXX.254, and declare that IP as the DMZ in the router (Vonage seems to work a lot better that way for me, in the past, and I've just left it like that since)
 
Consistent static assignments for specific equipment is a Good Thing.
 
5.  I set up the default login with a uniquely long password (20 chars, generated by KeePass for me).
 
Its complexity that counts not the max character string length.  Use UPPER CASE, lower case, numbers and special characters whenever possible.  I don't believe in software generated passwords as they are a bitch to remember.  Yes they are complex but they are also too complex to remeber.  I recommend mnemonics and obfuscated phrases and algorithms in passwords.  One must memorize passwords so a memorable pattern, know by the user, is best remembered.  Strong Passwords that are memorable with personal meaning.
 
6.  I set up all WiFi connections using a similarly long 26 character password.
 
Same as above
 
7.  I have my modem, router, and computer on an APC 1500 VA UPS - handy if the power goes out temporarily, or flickers, or browns out, my connection remains active and I don't have to wait (Computer set to shut down within 5 minutes of going on battery, to save power for the router and modem, as, again, Vonage is my home phone system, may need it more than the computer, even with a cell phone handy).
 
Can't hurt IFF you have such a UPS.  They aren't cheap and the Lead-Acid gel batteries are heavy and eventually have to be replaced.
 
8.  I completely shut down guest access to my router in all forms.  I realize that I could, instead, enable guest and also enable WiFi isolation for the guest account, but I'd rather not have anyone else have access - it's pretty strong, and I can receive a signal halfway into my back yard and all the way to the street in my front yard, so....
 
Yepper...
 

9.  Keeping the router up to date is important, but I always check the forums first to make sure that the new update does not have any 'issues' before I install an update  to the firmware.
 
If the security is set on the Router, it isn't needed unless there is a specific "fix" that should be applied to overcome a problematic function.  The cautionary caveat applies to just about any firmware update in that if it goes wrong, you may have an impotent appliance.
 
10.  Finally, I don't install the software that comes with the router at all, like you.  I use NetGear myself, and it comes with a (JAVA-based) app called Genie - the worst interface I have seen for  an external interface.  I just log in directly to the router via the console.
 
For the experienced,, manually setup the appliance is the way to go.  For the novice a Setup Wizard makes the process so much easier.
 
A listing of some pertinent Router setup notes...
 
*  Make sure you use WPA2 AES (high number bits) encryption and make sure the SSID password is a Strong Password
*  Turn off ICMP responses from the Internet. { Disable WAN ICMP Echo Requests (e.g. pings and ICMP traceroute queries) }
*  Disable any management of the Router from the POV of the Internet.  All management should be performed from the LAN side.
*  Don't use a SSID name that ties the WiFi service to you or your family.  Use whimsical names and the like.
*  Change the default management password of the Router to one you know.
*  Document passwords created and store them in a safe but accessible location.

[John L. Galt]

#5:  Well, I use KeePass itself to manage passwords to hundreds of sites and devices, including client computers.  Witht he database fully encrypted as is the norm for KeePass, and in the cloud, I'll never be not able to access my database at any given moment, though it may take me a little while to get it up and running depending upon my circumstances.  There is my PC, my PortableApps, my phone, and my tablet, all with access to the latest version of the database at any given moment.

 

I did make the WiFi passwords memorable, but it is still 26 characters long.

 

For the additional points- those were the additional tweaks I was talking about.  I'll go through my router this evening and see what else I may have done - like setting multiple port triggers for being able to remote desktop into any of three machines by using 3 separate external ports that redirect to specific IPs, which, of course, are assigned via DHCP reservation....

[fivealive]

So, Heres a puzzle maybe you can help me figure out, I put my old router/modem from my isp into bridge mode(have to keep it since internet thru cable) and I hooked up the new router to the modem. and now speed tests show my download at 20mbs and uploads at 1mbs.

 

where as plugging directly into the modem/router from isp and running those tests ( with it in bridge mode). comes up as 95MBS and 11MBS

 

 

any idea what could be causing that

[David H. Lipman]

Are you, the test PC, connected via Ethernet or WiFi ?

[fivealive]

I ran the tests on a desktop connected via wired.

[John L. Galt]

New router model?  And old modem/router combo model as well, I have a sneaking suspicion I know this answer but want to make sure.

[fivealive]

new router is a linksy na2700 n600 router the old model is a Cisco DPC3825 DOCSIS

[Firefox]

New router model?  And old modem/router combo model as well, I have a sneaking suspicion I know this answer but want to make sure.

That information was already posted in post #1 and #3 above....

[David H. Lipman]

new router is a linksy na2700 n600 router the old model is a Cisco DPC3825 DOCSIS

 

If you have both, try a test with both.  Open a Command Prompt and type;   tracert  google.com

and post back with the results of both outputs.

 

If you worried that that's too much info for a public post, you can PM me with the results of both tests.

[fivealive]

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.

C:\Users\mom>tracert google.com

Tracing route to google.com [173.194.43.99]
over a maximum of 30 hops:

  1     3 ms    10 ms     9 ms  Cisco16759 [192.168.1.1]
  2     *        *        *     Request timed out.
  3    32 ms    19 ms    19 ms  24.156.135.149
  4    34 ms    23 ms    25 ms  69.63.249.93
  5    33 ms    18 ms    29 ms  69.63.251.142
  6    29 ms    17 ms    20 ms  72.14.222.87
  7    19 ms    29 ms    19 ms  209.85.255.232
  8    21 ms    27 ms    29 ms  72.14.239.73
  9    26 ms    20 ms    25 ms  yyz08s10-in-f3.1e100.net [173.194.43.99]

Trace complete.

this is the tracert for the new router, I will go plug in the desktop into the old modem now and give you results from that as well

[fivealive]

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.

C:\Users\mom>tracert google.com

Tracing route to google.com [173.194.43.99]
over a maximum of 30 hops:

  1     3 ms    10 ms     9 ms  Cisco16759 [192.168.1.1]
  2     *        *        *     Request timed out.
  3    32 ms    19 ms    19 ms  24.156.135.149
  4    34 ms    23 ms    25 ms  69.63.249.93
  5    33 ms    18 ms    29 ms  69.63.251.142
  6    29 ms    17 ms    20 ms  72.14.222.87
  7    19 ms    29 ms    19 ms  209.85.255.232
  8    21 ms    27 ms    29 ms  72.14.239.73
  9    26 ms    20 ms    25 ms  yyz08s10-in-f3.1e100.net [173.194.43.99]

Trace complete.
 

here is the isp modem results

[John L. Galt]

Lol sorry.  For some reason I thought this was someone else's topic, not fivealive's,

 

@fivealive - does your Cisco residential gateway have Bridge mode in the firmware?  Or do you have to call your ISP to have them flip it on and off?

 

I'm assuming you do it yourself....

 

In reading this thread, it seems that most people reported better functionality in bridge mode than using it as the residential gateway - http://forums.redflagdeals.com/cisco-dpc3825-upgrade-basic-setup-bridge-mode-cable-modem-mode-1142802/2/

[John L. Galt]

Those two tracerts are identical, I think.

[fivealive]

The modem from the isp is in bridge mode. I ran another speed test, with the modem from ISP and took a picture of the results to show you guys,

[John L. Galt]

Since you're running speed tests from Ookla (aka Speedtest.net) you can simply use the share function, and select forum code.

 

I'm trying to find any other information on it, but that link I posted seems to have helped some overcome some issues, have you gone through it yet?

[fivealive]

here is the router speed test, all done on the same computer a desktop with windows 7

[fivealive]

I put the old modem back into router modem, instead of bridge and reran the test ( I am still connected to the new router on all computers)

 

and the results are the same, speeds are super slow.