Basic home network setup question: ASUS AC2900 RT-AC68U

[alanwhpoon]

Hi,

Not sure if this is the right forum or even the right site for this question. I have no networking background, and getting frustrated trying to set up my home network!

My telco provided me with an Actiontec T3200 wireless router. As I've been adding more devices I've been noticing wifi performance issues, and after reading online it seems that the best logical step was to purchase a better router. So I purchased the ASUS AC2900 RT-AC68U.

Reading online, here's what I've done:
1. Kept my TVbox connected to the T3200 (apparently it needs to be connected to the T3200 to work properly)
2. Set the T3200 to bridge mode (I still don't know the pros / cons of setting to bridge mode)

At this point, if I connect the RT-AC68U WAN port to the T3200 LAN1 port, everything works great. Except that all my devices have IP addresses of 192.168.50.x instead of the 192.168.1.x that they used to have (not sure if this is a problem?) However, I have some devices connected to the RT-AC68U LAN that require port forwarding, and I don't know if that's possible in this configuration?

Continuing to read online, it seems that I'm supposed to set the RT-AC68U into Access Point mode, and to make sure I assign an IP address before doing this.

1. On the T3200 DHCP settings and assigned 192.168.1.70 to the RT-AC68U MAC address
2. On the RT-AC68U I changed the configuration to Access Point

Once the RT-AC68U reset, it had the correct IP address of 192.168.1.70. Devices connected to RT-AC68U are able to access the internet. However, they have strange IP addresses of 108.172.210.* and I'm not able to access the router configuration page when I go to http://108.172.210.1.

So, I guess my questions are:
- Should the T3200 be in bridge mode?
- Should the RT-AC68U be in access point mode?
- Why am I getting the problem of the strange IP addresses, and not being able to access my RT-AC68U configuration page in Access Point mode?
- Can I enable port forwarding for devices connected to the RT-AC68U?

Thanks in advance!
Alan

 

[OzarkEdge]

Hi,

Not sure if this is the right forum or even the right site for this question. I have no networking background, and getting frustrated trying to set up my home network!

My telco provided me with an Actiontec T3200 wireless router. As I've been adding more devices I've been noticing wifi performance issues, and after reading online it seems that the best logical step was to purchase a better router. So I purchased the ASUS AC2900 RT-AC68U.

Reading online, here's what I've done:
1. Kept my TVbox connected to the T3200 (apparently it needs to be connected to the T3200 to work properly)
2. Set the T3200 to bridge mode (I still don't know the pros / cons of setting to bridge mode)

At this point, if I connect the RT-AC68U WAN port to the T3200 LAN1 port, everything works great. Except that all my devices have IP addresses of 192.168.50.x instead of the 192.168.1.x that they used to have (not sure if this is a problem?) However, I have some devices connected to the RT-AC68U LAN that require port forwarding, and I don't know if that's possible in this configuration?

Continuing to read online, it seems that I'm supposed to set the RT-AC68U into Access Point mode, and to make sure I assign an IP address before doing this.

1. On the T3200 DHCP settings and assigned 192.168.1.70 to the RT-AC68U MAC address
2. On the RT-AC68U I changed the configuration to Access Point

Once the RT-AC68U reset, it had the correct IP address of 192.168.1.70. Devices connected to RT-AC68U are able to access the internet. However, they have strange IP addresses of 108.172.210.* and I'm not able to access the router configuration page when I go to http://108.172.210.1.

So, I guess my questions are:
- Should the T3200 be in bridge mode?
- Should the RT-AC68U be in access point mode?
- Why am I getting the problem of the strange IP addresses, and not being able to access my RT-AC68U configuration page in Access Point mode?
- Can I enable port forwarding for devices connected to the RT-AC68U?

Thanks in advance!
Alan

You may have your internal devices exposed to the Internet, so I would first reset your 68U router to router mode (with firewall).

OE

 

[OzarkEdge]

Hi,

Not sure if this is the right forum or even the right site for this question. I have no networking background, and getting frustrated trying to set up my home network!

My telco provided me with an Actiontec T3200 wireless router. As I've been adding more devices I've been noticing wifi performance issues, and after reading online it seems that the best logical step was to purchase a better router. So I purchased the ASUS AC2900 RT-AC68U.

Reading online, here's what I've done:
1. Kept my TVbox connected to the T3200 (apparently it needs to be connected to the T3200 to work properly)
2. Set the T3200 to bridge mode (I still don't know the pros / cons of setting to bridge mode)

At this point, if I connect the RT-AC68U WAN port to the T3200 LAN1 port, everything works great. Except that all my devices have IP addresses of 192.168.50.x instead of the 192.168.1.x that they used to have (not sure if this is a problem?) However, I have some devices connected to the RT-AC68U LAN that require port forwarding, and I don't know if that's possible in this configuration?

Continuing to read online, it seems that I'm supposed to set the RT-AC68U into Access Point mode, and to make sure I assign an IP address before doing this.

1. On the T3200 DHCP settings and assigned 192.168.1.70 to the RT-AC68U MAC address
2. On the RT-AC68U I changed the configuration to Access Point

Once the RT-AC68U reset, it had the correct IP address of 192.168.1.70. Devices connected to RT-AC68U are able to access the internet. However, they have strange IP addresses of 108.172.210.* and I'm not able to access the router configuration page when I go to http://108.172.210.1.

So, I guess my questions are:
- Should the T3200 be in bridge mode?
- Should the RT-AC68U be in access point mode?
- Why am I getting the problem of the strange IP addresses, and not being able to access my RT-AC68U configuration page in Access Point mode?
- Can I enable port forwarding for devices connected to the RT-AC68U?

Thanks in advance!
Alan

This thread may get moved to here: https://www.snbforums.com/forums/asus-ac-ax-routers-adapters.47/

Bridge mode disables various functions in the ISP router so that they do not conflict with similar functions in a downstream router. If you want to use your 68U as your router (68U is AC1900; 86U is AC2900), leave your ISP router in bridge mode and leave your 68U in its default router mode. Then manage the 68U for routing, DHCP (serving IP addresses to your devices), firewall, WiFi, etc. Avoid using DMZ and know what you are doing if using port forwarding.

I would begin by resetting your 68U. Read this FAQ: https://www.snbforums.com/threads/faq-nvram-and-factory-default-reset.22822/

Browse to router.asus.com or 192.168.1.1 or 192.168.50.1 to login to your 68U GUI. Make some basic changes to suit your preferences... some of these can be made during the initial router Quick Setup routine. For example (references to Smart Connect are for an 86U in case that is what you have) <indicates a default setting>:

GENERAL
Guest Network\2.4 GHz
Hide SSID: <No> ;required by AiMesh and will speed client connection.
Network Name (SSID): Alan_Guest ;set to Alan-24_Guest, if using separate SSIDs i.e. a 68U not using Smart Connect.
Authentication Method: WPA2-Personal
WPA Encryption: <AES>
WPA Pre-Shared Key: internetonly2018
Access Intranet: <Disabled> ;guest wireless clients can only access the Internet.
[APPLY]

Guest Network\5.0 GHz
Hide SSID: <No> ;required by AiMesh and will speed client connection.
Network Name (SSID): Alan_Guest ;set to Alan-50_Guest, if using separate SSIDs i.e. a 68U not using Smart Connect.
Authentication Method: WPA2-Personal
WPA Encryption: <AES>
WPA Pre-Shared Key: internetonly2018
Access Intranet: <Disabled> ;guest wireless clients can only access the Internet.
[APPLY]

ADVANCED
Wireless\General (i) 2.4 GHz setting; ii) 5.0 GHz setting)
Network Name (SSID): Alan ;set to i) Alan-24 and ii) Alan-50, if using separate SSIDs i.e. a 68U not using Smart Connect.
Hide SSID: <No> ;required by AiMesh and will speed client connection.
Wireless Mode: <Auto> ;fixed by Smart Connect; set to i) Auto or N only and ii) N/AC mixed, if using separate SSIDs.
Channel Bandwidth: <Auto> ;fixed by Smart Connect; set to i) 20 MHz and ii) 20/40/80 MHz, if using separate SSIDs.
Control Channel: <Auto> ;fixed by Smart Connect; set to i) least congested of 1,6,11 and ii) Auto, if using separate SSIDs.
Extension Channel: <Auto> ;fixed by Smart Connect; set to ii) Auto, if using separate SSIDs.
Authentication Method: WPA2-Personal
WPA Encryption: <AES>
WPA Pre-Shared Key: tgiagotos2018 ;the grass is always greener on the other side 2018.
[APPLY]

Wireless\WPS
Enable WPS: <ON> ;required by AiMesh to add nodes.
[APPLY]

Wireless\Professional
Band: 2.4 GHz
Enable Radio: <Yes> ;required by AiMesh to add nodes.
Roaming assistant: <Enabled> <-55 dBm> ;required by AiMesh for node steering.
Airtime Fairness: Disabled ;to avoid incompatibility with some wireless adapters.
[APPLY]

Band: 5.0 GHz
Enable Radio: <Yes> ;required by AiMesh to add nodes.
Roaming assistant: <Enabled> <-70 dBm> ;required by AiMesh for node steering.
Airtime Fairness: Disabled ;to avoid incompatibility with some wireless adapters.
[APPLY]

LAN\LAN IP
IP Address: 192.168.1.1
[APPLY]

LAN\DHCP Server
IP Pool Starting Address: 192.168.1.100 ;192.168.2 to 192.168.99 can be manually-assigned, if desired.
[APPLY]

WAN\Internet Connection
Enable UPnP: No
Connect to DNS Server automatically: No ;using Quad9 DNS (www.quad9.net) instead of ISP DNS.
DNS Server1: 9.9.9.9
DNS Server2: 149.112.112.112
[APPLY]

WAN\NAT Passthrough
SIP Passthrough: Disabled ;to not interfere with VoIP.
[APPLY]

Administration\System
Router Login Name: Alan
New Password: spring
Retype Password: spring
Time Zone: (GMT-06:00) Central Time (US, Canada)
DST time zone changes starts: <3> <2nd> <Sun> <2>
DST time zone changes ends: 11 1st <Sun> <2>
Enable Telnet: <No>
Enable SSH: <No>
Authentication Method: <HTTP> ;may be required by AiMesh to add nodes(?).
Enable Web Access from WAN: <No> ;never.
[APPLY]

Power OFF/ON router and browse to GRC Shields Up! to test UPnP and all service ports vulnerability.

Once you get this set up, you can consider port forwarding in the 68U router.

OE

 

[alanwhpoon]

Thanks so much! I get it now.

So I have two options:

1) set up T3200 in bridge and ASUS in router mode, connect t3200 LAN1 to ASUS WAN, set up port forwarding in two places: T3200 to the ASUS router and ASUS router to internal devices.

2) disable bridge mode in T3200 and set up ASUS in access point mode, connect T3200 LAN1 to ASUS LAN1, set up port forwarding in the T3200

I would guess that option 1 is preferred so I can use the router capabilities like QoS from the ASUS router, correct? And is my description above accurate?

Thanks again!
Alan

 

[OzarkEdge]

Thanks so much! I get it now.

So I have two options:

1) set up T3200 in bridge and ASUS in router mode, connect t3200 LAN1 to ASUS WAN, set up port forwarding in two places: T3200 to the ASUS router and ASUS router to internal devices.

2) disable bridge mode in T3200 and set up ASUS in access point mode, connect T3200 LAN1 to ASUS LAN1, set up port forwarding in the T3200

I would guess that option 1 is preferred so I can use the router capabilities like QoS from the ASUS router, correct? And is my description above accurate?

Thanks again!
Alan

Not knowing the ISP router/gateway, Option1 using the ASUS in router mode is preferred. But I believe you only need to setup port forwarding in the ASUS router since it is the router/firewall. The ISP router in bridge mode is a passthrough device, for lack of a better term.

Just don't connect the bridged ISP router LAN to the ASUS router/AP LAN because this will connect the Internet to your LAN with no intervening firewall. This is why it's a good idea to use a colored/labeled cable for the router WAN connection... to make sure it is not accidentally connected to the router LAN connections.

One advantage to Option2, using the ISP router as router/AP, is then the ASUS router in wired AP mode becomes a second AP for extended WiFi coverage. But only consider this if you need more WiFi coverage.

OE

 

[alanwhpoon]

Thanks so much again! You are an absolute lifesaver! I’ll go through the instructions you posted for setup.

A couple additional QQ’s:

1) you mention bridge mode as a pass through, but the TELUS T3200 in bridge mode still assigns IP addresses and enables internet for any wired devices on LAN2-4. How does it know whether to forward a port to bridge LAN1 or to wired devices on LAN2-4? Do I just need to make sure there’s no ports forwarded on LAN2-4?

2) what do you mean by “avoid using DMZ”?

Cheers,
Alan

 

[OzarkEdge]

Thanks so much again! You are an absolute lifesaver! I’ll go through the instructions you posted for setup.

A couple additional QQ’s:

1) you mention bridge mode as a pass through, but the TELUS T3200 in bridge mode still assigns IP addresses and enables internet for any wired devices on LAN2-4. How does it know whether to forward a port to bridge LAN1 or to wired devices on LAN2-4? Do I just need to make sure there’s no ports forwarded on LAN2-4?

2) what do you mean by “avoid using DMZ”?

Cheers,
Alan

1) You may need to disable DHCP on the TELUS, to not conflict with DHCP on the ASUS. I believe it should then pass the ISP public IP to your ASUS WAN.

I can't answer explicitly, but... the bridged TELUS should simply pass traffic to/from the Internet from/to the ASUS WAN. The ASUS router/firewall/port forwarding decides what shall pass to/from your LAN. The remaining TELUS LAN connections should not be used since those devices may not get an IP address or they may get an ISP public IP address and be exposed to the Internet.

You could search for info on how to bridge the TELUS.

I've never used DMZ (nor port forwarding)... it must be used knowingly since devices in the DMZ are exposed. Since you said you are a networking novice, I cautioned you to not mess around with DMZ trying to make things work that most likely don't require messing around with DMZ. But if you understand it all, have at it.

OE

 

[degrub]

2) DMZ is wide open to the internet and subject to direct attack by script kiddies looking for fun and malice. Any device you put there is going to get hacked. So don't use it unless you know what you are doing and how to defend the device. Usually there is a lan port marked as "DMZ", sometimes in a different color. Sometimes you have to read the configuration guide to figure it out.

1) bridge mode means no routing services. It is just the modem operating and passing the IP address assigned by the ISPs DHCP server (or static address for your location) for the ports. Depending on what the ISP allows, it may be one address or multiple. Generally, only 1.

 

[alanwhpoon]

Amazing thanks to both! Yeah I will definitely not attempt to use a DMZ, was just making sure that it’s not something I needed to disable. Thanks again

 

[OzarkEdge]

Amazing thanks to both! Yeah I will definitely not attempt to use a DMZ, was just making sure that it’s not something I needed to disable. Thanks again

Keep WAN\DMZ Disabled, the default.

OE