Access point mode or router? Help please

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Steve7001

New Around Here
I bought an Asus RT-AC1200 v2 to enable extended wireless access to an Xfinity gateway/router. I want to keep the Xfinity device active for primary network access (computers and phones) and to ensure support from Comcast, but I intend to connect IOT devices (web cams, smart switches, thermostat) to the extended AC1200 network. (The Xfinity router doesn't seem to allow IOT devices to connect to their guest network) I want separate networks with different passwords and isolation between the Xfinity LAN and the AC1200 LAN, in particular to protect any primary LAN devices in case of intrusion into the IOT devices (I'm not confident in the security of the IOT devices). Will my approach protect the primary Xfinity devices? Should I put the AC1200 in Access Point mode or Router mode? Does that make any difference? I don't understand the implications of the difference between AP mode and Router mode in this case. Can anyone clarify that for me?

As you can probably tell, I'm far from a networking expert, so can anyone help me understand the difference in my case between using AP mode and Router mode in general, and specifically with respect to security? If this is explained elsewhere, please feel free to point me.
 

OzarkEdge

Part of the Furniture
I bought an Asus RT-AC1200 v2 to enable extended wireless access to an Xfinity gateway/router. I want to keep the Xfinity device active for primary network access (computers and phones) and to ensure support from Comcast, but I intend to connect IOT devices (web cams, smart switches, thermostat) to the extended AC1200 network. (The Xfinity router doesn't seem to allow IOT devices to connect to their guest network) I want separate networks with different passwords and isolation between the Xfinity LAN and the AC1200 LAN, in particular to protect any primary LAN devices in case of intrusion into the IOT devices (I'm not confident in the security of the IOT devices). Will my approach protect the primary Xfinity devices? Should I put the AC1200 in Access Point mode or Router mode? Does that make any difference? I don't understand the implications of the difference between AP mode and Router mode in this case. Can anyone clarify that for me?

As you can probably tell, I'm far from a networking expert, so can anyone help me understand the difference in my case between using AP mode and Router mode in general, and specifically with respect to security? If this is explained elsewhere, please feel free to point me.

Clients connected to a box connected to your ISP gateway will be able to access clients connected to your ISP gateway.

The AC1200 in AP mode must be wired to the ISP LAN. This would be the best way to extend LAN/WLAN coverage. (If wireless, then it's a Repeater/Extender that shares WiFi with the uplink and with clients... not as robust as AP mode.)

The AC1200 in Router mode must be wired to the ISP LAN. Clients connected to your ISP gateway will not be able to access clients connected to the AC1200. The AC1200 clients will be behind a second router/firewall/NAT... so they will be double-NATted... which may or may not cause issue(s) for some time sensitive traffic.

The isolation you want would be to put the untrusted clients on the ISP gateway closer to the Internet, and put your trusted clients behind the second router/firewall to keep the untrusted clients out.

Or use VLANs, which your equipment does not support.

Or ban untrusted clients... cheapest and easiest solution. Except they are not the only risk... trusted clients can malpractice safe computing.

A built-in guest WLAN on the main router or across a mesh system can isolate its wireless clients, if it works right... needs to be proven.

OE
 
Last edited:

brobin

Occasional Visitor
I'm not sure what kind of Comcast support you're trying to ensure but I'd dump the Comcast modem/router and save the $15+ tax per month and buy your own modem for under $70. It'll pay for itself in less than 5 months. I've never had a problem with mine in the 8 years I've had it. Install it, plug in your AC1200 and done! Comcast supports owning your own modem. I have an earlier version of the ARRIS SURFboard SB6183 DOCSIS 3.0 Cable Modem is $69.99 from a company that rhymes with Avalon. Once you get it call them and tell them you want to activate it and they'll make the change in their system and reduce your monthly bill.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top