[Rocket88]

I would strongly suggest that you check your speed using Ethernet using a device with nothing running but the speed checker (or a browser with only a single tab open with the speed checker in that tab). Ideally disconnect all other devices (temporarily disable wifi networks and unplug all ethernet cables.

The above will isolate if there s problem originating with your ISP versus the router or WiFi congestion.

While it is possible your router is failing, that’s the least likely scenario.

Another thing to check is bandwidth monitoring. There are a LOT of IOT stuff that has been hijacked for botnets. This is a problem that is coming up weekly on tech sources. If these devices are using tons of bandwidth for the bad guys, then everything slows down for you.

Finally, as support states, you may need to tweek WiFi settings. If you live in an apartment or townhouse odds are wifi bandwidth can’t handle all the demand. I know that is the case where I live. After some tweaking of channels I was able to get an improvement, but it’s nowhere near as ethernet.

It is *highly* advisable that anything streaming video should be on ethernet. If you streaming TV’s in areas of your home where ethernet is inconvenient, do you have COAX? In that case look into “MOCA 2.0” or 2.1 Ethernet over coax devices to extend your ethernet over existing coax.

[Rocket88]

> My plan is to bridge the ISP router straight into the back of pcWRT router.

Assuming your “ISP Router” is a router not a modem, then I would suggest you may want to remove it, especially if performance (AKA Speed) is a concern.

In most cases unpluging it and connecting your pcWRT router is all you need to do.

However, if that doesn’t work you may need to do some configuration. That all depends on how your Internet Service Provider has things set up. If they require a fixed IP Address (unlikely) or a specific Mac address (used to be a common requirement but less so now) or possibly something other than DHCP then configuration would be required. If plugging the pcWRT router in directly does not work, then check to see if they have an FAQ about router requirements.

Definitions:

Modem – has a single input, either coax (cable modem) or telephone (DSL Modem) or fiber option (Optical Network Tranceiver) and provides a single Ethernet output.

Router- Connects to a modem and provides multiple Ethernet out puts and/or wifi

[Rocket88]

>LAN = Everything Ticked

Devices on the LAN Ethernet will have access to everything on the system. Since you are the only one with ready access, and you don’t plan on having a LAN WiFi that’s probably OK.

>GUEST Source to Guest Destination Ticked
>X1 Source to X1 Destination Ticked (port1 selected)
>X2 Source to X2 Destination Ticked (port2 selected)
>X3 Source to X3 Destination Ticked

These are the so-called diagonal settings. These allow device on a specific vlan to connect to other devices on that VLAN. I believe you will want to uncheck these “diagonals”.

>I don’t see any diagonal tick options now know what is meant by diagonal as i just see Rows & Columns

See above.

Something that you may not understand is that All devices have access to the WAN port. EG all devices have access to the Internet. Off the top of my head I don’t know there’s a way to prevent that (there probably is) but the assumption is that of course all devices need access to the internet.

[Rocket88]

> I have in total 2 5Ghz & 4 2.4Ghz broadcasts, i am thinking i need to remove 1 of the 5Ghz Broadcast being the LAN as i never intend to use it & i think i cant have it anyway?

Turning off broadcast just prevents the name of the WiFi network from showing up on peoples devices. If you don’t need it I would suggest turning it off entirely bu going to settings/wifi.

Then click on LAN. A small “x” will appear to the right of it. That will remove this WiFi network entirely.

[Rocket88]

Answer 1. There are two ways wifi device can interact. In addition to unchecking that box you also need to check the box “Enable WiFi client isolation” in the wifi connection section. This is adjustable for each wifi network.

Answer 2. A device connected to the LAN ethernet port always has config access, I believe. To configure over the web (WAN side) is completely independent of these VLAN settings which pertain to the LAN side only.

Trust me, pcWRT is easier than pro grade equipment, but it is still a bit complicated. Just keep asking questions.

Personally I will administer locally over Ethernet as it is the most secure option. Even if pcWRT is totally trustworthy (which I believe they are) they could be hacked and if you open up remote access that allows a hack to thir service, or a direct attack on your server as “remote possibilities” (pun intended).

I just read an article that many of the devices on botnets are located in cafes and small businesses where they are left un-touched for year. Presumably it would be better to remotely access and update (and monitor) them. It all depends on your security profile.

Good luck

[Rocket88]

Your best bet to determine you max internet speed is to connect a PC that has ethernet directly to your cable modem or optical network tranceiver (ONT) and run a speed test from the computer. To get the most accurate results reboot the computer and then be sure the speed tester is the only program running. If using a browser based speed checker be sure there is only a single tab open.

Best to try a few different speed checkers.

[Rocket88]

Makes sense. I guess one could add “do your homework or go to bed” LOL

Thanks

[Rocket88]

Just a bit of terminology for you. Lets assume the case of an Ethernet switch that supports VLANs (virtual LANS).

Lets assume that it supports 20 ports and you wish to run 5 completely separate networks. In that case you could/would configure 5 VLANs and each VLAN has 4 ports (just an example, the number of ports could be different for each VLAN). In effect you actually now have 5 ethernet switches!

To keep things clean the devices on each of these would have IP addresses assigned to them with differing subnets. If the device NEVER need to communicate across VLANs you don’t have to do this, but if they do it is necessary.. SO in that case you also have 5 separate IP networks, each on its own virtual switch.

But what if you want some or all devices to be able to talk to each other? IN that case you need a router and that gets intimidating quickly.

If the switch has “Layer3” capabilities that means it has a router built in. So in that case you can can use the router to route traffic across networks, just like on the Internet proper.

If you want to keep this simple, and avoid learning about the details of routing (or even VLANs) you buy a pcWRT router! You will notice that your pcWRT router is assigning completely different IP addresses on the different VLANs (LAN, Guest, X1, X2,a and X3). So you don’t need to do that. A bit mysterious if you don’t have this background info.

Then the routing is configured using those check boxes. All very simple. I understand the 1000 foot view, but don’t have the time or interest to learn about routing. I am very pleased to have it all with an EZ button like here!

It would be even simpler if there were a user manual, but with the search function on the forums here you can general find the answer. Or ask the question and generally get a prompt answer.

[Rocket88]

I have to compliment pcWRT support. Sure, we all would love to have instant support. But at most companies it would take day to weeks to infinity to get to actual technical people. And even then they would probably not admit to a bug.

Great job responding and taking ownership! SO rare these days!

[Rocket88]

Wow, that’s great.I already did the partial upload and re-entered stuff, but great to know for the future. AM excited to get the AX1800 up and running. I will then use the D2 in access point mode to extend upstairs.

[Rocket88]

Thanks for the response. I guess the rental verizon router is pretty fast, LOL.

I am definitely not concerned about members of the family using proxies or literal IP addresses.

SO it sounds like I can live without the full access control feature. Mostly I bought the router to isolate my IOT stuff and I while I may not trust DOH providers, I definitely don’t trust Verizon with my DNS inquiries, LOL. I also like the fact most of the DOH services also offer ad blocking and some malware blocking which would be very good for other members of my family (I am with a security conscious employer so I get lots of training and an probably pretty safe myself, but the family…

Eventually I will want to get a second pcWRT router as I do want to extend more than one VLAN using a second access point. I am doing this now, but I can only extend one, which is OK, but not ideal.

There’s a PX1800 used on ebay that I may grab. Originally I was thinking I would eventually get a second D2. Good to know the PX1800 really is faster.

HOPEFULLY with enforced access control OFF the family won’t notice the speed decrease when I deploy this again. I am going to get enough flack explaining how to turn off ad blocking when something they use doesn’t work. But I suspect the lack of ads will be something they will be happy about.

Definitely looking forward to getting the IOT stuff isolated, as well as blacklisting stuff they are sending too (already blocked “myprinterison” that the Samsung is regularly phoning home to).

Thanks again for the real world report 🙂

[Rocket88]

OK, so readin gthis thread after starting and following threads about speed.

So, I conclude that the biggest drawback to “enforce access control” would be that it can significantly slow down internet access speeds.

Most of these threads don’s reference specific routers. I have been reading up on Enforce access control and how it can affect speed.

I would love to have a table of the pcWRT branded routers with the following (you might want to included it on the main web site sales section).

Router.
For each router; Typical speeds with no VPN (no access control); Typical speeds with no VPN (access control enabled); Typical speeds with VPN (no access control); Typical speeds with VPN (access control enabled);

I have the D2 router and 500mbps fiber. I am quite curious if I should have bought the PW-AX1800.

Thanks 🙂

Keep in mind that some of us are on a budget and consequently may be buying used routers. And while all pcWRT users have security/access concerns, sacrificing speed is a tradeoff that could affect our choice or router (and perhaps even result in buying a new one or faster model.

[Rocket88]

OK, I just logged into the currently disconnected router.
As I had remembered access control was off.
I turned it on and I see that “enforce access control” was checked. I also see the two sites I had entered as black lists were still there, so I infer that turning off access control did not change the setting I had previously set.

So, perhaps turning access control for some reason failed to turn it off (maybe till a reboot). If so turning off “enforce access control” may be a solution.

So far I have avoided profiles and for simplicity would prefer not to do so. But maybe I need to and only block profiles that are poorly behaved?

I don’t understand exactly what that checkbox does. During my test period I did initially find several devices reaching out to places for no good reason (for example samsung printer was constantly communicating with “myprinterison.com” so I did create a black list (currently only 2 items in it.

If there was a complete manual I would read it cover-to-cover. I do try to search these forums, but that’s not always a good way to find background.
I will wait to hear your comments and will then reconnect it next time no one is at home, and try with and without that checkbox. If that solves the speed problem I will need to know more about what it does (I am going to do some searches on that now).

Thanks for the help.

[Rocket88]

Ooops, sorry. All speed tests were with ethernet. My test computer is a Macbook pro with built in 1000Base-T Ethernet port. All tests were performed several times with to different speed test sites.

Testing with the ONT connected directly to the computer worked very poorly, perhaps that’s a clue.

Connecting the D2 to the ONT gave significantly slower results than connecting the Verizon router to the ONT.

Here is information on the Verizon router (I can send screenshots if you wish):

Broadband IPv4
Status
Connected
IPv4 address is from:
DHCP
IPv4 address
71.163.37.101
Subnet Mask
255.255.255.0
IPv4 Default Gateway
71.163.37.1
IPv4 DNS Address 1
71.252.0.12
IPv4 DNS Address 2
71.242.0.12
NATs Supported (used / max)
128 / 30000
Broadband IPv6
Status
Connected
IPv6 address is from:
DHCPv6-PD
Delegated Prefix
2600:4040:276b:6700::/56
IPv6 Address
2600:4040:276b:67ff::1/56
Link-Local Address
fe80::7a67:eff:feb7:8e2b
IPv6 Default Gateway
fe80::fac0:1ff:fe73:d7c2
IPv6 DNS Address 1
IPv6 DNS Address 2
Router
Firmware Version
3.6.0.2_BD
Hardware Version
0.0.A
Model Name
CR1000A
Serial Number
ABV24705456
LAN IPv4 Address
192.168.1.1
Broadband MAC address
78:67:0E:B7:8E:2B
Broadband Physical Connection
Ethernet

Before disconnecting I did turn of access control and DOH and saw no significant change. By then the 13 year old was going ballistic and the wife was none to happy either (neither of them even understand my concern about security).

Not sure what Enforced access control means (I will do some searching these forums). I have not enabled remote administration and have been doing all admininstration via ethernet on the same computer used for the testing.

My pre-testing and configuration was behind the VZ router so I was not too concerned about speed as it was two routers daisy chained.

I am not too concerned about WiFi speed as I will be using a couple of access points to extend the Guest network to the upstairs and basement. Ideally I will buy another pcWRT device so I can extended the LAN network and IOT networks too, but for now I only own this one, so I only extended the network that the 13 year old uses (she’s the biggest security risk other than the IOT stuff).

[Rocket88]

I found an Adguard version that does what I want, so the above question is no mostly rhetorical. Still, I would love to know what I did wrong.

I have completed my sandbox stage and the Newifi D2 is now my gateway router. SO far so good.

[Author]

Posts