[Rocket88]

Your best bet to determine you max internet speed is to connect a PC that has ethernet directly to your cable modem or optical network tranceiver (ONT) and run a speed test from the computer. To get the most accurate results reboot the computer and then be sure the speed tester is the only program running. If using a browser based speed checker be sure there is only a single tab open.

Best to try a few different speed checkers.

[Rocket88]

Makes sense. I guess one could add “do your homework or go to bed” LOL

Thanks

[Rocket88]

Just a bit of terminology for you. Lets assume the case of an Ethernet switch that supports VLANs (virtual LANS).

Lets assume that it supports 20 ports and you wish to run 5 completely separate networks. In that case you could/would configure 5 VLANs and each VLAN has 4 ports (just an example, the number of ports could be different for each VLAN). In effect you actually now have 5 ethernet switches!

To keep things clean the devices on each of these would have IP addresses assigned to them with differing subnets. If the device NEVER need to communicate across VLANs you don’t have to do this, but if they do it is necessary.. SO in that case you also have 5 separate IP networks, each on its own virtual switch.

But what if you want some or all devices to be able to talk to each other? IN that case you need a router and that gets intimidating quickly.

If the switch has “Layer3” capabilities that means it has a router built in. So in that case you can can use the router to route traffic across networks, just like on the Internet proper.

If you want to keep this simple, and avoid learning about the details of routing (or even VLANs) you buy a pcWRT router! You will notice that your pcWRT router is assigning completely different IP addresses on the different VLANs (LAN, Guest, X1, X2,a and X3). So you don’t need to do that. A bit mysterious if you don’t have this background info.

Then the routing is configured using those check boxes. All very simple. I understand the 1000 foot view, but don’t have the time or interest to learn about routing. I am very pleased to have it all with an EZ button like here!

It would be even simpler if there were a user manual, but with the search function on the forums here you can general find the answer. Or ask the question and generally get a prompt answer.

[Rocket88]

I have to compliment pcWRT support. Sure, we all would love to have instant support. But at most companies it would take day to weeks to infinity to get to actual technical people. And even then they would probably not admit to a bug.

Great job responding and taking ownership! SO rare these days!

[Rocket88]

Wow, that’s great.I already did the partial upload and re-entered stuff, but great to know for the future. AM excited to get the AX1800 up and running. I will then use the D2 in access point mode to extend upstairs.

[Rocket88]

Thanks for the response. I guess the rental verizon router is pretty fast, LOL.

I am definitely not concerned about members of the family using proxies or literal IP addresses.

SO it sounds like I can live without the full access control feature. Mostly I bought the router to isolate my IOT stuff and I while I may not trust DOH providers, I definitely don’t trust Verizon with my DNS inquiries, LOL. I also like the fact most of the DOH services also offer ad blocking and some malware blocking which would be very good for other members of my family (I am with a security conscious employer so I get lots of training and an probably pretty safe myself, but the family…

Eventually I will want to get a second pcWRT router as I do want to extend more than one VLAN using a second access point. I am doing this now, but I can only extend one, which is OK, but not ideal.

There’s a PX1800 used on ebay that I may grab. Originally I was thinking I would eventually get a second D2. Good to know the PX1800 really is faster.

HOPEFULLY with enforced access control OFF the family won’t notice the speed decrease when I deploy this again. I am going to get enough flack explaining how to turn off ad blocking when something they use doesn’t work. But I suspect the lack of ads will be something they will be happy about.

Definitely looking forward to getting the IOT stuff isolated, as well as blacklisting stuff they are sending too (already blocked “myprinterison” that the Samsung is regularly phoning home to).

Thanks again for the real world report 🙂

[Rocket88]

OK, so readin gthis thread after starting and following threads about speed.

So, I conclude that the biggest drawback to “enforce access control” would be that it can significantly slow down internet access speeds.

Most of these threads don’s reference specific routers. I have been reading up on Enforce access control and how it can affect speed.

I would love to have a table of the pcWRT branded routers with the following (you might want to included it on the main web site sales section).

Router.
For each router; Typical speeds with no VPN (no access control); Typical speeds with no VPN (access control enabled); Typical speeds with VPN (no access control); Typical speeds with VPN (access control enabled);

I have the D2 router and 500mbps fiber. I am quite curious if I should have bought the PW-AX1800.

Thanks 🙂

Keep in mind that some of us are on a budget and consequently may be buying used routers. And while all pcWRT users have security/access concerns, sacrificing speed is a tradeoff that could affect our choice or router (and perhaps even result in buying a new one or faster model.

[Rocket88]

OK, I just logged into the currently disconnected router.
As I had remembered access control was off.
I turned it on and I see that “enforce access control” was checked. I also see the two sites I had entered as black lists were still there, so I infer that turning off access control did not change the setting I had previously set.

So, perhaps turning access control for some reason failed to turn it off (maybe till a reboot). If so turning off “enforce access control” may be a solution.

So far I have avoided profiles and for simplicity would prefer not to do so. But maybe I need to and only block profiles that are poorly behaved?

I don’t understand exactly what that checkbox does. During my test period I did initially find several devices reaching out to places for no good reason (for example samsung printer was constantly communicating with “myprinterison.com” so I did create a black list (currently only 2 items in it.

If there was a complete manual I would read it cover-to-cover. I do try to search these forums, but that’s not always a good way to find background.
I will wait to hear your comments and will then reconnect it next time no one is at home, and try with and without that checkbox. If that solves the speed problem I will need to know more about what it does (I am going to do some searches on that now).

Thanks for the help.

[Rocket88]

Ooops, sorry. All speed tests were with ethernet. My test computer is a Macbook pro with built in 1000Base-T Ethernet port. All tests were performed several times with to different speed test sites.

Testing with the ONT connected directly to the computer worked very poorly, perhaps that’s a clue.

Connecting the D2 to the ONT gave significantly slower results than connecting the Verizon router to the ONT.

Here is information on the Verizon router (I can send screenshots if you wish):

Broadband IPv4
Status
Connected
IPv4 address is from:
DHCP
IPv4 address
71.163.37.101
Subnet Mask
255.255.255.0
IPv4 Default Gateway
71.163.37.1
IPv4 DNS Address 1
71.252.0.12
IPv4 DNS Address 2
71.242.0.12
NATs Supported (used / max)
128 / 30000
Broadband IPv6
Status
Connected
IPv6 address is from:
DHCPv6-PD
Delegated Prefix
2600:4040:276b:6700::/56
IPv6 Address
2600:4040:276b:67ff::1/56
Link-Local Address
fe80::7a67:eff:feb7:8e2b
IPv6 Default Gateway
fe80::fac0:1ff:fe73:d7c2
IPv6 DNS Address 1
IPv6 DNS Address 2
Router
Firmware Version
3.6.0.2_BD
Hardware Version
0.0.A
Model Name
CR1000A
Serial Number
ABV24705456
LAN IPv4 Address
192.168.1.1
Broadband MAC address
78:67:0E:B7:8E:2B
Broadband Physical Connection
Ethernet

Before disconnecting I did turn of access control and DOH and saw no significant change. By then the 13 year old was going ballistic and the wife was none to happy either (neither of them even understand my concern about security).

Not sure what Enforced access control means (I will do some searching these forums). I have not enabled remote administration and have been doing all admininstration via ethernet on the same computer used for the testing.

My pre-testing and configuration was behind the VZ router so I was not too concerned about speed as it was two routers daisy chained.

I am not too concerned about WiFi speed as I will be using a couple of access points to extend the Guest network to the upstairs and basement. Ideally I will buy another pcWRT device so I can extended the LAN network and IOT networks too, but for now I only own this one, so I only extended the network that the 13 year old uses (she’s the biggest security risk other than the IOT stuff).

[Rocket88]

I found an Adguard version that does what I want, so the above question is no mostly rhetorical. Still, I would love to know what I did wrong.

I have completed my sandbox stage and the Newifi D2 is now my gateway router. SO far so good.

[Rocket88]

www.speedof.me seems pretty good and what I am using. Still interested in what others like.

[Rocket88]

Additional comment. Please list acceptable special characters in WiFi passwords. Or, better yet, range change and refuse those that aren’t acceptable.

I uncovered my problem, it wasn’t DHCP. It was the character ‘ in my password. I changed it to an @ and all is working.

I still think it would be nice to know when a new network is created what DHCP pool has been created and the range for DHCP versus static.

Thanks

[Rocket88]

I had a similar issue with my Canon printer. I believe mDNS may have been the solution. But whatever it was that fixed it required that I power cycle the NeWiFi D2 router to fix it. Just figured I should pass that along. This is V 2.8.0

Setup has been somewhat vexing, but I am sure much better than a pro router with comparable security features.

[Rocket88]

This is a wonderful feature. Others should copy it!

As part of my security overhaul I am identifying and naming each and every device on my network. In the process I am giving them all fixed internal IP addresses which will be very handy for administration. Should also eliminate the occasional issues with printing where printers have obtained new DHCP IP addresses.

Brilliant idea, and as you say, no real down side unless you are running out of internal IP addresses.

[Rocket88]

This might be an ethernet configuration problem. Does your router have setting for speed, duplex, etc. If so, try setting it to Auto. Also, while it makes no sense, possibly try another Ethernet cable just to be sure.

Presumably you may have solved this already, but it would be great if you share the solution (if you still remember LOL).

[Author]

Posts