[SOLVED] Bought New Router, help with Setup.

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
Hi,

Which settings/options shall I choose/enable/disable that is overall best optimised for Online Gaming, Privacy & Security:


- Is TWT setting only for battery powered portable wifi 6 devices and shall I enable this setting in my router?

- What is NAT setting, shall I enable it?

- What is Get IP using Unicast DHCP setting?

- Dynamic DNS - what happens if I select NO-IP option for this setting?

- What happens if I enable Airtime Fairness setting?

- What is WMM setting?

- What is AP Isolation setting?

- What is QoS setting?

- What is Local Router Management via HTTPS?
 
Solution
Hello yes I provided the link in my previous post. Hope this help.

Is DDNS provider means my ISP?

Okay just to clarify AP Isolation means to stop Mobile Hotspot & Tethering?

When you say what ISP package relating to QoS, do you mean what speed package I got from my ISP?

Just to confirm Local Management via HTTPS means its more secure when I access my router admin interface settings?
DDNS is something that you register for as a service. NO-IP is one provider, as is dyndns. It is a method to allow you to assign a URL to the changing public IP address on your router. Unless you have devices/services that you want access to from a remote network, you don't need DDNS. DDNS is very different from DNS, which you do need...

kanewolf

Titan
Moderator
Hi,

Which settings/options shall I choose/enable/disable that is overall best optimised for Online Gaming, Privacy & Security:


- Is TWT setting only for battery powered portable wifi 6 devices and shall I enable this setting in my router?

- What is NAT setting, shall I enable it?

- What is Get IP using Unicast DHCP setting?

- Dynamic DNS - what happens if I select NO-IP option for this setting?

- What happens if I enable Airtime Fairness setting?

- What is WMM setting?

- What is AP Isolation setting?

- What is QoS setting?

- What is Local Router Management via HTTPS?
Please start by telling us what make and model router you have so we can look up a user's manual.

NAT should generally be ENABLED
DynamicDNS is only applicable if you have a DDNS provider set-up
AP Isolation is a setting that will prevent WIFI clients from directly connecting to each other
QoS is "Quality of Service". It may be important or may not. It depends a lot on what ISP package you have.
Local management via HTTPS means that it encrypts the local connection for management.
 

very_452001

Distinguished
Mar 8, 2014
344
2
18,785

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
Please start by telling us what make and model router you have so we can look up a user's manual.

NAT should generally be ENABLED
DynamicDNS is only applicable if you have a DDNS provider set-up
AP Isolation is a setting that will prevent WIFI clients from directly connecting to each other
QoS is "Quality of Service". It may be important or may not. It depends a lot on what ISP package you have.
Local management via HTTPS means that it encrypts the local connection for management.

Hello yes I provided the link in my previous post. Hope this help.

Is DDNS provider means my ISP?

Okay just to clarify AP Isolation means to stop Mobile Hotspot & Tethering?

When you say what ISP package relating to QoS, do you mean what speed package I got from my ISP?

Just to confirm Local Management via HTTPS means its more secure when I access my router admin interface settings?
 

kanewolf

Titan
Moderator
Yes the link is here:

https://static.tp-link.com/manual/2021/202107/20210721/Archer AX20(US)2.0_User Guide.pdf

I do not understand the gibberish Jargon in the manual hopefully you can help me.
There is very little that should be tweaked on router after a factory reset.
Input any ISP REQUIRED data
Set the admin password
Firmware update
Set the WIFI name(s) and password(s).
Disable WPS for security
Disable uPNP for security

The rest can be left alone unless you can identify the router as your problem.
 

kanewolf

Titan
Moderator
Hello yes I provided the link in my previous post. Hope this help.

Is DDNS provider means my ISP?

Okay just to clarify AP Isolation means to stop Mobile Hotspot & Tethering?

When you say what ISP package relating to QoS, do you mean what speed package I got from my ISP?

Just to confirm Local Management via HTTPS means its more secure when I access my router admin interface settings?
DDNS is something that you register for as a service. NO-IP is one provider, as is dyndns. It is a method to allow you to assign a URL to the changing public IP address on your router. Unless you have devices/services that you want access to from a remote network, you don't need DDNS. DDNS is very different from DNS, which you do need and it is what translates URLs to IP addresses.
I don't know what you mean with your question about AP isolation and Mobile Hotspot/Tethering. Mobile Hotspot is a function of the phone, not your home router.
Yes, when I say "ISP package", I mean speed you are paying for from your ISP.
Local management with HTTPs -- More secure??? Theoretically. Necessary? IMO, NO.
 
Solution

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
There is very little that should be tweaked on router after a factory reset.
Input any ISP REQUIRED data
Set the admin password
Firmware update
Set the WIFI name(s) and password(s).
Disable WPS for security
Disable uPNP for security

The rest can be left alone unless you can identify the router as your problem.

Okay Is uPNP required for most apps to get them working fully properly? For example whatsapp video call might need uPNP to work right or will disabling uPNP like you suggested will cause no probs for apps to fully work?

I thought WPS is local meaning you got to have physical access to the router to have WPS access. Do you mean someone can have remote access to the router over the internet if enable WPS?
 
Last edited:
I would let UPnP disabled until it gives you some problem. There is a long history of hacking related to UPnP.

WPS is not just that stupid button. It also has a 8 digit pin that can not be changed. The pin can be hacked in a mater of minutes and since you can't change it the person now has permanent wifi access.
This feature I feel should not even be on routers but at least ever router I have seen now has a option to completely disable it.
 

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
DDNS is something that you register for as a service. NO-IP is one provider, as is dyndns. It is a method to allow you to assign a URL to the changing public IP address on your router. Unless you have devices/services that you want access to from a remote network, you don't need DDNS. DDNS is very different from DNS, which you do need and it is what translates URLs to IP addresses.
I don't know what you mean with your question about AP isolation and Mobile Hotspot/Tethering. Mobile Hotspot is a function of the phone, not your home router.
Yes, when I say "ISP package", I mean speed you are paying for from your ISP.
Local management with HTTPs -- More secure??? Theoretically. Necessary? IMO, NO.

Yes I meant the phone using wifi then turning on mobile hotspot/tethering on that phone so another phone can use that hotspot phone for internet instead of connecting directly to the router. AP Isolation stops this?

Ok the speed package I'm getting is:
362 Mbps Down and 36 Mbps Up
How does this relate to QoS?

HTTPS adds encryption over HTTP so should be more secure right but isn't necessary you mean?
 

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
I would let UPnP disabled until it gives you some problem. There is a long history of hacking related to UPnP.

WPS is not just that stupid button. It also has a 8 digit pin that can not be changed. The pin can be hacked in a mater of minutes and since you can't change it the person now has permanent wifi access.
This feature I feel should not even be on routers but at least ever router I have seen now has a option to completely disable it.

Okay you mean someone outside my house can easily hack WPS gaining access to my wifi in minutes? You mean the 8 digit pin the router generates or the 8 digit pin the client end device generates that is easy to hack? Easier to hack than WPA2 security?
 
The WPS is set when the router is manufactured and can not be changed. It is a simple 8 digit number but it is even worse because it is more like 2 4 digit numbers so it takes many less guesses. You can use a cellphone to guess it in minutes.
WPA2 can only really be hacked with a super computer and even then it would take many years. Once you get WPS cracked the router will provide you with the WPA2 key and as soon as you change to a new key the router will give the WPS client the new key.

So on you other issues. That is not what tethering is. Tethering the phone connect to the internet via mobile broadband and then shares that connection to another device it does not connect to the router WIFI and then attempt to share that. That would be more a repeater. AP isolation prevents wifi clients from talking to each other.
QoS only matters if you are overloading the internet connection. If there is no data being delayed then there is no choice to make over which should go first. You will not overload a high speed connection and if you are then you run into the problem that the router CPU can not process the QoS rules fast enough and will bottleneck a fast connection. HTTPS is more secure BUT you really have to understand why it is secure. Part of HTTPS to ensure that nobody spoofs the site name it uses special keys that are kept in authenticating servers. Because the router is not actually using a public domain name for the local site it does not have a entry in these servers. It uses what is called a self generated certificate. The browser will detect this and you will get warnings that the site is not secure.
 

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
The WPS is set when the router is manufactured and can not be changed. It is a simple 8 digit number but it is even worse because it is more like 2 4 digit numbers so it takes many less guesses. You can use a cellphone to guess it in minutes.
WPA2 can only really be hacked with a super computer and even then it would take many years. Once you get WPS cracked the router will provide you with the WPA2 key and as soon as you change to a new key the router will give the WPS client the new key.

So on you other issues. That is not what tethering is. Tethering the phone connect to the internet via mobile broadband and then shares that connection to another device it does not connect to the router WIFI and then attempt to share that. That would be more a repeater. AP isolation prevents wifi clients from talking to each other.
QoS only matters if you are overloading the internet connection. If there is no data being delayed then there is no choice to make over which should go first. You will not overload a high speed connection and if you are then you run into the problem that the router CPU can not process the QoS rules fast enough and will bottleneck a fast connection. HTTPS is more secure BUT you really have to understand why it is secure. Part of HTTPS to ensure that nobody spoofs the site name it uses special keys that are kept in authenticating servers. Because the router is not actually using a public domain name for the local site it does not have a entry in these servers. It uses what is called a self generated certificate. The browser will detect this and you will get warnings that the site is not secure.

If it takes a super computer to crack the WPA2 encryption then why has WPA3 been released then? Windows 10 started to support WPA3 and my router supports it too.

Can QoS make online gaming better and if so how do I set QoS up? My router is quad core cpu so is it fast enough to process QoS without bottleneck?

Lastly do you know what is Get IP using Unicast DHCP setting? Does this make my public IP address private and shows router DHCP IP address instead?
 
None of the oem QOS algorithms are very good.

For good traffic shaping QOS, you need the FQ_Codel or CAKE algorithm. The algorithms are very cpu intensive and single threaded. So only works on 1 core. Its not available on every router, but is an available library on OpenWRT. So ASUS routers with Merlin firmware have them. Howver, even the best ARM cpus tend to max out around 300-400mbps.

What type of internet do you have? Cable, Fiber, Cellular?
 

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
None of the oem QOS algorithms are very good.

For good traffic shaping QOS, you need the FQ_Codel or CAKE algorithm. The algorithms are very cpu intensive and single threaded. So only works on 1 core. Its not available on every router, but is an available library on OpenWRT. So ASUS routers with Merlin firmware have them. Howver, even the best ARM cpus tend to max out around 300-400mbps.

What type of internet do you have? Cable, Fiber, Cellular?

Its Cable Internet.
 
Maybe a better approach would be to try to use the settings in most download programs to avoid the problem to begin with rather than trying to jump through hoops getting software to run on a router. Most other more normal traffic can come nowhere close to using a large internet connection.
 

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
Internet LED light on Router Orange, no Internet help

According to the router manual, it states its a problem with my ISP. I also logged into my router and it too states ISP issue contact your ISP for no Internet. This made me assume problem is with my ISP not the router.

However when I log into router and click on restart it fixed the problem and internet working as normal. Why is that? I just bought the Router brand new last week and it was working fine until now with this issue.

Router is mostly at default settings with the latest firmware.
 
This is not likely a issue with the router.

You must have some kind of modem or other device the router plugs into. If it is a cable modem you can likely access it and see if there are any errors. If it is some kind of optical termination device for a fiber that may or may not have a way to log into it.
Are there any lights on this box.

I guess you could try a different cable but that is unlikely the problem. Be sure you use a quality cable do not use those flat cables.

What this is more or less telling you is the router has a electrical connection to the modem but no actual internet data is passing. The most likely thing is the internet is somehow going down. rebooting the router might just be a coincidence that forces the modem to attempt to resync.

If this is happening a lot you could plug a pc directly into the modem and see if that fails.
 

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
This is not likely a issue with the router.

You must have some kind of modem or other device the router plugs into. If it is a cable modem you can likely access it and see if there are any errors. If it is some kind of optical termination device for a fiber that may or may not have a way to log into it.
Are there any lights on this box.

I guess you could try a different cable but that is unlikely the problem. Be sure you use a quality cable do not use those flat cables.

What this is more or less telling you is the router has a electrical connection to the modem but no actual internet data is passing. The most likely thing is the internet is somehow going down. rebooting the router might just be a coincidence that forces the modem to attempt to resync.

If this is happening a lot you could plug a pc directly into the modem and see if that fails.

Checked the cable modem and its working fine. The problem is on the router end.

Light is showing good on modem but orange no internet on router.

Why rebooting temporarily fixes this and a day later or hours later intermittent orange light issue comes on again?
 
Make sure you follow the proper boot up sequence for your equipment.

  1. Turn off Both modem and router.
  2. Turn on Modem, but not router.
  3. Let modem boot up and fully acquire internet access. Don't test using a computer directly, or that will throw off the sequence.
  4. Plug WAN cable into modem to router.
  5. Boot up router.

If the router boots up before the modem, i've seen that cause problems. If you connect a computer to the LAN cable, then to the router. I've also seen that cause issues.
 

very_452001

Distinguished
Mar 8, 2014
344
2
18,785
Make sure you follow the proper boot up sequence for your equipment.

  1. Turn off Both modem and router.
  2. Turn on Modem, but not router.
  3. Let modem boot up and fully acquire internet access. Don't test using a computer directly, or that will throw off the sequence.
  4. Plug WAN cable into modem to router.
  5. Boot up router.
If the router boots up before the modem, i've seen that cause problems. If you connect a computer to the LAN cable, then to the router. I've also seen that cause issues.

The modem always is left on, we don't turn it off. So I cannot see how my router is booted up before my modem 😕