Question Huawei Router to Asus Router configuration ?

[Torchio]

Hi everyone, would like to ask for opinion.

I have this ISP-supplied router, A Huawei HG8245H5 ONT Fiber Optic.
I've just bought this Asus RT-AX1800HP Router and already set this up using really basic setup (easy setup)

1. LAN Cable from Huawei router LAN 1 to Asus WAN port (cat 6)
2. LAN 1 from Asus to my PC, set Asus to wireless router (default), IP set to DHCP / automatic IP
3. Disable Huawei router radio / wlan (2.4ghz)

The internet speed seems to be working flawlessly fine than my ISP router, but I found that this double NAT thing that I am not sure of.
As I often play console / mobile phone competitive games, is it gonna disturb my ping? or should I worry with anything else?
I do have advance access to the Huawei GUI so I can change the mode to bridge WAN, and I can see that the
Huawei is using DHCP protocol (not PPPoE or static).

Should I change the ISP router mode to bridge WAN, if so what extra steps do i have to configure my Asus router? note that my ISP is pain in the ass to contact so I just want to configure this on my own.
Or can I just leave this setup as it is ?

Any answers will be much appreciated, thank you!

 

[bill001g]

Why do you have the asus router in the first place.

I have not looked up the devices you list but does the asus have some wifi ability that the ISP router does not. Many ISP routers are using the same wifi chips as other routers.

If it is just wifi then set the asus to AP mode and it becomes a stupid switch that has wifi radios connected. It is basically transparent.

Other cases really depends on what feature you need on the asus.

In general you can solve the dual nat issue by using a DMZ option, could have other names, that in effect port forwards all the ports to asus router wan ip. This solution fixes the vast majority of double nat issues.

 

[Torchio]

Why do you have the asus router in the first place.

I have not looked up the devices you list but does the asus have some wifi ability that the ISP router does not. Many ISP routers are using the same wifi chips as other routers.

If it is just wifi then set the asus to AP mode and it becomes a stupid switch that has wifi radios connected. It is basically transparent.

Other cases really depends on what feature you need on the asus.

In general you can solve the dual nat issue by using a DMZ option, could have other names, that in effect port forwards all the ports to asus router wan ip. This solution fixes the vast majority of double nat issues.

Thanks for your response.

I believe my ISP router isn't capable of delivering the WIFI speed I have paid for as there are too many devices connected to it, even worse got half to 1/4 speed (not stable also, jumping ping,etc). I am also tempted Asus feature Aimesh I might grab the cheapest wifi6 router in the future, but for now I am satisfied for wide coverage Asus has compared to old router.

I guess for now just like you said it's just for wifi and switch for my PC and PS5 probably. So change the router mode to AP mode? Do I need to set anything else?

I am not sure of this DMZ option and port forwards. Are you referring to port fowarding? can you break down this method if it is not too much hassle? thank you very much

 

[bill001g]

DMZ is really the wrong name since it has a completely different definition on a firewall but that is the common name used on consumer routers.

What this means on a consumer router is it forwards all ports. It would be a major pain to try to type in every possible port in a forwarding rules so most routers have a option to forward all ports with one command/line.

Pretty much you just have to set the router to AP mode and it fixes everything else. Maybe you have to change the lan IP on the asus router to not conflict with your ISP router. The AP setting might do that by itself. The IP is only used when you need to make a change to the asus/ap settings.
Most times you set the wifi settings on a AP and then never touch the device again.

 

[Torchio]

DMZ is really the wrong name since it has a completely different definition on a firewall but that is the common name used on consumer routers.

What this means on a consumer router is it forwards all ports. It would be a major pain to try to type in every possible port in a forwarding rules so most routers have a option to forward all ports with one command/line.

Pretty much you just have to set the router to AP mode and it fixes everything else. Maybe you have to change the lan IP on the asus router to not conflict with your ISP router. The AP setting might do that by itself. The IP is only used when you need to make a change to the asus/ap settings.
Most times you set the wifi settings on a AP and then never touch the device again.

So you're saying just set the Asus router to AP mode, set the IP to automatic and let it be, no need for DMZ option ? I do found the DMZ option under WAN tab in Asus interface so I can go through that if I need to.

I didn't touch any of LAN IP, just leaving this by default IP.
By lan IP you referring to the interface for each router right?

 

[Torchio]

I've just configured Asus router to AP Mode with automatic IP.
so firstly I unplugged the wan port and reset asus router. Using LAN 1 to my PC, set it to AP Mode, setting the WIFI name and password, finishing up.

When I plugged back the internet port to WAN, the WIFI has internet connection, but my PC doesn't until I plug it from LAN 1 to LAN 3 then I have internet connection on PC. I also noticed the LAN IP changed from default to other number, figuring it out by asus router on mobile app.

Just curious why can't I have internet connection on LAN 1 except of LAN 3? is it normal when changing it to AP mode?
EDIT : ignore my curiosity, LAN 1 is working fine after re -plugged lol

 

[bill001g]

It is strange that it does not work with the wan port when you set it to AP mode.

In the old days before routers had AP mode and I guess DSL routers still do you would do these 3 steps.
Disable the DHCP server
Change the LAN IP to not conflict with the main router
Connect the routers using the LAN ports.

The only real difference other than having to do it manually is you get extra LAN port. The AP mode is suppose to change the wan port into a lan port.

In any case it should work well for you no matter which method you use. The thing messes stuff up a lot is if you have 2 routers running DHCP

 

[Torchio]

It is strange that it does not work with the wan port when you set it to AP mode.

In the old days before routers had AP mode and I guess DSL routers still do you would do these 3 steps.
Disable the DHCP server
Change the LAN IP to not conflict with the main router
Connect the routers using the LAN ports.

The only real difference other than having to do it manually is you get extra LAN port. The AP mode is suppose to change the wan port into a lan port.

In any case it should work well for you no matter which method you use. The thing messes stuff up a lot is if you have 2 routers running DHCP

Yes probably newer router works by all ports (including wan port) connected to the internet make it simpler.

I noticed I don't have any WAN tab settings in Asus interface, as well as ai protection, parental control (Asus features).

Probably because of the AP Mode, but I am just wondering if I can just set the ISP Router to Bridge Wan mode, and having Asus router to Wireless Router mode, DHCP mode, Automatic IP, and still having all those features Asus give?

Is it gonna work? I've researched that bridge mode will make the ISP router into
a modem if you can say that.

 

[BFG-9000]

I am just wondering if I can just set the ISP Router to Bridge Wan mode, and having Asus router to Wireless Router mode, DHCP mode, Automatic IP, and still having all those features Asus give?

Is it gonna work? I've researched that bridge mode will make the ISP router into
a modem if you can say that.

So long as this is not in a remote location, I would much rather have it set up this way instead to use those features. The problem is each time the ISP pushes new firmware to the modem it may reset your selection of bridge mode and put things back into double-NAT until you go fix it again.

It is strange that it does not work with the wan port when you set it to AP mode.

It is actually not strange for any router using firmware based on OpenWRT as Asus RT-AX1800U and AX1800S are, or AsusWRT (related to Tomato) like AX1800HP or non-U are, because on both the WAN port is put on its own VLAN which is bridged to WAN0 instead of LAN0. After changing to AP mode you would have to manually change the VLAN settings--and if the ASUS firmware hides those from you then it would need to be done via commandline.

 

[Torchio]

So long as this is not in a remote location, I would much rather have it set up this way instead to use those features. The problem is each time the ISP pushes new firmware to the modem it may reset your selection of bridge mode and put things back into double-NAT until you go fix it again.

I am not sure but I think my ISP seldom updates the firmware to the modem here in my area, hell they don't even update the device unless you told them to.
but thanks for the recommandation anyway ! I guess I'll stick with this setup for now.

After changing to AP mode you would have to manually change the VLAN settings--and if the ASUS firmware hides those from you then it would need to be done via commandline.

I'll see if I can change them manually in AP Mode.
Even if I can I don't know what to put, but I've seen the VLAN number in ISP Interface, do you mean by this number?

 

[bill001g]

It really is up to you if you can get the ISP router into bridge mode. There are some ISP that do not allow it.

AI protection is likely that some marketing guy took a marker and wrote "AI" on the box like every other product. People just have to have trendy things even if they do nothing. They likely did not add anything almost all routers have some basic firewall to protect the router itself against attack.

You have to be very careful about using features on routers if you have a high speed internet connection. The main function that a router is doing is the NAT function. To reduce the cpu load this has been moved in to a hardware assist function. The traffic in effect bypasses the CPU. Any feature that needs the CPU to see traffic also means the cpu must now do the NAT function. It is not uncommon for a router on gigabit connection to drop to 300mbps when the cpu has to do all the work.

In addition things like traffic filtering and parental controls are pretty much worthless features. You still see router claim "deep packet inspection". This is not possible because of the use of HTTPS encrypting all traffic. Also because DNS is also many times encrypted you can't end tell the site name. IP addresses have become less unique since the use of large hosting data centers.
This is without the children even attempting to bypass you. Takes them a few second to find proxy and vpn services that defeat any ability to filter their traffic.

 

[Torchio]

It really is up to you if you can get the ISP router into bridge mode. There are some ISP that do not allow it.

AI protection is likely that some marketing guy took a marker and wrote "AI" on the box like every other product. People just have to have trendy things even if they do nothing. They likely did not add anything almost all routers have some basic firewall to protect the router itself against attack.

You have to be very careful about using features on routers if you have a high speed internet connection. The main function that a router is doing is the NAT function. To reduce the cpu load this has been moved in to a hardware assist function. The traffic in effect bypasses the CPU. Any feature that needs the CPU to see traffic also means the cpu must now do the NAT function. It is not uncommon for a router on gigabit connection to drop to 300mbps when the cpu has to do all the work.

In addition things like traffic filtering and parental controls are pretty much worthless features. You still see router claim "deep packet inspection". This is not possible because of the use of HTTPS encrypting all traffic. Also because DNS is also many times encrypted you can't end tell the site name. IP addresses have become less unique since the use of large hosting data centers.
This is without the children even attempting to bypass you. Takes them a few second to find proxy and vpn services that defeat any ability to filter their traffic.

Thank you for your explanation, at least I don't need to worry about losing those features as it stresses the CPU inside the router.
Then I am sticking with AP mode for now

One last thing, I did change the LAN IP Asus router outside IP Address of ISP router and now I cannot access the Asus interface. End IP Address = 192.168.10.254 and I put Asus to 192.168.10.255

Is it supposed to be put this way and therefore never touch the device again? So when there is a problem I'll just hard reset on the device, is that it? Can I access to Asus GUI without hard reset?

 

[bill001g]

Nope can't use 255. I am very surprised you most times get a error if you try that. It though does depend on the subnet mask but I will not go into detail. You are going to have to factory reset it to regain access and then set it back to ap mode again.

So you can change the dhcp range in the ISP router or you can just pick another IP even though it is in the range. Most DHCP allocate the ip from the bottom up. So picking something in the top of the range you will never get a overlap unless you have more than 253 end devices. I tend to recommend 250. 254 will work but it is also a very common IP used by equipment for their default IP so I tend to avoid it.