ASUS AX6000 Intranet/Subnet configuration

Thanks to both of you for jumping in and initiate the conversation. Also, thanks for been honest in your answers. Maybe we can learn something with this post. 

It is too bad that xFinity Administrators/Technicians/Programmers/CEOs did not predict the evident scenario, “what else can I do to mitigate certain situations related to their network design.”

Since I am not the type of person that leaves issues in the air without an answer, I did some research about this technical issue. Anyone that logs or research and see this post can see this very productive discussion from our Community, the Netgear Community and other places on the internet where other people had similar issues.

To answer my own question, 

“— Do you think it will be any issues if I configure the ASUS to run on my actual intranet configuration 192.168.0.1 instead of the 10.0.0.1 intranet of the xFinity gateway?”

I finally received the ASUS router and the configuration to the Class B 192.168.0.1 intranet is working just fine. There are no issues whatsoever from changing from intranet 10.0.0.1 to 192.168.0.1. The ASUS router was very good to assign all my devices on the intranet without any conflicts. In opposite to the xFinity Orbi Router Gateway that cause some compatibilities issues with some of my devices.

For those interested to change their intranet IP address from 10.0.0.1 to another one, here is where and how you do it on the Netgear Orbit Modem/Router. 

[image Gateway > Connection > Local IP Configuration]

From my research, here is the first answer, I pick from the SuperUser Community:

Title: Does it matter if router is set to 10.0.0.1 or 192.168.1.1

https://superuser.com/questions/72431/does-it-matter-if-router-is-set-to-10-0-0-1-or-to-192-168-1-1

And here is the second answer from the Netgear Community:

Title: How do I change my IP Address

https://community.netgear.com/t5/Orbi/RBK50-how-do-I-change-my-IP-Address/td-p/1687702

The title of the post is a little poor because the person asking was not an advanced user. But his technical request was very valid.

The reason this person asked this question was because he had one device running the same internal IP address 10.0.0.1/24 of the xFinity Gateway Orbi modem/router. He also state that he had no way to change his device IP address. Furthermore, the xFinity Orbi router was in conflict with his device. Since one must scroll all the way down to look for his motive, I am posting the image here so you can localize what he wrote.

[image of “TLane1957” motive]

Title: RBK50 how do I change my IP Address
https://community.netgear.com/t5/Orbi-Wi-Fi-5-AC-and-Orbi-with/RBK50-how-do-I-change-my-IP-Address/td-p/1687702

Another motive is for those that want to use double NAT, having some devices on the xFinity primary network and other devices on a 2nd router. For that, you should use different pools of internal IP addresses to not conflict with the xFinity router DHCP. An example, you can find here: Note that running double NAT is only for advanced users.

Double NAT vs. Single NAT: How to Best Handle an (ISP-Provided) Gateway
https://dongknows.com/double-nat-vs-single-nat/

Mesh Wi-Fi Systems, Explained: How to Best Use Multiple Broadcasters
https://dongknows.com/mesh-wi-fi-system-explained/

Another useful link is the Subnet calculator.

https://www.subnet-calculator.com/

If for any reason you cannot do it on the xFinity gateway modem/router, send that back to Comcast and get your own Netgear Orbi Modem/router or some other one. The link to know the xFinity approved cable modem/router can be found here:

Recommended Devices for Our Internet Plans:
https://assets.xfinity.com/assets/dotcom/projects/cix-4997_compatible-devices/2023.10.23%20Full%20List%20of%20Compatible%20Devices.pdf

My Comments:

I think the first thing XFinity Administrators/Technicians/Programmers/CEOs must understand are:

1. You are providing the internet connection. The customer is the one paying the bill. Therefore, the customer is your boss, he is the administrator of the account with all the permissions.

2. Trying to stick down people's throat a one way system, it is a poor proposition. It reminds me of that French technique to force-feeding a goose called, “Foie Gras”.

3. I can understand that some people have no network technical skills and do not exactly understand how their internet connection works. They just want to have their devices working without any technical effort. For those people, this type of system might work, not sure yet when something goes wrong, if they can fix without talking to a robot that could not give the resolution to some technical issues.

4. I strongly think that Comcast DBA, xFinity should supply two types of firmware mode in their xFinity Modem router gateway, and let their customers decide which one is best for them.

   A) The one that they have right now, where you configure your modem/router through an app on their phone and let the xFinity run the entire connection and deciding what device they want to accept or not.

   B) Another one for advanced users, where they have total control of their modem/router. Where they can place the router in Bridge mode or Access Point mode common refer as AP, or if they want to run the modem router with all the features on their own. 

   C) Reminding the firmware programmers to give absolutely no access to “anyone or any computer” on the internet because doing that is a security risk.

[image Advanced > Remote Management]

5. I do not want to have one single 2.4 SSID Broadcast wireless connection and one single 5 GHz SSID Broadcast wireless connection and one single 6.0 GHz SSID Broadcast wireless connection. 

Where is the wireless SSID Guest connection? I think that is important to have for security reasons.

What if a guest comes to the house and want to use the internet? Of course, they are going to ask for the password for the Wi-Fi. Am I going to give my main password of my private connections? I want to be able to have the guest connection, so I can keep things separate from my other networks and devices.

One of the biggest flaws that I found on the new xFinity gateway modem/router is the inability to enter extra characters on the router login password page. That is pretty much standard these days. As you know, every time you log in into the router, since the connection is not “https:// protocol” secure, one is transmitting the information on the network for any good hacker to capture their password.

Go ask any programmer at Apple, Linux, and Windows how to push updates securely through the internet. You can send a warning to your advanced users with a secure link through their accounts and they will perform the update. 

I personally do this all the time without any issues.

Because,

— There are many people that do not have access to a cell phone.
— There are people that have devices on a different intranet.
— Some people do not want others intruding in their intranet or devices.

xFinity argument is that they are supplying more security to their customers is a little questionable. I want to remind people that famous phrase,

“Those that give their privacy to have security will end up to lose their privacy and security!”

I think an ISP should provide the best and safe internet connection possible and give to their customers choices for connecting. One way choice is not the way to go.

Therefore, that is some of my points and I hope xFinity Administrators/Technicians/Programmers/CEOs will take that to heart and my time to write this report won't go to waste.