Your home Gateway (such as the Xfinity xFi Gateway) broadcasts two radio bands to ensure an optimal in-home WiFi experience— one band focused on speed, and one focused on coverage.
These bands work best when they’re operating on a simple, personalized network. Simplifying and customizing your network will make it more secure and provide your devices with better connectivity, and we can help you get there.
Some Background: Understanding the 2.4 GHz and 5 GHz Bands
The 2.4 GHz band offers better WiFi coverage, but is prone to more congestion due to heavy network traffic.
The 5 GHz band offers less range, but delivers faster speeds thanks to less congestion and wider channels.
Understanding how xFi Gateways work
Xfinity xFi Gateways are all-in-one devices that deliver whole-home WiFi coverage, fast Internet speed and the ability to control your home network - for the ultimate connected experience. xFi Gateways are "dual band," meaning that they broadcast two separate radio bands for their WiFi network - a 2.4 GHz band and a 5 GHz band. Historically, you were encouraged to use a different WiFi name and password for each band. You then had to choose which band your devices should connect to. Knowing which would provide the best connection and performance was guesswork. That’s now changed. With the advanced intelligence of xFi Gateways, using the same name and password for the 2.4 GHz and 5 GHz bands lets the Gateway sort out which one will provide a better connection at any given time. You will still have both bands and all the associated functionality, channels and range. However, by using the same WiFi name and password for both, devices will connect seamlessly to the most optimal band at any given time. This is called "band steering." If you have an xFi Gateway (Arris 1682G, Cisco 3941T, Cisco DPC3939, Arris 3482G, Technicolor CGM4140COM or Arris X5001), you should simplify your WiFi and switch to using a single SSID - that is, use the same WiFi name and password for both your 2.4 GHz and 5 GHz bands, so you can take advantage of this seamless connection to the best network.
Changing your WiFi name and password
To get started using the same WiFi name and password across your entire home network, you can login to the xFi mobile app or Website. Once you’re logged in, look for the Network menu. Once you’ve located it, select the Edit WiFi option. From there, you can update your WiFi name and password—it’s that simple.
**Note**: You may need to reconnect some of your devices when using these new settings. Once it’s all said and done, your devices can choose between the best in-home WiFi connection at all times.
You can also automatically simplify to one name and password by selecting the Simplify Your WiFi tile under the Just for You header in the Overview section of xFi.
**Note**: If you have installed xFi Pods, the option to have split 2.4 and 5 GHz bands is disabled.
Added benefits of using one WiFi name and password for your network include fewer connectivity issues, a more secure home WiFi experience, and less troubleshooting. If you’re ready to get the most out of nation’s fastest Internet, log in to xFi today and get started.
Frequently Asked Questions
I only see one in-home WiFi name now and I used to see two - what happened? When you have a single name and password for your 2.4 GHz and 5 GHz bands, you will only see one option to connect. Please be assured that the second WiFi band is still working in the background to optimize your connection. What action do I need to take? If you aren't already using the same WiFi name and password for the 2.4 GHz and 5 GHz bands, you should update your WiFi name and password. The easiest way to update your settings is to select Simplify Your WiFi from the Overview section of the xFi website or mobile app. You can also update your WiFi name and password by selecting Edit WiFi from the Network section of the Xfinity xFi app or website. Learn more about xFi network settings . We'll take care of the rest in the background to optimize your network How do I know if I have an xFi Gateway with this feature? This is eligible on Gateway models Arris 1682G, Cisco 3941T, Arris 3482G, Technicolor CGM4140COM, Cisco DPC3939 and Arris X5001. To determine the type of Gateway you have, check the make and model information located on the bottom of your device. You can also log in to My Account and select Devices to view the make and model of your Gateway. What is band steering and how does it work? Band steering means the xFi Gateway determines which WiFi network band (the 2.4 GHz band or the 5 GHz band) is most optimal for a device's WiFi connection at any given time. It seamlessly changes to the best band based on signal strength and WiFi congestion thresholds. To enable band steering, the 2.4 GHz and 5 GHz bands must have the same WiFi name and password. What happens if the 2.4 GHz and 5 GHz WiFi network band names and passwords are different? If the WiFi network names and/or passwords are different, you will not be able to take advantage of band steering and will need to manually manage which WiFi network band each device connects to. This may lead to slow and intermittent connectivity issues. For example, if a mobile device is connected to the 5 GHz band and loses connection due to distance, you may need to manually reconnect to the 2.4 GHz band. With the same name and password, that process will occur automatically.
For more information refer to Benefits of Using One WiFi Name and Password for Your Home Network
For additional assistance with your Xfinity WiFi see How to improve your Xfinity Wifi
For additional assistance with troubleshooting your Xfinity WiFi see How To Troubleshoot Your Home WiFi Network with XFINITY xFi
Many factors may impact WiFi connectivity in your home. Take the following into consideration for better WiFi performance:
Check Gateway/Router Placement
Place your Gateway, modem or router in the most central location of your home, preferably on the main floor instead of the attic or basement. Make sure it is at least a couple of feet off of the floor and confirm that the coax cable connection is finger tight. Avoid putting your Gateway or router in cramped spaces or next to anything that can block the WiFi signal. The best position is in an open space away from thick surfaces (e.g., concrete walls) and other household electronics that may cause interference with the WiFi signal, such as baby monitors, cordless phones, microwave ovens, refrigerators and Bluetooth-connected devices. **Note**: Consider adding Xfinity xFi Pods to help extend your home WiFi coverage throughout your home. To learn more and purchase, go to xfinity.com/xfipods.
Regularly Reboot Your Equipment
Rebooting (or restarting) your Gateway, modem or router is good for the device's health and for your home WiFi performance. Doing this allows the device to update its software, if necessary, which can help optimize your connection and speed. Learn how to restart your WiFi equipment.
Confirm Your WiFi Network
Sometimes you may be connected to your Gateway's public WiFi hotspot network (xfinitywifi) or secure hotspot network (XFINITY), which can limit your WiFi speed. Go to the WiFi settings of your device to make sure you're connected to your personal in-home WiFi network.
Connect High-Bandwidth Devices via Ethernet
Whenever possible, plugging stationary devices directly into your Gateway or router using an Ethernet cable may provide optimal connectivity. For example, it's ideal for desktop computers, gaming consoles and video streaming devices to be connected with an Ethernet cable instead of connecting wirelessly, since activities on those devices use a lot of bandwidth (e.g., graphic-rich online gaming, movies or TV shows).
Check Bridge Mode and Antennae for Third-Party Routers
If you use your own router along with your Gateway, make sure the Gateway is in bridge mode. Learn more about bridge mode. You'll also want to position the antennae of your router so that one is pointing vertically (12 o'clock), and the other one is pointing horizontally (either 3 or 9 o'clock) to broadcast the strongest signal.
Consider a Different Speed Option
If many devices access your home WiFi network at the same time, you may want to consider a higher speed tier to improve your network's performance. We offer several speed options to serve your needs. Visit My Account to see which level of Internet service you have and the upgrade options that are available.
Other Factors That May Impact WiFi Connectivity:
Technical limitations of personal devices (e.g., an older phone that can't handle faster speeds, out of date operating systems, etc.)
The distance between personal devices and your Gateway/modem/router
Older devices which could be consuming bandwidth and slowing down your network
For more information, refer to Xfinity's in-home WiFi tip sheet. For details about staying connected to your home WiFi network, see how to troubleshoot Xfinity Internet or WiFi connection. If your Gateway is several years old, it may be time to upgrade. Find out more about upgrading your wireless network equipment.
For additional information, refer to Improving your Xfinity WiFi.
Ports on the internet are like virtual passageways where data can travel. All information on the internet passes through ports to get to and from computers and servers. When a certain port is known to cause vulnerability to the security and privacy of your information, Xfinity blocks it to protect you.
Find the Reasons for Blocking Listed Below
Direction Downstream/ Upstream to CPE
Reason for Block
Port 0 is a reserved port, which means it should not be used by applications. Network abuse has prompted the need to block this port.
Port 25 is unsecured, and Botnet spammers can use it to send spam. This does not affect Xfinity Connect usage. We recommend learning more about configuring your email settings to Comcast email to use port 587.
UDP Port 67, which is used to obtain dynamic Internet Protocol (IP) address information from our dynamic host configuration protocol (DHCP) server, is vulnerable to malicious hacks.
NetBios services allow file sharing over networks. When improperly configured, ports 135-139 can expose critical system files or give full file system access (run, delete, copy) to any malicious intruder connected to the network.
SNMP is vulnerable to reflected amplification distributed denial of service (DDoS) attacks.
Port 445 is vulnerable to attacks, exploits and malware such as the Sasser and Nimda worms.
Port 520 is vulnerable to malicious route updates, which provides several attack possibilities.
UDP Port 547, which is used to obtain dynamic Internet Protocol (IP) address information from our dynamic host configuration protocol (DHCP) server, is vulnerable to malicious hacks.
Port 1080 is vulnerable to, among others, viruses, worms and DoS attacks.
Port 1900 is vulnerable to DoS attacks.
Enable Port Blocking on Your Router
If you’re concerned about the security of your wireless home network, one thing you can do is enable port blocking – this can help prevent unwanted outside connections to your network’s devices. While port blocking is advanced, you can enable it on certain routers with a few simple steps. Here’s how: Note: These instructions apply only to the following devices:
Netgear CG814v 1&2
Linksys WCG200v 1&2
Log on to your router’s administration site.
Click on the Select a Computer/Device button to view the IP addresses of the computers connected to your gateway.
Enter the IP address range in the IP Range fields.
Enter the Port range in the Port Range fields.
Select the Enable check box.
Why is Port 25 for Email Submission Not Supported?
Email is used for important communications and Comcast wants to ensure that these communications are as secure and as private as possible. As such, Comcast does not support port 25 for the transmission of email by our residential Internet customers. Much of the current use of port 25 is by computers that have been infected by malware and are sending spam without the knowledge of the users of those computers.
Why is Comcast Supporting Port 587?
The original/legacy email ports, 25 and 110, have been in use since the inception of email and have limited or no security features. As a result, port 25 has been used for the transmission of spam and malware from infected computers for nearly a decade. Port 110 simply is not a secure means of retrieving email. Port 995 provides SSL encryption when downloading email. It has been a long-standing recommendation from M 3 AAWG, an international community of anti-abuse professionals, and the Internet Engineering Task Force (IETF), that port 25 be blocked. In an effort to provide our customers with the greatest security when using email, Comcast recommends the use of the industry-recommended port 587 with TLS/SSL enabled. The recommendations from M 3 AAWG can be read here and you can also view the IETF RFC 5068and RFC 4409 (section 3.1, see below). From RFC 4409: 3.1. Submission Identification Port 587 is reserved for email message submission as specified in this document. Messages received on this port are defined to be submissions. The protocol used is ESMTP [SMTP-MTA, ESMTP], with additional restrictions or allowances as specified here. Although most email clients and servers can be configured to use port 587 instead of 25, there are cases where this is not possible or convenient. A site may choose to use port 25 for message submission by designating some hosts to be MSAs and others to be MTAs.
What Makes These Settings More Secure?
Port 587 further improves security through the use of required authentication and recommended TLS/SSL encryption. Required Authentication When sending and receiving email, it is required that you use your Xfinity username and password. This helps to prevent infected computers and other devices connected to the Xfinity services from being able to freely transmit spam and malware. SSL Encryption Secure Sockets Layer (SSL) is a secure protocol for sending data safely and encrypted over the Internet. With SSL encryption your user ID, password, and email are secured from hackers and identity thieves when sending or receiving email.
Other Bodies Opposed to the Use of Port 25
There are a number of other organizations that Comcast works with to control the problem of spam on the Internet. One of the most notable of these is Spamhaus, an organization that provides a number of lists detailing IP addresses known to send a great deal of spam and a list of IP addresses that should never send email at all. These lists, as well as others provided by similar organizations, are used by nearly all of the ISPs and mail receivers on the planet. All of the Comcast dynamic IP address space is listed by Spamhaus as not to be used for the sending of email. As such, any email sent by subscribers on the Comcast network directly to other ISPs (not via the Comcast mail servers) is extremely likely to be blocked by the receiving ISP. The Federal Trade Commission, an organization that has taken legal action against many spammers, also recommends that Port 25 should be blocked by ISPs. The FTC’s recommendation is as follows: "Block port 25 except for the outbound SMTP requirements of authenticated users of mail servers designed for client traffic. Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers." The ITU also recommends blocking port 25 in their document named "ITU Botnet Mitigation Toolkit". This can be viewed here. While this document is focused on the remediation of botted computers, blocking of port 25 is seen as an important step in mitigating the spam that is sent from botted machines.
ISPs that Manage Port 25
Many ISPs, both in the USA and around the globe, block port 25. These include:
All Japanese ISPs
For additional information see here: https://www.xfinity.com/support/articles/list-of-blocked-ports