Ideally, you should use just one router for your home network. But sometimes there’s no choice, like when you have to keep that ISP-provided gateway and yet want to expand or upgrade your system.
A gateway is a single hardware box containing a Wi-Fi router and a modem (or an Internet receiver of any type for that matter) on the inside. That said, within this article, a gateway is, first and foremost, a router.
Other times, you might want to keep your current router, or flat-out use a mix of a few routers, for one reason or another.
This post helps you get the home network you want in such situations. In the thick of it, this piece deals with putting a router (or a mesh system) on top of another. It’s a question of single NAT vs double NAT.
But depending on your situation, you might need to do something as simple as making the most out of your gateway or getting an access point or Wi-Fi extender.
In any case, before going further, make sure you’re comfortable with setting up a router.
Dong’s note: I first published this piece on December 30, 2018, and updated it on January 16, 2021, with additional relevant information.
How to configure an ISP-provided gateway properly
If you live in a small home, chances are the router you have at hand, likely it’s the gateway your Internet provider has installed, is enough for your Wi-Fi need.
If you choose to use it instead of getting your own equipment, you should think about making the most out of it.
Extra: Why you’d want to use an ISP-supplied gateway
While it’s clear that it’s best to use your equipment, there are some benefits to using a gateway provided by your Internet provider.
Here are a few examples:
- Ease of use: You don’t need to do anything. The provider will set up the home network work for you and manage the hardware, including firmware update, troubleshooting, etc.
- Less cluttering: You only have one hardware box instead of two. (A retail gateway applies, too.)
- Hassle-free hardware replacement: If the gateway dies, call the provider, and you’ll get a replacement pronto — all free of charge. The provider also upgrades the equipment when need be.
- Easy management: With some providers, you can manage certain aspects of your home network, like changing the Wi-Fi password, via your online account. (That is if you’re OK with the potential privacy risks.)
- Unlimited data cap: Some providers, such as Comcast Xfinity, give you half the cost ($25 vs $50) of unlimited monthly data cap when you use their gateway.
In short, using ISP-proved equipment is not all bad. The benefits are enough to justify the monthly “rental” fee for some.
But in this case, you want to configure that gateway properly. There are a few things you should do. By the way, you can work on a gateway the same way you do a regular Wi-Fi router.
Change the default access to the gateway
All ISP-provided gateway comes with default admin access.
For example, a Comcast gateway’s default password is almost always highspeed — anyone with that knowledge can log into its interface when being part of the network. For security, you should change the password to something else.
To do that, log in to the gateway’s web interface by pointing a browser to its IP address and log in with the default password (or access code). You can generally find this information on the side or bottom of the device.
Once you’ve logged in, navigate the interface to the area where you can change the password and create a new, more secure one.
Make a meaningful Wi-Fi network
By default, each gateway has a default Wi-Fi network, of which both the name and password are hard to remember or type in, especially when you need to do that on a small screen or via a remote control.
You can give your Wi-Fi network a personalized name and a password that you can remember.
By the way, you can use your name as the SSID (network name), but if you want to stay anonymous, pick anything to your liking. It’s the name that will appear as an available Wi-Fi network on a mobile device.
Again, you can do this via the web interface and follow these guidelines in terms of passwords to keep your system secure.
Customize your gateway
This part is optional, but most gateways have a decent set of features and settings that you can use — the amount varies from one device to another.
Examples include port-forwarding, Dynamic DNS, separating the 2.4GHz Wi-Fi network from the 5GHz, etc. Again, you can use the interface to customize these.
In short, just because you don’t use a standard off-the-shelf router doesn’t mean you can’t make your network with specific advanced settings. Dig into your gateway’s web interface; you might get surprised by how much you can get out of it.
Getting an extender or access point
If you live in a big home and the existing gateway doesn’t cover your entire home with Wi-Fi, it’s time to think about getting extra hardware to improve the coverage.
In this case, you need either an access point (AP) or a Wi-Fi extender. (Not sure which is which? Check out this post on APs and Extenders.)
Extra: Different roles of a home Wi-Fi router
By the way, if you happen to have an old Wi-Fi router lying around, it might come in handy.
That’s because a standard home router generally supports multiple roles. Click the button below to find out more if you’re not aware of that.
The many roles of a home Wi-Fi router
Here’s something you might not know. Your home Wi-Fi router can function more than just a router, which is its default role.
Below is the breakdown of four typical roles of a router. Not all hardware supports all of these, but most will have at least the first one plus another.
Some routers have even more roles — those from Asus, for example, also feature the proprietary AiMesh node role.
1. Wireless Router
This role is the default — the hardware will work as such unless you actively change that.
The hardware works as a Wi-Fi router that gets the Internet connection then distributes that to the rest of the network via wired and Wi-Fi connections.
In this role, you must use the router’s WAN port for the Internet source. It’s also the only role in which the router’s routing and networking features (QoS, Parental Control, Dynamic DNS, VPN server, port-forwarding, etc.) are available.
Essentially, the hardware is now a standard routing box with a built-in managed switch and Wi-Fi access point(s).
2. Access Point (AP)
Important note: Certain vendors call this role “Bridge.”
In this mode, the hardware now works as an access point. It connects to an existing router via a network cable and extends the network farther, both wired and wireless.
In this role, none of the routing and features are available. All of the device’s network ports function as LAN ports. Essentially, the router is now a network switch with built-in Wi-Fi broadcaster(s).
By the way, if you have a Wi-Fi 6 router with a Multi-Gig WAN port, using it as an AP is the only way you can take advantage of this port’s high speed locally — without a Gig+ Internet connection, that is — assuming you have a Multi-Gig switch.
The router now works as a Wi-Fi extender.
Specially, you use one of its bands (2.4GHz, 5GHz, or 6GHz) to connect to an existing Wi-Fi network — this is the backhaul band. After that, you can configure one or all of its bands (including the backhaul band) with separate SSID(s) to serve clients.
In this mode, all of the router’s network ports will work as LAN ports of the existing network.
4. Bridge or Media Bridge
Important note: Certain vendors — those that use “Bridge” to call the “Access Point” role as mentioned above — name this mode “Wireless Bridge.” There might be other arbitrary names for this role.
In this mode, the router works essentially as a Wi-Fi-to-Ethernet adapter.
Specifically, you use one of its bands to connect to an existing Wi-Fi network. Now, you can connect wired devices to the router’s LAN ports to make them part of the network. (In most cases, you should leave the WAN port alone, but some routers turn this port into another LAN.)
In the Media Bridge mode, the rest of the router’s Wi-Fi bands are unavailable.
Extra: Bridge mode in a gateway unit
In a gateway unit, which is a router + modem combo box, the Bridge mode is a bit different.
That’s when the gateway will work solely as a modem and no longer has any router-related function.
You can read more on this in the post about how to get the most out of ISP-supplied equipment.
With that, let’s find when you should use an access point.
When to get an access point
Get an access point if you can run a long network cable (or a set of power-line adapters) from the gateway to it. Using an AP would be my first choice since it delivers much better performance than an extender.
There are many options for APs, and most of them work similarly. It’s best to use one of the same or better Wi-Fi standards than that of the existing router, but any will work.
You can make the AP’s Wi-Fi network (SSID) with the same name and password as the existing router. In most cases, that’d give you somewhat of a mesh system.
When to get an extender
An extender can quickly extend your Wi-Fi without you having to run a network cable.
Not all extenders are created equal. I’d recommend a tri-band one, such as Netgear EX8000 or Netgear EX7500. A tri-band extender uses one of its bands as the dedicated link to the existing router. As a result, it will give you better Wi-Fi speed than a dual-band counterpart.
Note, though, that using extenders means you get the convenience at the expense of performance. Sometimes, the performance gets so bad the convenience is not even worth it. Also, be mindful of the virtual MAC address issue.
Generally, if you have fast Internet or want to use the Internet for real-time communication applications, such as Voice over IP or video conferencing, an extender won’t cut it. You’ll need to run network cables or at least get a mesh system.
Putting a router on top of another: Double NAT vs single NAT
In this part, you get a new Wi-Fi router (or mesh system) and use it on top of an existing one. That’s when you connect the new hardware to your existing gateway or router.
The hardware setup part is easy: Connect the WAN (Internet) port of the new router — or the primary router unit of your mesh — to a LAN port of the gateway (or the existing router). Now configure your new router to your liking, and you’re all set.
But it’s easier said than done. There are a couple of things to keep in mind.
Different local IP address for each router is required
The first thing is you need to make sure your new router’s local IP address must be different from that of the existing gateway.
(This address often appears as the “Default Gateway IP,” but that’s just a naming convention and unrelated to an actual gateway.)
It’s relatively rare that you have to worry about them having the same IP. That’s because chances are they are already different by default. More importantly, many routers are smart enough to automatically change their IP (from the default one) when connected to a router (or gateway) that already uses the same one.
If the two share the same IP address — which tends to happen if the new router and the existing one are from the same manufacturers — you’ll note that devices connected to the new router won’t have Internet. There can be other issues, too.
In any case, you can always change a router’s IP using the web interface. It’s in the LAN (or DHCP) area of the router’s interface. This IP is often in the form of 192.168.x.1 or 10.0.x.1 — you just need to change x to a different digit.
With this out of the way, now you’ll end up with one out of two options, double NAT vs single NAT.
What is NAT?
NAT stands for network address translation, which is a significant function of a router.
In a nutshell, NAT allows the router to use a single WAN IP address (provided by the ISP) to deliver Internet access to many connected devices by creating a separate set of local IP addresses for them.
NAT functions like the mailroom of a big office building.
It handles packages between the building and the outside world, allowing everyone inside to share the same shipping address, yet be able to send/receive personal mail and packages.
In this case the building’s mailing address is the WAN IP and each person’s room number within the building is their local IP address.
That said, each network needs just one router, and, by default, a router always has its NAT turned on. With NAT turned off, a router is now similar to a switch or an access point (if it has Wi-Fi built-in).
Double NAT is when you connect one router to another and let them both function as routers.
Since a gateway is a router itself (plus a modem), you’ll get a double NAT setup when connecting another router to it. Specifically, you have one NAT-enabled router running on top of another that’s also NAT-enabled.
Issues with double NAT
The primary problem with double NAT is that devices belonging to each NAT will not communicate locally. That is because each router has its own private set of IP addresses.
For example, if you have a computer that connects to the gateway’s network and a printer that connects to your new router’s network, the computer can’t print to the printer. The two don’t “see” each other. You’ll also have issues with other local services like data sharing, media streaming, network backup, and so on.
Another thing is advanced network settings, such as VPN, port-forwarding, etc., will not work as expected, if at all.
Tips on using double NAT
- You can still use port-forwarding, but it takes more work. Specifically, you need to program that twice, first open the port in question at the gateway (lower NAT) to the router’s IP address, and then at the router (upper NAT) to the IP address of the destination device.
- To access the top-level NAT router’s interface over the Internet, set that up as a server port-forwarding entry at the first-level NAT (the gateway) — make sure the two use different ports for remote management.
- A device of the upper-level NAT can still access another of the lower-level NAT if you use the former’s IP address (instead of its name). The other way around is much harder, if possible at all.
When double NAT works
If all you care about is access to the Internet, then a double NAT setup will work out just fine.
Also, a double NAT setup makes the top-level NAT network — the one hosted by your new router — more secure.
That’s because devices in this network are behind two layers of firewalls and NATs. They are also invisible to those connecting to the lower-level NAT, as mentioned above.
That said, if you want a certain group of devices to be isolated from another group, double NAT is an excellent setup. It’s better than using Guest Wi-Fi networks.
What to do in a double NAT setup
Now that you’re aware of double NAT and still want to use it, there’s just one thing you need to do: make sure you are aware of which network (which NAT, that is) you’re using and connect devices accordingly.
If you just want to use the new router (the top-level NAT) then:
- Turn off Wi-Fi on the first router/gateway (you can do this via its web interface) and use only the Wi-Fi of your top-level router.
- Connect all wired devices to the top-level router (and not the gateway) for them to see one another locally.
Then, mission accomplished.
Of course, you can also use both networks for security or isolation purposes as mentioned above. For example, you can keep the gateway’s Wi-Fi network as a guest network. In this case, make sure it has a different Wi-Fi name (SSID) from the one you use for yourself.
If using a double NAT proves too much work, as it can be for many homes, you should opt for the traditional single NAT route.
As mentioned above, if you want to use advanced network features and all devices within your home to talk to one another easily, it’s best to use the single NAT configuration. In this standard setup, your router connects directly to the Internet.
In this case, you have two options. Either you make the gateway forward the WAN IP address to your new router, effectively making it work as a modem. Or you can turn your new router into an access point, which works solely as a switch and a Wi-Fi broadcaster.
Gateway-to-router WAN IP forward
Depending on the gateway you use, the configuration for this varies.
With some, like cable gateways, you need to put the gateway in the Bridge mode. In this mode, a gateway is, in effect, a modem — you’ll get no other features or network settings from it, including Wi-Fi.
With others, like DSL gateways, you need to configure the IP Pass-through and map that to the local IP address of the router.
Again, the objective is to make your router take over the WAN IP, not the gateway’s local (private) IP. In other words, again, the gateway now functions as a modem.
Another option is to use the gateway’s DMZ setting, if applicable, to allow the upper-level router to get unfiltered Internet access. This method is not the same as passing the WAN IP, but it does enable specific services/applications to work.
And that’s it. You now have a home network almost the same as one built with a modem and a router.
Turning your new router into an Access Point
Most router and Wi-Fi systems can work as an access point (AP) — you can switch the mode via the web interface.
By the way, this AP mode is called “Bridge” in many routers and mesh systems, which makes things a bit confusing as mentioned above.
But generally, if you see a router with three roles, router, bridge, and AP, pick the AP mode. If you see only the first two, the bridge mode is likely to be the AP mode.
If your router does not have an AP mode, you can manually turn it into an AP mode by connecting it to the gateway using one of its LAN ports (and not its WAN port — leave this port alone.)
You want to configure the router’s Wi-Fi network before turning it into an access point. It’s a bit hard, though not impossible, to access its web interface afterward.
The router — or a mesh system — will work only to extend the network and nothing else in the AP mode. You will not be able to take advantage of its other settings and features. In other words, your network only has the features and settings of the existing gateway (or router).
No matter your Internet situation, chances are you can still customize your home network to your liking. It just takes a bit of work.
In my experience, having to keep the ISP-provided gateway is the most popular situation, so the Gateway-to-router WAN IP forward section above is likely the most applicable to yours. It’s also relevant to most, if not all, Internet plans for a small business.