Ideally, you should use just one router for your home network. But sometimes there’s no choice, like when you have to keep that ISP-provided gateway and yet want to expand or upgrade your system.
Note: A gateway is a single hardware box that includes a Wi-Fi router and a modem on the inside. That said, within this article, a gateway is, first and foremost, a router.
This post helps you get the home network you want even when you can’t or do not want to replace the existing router or gateway. In the thick of it, it’s about how to use a router (or a mesh system) on top of another — a question of single NAT vs. double NAT.
But depending on your situation, you might just need to do something as simple as making the most out of your gateway; or getting an access point or Wi-Fi extender.
In any case, before going further, make sure you’re comfortable with setting up a router.
Dong’s note: I first published this piece on December 30, 2018, and updated it on April 13, 2020, with additional relevant information.
How to configure an ISP-provided gateway properly
If you live in a small home, chances are the router you have at hand, likely it’s the gateway your Internet provider has installed, is enough for your Wi-Fi need.
In this case, you just need to configure it properly. There are a few things you should do. By the way, you can work on a gateway the same way you do a regular Wi-Fi router.
Change the default access to the gateway
All ISP-provided gateway comes with default admin access. For example, a Comcast gateway’s default password is almost always highspeed. As a result, almost anyone can log into its interface. For security, you should change this.
To do that, log in to the gateway’s web interface by pointing a browser to its IP address and log in with the default password (or access code). You can generally find this information on the side or bottom of the device.
Once you’ve logged in, navigate the interface to the area where you can change the password and create new one that’s more secure.
Make a meaningful Wi-Fi network
By default, each gateway has its own default Wi-Fi network of which both the name and password are hard to remember or type in, especially when you need to do that on a small screen or via a remote control.
You can give your Wi-Fi network a more meaningful name and a password that you can remember.
(You can use your name as the SSID (network name), but if you want to stay anonymous, you can pick anything. It’s the name that will appear as an available Wi-Fi network on a mobile device.)
Again, you can do this via the web interface and follow these guidelines in terms of passwords to keep your system secure.
Customize your gateway
This part is optional, but most gateways have a decent set of features and settings that you can use — the amount varies from one device to another.
Examples of these include: port-forwarding, Dynamic DNS, separating the 2.4GHz Wi-Fi network from that of the 5GHz, and so on. Again, you can use the interface to customize these to your liking.
In short, just because you don’t use a standard off-the-shelf router doesn’t mean you can’t make your network with specific advanced settings. Dig into your gateway’s web interface; you might get surprised by how much you can get out of it.
Getting an extender or access point
If you live in a big home and the existing gateway doesn’t cover your entire home with Wi-Fi, it’s time to think about getting extra hardware to improve the coverage.
In this case, you need either an access point (AP) or a Wi-Fi extender. (Not sure which is which? Check out this post on APs and Extenders.)
When to get an access point
Get an access point if you can run a long network cable (or a set of power-line adapters) from the gateway to it. You should think of using an AP first since it delivers much better performance than an extender.
There are many options for APs, and most of them work similarly. Make sure you get one of the same or better Wi-Fi standards than that of the gateway.
Also, note that most routers can work in AP mode. So if you have an old router, you can use it, too. More on this below.
Tip: You can make the AP’s Wi-Fi network share the same name and password as that of the existing router. In most cases, that’d give you somewhat of a mesh system.
When to get an extender
An extender can quickly extend your Wi-Fi, without you having to run a network cable.
Not all extenders are created equal, however. I’d recommend a tri-band one, such as Netgear EX8000 or Netgear EX7500. The reason is a tri-band extender uses one of this band as the dedicated link to the existing router. As a result, it will give you better Wi-Fi speed than a single or dual-band counterparts
Note, though, that using extenders means you get the convenience at the expense of performance. Sometimes, the performance gets so bad; the convenience is not even worth it.
Generally, if you have fast Internet or want to use the Internet for real-time communication applications, such as Voice over IP or video conferencing, an extender won’t cut it. You’ll need to run network cables or at least get a mesh system.
Putting a router on top of another: Double NAT vs. single NAT
This part means you get a Wi-Fi router or mesh system and treat the existing gateway as though it were a modem.
In this case, the hardware setup part is easy: Connect the WAN (Internet) port of the new router — or the primary router unit of your mesh — to a LAN port of the gateway (or the existing router).
Now configure your new router to our liking, and you’re all set. But it’s easy said than done. There are a couple of things to keep in mind.
Different local IP address for each router
Your new router’s local IP address must be different from that of the existing gateway. This address is often referred to as the “Default Gateway IP,” which is not related to the actual gateway. It’s quite rare that you have to worry about this, though.
That’s because chances are they are already different by default. Many routers are smart enough to automatically change its IP when it connects to a router (or gateway) that already uses the same one.
If for some reason, the two share the same IP address, which tends to happen if the new router is from the same vendor as that of the existing one, among other things, you’ll note that devices connected to the new router won’t have Internet.
In any case, you can always change the router’s IP using the web interface. It’s in the LAN (or DHCP) area of the router’s interface. This IP tends to be in the form of 192.168.x.1 or 10.0.x.1. You just need to change x to a different digit.
With this out of the way, now you’ll have one out of two options, double NAT vs. single NAT.
What is NAT?
NAT stands for network address translation, which is a significant function of a router.
Among other things, NAT allows the router to use a single WAN IP address (provided by the ISP) to deliver Internet access to many devices connected to it.
That said, each network needs just one router, and, by default, a router always has its NAT turned on. As a matter of fact, with NAT turn off, a router is now pretty much as good as a switch or an access point (if it has Wi-Fi built-in).
Double NAT is when you connect one router to another and let them both function as routers.
Since a gateway is a router itself (plus a modem), you’ll get a double NAT setup when connecting another router to it. Specifically, you have one NAT-enabled router running on top of another that’s also NAT-enabled.
Issues with double NAT
The primary problem with this setup is that devices belong to each NAT will not be able to communicate with one another locally. That because each router has its own private set of IP addresses.
For example, if you have a computer that connects to the gateway’s network, and a printer that connects to your new router’s network, the computer can’t print to the printer. The two just don’t “see” each other.
Another thing is advanced network settings, such as VPN, port-forwarding, etc. will not work as expected, if at all.
Extra: Pro tips on using double NAT
- You can still use port-forwarding, but it takes more work. Specifically, you need to program that twice, first at the gateway, and then at the router.
- To access the top-level NAT router’s interface over the Internet, set that up as a server port-forwarding entry at the first-level NAT (the gateway) — make sure the two use different ports for remote management.
- A device of the upper-level NAT can still access one of the lower-level NAT if you use its IP address.
When double NAT works
If all you care about is the access to the Internet, then a double-NAT setup will work out just fine.
Also, a double NAT setup makes the top-level NAT network — the one hosted by your new router — more secure. That’s because devices in this network are behind two layers of firewalls and NATs. They are also invisible to those connecting to the lower-level NAT, as mentioned above.
What to do in a double NAT setup
Now that you’re aware of double NAT and still want to use it, there’s just one thing you need to do: Turn off Wi-Fi on the gateway (you can do this via its web interface) and use only the Wi-Fi of your router.
Alternatively, you can keep the gateway’s Wi-Fi network as a guest network. In this case, make sure it has a different Wi-Fi name (SSID) from the one you use for your self.
After that, connect all of your wired devices to your new router, and not the gateway, so that they can talk to one another locally. Then, mission accomplished.
As mentioned above, if you want to use advanced network features and all devices within your home to can talk to one another easily, it’s best to use the single NAT configuration. In this setup, your router connects directly to the Internet.
In this case, you have two options. Either you make the gateway forward the WAN IP address to your new router, effectively making it work as a modem. Or you can turn your new router into an access point, which works solely as a switch and a Wi-Fi broadcaster.
Gateway-to-router WAN IP forward
Depending on the gateway you use, the configuration for this varies. With some, like cable gateways, you need to put the gateway in Bridge Mode, with others, like DSL gateways, you need to configure the IP Pass-through and map that to the local IP address of the router.
Again, the objective is to make your router take over the WAN IP, and not a local (private) IP given out by the gateway. In other words, again, the gateway now functions as a modem.
Another option is to use the DMZ setting of the gateway, if applicable, to allow the upper-level router to get unfiltered Internet access.
And that’s it; you now will have a home network the same as one built with a modem and a router.
Turning your router into an Access Point
Most router and Wi-Fi systems can work as an access point. You can just log into their user interface and switch the operation mode into the AP mode. Note that in many routers and mesh systems, this mode is called “bridge mode,” which makes things a bit confusing.
But generally, if you see a router that has three roles, router, bridge, and AP, then pick the AP mode. If you see only the first two, then the bridge mode is now likely meant to be the AP mode.
If your router does not have an AP mode, you can manually turn it into an AP mode by connecting it to the gateway using one of its LAN ports (and not its WAN port — leave this port alone.)
By the way, you might want to configure the router’s Wi-Fi network before turning it into an access point.
In the AP mode, the router — or a mesh system — will work only to extend the network and nothing else. You will not be able to take advantage of its other settings and features. In other words, your network only has the features and settings of the existing gateway (or router).
No matter what your Internet situation is, chances are you can still customize your home network to your liking. It just takes a bit of work.
In my experience, having to keep the ISP-provided gateway is the most popular situation, so the Gateway-to-router WAN IP forward section above is likely the most applicable to yours. It’s also relevant to most, if not all, Internet plans for a small business.