Ideally, you should use just one router for your home network. But sometimes there’s no choice, like when you have to keep that ISP-provided gateway and yet want to expand or upgrade your system.
Other times, you might want to keep your current router for one reason or another.
Note: A gateway is a single hardware box containing a Wi-Fi router and a modem (or an Internet receiver of any type for that matter) on the inside. That said, within this article, a gateway is, first and foremost, a router.
This post helps you get the home network you want even when you can’t or do not want to replace the existing router. In the thick of it, this piece deals with putting a router (or a mesh system) on top of another. It’s a question of single NAT vs double NAT.
But depending on your situation, you might need to do something as simple as making the most out of your gateway or getting an access point or Wi-Fi extender.
In any case, before going further, make sure you’re comfortable with setting up a router.
Dong’s note: I first published this piece on December 30, 2018, and updated it on January 16, 2021, with additional relevant information.
How to configure an ISP-provided gateway properly
If you live in a small home, chances are the router you have at hand, likely it’s the gateway your Internet provider has installed, is enough for your Wi-Fi need.
If you choose to use it instead of getting your own equipment, you should think about making the most out of it.
Extra: Why you’d want to use an ISP-provided gateway
While it’s clear that it’s best to use your equipment (such as a modem and a router), there are some benefits to using a gateway provided by your Internet provider.
Here are a few examples:
- Ease of use: You don’t need to do anything. The provider will set up the home network work for you and manage the hardware, including firmware update, troubleshooting, etc.
- Less cluttering: You only have one hardware box instead of two.
- Hassle-free hardware replacement: If the gateway dies, call the provider, and you’ll get a replacement pronto — all free of charge. The provider also upgrades the equipment when need be.
- Easy management: With some providers, you can manage certain aspects of your home network, like changing the Wi-Fi password, via your online account. (That is if you’re OK with the potential privacy risks.)
- Unlimited data cap: Some providers, such as Comcast Xfinity, give you an unlimited monthly data cap when you use their gateway.
In shorts, using ISP-proved equipment is not all bad. For some, the benefits are enough to justify the monthly “rental” fee.
But in this case, you want to configure that gateway properly. There are a few things you should do. By the way, you can work on a gateway the same way you do a regular Wi-Fi router.
Change the default access to the gateway
All ISP-provided gateway comes with default admin access.
For example, a Comcast gateway’s default password is almost always highspeed — anyone with that knowledge can log into its interface when being part of the network. For security, you should change the password to something else.
To do that, log in to the gateway’s web interface by pointing a browser to its IP address and log in with the default password (or access code). You can generally find this information on the side or bottom of the device.
Once you’ve logged in, navigate the interface to the area where you can change the password and create a new, more secure one.
Make a meaningful Wi-Fi network
By default, each gateway has a default Wi-Fi network, of which both the name and password are hard to remember or type in, especially when you need to do that on a small screen or via a remote control.
You can give your Wi-Fi network a personalized name and a password that you can remember.
By the way, you can use your name as the SSID (network name), but if you want to stay anonymous, pick anything to your liking. It’s the name that will appear as an available Wi-Fi network on a mobile device.
Again, you can do this via the web interface and follow these guidelines in terms of passwords to keep your system secure.
Customize your gateway
This part is optional, but most gateways have a decent set of features and settings that you can use — the amount varies from one device to another.
Examples include port-forwarding, Dynamic DNS, separating the 2.4GHz Wi-Fi network from the 5GHz, etc. Again, you can use the interface to customize these.
In short, just because you don’t use a standard off-the-shelf router doesn’t mean you can’t make your network with specific advanced settings. Dig into your gateway’s web interface; you might get surprised by how much you can get out of it.
Getting an extender or access point
If you live in a big home and the existing gateway doesn’t cover your entire home with Wi-Fi, it’s time to think about getting extra hardware to improve the coverage.
In this case, you need either an access point (AP) or a Wi-Fi extender. (Not sure which is which? Check out this post on APs and Extenders.)
When to get an access point
Get an access point if you can run a long network cable (or a set of power-line adapters) from the gateway to it. Using an AP would be my first choice since it delivers much better performance than an extender.
There are many options for APs, and most of them work similarly. Make sure you get one of the same or better Wi-Fi standards than that of the gateway.
Also, note that most routers can work in AP mode. So if you have an old router, you can use it, too — more on this below.
Tip: You can make the AP’s Wi-Fi network (SSID) with the same name and password as the existing router. In most cases, that’d give you somewhat of a mesh system.
When to get an extender
An extender can quickly extend your Wi-Fi without you having to run a network cable.
Not all extenders are created equal. I’d recommend a tri-band one, such as Netgear EX8000 or Netgear EX7500. A tri-band extender uses one of its bands as the dedicated link to the existing router. As a result, it will give you better Wi-Fi speed than a dual-band counterpart.
Note, though, that using extenders means you get the convenience at the expense of performance. Sometimes, the performance gets so bad; the convenience is not even worth it. Also, be mindful of the virtual MAC address issue.
Generally, if you have fast Internet or want to use the Internet for real-time communication applications, such as Voice over IP or video conferencing, an extender won’t cut it. You’ll need to run network cables or at least get a mesh system.
Putting a router on top of another: Double NAT vs single NAT
In this part, you get a new Wi-Fi router (or mesh system) and treat the existing gateway as though it were a modem.
The hardware setup part is easy: Connect the WAN (Internet) port of the new router — or the primary router unit of your mesh — to a LAN port of the gateway (or the existing router). Now configure your new router to your liking, and you’re all set.
But it’s easier said than done. There are a couple of things to keep in mind.
Different local IP address for each router
Your new router’s local IP address must be different from that of the existing gateway. (This address often appears as the “Default Gateway IP,” but that’s just a naming convention and unrelated to an actual gateway.)
It’s pretty rare that you have to worry about this, though.
That’s because chances are they are already different by default. Many routers are smart enough to automatically change its IP when it connects to a router (or gateway) that already uses the same one.
If the two share the same IP address — which tends to happen if the new router and the existing one are from the same manufacturers — you’ll note that devices connected to the new router won’t have Internet. There can be other issues, too.
In any case, you can always change the router’s IP using the web interface. It’s in the LAN (or DHCP) area of the router’s interface. This IP tends to be 192.168.x.1 or 10.0.x.1 — change x to a different digit.
With this out of the way, now you’ll have one out of two options, double NAT vs single NAT.
What is NAT?
NAT stands for network address translation, which is a significant function of a router.
In a nutshell, NAT allows the router to use a single WAN IP address (provided by the ISP) to deliver Internet access to many connected devices by creating a separate set of local IP addresses for them.
(NAT works similarly to the mailroom that handles snail mail and packages within a big campus and between the campus and the outside world. So, everyone living within the campus will share a single shipping address.)
That said, each network needs just one router, and, by default, a router always has its NAT turned on. With NAT turned off, a router is now similar to a switch or an access point (if it has Wi-Fi built-in).
Double NAT is when you connect one router to another and let them both function as routers.
Since a gateway is a router itself (plus a modem), you’ll get a double NAT setup when connecting another router to it. Specifically, you have one NAT-enabled router running on top of another that’s also NAT-enabled.
Issues with double NAT
The primary problem with double NAT is that devices belonging to each NAT will not communicate locally. That is because each router has its own private set of IP addresses.
For example, if you have a computer that connects to the gateway’s network and a printer that connects to your new router’s network, the computer can’t print to the printer. The two don’t “see” each other. You’ll also have issues with other local services like data sharing, media streaming, network backup, and so on.
Another thing is advanced network settings, such as VPN, port-forwarding, etc., will not work as expected, if at all.
Extra: Pro tips on using double NAT
- You can still use port-forwarding, but it takes more work. Specifically, you need to program that twice, first at the gateway, and then at the router.
- To access the top-level NAT router’s interface over the Internet, set that up as a server port-forwarding entry at the first-level NAT (the gateway) — make sure the two use different ports for remote management.
- A device of the upper-level NAT can still access another of the lower-level NAT if you use the former’s IP address (instead of its name). The other way around is much harder, if possible at all.
When double NAT works
If all you care about is access to the Internet, then a double NAT setup will work out just fine.
Also, a double NAT setup makes the top-level NAT network — the one hosted by your new router — more secure. That’s because devices in this network are behind two layers of firewalls and NATs. They are also invisible to those connecting to the lower-level NAT, as mentioned above.
What to do in a double NAT setup
Now that you’re aware of double NAT and still want to use it, there’s just one thing you need to do: Turn off Wi-Fi on the first router/gateway (you can do this via its web interface) and use only the Wi-Fi of your top-level router.
(Alternatively, you can keep the gateway’s Wi-Fi network as a guest network. In this case, make sure it has a different Wi-Fi name (SSID) from the one you use for yourself.)
Now, connect all wired devices to the top-level router (and not the gateway) for them to see one another locally. Then, mission accomplished.
As mentioned above, if you want to use advanced network features and all devices within your home to talk to one another easily, it’s best to use the single NAT configuration. In this standard setup, your router connects directly to the Internet.
In this case, you have two options. Either you make the gateway forward the WAN IP address to your new router, effectively making it work as a modem. Or you can turn your new router into an access point, which works solely as a switch and a Wi-Fi broadcaster.
Gateway-to-router WAN IP forward
Depending on the gateway you use, the configuration for this varies. With some, like cable gateways, you need to put the gateway in the Bridge mode. With others, like DSL gateways, you need to configure the IP Pass-through and map that to the local IP address of the router.
Again, the objective is to make your router take over the WAN IP, not the gateway’s local (private) IP. In other words, again, the gateway now functions as a modem.
Another option is to use the gateway’s DMZ setting, if applicable, to allow the upper-level router to get unfiltered Internet access. This method is not the same as passing the WAN IP, but it does enable specific services/applications to work.
And that’s it. You now have a home network almost the same as one built with a modem and a router.
Turning your new router into an Access Point
Most router and Wi-Fi systems can work as an access point (AP) — you can switch the mode via the web interface.
By the way, this AP mode is called “Bridge” in many routers and mesh systems, which makes things a bit confusing. (More on a router’s role in this post.)
But generally, if you see a router with three roles, router, bridge, and AP, pick the AP mode. If you see only the first two, the bridge mode is likely to be the AP mode.
If your router does not have an AP mode, you can manually turn it into an AP mode by connecting it to the gateway using one of its LAN ports (and not its WAN port — leave this port alone.)
Note: You want to configure the router’s Wi-Fi network before turning it into an access point. That’s because it’s a bit hard to access its web interface afterward.
The router — or a mesh system — will work only to extend the network and nothing else in the AP mode. You will not be able to take advantage of its other settings and features. In other words, your network only has the features and settings of the existing gateway (or router).
No matter your Internet situation, chances are you can still customize your home network to your liking. It just takes a bit of work.
In my experience, having to keep the ISP-provided gateway is the most popular situation, so the Gateway-to-router WAN IP forward section above is likely the most applicable to yours. It’s also relevant to most, if not all, Internet plans for a small business.