I am looking for a single device that is both a wireless router with good security (WPA, stateful packet inspection, etc.) and a DOCSIS cable modem for use with Comcast in the San Francisco bay area.
I did find the Linksys CGA200, but the user reviews on Amazon.com indicate terrible problems.
Any suggestions?
snipped-for-privacy@panix.com (David Arnstein) hath wroth:
Motorola SBG900
There's also the Motorola SBG1000 but I think it's no longer being sold.
Certified Comcast Cable Modems:
Most of the wireless sections are not supported by Comcast. Just search the above URL for the word "wireless".
Are you interested in hearing the reasons why such an all-in-one conglomeration of modem, router, and wireless access point, in one package, is a bad idea?
It doesn't seem to have WPA. I downloaded the user guide and searched.
Wrong and wrong. The word "wireless" does not appear next to every wireless product on this web page. For example, the Motorola SBG900.
Yes Jeff. And thank you for your initial response.
snipped-for-privacy@panix.com (David Arnstein) hath wroth:
It was added in some past firmware update and apparently never made it into the manual or data sheet:
Just search Google for "SBG900 WPA" and you should get plenty of hits.
Argh, the Motomorons buried it. See:
Just above the line with WEP, it spells out "Wireless Protected Access".
For more docs and downloads, see;
True. It only appears next to the boxes that Comcast does NOT support the wireless section. If that's acceptable, you have a very large list to search. Sorry, but it was the best list I could find. The rest, you have to do some digging.
Conglomerated units tend to be a compromise. The router sections are insipid compared to what can be found in a Sonicwall, Cisco, or even high end commodity router. For example, I've noticed that most have either limited or no QoS for VoIP, no WDS support, and limited diagnostics. Upgrades to the modem sections are often problematic. For example, if we ever get DOCSIS 3.0 in the area, most of the existing modems don't have sufficient horsepower to handle channel bonding and such. As new wireless acronyms arrive (MIMO, roaming, WMM, etc), upgrading the wireless section may also be problematic. This is usually done by replacing just the wireless access point to add acronym support, but impossible with a conglomerated unit.
Location is my main objection. The modem and router want to live somewhere near the floor, where all the cables and wires come together. However, the wireless works best when the antenna is elevated to above the furniture clutter, such as on a bookshelf. Putting the conglomerated unit on a shelf or desktop will work, but you have to drag the wires along. My favorite form of security is to just turn off the wireless section. That's easily done with an access point, but not so easy with a conglomerated unit. Of course, if you decide to switch to DSL, the entire unit is useless as you can't use the router or wireless with an external DSL modem without access to the inter-section (ethernet) ports.
This lack of inter-section access also causes me problems with monitoring. I like to monitor traffic on the WAN side of the router, to see what users are doing and what attacks are being dropped. That can't be done with a conglomerated unit as there is no easy way to tap the traffic. (JTAG port will NOT work for monitoring).
In case of a failure, it's much easier to troubleshoot (by replacement) with 3 seperate sections.
I will admit that there are benifits. It's easier to monitor the modem diagnostics in a conglomeration as the internal web browser has access to everything. One device setup instead of three setups are obviously simpler. Cost of usually less for a conglomerated unit and often subsidized by the cable company. Of course, there's only one wall wart to add to the rats nest behind the TV and computah.
Thank you Jeff for this valuable info. I would never have found this myself.
Excellent summary. I *might* go with the Motorola box if it can do everything I need: NAT, DHCP, SPI, WPA2, NTP, syslog, save/restore config, ...
But your summary gives me pause. And, the Motorola box is just a bit too pricy for me to buy it and just see if it works.
Thanks for your help Jeff.
I'm doing this from memory, so treat the following with suspicion. I don't think the Rotomola SBG900 has user configurable NTP as it gets its time from the cable network. Syslog and SNMP are there, but not user accessible. The cable company uses them for management and monitoring. There are internal web accessible logs for firewall and such, but no way to send them to a designated syslog server. Nifty MAC layer wireless statistics page shows retransmissions and errors. No save/restore of config. WPA only, no WPA2. Like I said, the router sections are rather insipid.
All the above is guesswork from memory and might be wrong. The online docs are no help because they're apparently from an early firmware version.
It has remote access so I could possibly arrange for a tour.
What's your total price for the package (modem, router, and wireless)? While 3 separate boxes are better, they're probably not cheaper. My guess is that you can get a DOCSIS 2.0 modem down to about $60 after rebates. The router can be grudgingly combined with wireless to keep it cheap. I suggest a Buffalo WHR-HP-G54 with DD-WRT firmware (so you have your listed features) for about $60. $20 less if you don't want the high power version. See emulator at:
This is an emulation of the original v23. A few things have changed in the current SP2 version.
Now I am convinced that a nice, neat, single box is not feasible. I already have a nice Motorola cable modem, so I will look for a combination wireless access point / router / firewall. I am not very cost sensitive actually. I am willing to pay a premium for a good unit. Do you still suggest the WHR-HP-G54?
I will be swapping out a Cisco 800 series SOHO router (not wireless). This router/firewall can do anything I can imagine, and I can save my highly crafted config on my PC where it is safe. So, I am spoiled.
On Wed, 29 Nov 2006 11:09:28 +0000 (UTC), snipped-for-privacy@panix.com (David Arnstein) wrote in :
Yes.
Why not keep the Cisco, and just use the WHR-HP-G54 as a wireless access point?
John Navas hath wroth:
Agreed. The Cisco 800 will do the router part of the puzzle for you. All you need is a wireless access point. The WHR-HP-G54 will work fine if you simply disable the DHCP server and ignore the router section (don't connect anything to the WAN port). How to setup a wireless router as an access point:
The wireless section will do everything you've previously listed. The main feature is a decent radio section and WPA2. However, with DD-WRT firmware, I suspect the WHR-HP-G54 will suffice in place of the Cisco
800. It won't have ACL's and such, but most of the other acronyms are there.One catch on saving the configs from the WHR-HP-G54 and DD-WRT. I've had the saved configs blow up between firmware upgrades. When I upgraded from V23 sp1 to sp2, the old config didn't work (httpd wouldn't start). I had to reload everything from scratch.
On Wed, 29 Nov 2006 08:55:52 -0800, Jeff Liebermann wrote in :
Perhaps the open source community doesn't really understand XML. ;)
Hello John,
I have problems with clutter and appearance. That is why I was pining away for a one box solution. Two boxes (cable modem + wireless router) is already a compromise for me. Three boxes would be really bad. I would prefer to staple RJ45 cables to baseboards and forego wireless.
On Wed, 29 Nov 2006 19:59:38 +0000 (UTC), snipped-for-privacy@panix.com (David Arnstein) wrote in :
I respect your priorities, but my own priorities would be different, because the Cisco 800 is a much better router than anything at the low end of the wireless market. To me it seems like replacing a quality Canon DSLR with a mediocre Sigma DSLR just to match the brand of mediocre Sigma lenses.
Right. I am seriously thinking about stringing RJ45 throughout my humble abode. Perhaps I can find a color that matches the carpets.
In the mean time, what wireless routers are as good as the Cisco 860?
On Wed, 29 Nov 2006 21:14:02 +0000 (UTC), snipped-for-privacy@panix.com (David Arnstein) wrote in :
There is special flat cable that works well under carpets, although channeling the pad can work too. Also possible to run cable behind baseboards and crown molding. Powerline/phoneline/coax networking is another option.
Not as good, but still quite good: SonicWALL TZ-150 Wireless $270 at PC Connection
White is good - you can generally tuck it under the skirtings or at worst tack it to the tops. I actually have around 100m of beige running round the _outside_ of my house.
Almost certainly, none in the consumer range.
snipped-for-privacy@panix.com (David Arnstein) hath wroth:
There's also "flat" CAT5 cable available. Something like this:
(shielded) Works nice for under the carpets. Don't staple the stuff.
I don't think CAT5 comes in camoflage or paisley. However, a little paint wouldn't hurt.
Cisco 871w:
Sonicwall TZ150 and TZ160.
I would caution against the combined function of a cable modem and wifi. Several cable providers just 'upgraded' their systems and about half of the existing cable modems failed to make the up grade list. (mine, less than a year old and still sold, was just replaced by the field tech)
"NotMe" hath wroth:
It's going to happen again in July 2007 where the FCC has mandated stupid technology so that cable modems can be sold retail. All the new boxes will be required to support external security, usually in the form of a CableCard:
There will also probably be a push to provide "intergrated" cable set top boxes with everything inside. Cable modem, data, TIVO, hi-fi, Music on demand (iTunes), Wi-Fi, cordless phone, video caller ID, Pay Per Vous, DVD burner, onscreen video editor, and whatever else can be thown in to insure that you're committed to buying from one cable vendor.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.