Solving My TP-Link Deco Nightmare | by Keir Finlow-Bates

DMZ stands for “Demilitarized Zone”, and in the networking world it means that all the protective code that the modem manufacturers use is ... UpgradeOpeninappHomeNotificationsListsStoriesWriteFast.Stable.Everywhere.Yeah—right.SolvingMyTP-LinkDecoNightmareAyearagoIdecidedthatIneededaWiFimeshnetwork,andsettledontheTP-LinkDecosystemassomethingthatwouldsatisfymyneeds.Unfortunatelyit’stakenmeayeartogetmynetworkfunctioningproperly.ThehardwareTP-Linkprovidesseemsreasonable,andtheirsoftwareisnoworsethanthatofanaveragenetworkingcompany,buttheircustomersupportisabsolutelydire.Andcomputernetworkingissooverloadedwithtechnicalknowledgerequirementsthattheaveragepersoncan’treallyunderstandwhatisgoingwrongwhentheirnetworkfails.Tosaveotherpeopleinmypositionabitoftime,IthoughtIwouldprovideawrite-upexplaininghowImanagedtofinallygetmyhomenetworkfunctioning.BackgroundHereiswhatIhaveinmysetup:ATP-LinkArcherMR6004G+v2modemandrouterFiveDecoM9PlusunitsTwoDecoM4unitsAlotofmobilephones,tables,aPS4,somelaptops,anetworkprinter,andacoupleofdesktopcomputers,thattheirownerswanttobeabletoconnecttotheInternetoverthenetwork.ATP-LinkArcherMR6004G+InitiallyIwasusingaHuaweiB3154Gmodem,whichdidnothaveanoptionanywheretoenablebridgingmode,soIwasusingtheDeconetworkin“AccessPoint”mode,ratherthan“WirelessRouter”mode.Thismeansallsortsoffunctionalitywasunavailable—nofirewall,noanti-virus,noqualityofservicesettings.Andfurthermore,thenetworkwasextremelyunreliable.Sometimespingingoutsideaddressestook35ms,othertimesitwas1000sofseconds,andsometimesIcouldn’treachtheoutsideworldatall.SoIboughtarecentTP-Link4Gmodem,thinkingthatofcoursethey’dhavedesigneditwithDecocompatibility.TLDR;DitchtheTP-LinkArcherMR6004G+v2modem.Imayhaveendedupwithadefectiveone,butthereareplentyofpeoplepostingthattheyhavethesameproblemIsaw—themodemlimpsalong,sometimesfunctioningokayforawhile,atothertimesworkingokayifyourebootiteveryhour.IboughtacheapTPMR150,whichisnowfunctioningfineafteraweekofuse.I’llupdatethisarticleifitgoeswrongtoo.However,therestofthearticletellsyouhowtoconfigureitwithaDecomeshsetupsoyoucangetaccesstoalltheextrafunctionalitythatrunningitinWirelessRouterratherthanAccessPointmode.AndasanaddedbonusIprovideanexplanationofhowtheinternetworkswithasimpleanalogy.TheProblemsAsIbrieflymentioned,mainproblemIhadwasthattheperformanceofthenetworkoscillatedwildly.Onehoureverythingseemedtofunctionfine,andthenexthourDNSlookupstookuptoaminute,pingtimeswereseveralsecondswithhalfthepacketsgettinglost,andthehourafterthattherewasnointernetconnectivityatall,exceptforstreamingvideosthathadbeenstartedearlier.ThesecondproblemIhadwasthattheDeconetworkwassupposedtobeabletoofferallsortsofservices:anti-virusprotection,afirewall,performancemonitoring,qualityofserviceselection,andsoon.Exceptthattheseallrequiredamodemin“bridgingmode”,anddespitethefactthatwe’retalkingaboutalltheequipmentbeingTP-Linkmanufactured,therewasno“bridgingmode”optionfortheMR150.TheSolutionIfyoufollowthesesteps,youshouldendupwithaDeconetworkin“WirelessRouter”modewithadecentconnection.Ittookmethreedaystofindalltherequiredinformation:SettinguptheArcherMR150tobridgingmodeThereisnoactualclear“bridgingmode”fortheMR150,butyoucanconfigureallsortsofsettingsthatensurethatitactslikeitisinbridgingmodebyfollowingtheseinstructions:FollowtheinstructionsforsettingupyourArcherMR150:insertaSIMcard,powerupthemodem,andconnectyourlaptoptothemodemusinganethernetcable.Goto192.168.1.1withawebbrowser,andfollowthesetupinstructions.CheckthateverythingisworkingusingtheAdvancedtab,scrollingdowntoSystemTools,andselectingDiagnosticTools.TheSimcardtest,WANconnecttest,andNCSItestsshouldallpass(iftheydon’t,yourmobileinternetproviderhasaproblem).ThisDiagnosticToolandthewebsitewww.speedtest.netprovideanexcellentcombinationtocheckhowwellthingsaregoingonceyournetworkfunctions.OntheAdvancedtab,gotoWirelessandselectWirelessSettings.UncheckEnableWirelessRadioonboththe2.4GHzand5GHzpanes(youcanleavethischeckedifyoualsowanttouseyourArcherMR150asaseparateWiFinetworktoyourDecosystem).OntheAdvancedtab,gotoNetworkandselectLANsettings.EnableIGMPSnooping—thisseemstosolvetheproblemwithDNSlookupssometimesfailing,butIhavenoideawhy—andmakesureDHCPischecked.Bothofthesechoicessoundoddinitially,buttheyarerequired.ThenclicktheSavebutton.ConnectyourmasterDecounittotheArcherMR150,andwaitforittogetanIPaddress.Itshouldendupwith192.168.1.100or192.168.1.101,andonrefreshingtheLANSettingspage,youshouldseeitintheclientlist.VerifythatitisindeedthemasterDecounitbycomparingtheMACaddressonthebackoftheDecowiththeMACaddressintheLANSetting’sClientList.Clicktheblue“+Add”buttonintheAddressReservationtable,andthenclicktheScanbutton.SelectyourmasterDecounitfromthedrop-downlist,andSaveittothelistofreservedaddresses.OntheAdvancedtab,gotoNATForwarding,andselectDMZ.CheckEnable,andaddtheIPaddressofyourmasterDecounittotheDMZHostIPAddressfield.Itsthe192.168.1.100or192.168.1.101addressthatyousetinstep6thatyouneedtobeenteringhere.Forgoodmeasure,rebootyour4GmodemusingAdvancedtab>SystemTools>Reboot.SettinguptheDeconetworkGototheDecoandroidapp,whichshouldnowconnectafterabitofawait.Onthemainscreen,atthebottomright,thereisaniconwithagridofninesquaresandtheword“More”beneathit.Taponit.Taponthecogiconwith“Advanced”beneathit.Scrollallthewaydown,andcheckthatOperationModeis“WirelessRouter”.Ifitis,great.Ifitisn’t,taponOperationModeandselect“WirelessRouter”insteadof“AccessPoint”.That’sit.YoucannowfollowthenormalinstallationproceduretoaddmoreDecounitstoyourmeshnetwork.APrimeronNetworkingAtthispointyoucanstopreading,becauseyournetworkshouldbeupandrunningnow.However,ifyou’vebeenstumblingaroundinthedark,wonderingwhatallthenetworkingterminologyisabout,youmayfindthefollowinguseful:Networking:ananalogyImaginethatadeviceonacomputernetworkislikeahouseonastreet.Youcanspecifyitusingit’smapco-ordinates.Forexample:38.8977°N,77.0365°Wletsyouknowthelocationofafamousbuilding.Theseco-ordinatesareliketheMACaddressofthehouse,exceptinsteadofbeingalongitudeandalatitude,aMACaddresslookslike74:DA:88:3A:F0:21.Itisthelowestlevelformofaddressofthedevice.Onelevelup,wehavetheIP(orInternetProtocol)address.TheIPaddressislikeasuper-accurateZipcode,forexamplewithourhouseanalogy,it’ssomethinglikeDC20500.ButanIPaddressisn’twrittenlikeaZipcode—thereareactuallytwodifferentstandardsinuse:IP4andIP6.HereI’lltalkaboutIP4.AndIP4addresslookslikeacollectionoffournumbersseparatedbyperiods,forexample192.168.1.100.ComputersuseIPaddressontheInternettofindandcommunicatewitheachother.Buthumanbeingsaren’tverygoodatmemorizingthem,soweinventedtheDomainNameService,whichassociatesamemorablehuman-readablestringwitheachpublicIPaddress.Continuingouranalogy,theDNSnameislikeastreetaddress.Forexample,thestreetaddressofourhouseisTheWhiteHouse1600PennsylvaniaAvenueNWWashington,andtheDNSaddressofthesamelocationintheInternetworldishttps://whitehouse.gov.LocalandpublicnetworksThereisashortageofIP4addressintheworld.Asaresult,peopleuseprivateaddressesfortheirlocalnetworks,withagatewaytotheInternet.Thegatewaydevicehassinglepublicaddressfacingouttotheworld,andalocalnetworkaddressonthelocalnetwork.Localnetworkaddressesareusuallyeitheroftheform192.168.x.x,or10.x.x.x.Soifonedevicecalled192.168.1.100wantstotalktoanotherdevicecalled192.168.1.119,theyknowthey’rebothonthesameinternalnetwork,andtheycommunicatedirectly.Butif192.168.0.100wantstotalktoadevicewithIPaddress23.197.12.199,itnoticesthatthatdeviceisn’tonthelocalnetwork.Soitsendsitsmessagestothegateway(whichistypicallycalled192.168.1.1),andthegatewaythenforwardsitouttotheworldtofindthedevice.Thismakesyourlocalnetworklooklikeanofficebuilding—whenmessagesaresenttotheoffice’saddress,theyarriveatthemailroom(whichislikethegateway),andthemailroomworksoutwhichparticularroomthelettershouldbedeliveredto.DynamicHostConfigurationProtocolTheDynamicHostConfigurationProtocol,orDHCPforshort,isafurthercomplicationinnetworksthatwasintroducedtomakethingseasierandyetseemstoresultinmanyproblemsandheadaches.Inouranalogy,DHCPisequivalentto“hotdesking”inanoffice.Ratherthangettinganiceprivateroomwhichyoucandecoratewithallyourpersonalknickknacks,onarrivingatworkyouaregivenadesklocationeachdaybythereceptionist.Sometimesit’sthesamedesk,andsometimesit’sadifferentdesk.ThesamehappenswithDHCP—whenadeviceconnectstothelocalareanetwork,itisgivenanIPaddressbytheDHCPserver,whichmayormaynotbethesameaddressithadlasttime.ProblemsarisewhenthereismorethanoneDHCPserveronthenetwork,whichcanresultintwodifferentdevicesgettingthesameIPaddress.Thisisliketworeceptionistshandingouthotdesklocations,resultinginemployeesarguingaboutwhichoneofthemisactuallysupposedtohaveagivendesk.NetworkaddresstranslationBacktothemailroom,whichisperforming“networkaddresstranslation”—theykeeptrackofalltheoutgoingletters,andwhenareplytoaletterarrivesat“theWhiteHouse”,theyinspectit,anddeterminewhichroomitshouldbedeliveredto.Continuingwiththemailroomanalogy,wehavetwomailroomsinoursystem!TheTP-LinkArcherMR150isactinglikeamailroom,andthemasterDecounitisworkinglikeamailroomtoo!Thiscausesaproblem,becauseboththinktheyarethemostimportantroomintheoffice,andtheystartsteppingoneachother’stoes,andlettersgetlost.Toovercomethis,oneofthemailroomshastobesetto“bridgingmode”.WhatisBridgingMode?Whenagatewaydeviceissettobridgingmode,itdirectsallthestuffitreceivestooneplace,andbecomeslikethereceptionistwhotakesallthelettershegetsstraightfromreceptiontothemailroom,insteadofwalkingaroundtheofficedeliveringthem,andannoyingthemailstaff.That’swhatwewantedtodowithourMR1504Gmodem.Butthereisn’tasettinginthemodemconvenientlylabelled“bridgingmode”.InsteadwefakeitbyusingaDMZ.WhatisaDMZ?DMZstandsfor“DemilitarizedZone”,andinthenetworkingworlditmeansthatalltheprotectivecodethatthemodemmanufacturersuseisturnedofffordevicesattachedtoit.It’slikeaseparatewildwestnetworkattachedtoyourmodem.Nomodemfirewall,nonetworkaddresstranslation,nonothing.JustallthedatapassingstraightthroughfromtheinternettotheDMZ.Whichasitturnsout,isexactlywhatwewantfortheDeconetwork.WhyTP-Linkcouldn’tjustpackagealltheabovestepsintoasimple“Bridgingmode”settingratherthanrequiringustogothroughalltherigmaroleofsettingitupourselvesisbeyondme.Thenagain,they’reabigcompany,withover20,000employees.Iguessthatmakesthemtoolargeforefficientintercommunicationorlisteningtotheircustomers.AbouttheAuthorKeirFinlow-Batesisablockchainresearcher,inventor,andauthor.Youcanbuyacopyofhisbook,“MoveOverBrokersHereComesTheBlockchain”whichexplainsblockchaininsimpletermsusinganalogies,justliketheoneusedabove,athttp://mybook.to/moveover.Hewishesthataccesspoints,switches,routersanddevicesjustworkedoutofthebox.MorefromKeirFinlow-BatesFollowCEOandco-founderofChainfrogOy,aFinnishstartupresearchinganddevelopingadvancedblockchaintechnologies.Lovepodcastsoraudiobooks?Learnonthegowithournewapp.TryKnowableMorefromMediumArticleoftheDay:RussiaandUkraineCyberActorsandOperations{UPDATE}脑筋急转弯:终极挑战700问考验你的脑洞HackFreeResourcesGeneratorTermsofService&PrivacyPolicyTermsofServiceHowtoCheckifanIPAddressisaKnownThreatinGo{UPDATE}Tarzan-TheQuestofMonkeyMax-DiscoveryHackFreeResourcesGeneratorSafePalofficiallysupportTTXSafePalofficiallystartedhandlingTTXtokens,andwereceivetechnicalsupport.Youcanstoreandmanageyourtokensafelyand…FlawedCybersecurityIsaTickingTimeBombfortheBalkansCheckingthestatusofWindowsupdatewithOsqueryGetstartedKeirFinlow-Bates459FollowersCEOandco-founderofChainfrogOy,aFinnishstartupresearchinganddevelopingadvancedblockchaintechnologies.FollowRelatedAbigwelcometoourcohort3granteesWe’resoexcitedtoannouncethethirdcohortofgranteesfortheUnlockProtocolgrantprogram!Ourgrantselectioncommitteemetatthe…PolkaExcooperateswithJPYCtolaunchtheUSDC-JPYCLPwithfarminglivenow!!!Slopex1SolAMARecapOnDec18th,SlopeFinancewasdelightedtoinvite1SolCo-founder&CEOTintintohaveanAMAinSlopeDiscord .PhisherWatch:AirdropScamsAscryptocurrencyhasgrown,itsusershavebecomeanincreasinglyhottargetforphishers.Eachtimewemakeonetypeofphishingharder…HelpStatusWritersBlogCareersPrivacyTermsAboutKnowable