Home Network Upgrade — bridge mode + new Wi-Fi 6 router

← Vault

Home Network Upgrade

Take Wi-Fi reliability out of Comcast's hands. Bridge the Hitron, install a router I control, lock the channels, fix the dropouts.
Why this exists. Twice on 2026-04-28 the Mac lost internet while other devices stayed online — Wi-Fi reported associated, but DNS to all 4 Comcast servers timed out and packets to the gateway hit No route to host. Root cause: 5 GHz channel hit a DFS radar event (~64s eviction), and macOS refused to reroam because RSSI (-68 dBm) was just inside the threshold. The Hitron's web UI is locked; channel control is no longer possible without bridge mode. Solution: bridge the Hitron, drop a Wi-Fi 6 router behind it, lock the 5 GHz channel to UNII-1 (no DFS), point DNS at Cloudflare.
Buy Prep Bridge mode Setup Settings Verify If it goes wrong
1. Buy
Recommended

TP-Link Archer AX73 — ~$130

Wi-Fi 6 (AX5400 class). Full web UI with explicit channel, channel-width, and band-steering control. No app required. No cloud account. Six external antennas, OFDMA + MU-MIMO.

Available at Amazon, Best Buy, Newegg. Black with red trim — looks gamer-ish but it's quiet, no LEDs by default.

Alternatives

If the AX73 isn't in stock

ASUS RT-AX5400 equivalent specs, AsusWRT-Merlin firmware path if you ever want to flash
~$130–150
ASUS RT-AX86U Pro overkill but bulletproof; sometimes $150 on sale
~$200
TP-Link Archer AX55 budget option, weaker antennas, fine for small space
~$80
Skip

Don't buy these

  • Eero / Google Nest WiFi — app-locked for advanced settings. Same Comcast-style problem in a different costume. You'd have no channel control.
  • Anything sub-$80 — won't be meaningfully better than the Hitron's radio.
  • Wi-Fi 6E / 7 hardware unless on sale at <$200 — premium tax for capability you won't use yet.
  • Mesh kits (3-pack) — single router covers your space; add a node later if needed.

Also grab: 25 ft Cat6 ethernet cable (~$10) if you want to place the router somewhere other than next to the Hitron.

2. Pre-flight
1

Note current Wi-Fi credentials 5 min

Write down the SSID (Plum MD) and password. If you reuse them on the new router, every device on the network auto-reconnects without intervention.

2

Unbox, power up, don't connect

Plug the router in for power only — no ethernet yet. Note the default admin URL and Wi-Fi shown on the bottom-of-router sticker.

3. Bridge the Hitron
Xfinity app

Turn the gateway into a dumb modem

This is the only way to disable the Hitron's Wi-Fi and NAT. After bridge mode, the Hitron passes traffic to whatever's plugged into port 1 and stops doing anything else.

  1. Open the Xfinity app on phone
  2. Connect → Internet → Advanced Settings
  3. Find Bridge Mode and toggle ON
  4. Confirm the warning. Gateway reboots, Wi-Fi from gateway dies, all current Wi-Fi devices disconnect — expected, ~3 min downtime

If the toggle isn't visible: log into the Xfinity website on a laptop instead — same path, same toggle. Some app versions hide it behind "More Settings."

4. Setup the new router
3

Wire it 2 min

Cat6 ethernet from the Hitron's port 1 → the new router's WAN port (yellow on TP-Link, blue on ASUS, labeled "Internet" on either). Power-cycle the new router.

4

Initial config 10 min

Connect a laptop directly to the router via ethernet OR via the default Wi-Fi printed on its sticker. Browse to:

  • TP-Link: http://192.168.0.1 or http://tplinkwifi.net
  • ASUS: http://192.168.50.1 or http://router.asus.com

Run the wizard. Set:

  • Wi-Fi SSID: Plum MD (same as before so devices auto-reconnect)
  • Wi-Fi password: same as before
  • Admin password: something different from Wi-Fi password — don't reuse
5

Lock the channels — this is the actual fix 3 min

Wireless → Advanced Settings (or "Wireless" tab). Apply the values in the table below.

6

DNS hardening 2 min

Internet/WAN settings → DNS. Override the ISP-supplied Comcast DNS — those servers were one of the failure paths during the 12:29 outage.

7

Optional hardening 3 min

  • WPA3 mode (or WPA2/WPA3 mixed if any IoT devices break)
  • Disable WPS
  • Disable UPnP unless something actively needs it
  • Update firmware to latest stable
5. Settings reference

Wi-Fi radios

Setting 5 GHz 2.4 GHz Why
Channel 36, 40, 44, or 48 1, 6, or 11 UNII-1 5 GHz has no DFS — radar evictions can't happen. 2.4 GHz: pick whichever is least crowded; UI shows neighbor density.
Channel width 80 MHz 20 MHz 5 GHz: 80 is sweet spot. 2.4: 20 prevents collisions in dense Wi-Fi areas.
Auto channel OFF OFF Auto re-scans periodically and can land on DFS again. Lock both.
DFS OFF / Disabled n/a Some firmwares have a separate DFS toggle. Off.
Mode 802.11ax 802.11ax Wi-Fi 6 only. Disable legacy unless old IoT needs it.
Smart Connect / Band Steering OFF Off initially. Run separate SSIDs (Plum MD + Plum MD-2G) so you can test which band each device prefers. Re-enable later if you want.

DNS

Position Cloudflare Quad9 (blocks known malicious)
Primary 1.1.1.1 9.9.9.9
Secondary 1.0.0.1 149.112.112.112
IPv6 primary 2606:4700:4700::1111 2620:fe::fe
IPv6 secondary 2606:4700:4700::1001 2620:fe::9

Pick one provider for both rows — don't mix. Cloudflare = pure speed, Quad9 = malware blocking.

6. Verify
8

Connect & smoke test 5 min

Disconnect the laptop's ethernet, connect to Plum MD Wi-Fi.

Run a sustained ping for 3 minutes. Expect 0% loss:

ping -c 200 1.1.1.1

Check signal at the workspace. RSSI should be -55 to -65 dBm. If it's still around -68 or worse, repositioning the router is your next move (or a mesh node).

sudo wdutil info | grep -E "RSSI|SNR|Channel"

Real-world test:

  • Cal.com / Zoom test call for 5 min — no audio dropouts, no video freezes
  • Speedtest CLI or fast.com — should hit your plan's rated download
  • Browse a couple of heavy sites — feels snappy, no DNS stalls
7. If something goes wrong

No internet after bridge mode

MAC cache on Comcast's CMTS sometimes pins the old MAC for ~10 min. Reboot the Hitron from the Xfinity app. If still nothing, unplug the Hitron coax for 30s, plug back in.

Want to undo the whole thing

Xfinity app → Bridge Mode → OFF. The Hitron returns to gateway-mode. The new router becomes useless until bridge is re-enabled. Zero risk path — bridge mode is fully reversible.

Still seeing dropouts after channel lock

That points upstream to Comcast's coax side, not Wi-Fi. Open a ticket with this evidence:

  • "Bridge mode enabled, third-party router downstream, locked 5 GHz to channel 36"
  • "Multiple wired and wireless clients see simultaneous packet loss"
  • "Issue persists across both 5 GHz and 2.4 GHz, ruling out wireless"

That framing forces them past the "is your Wi-Fi working" deflection script.

Mac still dropping but other devices fine

That's a Mac-side issue independent of the router. Most likely fix: macOS update (14.2.1 has known IO80211 issues). Cleanest workaround at moment of failure:

sudo ifconfig en0 down && sudo ifconfig en0 up

Could also bind that to a Raycast / Alfred / shortcut.

8. What this gets you long-term
  • Channel control today. No more DFS radar evictions.
  • Update on your schedule. Comcast firmware pushes can never affect Wi-Fi again.
  • QoS for client calls. Reserve 5 Mbps up for video so a Supabase deploy can never starve a Cal.com call.
  • WPA3, your DNS, your guest SSID. Set up a guest network for client demos that's isolated from the main LAN.
  • Mesh-ready. Add a TP-Link OneMesh / ASUS AiMesh node later if coverage matters.
  • Easier debugging next time. Web UI shows associated clients, signal per device, channel utilization. Hitron's UI showed none of this.

Total: $130–140 hardware, 30 min one-time setup. Pays for itself the first time a discovery call doesn't drop.