backup internet via xfinitywifi

2017.03.25

sometimes cable modems die. sometimes coax degrades causing your cable modem signals to tank. sometimes comcast de-registers your cable modem and re-registers your old cable modem. in these cases, it’d still be nice to have an internet connection at the house.

given that much is TLS these days, i’m not too worried about snooping. maybe i can get a router which supports EAP-TLS and/or 802.1x and transport will be encrypted as well.

i got clever. i picked up a tp-link tl-wr710n router because it has a WISP Client Mode. when it arrived, i configured it for this mode and attached it to xfinitywifi, served out by one of my gracious neighbors. i then authenticated via the captive portal and had the system remember my new router’s wifi MAC.

next, i changed the TP-Link’s LAN-side IP to be in the same subnet as my home network and disabled the internal DHCP server.

now to configure the my cisco 1841 for these shenanigans.

! default comcast docsis.
ip route 0.0.0.0 0.0.0.0 dhcp 250
! via xfinity wifi/tp-link router
ip route 0.0.0.0 0.0.0.0 10.11.12.252 254
! ip sla destination, since i don't use comcast dns
ip route 75.75.75.75 255.255.255.255 10.11.12.252 250

that’s the basic bits. if my cable modem loses its IP and/or the WAN interface of my 1841 goes down, the home network should leverage the xfinitywifi/tp-link path. i have a backup internet connection good for 15mbps down and 5mbps up.

this doesn’t help with problems further inside comcast’s network.  this doesn’t help with physical plant problems affecting the whole neighborhood.  however, i’m not paying for a second internet circuit either.

comcast is a metered connection. therefore next, i thought i could leverage this link for offsite backups. pbr to the rescue! but first, maybe some sla/tracking will help:


! define the check to see if the connection is up
ip sla 1
icmp-echo 75.75.75.75 source-interface FastEthernet0/1
frequency 5
! check forever
ip sla schedule 1 life forever start-time now
! create an acl identifying backup traffic
ip access-list extended send-backup
permit tcp any host x.y.z.a eq 22
! create a route-map for pbr
route-map send-backup permit 10
match ip address send-backup
set ip next-hop verify-availability 10.11.12.252 1 track 1
! apply pbr
interface FastEthernet0/1
description inside
ip policy route-map send-backup
! client cached redirects can be a challenge
no ip redirects
no ipv6 redirects

todo: get an ethernet hwic for my 1841 so this failover/failback stuff is easier.

Categories : geek