Best Router For Home Use - TP-Link Archer C7 version 2.0

Stacks Image 18721
I’ve got a lot of routers and a lot of experience with various firmwares. It’s hard to say which one is “best” but I think I’m prepared to do just that.

And when I mean “best”, I mean best for most home users.

This is more router than 90% of the people on planet earth need. And the best part is that in a field of routers that cost $300 the TP-Link Archer C7 rolls in at around $90. Less if you’re an eBay genius or find a remanufactured one.

Let’s dig in.

First of all get it here. Hopefully you’ll get a version 2.0. That’s what you want especially if you really want to milk this thing for all it is worth and install DD-WRT Open Source Firmware.

NOTE: If you don’t have a version 2.0 don’t proceed with my crazy instructions. There seems to be a version 3.0 out there but I’ve never seen one.

Lets look at specs:

Simultaneous 2.4GHz 450Mbps and 5GHz 1300Mbps connections for1.75Gbps of total available bandwidth

That’s not the fastest out there but take a look at this. Here’s my wifi survey from my house. I can see lots of networks from my house. Almost all my neighbors only have their routers set on 20MHz channel width. Probably most are all are capable of 40MHz and if they have 3 antennas they can connect at 600Mbps on the 2.4 GHz channel. 450 if you have two antennas. Only one other neighbor even has their 5GHz channel enabled. 5GHz channels are less crowded and faster, by the way.

That’s sad folks. That is an example of plugging it in, turning it on, seeing Google or MSN and calling it good. What a waste of your money and that expensive internet you’re paying for.

And I bet you lunch that if you haven’t configured your router for good throughput that you probably haven’t employed ANY security measures whatsoever other than a Wi-Fi password. That Wi-Fi password means NOTHING when someone logs in as the router admin (root) and unmasks your password. One of my neighbors DOESN’T EVEN HAVE A PASSWORD. Another neighbor has WPA for wireless security. Can you say “Easy to hack”? Sure, I knew you could. Yet another has WPA/WPA2 mixed. Can you say “Almost as easy to hack”?

If it’s circled in red, it’s mine. Everyone else is set at super slow speed. Note that my 2.4GHz channels are getting 450Mbps and 600Mbps, the max of the router.

Some are even putting out 54Mbps. That’s pretty old school. Bet I could hack those routers without even working up a sweat. Don’t worry. I wouldn’t. I like the thought of never going to jail just fine.

Stacks Image 19725
So Archer C7 gets you 450Mbps on 2.4 and 1300 on 5GHz. Not the best on 2.4 but look at what the rest of the world is doing. You’re ahead of the power curve if you just pay attention.

Once you un-box lets start right away and install DD-WRT.

Hook your computer up to one of the 4 LAN ports in the back via CAT 5 ethernet cable. It is possible to flash the router over wireless however it’s more likely to get a corrupt flash if something goes wonky with the wireless.

Once you are in open a browser and type in the following address:

http://192.168.1.1

Default username is: admin
Default password is: admin

Then you’ll see this:
Stacks Image 18724
Scroll down and click on System Tools > Firmware Upgrade
Stacks Image 18728
Now go to:

ftp://ftp.dd-wrt.com/betas/2016/

And get the following files in the Archer C7 v-2 folder dated 3-25. As I write this the files after 3-25 have some issues. Play it safe. (if you indeed have the version 2) and download the following files that have US in the filename.
Stacks Image 18732
Go back to your Firmware Upgrade page and install the “factory-to-ddwrt-US.bin file first. After successful flash go to your browser and go back to

http://192.168.1.1

The default user name is: root
The default password is: admin

You’ve done it, you’ve flashed DD-WRT

If the upper right hand corner of the pic below doesn’t say 3/25 (mine says 3/31, don’t flash 3/31) then flash the 2nd file.

You are now a “POWER USER”.

First thing you’ll see is a screen to change user name and login. Do that and hit apply.

Now you’ll see this status screen:
Stacks Image 18736
Right now your router is WIDE OPEN with a wireless network of dd-wrt that should show up under your wireless. Let’s change that quickly. Click the tab on the top left that says “Wireless” I set mine up like below. Name your networks anything but give them two separate names.
Stacks Image 18740
Now save all this, don’t change places without saving. Now click on Wireless Security. Make sure you set your Security Mode to WPA2 Personal and WPA Algorithms to AES. TKIP is slower and less secure. AES.
Stacks Image 18744
Save, and Apply. Wait a few minutes then look for your wireless networks and type in your new password to connect.

You now are running DD-WRT with reasonably secure wireless. We’re not done but I’ll add more later. Feel free to poke around and get an idea of what DD-WRT can do………


Now let’s tackle DNS. A Domain Name Server is what converts your numerical IP address into all that fancy .com nonsense you see. So 68.65.120.231 turns into that awesome website of hagensieker.com

Get the idea?

A good DNS server speeds up your requests. A crappy one, well…………. Your ISP probably has a crappy one. If you are a Mac person download a program called NameBench and run it. It takes a bit. Be patient.

If you are a Windows (fool) download GRC’s DNS Benchmark run it.

Get a load of the results of my NameBench run. Google Public DNS is 120% faster than Suddenlink. Surprise surprise.
Stacks Image 19727
So it tells me to use Google DNS. Open DD-WRT at 192.168.1.1 (or whatever address you now have) and change the settings like so. On the basic setup page input the Google DNS server.

First line is 8.8.8.8

Second line I chose to modify. That is google’s secondary public DNS server.

8.8.4.4

Then the third line of all zeros will fall back to Suddenlink if Google DNS goes down.

Pretty cool, huh?

By the way a hacker can get in your router, change your DNS server to THEIR DNS server and guess what? You click on BankOfAmerica.com and you end up at BankOfCriminals.com Put your password in……..damnit this isn’t working. No, it isn’t but the hackers now have your password. Congratulations. You’ve been screwed.

Stacks Image 19731
Here’s another security measure. Change your IP subnet private network to something not standard. Using the same LAN Address as the rest of the world leaves you open to certain types of attacks. Almost every router in the world comes configured with an address of 192.168.1.1

Change that value to 192.168.25.1 or 10.0.11.1 or something bizarre, but still in the range of private networks will stop some types of automated attacks. The bad guys know just where to look. Don’t make it easy for them.

Under your setup page under Router IP / Local IP Address in DD-WRT change your address as per the example below.

You are becoming more of a Power User all the time. :)


Stacks Image 20736
1,969