AirPort Express and Timed Access Control

I use an AirPort Express as my Wi-Fi access point. I recently checked the box for Enable Access Control, and added MAC addresses for all the devices that should have access, allowing Everyday and All Day access, with “stranger (default)” being allowed No Access. Now, neither iPhone can connect; each gives the error “Unable to join the network [myNetwork]” with only OK as a response. For what it’s worth, [myNetwork] does appear in the list (as the only entry) of My Networks rather than in Other Networks on the iPhones. The iPad, MacBook, and iMac connect.

Please tell me what I am doing wrong.

Not sure if this is it, but on your iPhone you may want to go into settings - WiFi, tap the “circle i” icon to the right of the name of your network, and turn off “private address” - an option added to iOS 14 which is useful for sporadic WiFi connections but not necessary for your home network.

I do think that the MAC address is supposed to be the same whenever the device connects, but I’d try turning the option off (if it is now on.)

Thank you for the quick response.

For other reasons, I restarted the AirPort Express (and I assure you that I had tried that multiple times before), and now both iPhones have connected. Also, I had already discovered the Private Address setting, been bewildered, and turned it off to no avail. However, both iPhones now have it turned on and are connected. (I have just installed iOS 14.4 on the older iPhone, so that could be why Private Address had been reset on it. I have downloaded but not installed iOS 14.4 on the newer iPhone, and I don’t know why it would have been reset.)

For what it’s worth, the new MacBook Air, which had connected previously, would connect but have a self-assigned IP address today. That was the reason for the AirPort restart, which seems to have fixed all problems. As I said, I had restarted it multiple times before posting my question. Gremlins!

Edited to clarify. When I posted the above comment, Timed Access Control was turned off. (I needed to turn it off so the iPhones could connect to Wi-Fi and download iOS 14.4, then forgot to turn it back on.) I turned Timed Access Control back; the iPad reconnected but neither iPhone did until I turned Private Address off. (The iPad already had it turned off.) In summary, it seems like @ddmiller was spot on with the suggestion to turn off Private Address. Why didn’t it work when I did that earlier? I don’t know, but perhaps enough restarts of devices plus putting iOS 14.4 on the iPhones and turning off Private Address all worked together to fix things.

One more follow-up. I had some additional problem with the AirPort Express, and while poking at it with AirPort Utility, it abruptly went off the air. When it came back, I needed to set it up from scratch, as if it were new or I had pressed the reset button. Since then, it has worked fine, so I assume something internal was goofy and it had been limping along. Perhaps supporting this theory, I note that the green indicator light had been blinking like crazy 24/7 for years. (I had assumed it was the ISP.) Since the hard reset, that light has been solidly on when no one is doing anything.

Commenting on my post above, the light being on solidly is an option that the current version of AirPort Utility does not support, as far as I can tell. For other reasons, I used the iBook G4 recently, and while poking around, I found an old version of AirPort Utility that let me set “Blink on Activity” and also set the base station’s output power level.

But the reason for this post is that Wi-Fi through the AirPort Express seems to have intermittent problems, manifested by web pages sometimes taking a long time to load. “Sometimes” is hard to quantify, but it might be 15% of the time. “Slow to load” usually means slow to start loading, sometimes for 10 or more seconds and occasionally timing out. This is on three different computers, but it is worst on the MacBook and best on the M1 MacBook Air, so there is some correlation to the specifications of the computer.

Speedtest reports that the AirPort Express download speed can be slow to start and then fluctuate, but it usually settles down to around 35-40 Mbps. Wi-Fi from a Time Capsule usually starts more reliably and ends just under 50 Mbps (which is what I’m paying for). Ethernet directly connected to the ISP’s device is about the same as Wi-Fi from the Time Capsule.

Would slower and erratic Wi-Fi from the AirPort Express indicate that it is dying? Is there some setting that I should check? I have done a full reset (press the little button for 10 seconds) and unplugged and replugged the ethernet cables, both with no apparent change in symptoms. Thanks for any hints.

That’s a good question. I don’t really know, but my gut feeling is yes. After putting up with flaky behavior from my aging AirPorts for a while, I finally broke down (several years ago now) and bought two Eeros. They have been far, far less flaky, and the times I’ve had to reset them, the problem might have been further up the chain anyway.

Slow to start loading is often related to DNS. Are you relying on a broadband provider’s DNS or have you set your own to something like OpenDNS, Google, or

No. In accordance with instructions here on TidBITS (thank you, @frederico), I put the following addresses in the DNS lookup table on on Airport Express.

I just checked and those addresses are still present (and the only DNS addresses shown).

I’ll start shopping. Would you recommend Eero for a new purchase?

I find it hard to imagine that the Express is dying if you see decent performance with an M1 Mac but not with another Mac.

One thing you could try is disabling IPv6 temporarily. In the past, it’s been known to cause performance problems.

Thank you for the responses.

The M1 Mac sees better performance than the old MacBook, but it is still reduced from what it was in January (before the start of this thread). I don’t know if the better performance is because the M1 is a better computer or coincidence. Most of the time, response is quick enough that I’m not annoyed, whichever Mac I’m using. But the really long delays seem to be on the 2015 MacBook and not the M1.

I changed Configure IPv6 from Automatically to Link-local only. I have not had a lag as long as 5 seconds since then, but it’s an intermittent problem, so I don’t know if that made the difference.

Was that the correct way to disable IPv6 temporarily?

If it seems that that has fixed the problem, then what? Leave IPv6 disabled permanently? Replace the AirPort Express?


I don’t know, honestly. IPv6 still seems to be a work in progress. I think AT&T only started rolling out IPv6 to home users in the past two or three years. I recently switched to Spectrum and discovered that while my AirPort Extreme is assigned an IPv6 address, I can’t actually access the internet using IPv6. And since there’s not widespread adoption of IPv6 yet, I can easily imagine that modems, gateways, routers, and the like may still have bugs that might be to blame for performance problems.

IPv6 support depends on your service provider. Comcast has had it deployed for quite some time (I’ve had it for over six years). Others, including AT&T and Verizon have taken much longer and may not be rolling it out even today.

As for consumer devices, macOS, Windows and Linux have had support for a very long time. All of my routers (various models from Linksys, mostly) have also had support for a very long time.

As for addressing, you will find that most devices have multiple IPv6 addresses.

Every device will have a link-local address (which begins with FE80:: and ends with the name of the interface/link that it is associated with, like %en0). This is automatically generated as a part of enabling the interface.

If your ISP has IPv6 support, they will assign you a large block of addresses. For Comcast, this is a 64-bit block of addresses. All IPv6-compatible devices on your network will run the IPv6 Stateless Address Autoconfiguration protocol (RFC 4862) to auto-generate a random address within the block you were assigned. Addresses will change from time to time for security purposes (since IPv6 gateway routers generally do not perform NAT), but old addresses will be retained for a while in order to not break open connections from remote systems.

If your ISP doesn’t assign you an IPv6 address block, it might take a bit longer to enable a network interface as it tries to run the autoconfiguration protocol and doesn’t get a reply from the IPv6 “all routers” multicast address when asking for the network’s address prefix.

Configuring your interface for “link local only” will prevent it from running the autoconfiguration protocol, and might speed up the startup sequence a little. You will still be able to use link local addresses to use IPv6 for communicating on your local LAN segment, but you won’t be able to use it for Internet communication. Which is just fine if your ISP isn’t giving you a public IPv6 address block.

Yes, my experience with it has been positive. We’ve written about several of these mesh networking products.

Thanks, @Shamino, for that discussion of IPv6. Much of it went over my head. Did I understand correctly that any slowdown due to IPv6 being enabled would occur when the AirPort starts up? And thanks, @ace, for the pointers to the articles on Wi-Fi base stations.

I have continued to poke around, and found (with a very small number of samples) that Speedtest reports consistently and significantly better throughput if I set the AirPort Express Radio Mode to 802.11n only (5GHz). My recollection is that the problems started before I changed that to 802.11n (802.11b/g compatible), but I could be misremembering. (I changed it so the iBook G4 could connect; apparently it doesn’t do 802.11n.)

Would 802.11n and 5 GHz make a significant difference? Would that speed and protocol be available even in the compatible mode? Is there a way to tell what speed and protocol the Mac and AirPort have established?

I don’t know specifically what is causing your problem - I would need to get up close and personal with your router to be sure about that :-).

IPv6 (like IPv4) needs to have an address before it can be used. For IPv4, this usually comes either from manual configuration or using DHCP to get a dynamic address from your router or your ISP.

For IPv6, an interface has multiple addresses. One (the link-local address) is usually created internally (by your Mac or router) as soon as the network interface is enabled. But link-local addresses are just that - local to one link (that is, network interface). They can be used to communicate with other devices on your LAN, but they can never be used over the Internet.

In order to use IPv6 over the Internet, you need a public address. Although there is an IPv6 version of DHCP it isn’t the most common option. Instead, there is an autoconfiguration protocol built-in to the IPv6 standard where your computers ask your router (e.g. an AirPort device or the router you got from your ISP) for the block of addresses your ISP assigned to you and generates an address within this block.

My point here is simply that if your ISP doesn’t give you an IPv6 network address block, your Mac won’t be able to generate an address. Depending on how the network startup scripts are written, this may prevent the network interface from coming on-line until after the protocol times out.

Aside from that, I can’t imagine any network slowdown caused by simply enabling IPv6. If you turn it on and don’t get an address, then all software trying to resolve host names into addresses will get IPv4 addresses and the IPv6 stack will sit idle (except maybe for Bonjour access to local devices, where the link-local addresses can be used).

As for the Wi-Fi, there can be many different reasons.

5 GHz is theoretically faster because there are more non-overlapping channels for your access point to choose from and the more recent protocols (802.11n/ac/ax) can use wider channels if your access points support them.

But 5GHz is more easily blocked by things in your home, including the plumbing and heating ducts in your walls, so it tends to have a shorter range when used indoors. On the other other hand, because of this, you may have less interference from your neighbors’ 5GHz access points - because your walls and their walls will block a lot of the signal.

Disabling support for 802.11b/g may give you more bandwidth. These protocols have a lower data rate, so they consume more wireless bandwidth for a given amount of data than a higher speed protocol like 802.11n/ac/ax. Of course, if you disable b/g, then if you have any devices that don’t support n/ac/ax, they won’t be able to connect to your access point.

Again, someone would need to study your local network site in order to determine the specific cause for your performance problems, but what you’re describing makes sense. Disabling slow protocols like b/g and moving to less-congested bands like 5GHz can definitely help under some circumstances.

1 Like

I appreciate the continuing education. My actions related to IPv6 were entirely based on @chirano’s comment, which seemed to have some merit based on extremely limited testing. It was always in the back of my mind, but I’m starting to think it’s the ISP. (Guess what? The ISP has blamed my Wi-Fi router, my cabling, my computer, and I assume it would blame the phases of the moon if the discussion continued long enough.)

Anyway, after leaving both the device that the ISP calls a modem and that I call a bridge and the AirPort Express unplugged for several minutes, I started them up and got 10% higher download and upload speeds than I am paying for. (Since then, which was early morning, speeds have slowed but are still acceptable.) I had left both unplugged for over 60 seconds on multiple occasions; would the difference between 1 and 10 minutes be significant?

Also, I connected the ISP’s device directly to the MacBook (via a cable and adapters, of course), and System Preferences > Network > Advanced shows an IPv6 addresses for a router (which begins with FE80::) and (presumably) the Mac (which neither begins with FE80:: nor ends with anything like %en0, for what that’s worth).

I wouldn’t expect much from an ISP’s support staff. They’re paid to walk you through a script and if that doesn’t work, they have no clue after that point and will pretty much say anything to get you off the phone, figuring that if you call back again it will go to someone else who can take the blame for their “solution” not working.

Performance problems are notoriously hard to diagnose. If you have two computers on your LAN, you might try enabling file sharing and see how long it takes to copy a file from one computer to the other. A LAN-based speed test might also be interesting, but I don’t know what apps might be available for this.

The reason to run this test is that Internet issues might be due to your Wi-Fi (in which case, using a wired connection like Ethernet between computers and the router would change everything), or they could be an issue with the link from your ISP, congestion on your ISP’s network segment (especially for technologies like cable modems, where your neighbors all share the same cable and therefore its maximum bandwidth) or issues with the Internet itself, which are beyond the scope of your ISP.

Power cycling the modem and/or router shouldn’t change anything, but like I said, there’s a lot of possible issues. A cable modem (assuming that’s what you are using) uses the DOCSIS protocol. There will be many “channels” on the cable line (similar in concept to radio channels used by Wi-Fi, Bluetooth, cellular and other technologies). The number of possible channels and per-channel bandwidth will depend on how your ISP has provisioned the cable network. The number of channels your modem can use simultaneously will depend on the model modem you are using.

(For DOCSIS version 3, the theoretical maximum is up to 38 Mbps per downstream (from ISP to you) channel and up to 27 Mbps per upstream (from you to the ISP) channel.)

More simultaneous channels means you have a larger theoretical maximum bandwidth, but you will never see this because the modem will limit your bandwidth to (approximately) the amount you are paying for. But even if you can’t realize this theoretical maximum, more channels means a more reliable connection because data can be distributed across all of the channels you are using - so congestion on one channel will have only a small impact on overall throughput.

If you have the access credentials, you can often log into your modem and check its status. It will show you information about your current connection. For example, here’s what I get when I log into mine:

In it, you can see that my modem supports 8 downstream (from the ISP to me) channels and 4 upstream (from me to the ISP) channels and that it has successfully connected (“bonded”) to all of these channels. This produces a theoretical maximum bandwidth of about 300 Mbps downstream and 100 Mbps upstream - which is appropriate for the service I’m paying for (100 Mbps downstream and 5 Mbps upstream).

My modem, however, is pretty old. Newer ones, especially those designed for gigabit Internet speeds will allow many more channels. For example, one on Comcast’s approved list supports 32 downstream and 8 upstream channels for a theoretical maximum bandwidth of 1.2 Gbit/s downstream and 200 Mbps upstream.

Anyway, the reason for my mentioning all of this is that the cable has many more channels than your modem supports. When it connects to the network, it connects (“bonds”) to a subset of the available channels and it typically won’t try to switch channels unless there’s a complete outage (which would cause it to restart the entire connection process when the network comes back). If there is a network problem causing a channel to drop out, rebooting the modem might cause it to bond to different channels after the reboot, which might improve your throughput.

But all this is conjecture. The technology is not hard to understand (at least at the high level I’m explaining it at), but only your ISP will have the diagnostic tools and network access needed to properly diagnose line conditions.

Regarding IPv6, it looks like you are running it. The “Router” address shown in the Network preference panel is your link-local address. As you pointed out, it begins with FE80::. The other address(es) listed there are public addresses generated by the the autoconfiguration protocol. They probably all begin with the same “prefix” digits (in my case, 16 digits, or 64 bits) and have what will appear to be random bytes for the remaining digits. If your ISP didn’t support IPv6, you wouldn’t see any public addresses.

1 Like

The ISP support person, when I just called, surprised me by almost immediately suggesting sending someone to the residence tomorrow. I think it helped that I had just run Speedtest and had gotten abysmal numbers. (From the conversation, I think the rep could tell I had just run Speedtest and could see the results.)

The recording that I needed to hear before I could talk to support said that a number of issues can be fixed by restarting the modem, and a rep in an earlier call had said they suggest customers do this at least once a month.

Certainly I don’t have access credentials. If I remember, I’ll ask the tech who visits about that. It could be Midco (the ISP) doesn’t want me to have them, or it could be that I’ve never asked.

I’m glad to hear they are sending a tech. If it’s a problem with the cable network and not your home Wi-Fi, they should be able to either fix it or create a work order to fix it.

Everybody says you should reboot your equipment all the time. Just like computer techs always tell you to reboot your PC or Mac. But it’s far less necessary than the techs would have you believe.

I only reboot my computers when a system software update forces me to and I almost never reboot my router (usually only if I’m seeing a service outage and I’m trying to identify the cause). Unless your device firmware has a critical bug, it shouldn’t need to be restarted “at least once a month”.

FWIW, my cablemodem’s uptime is currently 56 days (last rebooted because there was a regional Comcast outage but I hadn’t learned it was regional at the time I rebooted it.) My router’s uptime is 121 days.

Regarding login credentials to the modem, you should be able to get them. If you didn’t change them, then they should be either a default password or a string keyed to your modem’s serial number (sometimes printed on a sticker on it). The tech will be able to give them to you if you don’t have them.

Every modem I’ve seen has a web interface. You can point a web browser at it’s IP address and log in to it. From there you can get device status and configure how it interacts with your LAN (e.g. set IP address, enable/disable/configure any built-in router features and possibly other features.) You won’t be able to configure the parameters that determine how it connects to the cable network, but you will never need that kind of access since all those parameters are closely tied to the cable network’s internal configuration.

1 Like