HomeTechOps

Wi-Fi & Network

New router migration

A new router often changes local addresses, Wi-Fi behavior, and app discovery. A small migration plan prevents days of mystery breakage.

Who this is for

Home operators in 2026 replacing an ISP gateway or 2-3-year-old Wi-Fi 6/6E mesh with a Wi-Fi 7 + 2.5GbE/10GbE system — or migrating between mesh vendors — while protecting NAS bookmarks, RTSP camera URLs, Plex `allowedNetworks`, printer port-9100 paths, Matter/Thread/Zigbee hub credentials, port-forwards, IPv6 prefix delegation, and DHCP reservations from address-drift fallout.

Outcome

A migration plan that preserves the old LAN subnet on the new router where possible, rebuilds DHCP reservations explicitly (Eero hides the list — screenshot first), keeps the old router available as rollback until every dependent service passes, and verifies the 2026-specific traps: AT&T BGW320 no-bridge-mode IP-Passthrough, Starlink/T-Mobile/Comcast CGNAT detection via WAN IP in 100.64.0.0/10, IPv6 prefix delegation, WPA3-transition IoT pairing, iOS 18 / Windows 11 25H2 Private Wi-Fi Address breaking reservations on SSID rename, DFS-channel evacuation in coastal/airport sites, and known Q1 2026 firmware regressions (Orbi RBE970 9.13.2.1, Eero pre-7.12.x, UniFi U7 DHCP-drop, Asus AiMesh node-orphaning).

Required inputs

  • Old router/gateway admin access + screenshots of: SSID(s), security mode (WPA2/WPA2-WPA3 mixed/WPA3-only), LAN subnet + DHCP range, full reservation list (Eero hides this — screenshot the device list), port-forward + UPnP entries, IPv6 prefix delegation status, guest-network rules.
  • New router/mesh hardware confirmed against intended ISP edge: Wi-Fi 7 + 320 MHz? AFC-capable 6 GHz (UniFi E7, Deco BE85)? 10GbE WAN/LAN (Asus RT-BE96U, Deco BE85, Eero Max 7)? DOCSIS 4.0 markets are XB10-only today (Comcast Atlanta/Philly/Denver/Seattle/Miami); retail D4 modems land mid/late 2026.
  • Critical-device inventory grouped by failure-mode-on-swap: NAS bookmarks (likely hardcoded subnet), RTSP camera URLs (hardcoded IP), Plex Media Server `allowedNetworks`, Hue/Aqara/SmartThings hub static IPs, Matter/Thread border routers (Apple TV, Echo Hub, Nest Hub), printer port-9100 print paths, port-forwards / Tailscale subnet-routes / Cloudflare Tunnel cnames.
  • WAN context: ISP gateway model (Comcast XB10 / AT&T BGW320/BGW620 / Verizon ONT / Frontier ARRIS NVG468MQ / T-Mobile 5G gateway / Starlink), CGNAT status (`curl ifconfig.me` — if result is in 100.64.0.0/10 you're on CGNAT and no port-forward is possible without a tunnel), IPv6 capability (test-ipv6.com).
  • Region-specific 6 GHz rules: US U-NII-5/6/7/8 with AFC for standard-power; EU/ETSI U-NII-5/6 only; Australia 5925-6585 MHz (Oct 2025 expansion); India 5925-6425 (unlicensed since Jan 2026). Distance from airport — DFS channels 52-144 evacuate on radar.
GuideFollow in order

Step-by-step procedure

1

Snapshot the old network before unplugging anything

Do: Screenshot the old router admin: SSID/password/security mode, LAN subnet + DHCP range, full reservation list (Eero in particular hides this — there is no bulk export, screenshot the device-list view), port-forward + UPnP entries, IPv6 prefix delegation toggle, guest-network rules. Run `ipconfig /all` on a trusted PC + `arp -a` on a server to capture client IPs. Note the old gateway IP (192.168.1.1, 10.0.0.1, 192.168.50.1, 192.168.68.1) — match the new router's LAN subnet to the old one to avoid re-IPing every NAS bookmark, RTSP camera URL, Plex `allowedNetworks`, Hue static IP, and printer port-9100 path.

Expected result: Full network-state snapshot stored outside the network itself (phone photos, separate device). Old subnet identified — 192.168.1.0/24 (most ISP gateways), 10.0.0.0/24 (Apple/Eero), 192.168.50.0/24 or 192.168.68.0/24 (Asus/Deco).

If not: Delay the migration. Without the old reservation list, every printer port, NAS bookmark, and security-camera RTSP URL is a guess after the swap.

2

Verify the ISP edge before touching the LAN

Do: AT&T BGW320/BGW620: there is no true bridge mode — only IP Passthrough. Daily WAN-renew drops are common; budget for router reboot scripting if the new router doesn't auto-recover. Verizon Fios ONT: Ethernet handoff is already bridged — connect the new router's WAN directly to the ONT and skip the G1100/CR1000A entirely. Frontier ARRIS NVG468MQ behaves like Verizon. Comcast DOCSIS 4.0: the XB10 gateway is currently the only D4-capable hardware in Comcast 2026 markets; retail D4 modems are not yet shipping at consumer-friendly prices. Detect CGNAT: `curl ifconfig.me` from a wired client. If the result is in `100.64.0.0/10`, you're on CGNAT (typical for T-Mobile Home Internet, Starlink Residential default, parts of AT&T+Comcast IPv6+CGNAT-on-IPv4) — port-forwards are impossible without Tailscale or Cloudflare Tunnel.

Expected result: ISP edge mode confirmed (bridge / IP-passthrough / behind-NAT). Public-IP class confirmed (real public IPv4 / CGNAT / IPv6-only-with-CGNAT-IPv4-fallback). IPv6 prefix delegation enabled if the ISP supports it (APNIC May 2026 measures ~50% US capability — preserving v6 keeps half of outbound destinations on the v6 path).

If not: Don't enable port-forwards or DMZ on the new router until ISP edge is verified — CGNAT users will burn an hour configuring forwards that physically cannot work. Plan a tunnel-based path before swapping if inbound services matter.

3

Bring up the new router on the matched subnet with conservative settings first

Do: Power on the new router with a new SSID temporarily set (e.g., `<oldname>-NEW`) to avoid client confusion during overlap. Set LAN subnet to match the old one (typically 192.168.1.0/24). Set WPA2-WPA3 transition mode initially (NOT WPA3-only) to keep older IoT (1st-gen Ring, Roomba i-series setup mode, older Nest cams, Marvell-chipset Surface laptops, Android 9-) reachable. 6 GHz band is WPA3-only by Wi-Fi Alliance spec — that's mandatory across all Wi-Fi 6E and Wi-Fi 7 certifications, not optional. Disable advanced features (VLAN, guest segmentation, AFC standard-power, MLO-forced backhaul) until basic LAN is stable. For Comcast DOCSIS 4.0 sites: the XB10 must sit in front in pseudo-bridge mode if you want a BYO router.

Expected result: New router shows wired internet on a trusted laptop within 5 min. Basic SSID joins from a known-good Wi-Fi 6/6E phone work on 5 GHz at full link rate.

If not: If the new router can't get WAN, check: ISP gateway not in bridge / IP-Passthrough yet, MoCA on the coax line confusing the modem, double-NAT (most common — old router didn't get put into bridge mode), DHCP MAC-locked to old router (call ISP if not auto-released).

4

Rebuild DHCP reservations explicitly, then re-IP critical devices

Do: Create fresh reservations in the new router for: NAS (Synology / TrueNAS / QNAP / Unraid), printers (port-9100 paths break otherwise), security cameras (RTSP URL hardcoded), smart-home hubs (Hue / Aqara / SmartThings / Matter border routers), Plex Media Server (`allowedNetworks`), Tailscale subnet router, NUT UPS server. TP-Link Deco app v3.8.3+ has Configuration Backup on select models (X50 confirmed) — partial restore only, compatible settings carry. Eero has no in-app reservation export; rebuild manually from the old screenshot. iOS 18 Private Wi-Fi Address defaults to Fixed-per-SSID (Settings → Wi-Fi → (i) → Private Wi-Fi Address) — if you renamed the SSID, every iOS/iPadOS/macOS 15+ device generates a NEW MAC and your reservation by old MAC is stale. Windows 11 25H2 same behavior: Settings → Network & Internet → Wi-Fi → [SSID] → Random hardware addresses. Either disable per-SSID randomization for the trusted home SSID or rebuild reservations against the new MACs.

Expected result: Critical devices have reservations on stable IPs. iOS/Windows MAC randomization addressed: either disabled per-SSID for trusted home use or reservations rebuilt against the new MAC list.

If not: If a printer goes 'offline' immediately after swap, check the printer port path in Windows (Settings → Bluetooth & devices → Printers & scanners → Printer properties → Ports). Repoint the port from the old IP to the new reserved IP. Same pattern for NAS bookmarks and RTSP camera URLs.

5

Verify dependent workflows in priority order before retiring the old router

Do: Run a forced-priority verification list: (1) NAS access — SMB mounts, NFS exports, mapped network drives. (2) Printer — print a test page; reseat the Windows printer port if 'offline'. (3) Plex/Jellyfin — remote access from cellular off-Wi-Fi, local LAN streaming, hardware transcoding. Check Plex's `allowedNetworks` IPs are still valid. (4) Security cameras — RTSP stream from NVR/Blue Iris/Frigate via IP. (5) Smart homeMatter/Thread/Zigbee pairing windows likely failed silently if the hub lost LAN; re-pair from hub admin if needed. (6) VPN/remote — Tailscale subnet route announcements (`tailscale up --advertise-routes=192.168.x.0/24`), Cloudflare Tunnel cname targets, work-VPN ranges. (7) IoT misery list — Sonos older, 1st-gen Ring, older Roombas, Hue bridge static IP — these are the WPA3-transition casualties.

Expected result: Every critical workflow passes before old-router decommissioning. Failures are itemized with which layer broke and what specific change reversed it.

If not: Don't factory-reset failing devices. Keep the old router available and powered (different SSID, different LAN port) for re-pair fallback. Devices that keep losing connection after swap usually means MAC randomization or band-steering misbehavior — not a hardware fault.

6

Pin channels and audit MLO / backhaul before declaring the migration done

Do: 2.4 GHz: pin to 1/6/11 based on neighbor density (WiFiman or NetSpot survey). 5 GHz coastal/airport sites: pin to non-DFS (36-48 or 149-165) — DFS channels 52-144 evacuate on radar hits with up to 60s of mesh silence. 6 GHz US: U-NII-5 + U-NII-7 for standard-power with AFC; LPI defaults work for indoor. MLO (Multi-Link Operation): stitch 5 + 6 GHz on Wi-Fi 7 clients (Intel BE200/BE201 driver 24.40+, M5 MacBook Pro/Max via N1 chip — but base M5 MacBook Pro is stuck on Wi-Fi 6E; N1 is Pro/Max only). Wired backhaul beats wireless ~2× — if any drywall/attic/baseboard run exists, pull Cat6 before adding mesh nodes. Cabling reality: Cat5e supports 2.5GBASE-T at full 100m (IEEE 802.3bz); Cat6 supports 5GBASE-T at 100m and 10GBASE-T to ~55m; Cat6a needed for 10GBASE-T at full 100m. STP loop trap: TP-Link Deco BE85 in AP mode + wired backhaul is a documented STP-loop trigger; Nest WiFi loops if both wireless and wired backhaul stay active.

Expected result: Channel plan documented per band. MLO confirmed working on Wi-Fi 7 clients. Wired backhaul installed where feasible. No STP loops on power-cycle.

If not: If mesh nodes won't pair or keep dropping, check the controller-firmware vs node-firmware match (Asus FAQ 1035199 — controller first, then nodes). Eero pre-7.12.x had hourly-drop regressions with wired backhaul — wait for 7.12.x+ on a node-by-node update.

7

Keep the old router as rollback for 7-14 days, then decommission

Do: Leave the old router powered (different SSID, isolated LAN port or unplugged from WAN but still configured) for 7-14 days. During that window: monitor for delayed failures (devices that reconnect on long timers — older Sonos, older smart-home hubs that scan periodically; calendar/photo backup jobs that ran nightly; Plex remote-access NAT punchthrough). After 14 days clean, factory-reset the old router only if returning to ISP. Document the rollback plan: what subnet/SSID/security mode would need to change to return to the old hardware. Thread 1.3 certifications stopped being accepted for new hardware on Jan 1 2026 — older Thread border routers (Apple TV pre-2024 1.4 update, older Echo) each create their own Thread mesh and don't bridge; a migration that loses the original Thread border router can orphan devices that don't have credential sharing.

Expected result: 7-14 day overlap period passes with no new failures. Rollback note exists. Old router decommissioned cleanly or repurposed as wired AP / Ethernet switch / IoT-segment gateway.

If not: Don't wipe the old router until delayed-failure devices (typically Matter/Thread border routers, low-power smart sensors with multi-day battery polling) have reconnected at least once on the new network.

Commands and settings paths

Windows network identity after swap

ipconfig /all

Where: Windows 11 PC freshly joined to the new network.

Expected: Adapter shows new gateway (matched old subnet), new DNS, new lease time; not on guest SSID / stale VPN adapter / hotspot fallback.

Failure means: If IP is 169.254.x.x or gateway is empty, DHCP failed — UniFi U7-series stable 8.4.43 had a DHCP-packet-drop bug with non-UniFi DHCP servers; fall back to v7 firmware or beta fix.

Safe next step: Renew DHCP (`ipconfig /release && ipconfig /renew`). If still failing, check new router DHCP server-enabled and pool not exhausted.

CGNAT detection

curl ifconfig.me

Where: Wired client behind the new router.

Expected: Real public IPv4 (not in 100.64.0.0/10 per RFC 6598). If CGNAT, T-Mobile / Starlink / partial AT&T — port forwards are physically impossible.

Failure means: Result in 100.64.0.0/10 = CGNAT. UPnP and port forwards will silently fail. Inbound services need Tailscale Funnel / Cloudflare Tunnel / WireGuard VPS.

Safe next step: Plan a tunnel-based path before retiring the old router (which may not have been CGNAT).

IPv6 capability check

test-ipv6.com (or curl -6 https://ifconfig.co)

Where: Any client on the new router.

Expected: Score 10/10 — public IPv6 address assigned, DNS over IPv6 working. ~50% of US ISPs deliver v6 in 2026 (APNIC Labs).

Failure means: Score below 10 = new router didn't propagate IPv6 prefix delegation. Half of outbound destinations fall back to v4 path (slower for many CDNs).

Safe next step: Enable IPv6 + prefix delegation in new router. ISP gateway may need separate v6-passthrough toggle.

Reservation rebuild list

New router admin > LAN/DHCP > Reservations (or new router app > Devices > pin)

Where: New router/mesh admin UI.

Expected: Every critical device from the old reservation screenshot has a reservation on the new router with the same desired IP.

Failure means: Eero in particular has no bulk import — rebuild manually. TP-Link Deco Configuration Backup (FAQ 4739) works only on certain models for partial restore. Asus AiMesh node-orphaning bug (mismatched controller/node firmware) silently fails to apply per-node reservations.

Safe next step: After reservation save, force a DHCP renew on each device (or power-cycle) to pick up the new IP cleanly.

Mesh node firmware + MLO + backhaul state

Mesh admin app > Nodes > each node > Firmware + Backhaul + MLO status

Where: Mesh admin app on phone or web.

Expected: Each node shows current firmware (avoid Eero 7.0.x — use 7.12.x+; Orbi RBE970 9.13.2.1 for January 2026 CVE patches), wired or dedicated-wireless backhaul (not MLO-forced for backhaul yet — too unstable for primary), MLO enabled per-band for clients.

Failure means: Mesh node on first-week firmware release = expect stability regressions. Eero 7.0.x had hourly-drop bug; UniFi U7 Pro DHCP-drop bug on v8.4.x; Asus AiMesh silent node-orphan if controller is on newer firmware than nodes.

Safe next step: Hold off on factory-resetting nodes during firmware upgrade window. Update controller first, then nodes — never the reverse.

Apple Continuity / Private Wi-Fi Address audit

iOS Settings > Wi-Fi > (i) next to new SSID > Private Wi-Fi Address

Where: Every iPhone, iPad, Mac running iOS 18+ / iPadOS 18+ / macOS 15+ on the new network.

Expected: Set to Off for the trusted home SSID if relying on stable DHCP reservations. Default in 2026 is 'Fixed' (per-SSID stable), but a new SSID = new MAC.

Failure means: Reservation by old-MAC fails silently — device gets a new IP from the DHCP pool. Looks like 'router forgot the reservation' but is actually iOS generating a fresh per-SSID MAC.

Safe next step: Either disable per-SSID randomization for trusted home, or rebuild reservations against the new MAC list captured after first device join.

Evidence to record

  • Old + new LAN subnet, DHCP range, SSID, security mode, reservation list (full).
  • ISP edge state: bridge mode / IP Passthrough / behind-NAT, public-IP class (real / CGNAT / IPv6-only).
  • IPv6 prefix delegation status: enabled and propagating, or disabled.
  • Per-critical-device pass/fail: NAS mounts, printers, cameras, Plex/Jellyfin, smart-home hubs, VPN routes, IoT pairings.
  • Channel plan per band (2.4 / 5 / 6 GHz) with reasoning (neighbor density, non-DFS, AFC).
  • MLO + wired-backhaul status per mesh node.
  • Firmware version of new router/mesh; release notes reviewed for known Q1 2026 regressions.
  • Old-router rollback note: what would change to return to the old subnet/SSID/security mode.

Common mistakes

  • Renaming the SSID and expecting reservations to carry — iOS 18 / iPadOS 18 / macOS 15 / Windows 11 25H2 all default to per-SSID MAC randomization. Renaming the SSID generates a new MAC and breaks every old reservation. Either keep the old SSID name (safest) or budget time to rebuild reservations against new MACs.
  • Changing LAN subnet when matching the old one was possible — every NAS bookmark, RTSP camera URL, Plex `allowedNetworks` entry, Hue bridge static IP, and printer port-9100 path is now wrong. Match the old subnet unless there's a reason not to.
  • Not putting the ISP gateway into bridge / IP-Passthrough mode first — double-NAT silently breaks UPnP, IPv6 prefix delegation, and inbound port-forwards. AT&T BGW320/BGW620 has no true bridge mode (IP-Passthrough only), with known daily WAN-renew drops.
  • Buying mesh hardware that exceeds what the laptop client supports — base M5 MacBook Pro is stuck on Wi-Fi 6E (N1 chip is Pro/Max only); M5 N1 caps at 160 MHz / 1024-QAM regardless of band. A $2,299 Orbi RBE970 doesn't deliver 320 MHz / 4K-QAM to an M5 client because the client can't receive it.
  • Forgetting CGNAT before planning port-forwards — T-Mobile Home Internet, Starlink Residential default, parts of AT&T+Comcast IPv6+CGNAT-on-IPv4. Detection: WAN IP in 100.64.0.0/10. No tunnel = no inbound services.
  • Disabling IPv6 because it 'looks weird' — APNIC May 2026 measures ~50% US capability. Disabling v6 prefix delegation pushes half of outbound destinations through slower v4 fallback paths, breaks Tailscale `100.64`/IPv6 ULA, and breaks some Plex direct-connect rules.
  • Going WPA3-only at swap time — many smart-home and 1st/2nd-gen IoT devices fail WPA3-transition: older Sonos, 1st-gen Ring, Roomba i-series setup mode, older Nest cams pre-Google-merge, older Hue bridges, Android 9 and below, Marvell-chipset Surface laptops. Run WPA2-WPA3 transition mixed mode initially; reserve WPA3-only for 6 GHz (mandatory per spec) and a guest IoT-modern SSID.
  • Reusing channel-auto on 2.4 GHz in a dense neighborhood — auto picks suboptimal channels. Manually pin 1/6/11 based on observed neighbor distribution. WiFiman or NetSpot survey on the new router shows where the neighbor density actually is.
  • Wireless backhaul where Cat6 is feasible — wired delivers ~2× the satellite-node throughput of wireless backhaul. Pull cable before buying a higher-tier mesh.
  • Updating mesh nodes before the controller — Asus AiMesh FAQ 1035199 is explicit: controller first, nodes second. Reverse order produces silent node-orphaning where SSID broadcasts but client association fails.
  • Wiping the old router before 7-14 days of overlap — Matter/Thread border routers, low-power smart sensors with multi-day polling, calendar-driven backup jobs, and SmartThings hub cloud-token refresh all reveal failure on days 2-10. Without the old router as rollback, recovery is a re-pair cascade.
  • Trusting the 'Wi-Fi 7' marketing label literally — 320 MHz and 4K-QAM are optional certification features. Many 'Wi-Fi 7' radios cap at 160 MHz / 1024-QAM in practice. MLO across 5+6 GHz is the most operationally useful Wi-Fi 7 feature.
  • Ignoring DFS evacuation in coastal/airport areas — 5 GHz channels 52-144 evacuate on radar hits with up to 60s of backhaul renegotiation. Mysterious nighttime mesh dropouts near coast/airport are usually DFS. Pin to non-DFS 36-48 or 149-165 permanently.

Stop points

  • Stop before factory-resetting smart-home devices, security cameras, or NAS appliances to fix post-swap connectivity — the device usually just needs the new reserved IP or a re-pair window, not a wipe.
  • Stop before changing work-managed VPN, EDR, firewall, certificate, or BitLocker recovery-key settings — those are policy boundaries, not home-network boundaries.
  • Stop before enabling 6 GHz Standard Power without AFC enabled in the US — that's an FCC rule, not a quality preference. AFC unlocks outdoor / high-power 6 GHz; without it, indoor LPI is the legal default.
  • Stop before exposing local services to the internet via port-forward to skip CGNAT discovery work — set up a tunnel-based path (Tailscale, Cloudflare Tunnel) instead.
  • Stop before factory-resetting the old router until 7-14 days of overlap have passed clean — Matter/Thread border routers and multi-day polling devices fail in slow motion.

Last reviewed

2026-05-06

Source-backed checks

HomeTechOps turns official docs and conservative safety rules into a shorter runbook. These links are the source trail for the page direction.

Wi-Fi Alliance: Wi-Fi CERTIFIED 7 programUsed for Wi-Fi 7 certification scope: WPA3 mandatory across all bands, MLO and Multi-RU required, 320 MHz and 4K-QAM optional.APNIC Labs: IPv6 capability — United StatesUsed for the 2026 IPv6 capability time series — US ~50% capability, France/India/Germany higher; cite year-month inline.mrn-cciew: MacBook Pro M5 Wi-Fi 7 missing 4096-QAM and 320 MHzUsed for the M5 N1 chip Wi-Fi 7 reality: 160 MHz only, no 4K-QAM, supports MLO and 6 GHz — buying 320 MHz mesh for M5 Macs is wasted spend.AT&T BGW320 IP-Passthrough community threadUsed for the AT&T BGW320/BGW620 reality: no true bridge mode, IP Passthrough only, daily WAN-renew drops without third-party router workaround.Eero Support: IP address reservations & port forwardingUsed for Eero reservation migration: no bulk export in-app; screenshot the list before swapping routers or migrating Eero accounts.TP-Link FAQ 4739: Deco Configuration BackupUsed for Deco app config-backup scope: Deco X50 and select models support Backup; cross-model restore is partial — only compatible settings carry.Netgear KB: RBE970 firmware 9.13.2.1Used for Orbi RBE970 firmware 9.13.2.1 release notes — 2.4 GHz CCA threshold tuning + MLO roaming + January 2026 LAN-side CVE patches.Apple Support: Private Wi-Fi address on iPhone, iPad, Apple WatchUsed for the iOS 18+ Private Wi-Fi Address default behavior — Fixed per-SSID; rename SSID generates a fresh MAC and breaks DHCP reservations.Telecompetitor: Comcast DOCSIS 4.0 rollout under the hoodUsed for DOCSIS 4.0 2026 city list (Atlanta, Philly, Denver, Seattle, Miami…) and XB10 ISP-issued Wi-Fi 7 gateway constraint.RFC 6598: IANA-reserved IPv4 prefix for shared address spaceUsed for the authoritative CGNAT detection rule: WAN IP in 100.64.0.0/10 means no port-forward is possible without a tunnel.Thread Group: Thread 1.4 credential sharing & 2026 certification cutoverUsed for Thread 1.4 (Sept 2024) credential sharing and the Jan 1 2026 cutoff after which Thread 1.3 certifications are no longer accepted for new hardware.Apple Support: Recommended settings for Wi-Fi routers and access pointsUsed for router security, band, naming, and access-point settings that affect mixed home devices.FCC: Unlicensed use of the 6 GHz band (U-NII-5 through U-NII-8)Used for US 6 GHz rules: U-NII-5/6/7/8 = 5925-7125 MHz unlicensed, AFC required for standard power, U-NII-5+7 only for standard-power AFC.Intel: Wi-Fi 7 BE200 wireless adapter downloads + driver notesUsed for Intel Wi-Fi 7 driver 24.40.0.4+ requirement, Windows 11 24H2/25H2 validation status, and the late-2025 MLO SSID association issues on TP-Link routers (resolved in 24.x).