Learn how you can get the iPhone 13 now!
sw2424's profile

Tutor

 • 

4 Messages

Thu, Jul 7, 2016 10:45 PM

Opening ports on Westell router

Hi, thanks in advance for any help with this issue.  I just got a Microcell today from the ATT store. They registered it to the address that I gave them, where I get very poor cell reception. (Okeechobee, Florida)

 

The power, ethernet and gps lights are solid green, but the network light is still flashing green, even after long waits and several reboots.

After a little research, I used telnet to test the ports, and looks like none of the necessary UDP ports are open (port 443 did open). below is the response from telnet.
Connecting To 10.0.0.1...Could not open connection to the host, on port 4500: Connect failed

 

So, I guess I need to open the 123, 4500, and 500 udp ports? I've attached a screen capture of the page from the router setup, and just want to make sure I do it properly. The router is a Westell ADSL+ Versalink.

 

I also see in the document provided by Otto Pylot that I need to make sure that:  "IPSec Pass-Through is enabled, and Block Fragmented Packets is disabled" Any help on doing this with this router would be greatly appreciated.

 

Thanks again for any help

Scott

Tutor

 • 

4 Messages

5 y ago

Here's the screen capture

westell-capture.JPG

OttoPylot

ACE - Expert

 • 

15.5K Messages

5 y ago

You will have to contact Westell to configure your router for the minimum router requirements that are given in the setup instructions and in my Tech Guide. Because of the numerous routers available, firmware versions, and home LAN's, it is impossible for us to keep up with configuration settings and how-to's. That is beyond our scope here. It sounds harsh I know but we don't want to be responsible with messing around someone's network. We are here to help you with the MicroCell, not your hardware configurations.

 

Port testers are notoriously unreliable for checking open ports. My guess is that your ISP has those ports open, but the router is not configured correctly. I'm also not fan of having the AT&T stores register the MicroCell at the store. For the Initial Activation and Registration the MicroCell needs to be physically located where it is going to be used so that it can check GPS, local towers, etc. After that, you can move it just about anywhere and all you have to do is change the address.

 

What kind of internet service do you have (cable or DSL), who is your provider, and do you have a rural address (route number, etc)? What are your speeds?

 

EDIT: I just re-read your post a little more carefully and it sounds like you have DSL (Westell ADSL + Versalink).  Is that a gateway? In other words are the modem and router in one unit. If not, and you have a separate modem that the Westell is connected to, then make sure the modem is in bridge mode so that the router does all of the work. Also, being as you have DSL, line quality could be an issues as well. We can address that next once you can confirm that the router is meeting the requirements for the MicroCell.

pgrey

ACE - Master

 • 

3.5K Messages

5 y ago

Why not just put your Microcell in the DMZ?  It seems like a simpler fix, and it's not exactly a "high risk" device, in fact, it's probably crazy-low-risk.

 

If you really want to foward everything manually, I've found NetworkAppers: Open Port Tool to be a good resource for verifying things.

Portforward.com is also a great way to check "fully remote", or at least iniated that way.  

 

I've never had a "false positive" from a forwarding check, with either of these.  I have a really odd 3 layer switch setup, with all kinds of forwarding for my NAS, VOIP, MultiM devices, etc. Mostly direct in-switch, but I'm a good test-case, some would say ;-].

Tutor

 • 

4 Messages

5 y ago

Otto, and pgrey, thanks so much for your replies.

 

Otto: to try to answer some of your questions, yes, it is a DSL connection, through the provider Centurylink.  The Westell device is a combo ADSL modem/router (there is no separate router)

 

The connection seems reasonably solid, speedtest shows about 10mb download and 1mb upload speeds.

 

Should I go to the ATT website and un-register the device, and start over with it in place here?  I get very little to no cell service inside the home where I'm staying.

 

pgrey:  I'm not a networking guy, but I'll try the Open Port Tool to try to verify things.  To put the device in the DMZ, I would need to assign it a static IP, right?  Not sure exactly how to do this within the Westell's software, looked, but nothing jumped out at me.  Right now it's being assigned an ip address by dhcp.

 

EDIT:  the Open Port Tool shows all 4 ports blocked:  123, 443, 500, 4500

 

One last question, how good are the ATT support people at helping with these issues?

 

Again, thanks for your help, very much appreciated.

Scott

 

pgrey

ACE - Master

 • 

3.5K Messages

5 y ago

Yeah, in general you need to assign a static IP, although some routers do this for you, when you put a machine into the DMZ.

 

Not sure which model Westell you have, but I found some pretty good step-by-step stuff, by simply searchiung on "Westell static IP", for a number of models, the 7500 in particular had a good one, but the process is often quite similar, depending on firmware revs.

From there, it's usually pretty simple to turn on the DMZ and add the device.

 

While I don't usually recommend to put a PC or "non hardened" device into a DMZ, I think it's pretty safe with the Microcell, given its passthrough nature.

 

That's a bad sign: the Open Port results, these have always been accurate for me, and they get excellent reviews.  Did you try PortForward.com as well?

Sometimes port-forwarding can be tricky, depending on devices/topology.  I tend to revert to cmdline tools when all else fails, as you can do traces and the like, but that's generally more than most users want to get into, which is very understandable ;-]

 

I'm sure @OttoPylot can give you more details, but I bet the ATT support on Microcell depends a lot on who you get, if they're familiar.  I'm sure they all have "canned" walk-throughs, for doing some of the basics.

 

OttoPylot

ACE - Expert

 • 

15.5K Messages

5 y ago

@sw2424 - I shouldn't say this but most MicroCell support folks can only read from a script. They haven't a clue. IMO, they are not trained well and get no support from their supervisors. That's why I and Avedis53 are here.

 

If you feel comfortable with the port checkers then that's fine. You need to contact CenturyLink and confirm with them. However, CenturyLink will more than likely blame AT&T so don't expect CenturyLink to help you.

 

I would run a VoIP test (voiptest.8x8.com) and see what you get. Run it a couple of times during the day to get a good average, instead of a single point in time.

 

Putting your MicroCell in the DMZ is one way, and one that some find works well. However, we have found that the most stable connection is port forwarding to a statically assigned IP address based on the MicroCell's MAC address. Port forwarding/DMZ technically shouldn't be necessary but with the more sophisticatd routers and home LAN's, it almost seems to be a requirement. Do either or, not both at the same time.

 

@pgrey - do keep in mind that the more complicated a home LAN is, the less likely the MicroCell will work realiably unless one is very good an networking. The MicroCell was designed for a very simple straight forward connection, and switches, sophisticated firewalling, can play havoc with the required 24x7 secure VPN connection to the AT&T Mobility servers.

 

I have a DSL connection which is very solid for AT&T's VoIP service. My VoIP is almost perfect so we have no issues with call quality or reliability, but we are only 3500 copper feet from the CO.

 

Bottom line, confirm the router settings and we can take it from there.

Tutor

 • 

4 Messages

5 y ago

Guys,

Got it working, I was over-thinking it. The router/ports had nothing to do with it.

 

It was an issue with AT&T and their activation process.

 

It's working like a champ, 4 bars and crystal clear service.  It sucks that we have to buy this device, but I'm happy as can be to have good service out here in the middle of nowhere.

 

thanks again for all of your replies,

Scott

OttoPylot

ACE - Expert

 • 

15.5K Messages

5 y ago

That's good to hear. Just keep in mind that the minimum router requirements must be met at all times to ensure reliable service. Technically, port forwarding shouldn't be necessary but most find that it makes for a more stable connection, especially if you suffer from power outages. AT&T does have issues from time to time with the activation process (it's an IT thing) so I'm glad that this was not a hardware issue on your end.

Need help?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.