Find the perfect gift for the grad in your life with Graduation gifts that connects us from AT&T.
Get superfast AT&T Fiber internet
rsyg's profile

6 Messages

Saturday, April 20th, 2024 5:20 AM

AT&T BWG320 + Deco mesh BE16000 = double-NAT

Hello - following the guides here I have my AT&T BWG320 set in IP Passthrough DHCPS-fixed mode and my TP-Link Deco BE16000 in router mode. I also have Wifi disabled on the BWG320. The main node of the Deco BE16000 is connected to the BWG320 via port 1 (5Gb) on the BWG. I have rebooted both systems several times.

Using traceroute I can see that the first two hops are my main Deco node (192.168.68.1) and the AT&T gateway (192.168.1.254). My Xbox is also complaining about double-NAT.

Reading through the guides here and elsewhere, everything seems to be set up correctly. I'm at a loss as to why this is still happening. I did find one other comment on the forums here that hinted that another user with a different Deco system was never able to get out of this situation and had to revert to using the BWG320 as the router and the Deco in AP-only mode. I'm hoping to not have to do this.

https://forums.att.com/conversations/att-fiber-equipment/setting-up-mesh-network-with-bgw320505/636124ada912136c4efed17f?commentId=6442bc0b27a3484eeb4b19f4

Thanks - I'm at my wits end.

Accepted Solution

6 Messages

1 month ago

Well - I got this figured - this is what happened...

Deco MAC address according to Deco sticker: xx:xx:xx:37

Deco MAC address according to Deco app & web UI: xx:xx:xx:37

Deco MAC address according to (yesterday) BWG320 UI -> Firewall -> IP Passthrough -> Device List: xx:xx:xx:37

Deco MAC address according to (today) BWG320 UI -> Device -> Device List -> Clear and Rescan for Devices: xx:xx:xx:38

After updating the Deco MAC address on the BWG320's IP Passthrough screen to xx:xx:xx:38, all is well. Deco now reports a public WAN IP address, Xbox reports Open NAT.

I don't get how the BWG320 detected a different Deco MAC address after clearing/rescaning for devices, or why it's different from what the Deco itself thinks, but at this point I'm not complaining...

Thank you JefferMC for your assistance -

ACE - Expert

 • 

35.6K Messages

1 month ago

Seeing the 192.168.1.254 in a traceroute is not conclusive evidence of double-NAT: the Gateway doesn't implement a "bridge" mode where it disappears as a routing hop, IP Passthrough removes the need for the Gateway to do its own NAT if your device is doing it.  It still maintains a connection state table, but it's not NATting your traffic.  

However, just setting IP Passthrough mode on the Gateway doesn't mean that it's working correctly.  Check to make sure that your router is showing the Dynamic Public address as its WAN IP.  If it isn't then you do still have double-NAT and we need to make sure your router gets that Dynamic Public IP from the Gateway.

6 Messages

1 month ago

@JefferMC thanks for clarifying on the two hops from traceroute! I still think I was double-NAT'd though because I had devices like the Xbox complaining, and (to answer your question) the Deco router was not showing the dynamic public address as WAN IP.

I had to temporarily switch the Deco system back to AP mode to get some work done - but I really would like to get this working with Router mode and IP Passthrough. Let me know if you have any ideas - thank you. 

ACE - Expert

 • 

35.6K Messages

1 month ago

My recommendation would be to setup IP Passthrough with DHCPS-Fixed to your router.  Turn off the router for 5 minutes, then turn it back on.  It should come up with the Public Dynamic IP the Gateway has as its own WAN IP.  If it does not (and is still showing a 192.168.1.x address), then turn it off for another 5 minutes and try again.

If it still doesn't work, then get the Public Dynamic IP address and Default Gateway IP off of the Broadband information page of the Gateway.  Change IP Passthrough to Manual and configure the WAN IP of your router manually using the information above and a network mask of 255.255.255.0 (Unless the Default Gateway and Public Dynamic differ in more than that last octet... if they do, post back here with the last two numbers of each and we'll compute the netmask).  The downside of doing this is if AT&T ever does change your Public Dynamic address (which they could do at any time, but in practice rarely do; I'm on my 28th month on mine), you'll have to fix your router's information.

6 Messages

1 month ago

Thanks @JefferMC - everything in your first paragraph I attempted multiple times, no dice. Even shut everything down for an hour after configuring before coming back to it.

I'll try that once more then move on to manual entry if necessary. Appreciate this - this is the first time I'm reading that a manual process to get this working is even possible.

Scholar

 • 

4K Messages

1 month ago

@rsyg 

IP/Passthrough mode may be configured in three ways to pass the DHCP WAN IP address to a device on the LAN.

  • DHCPS-dynamic: The public WAN IP address is delivered by the AT&T provided RG's DHCP server to the first device that requests a DHCP address on the LAN.
  • DHCPS-fixed: The public WAN IP address is delivered by the device's DHCP server to the device whose MAC address has been specified.
  • Manual: A LAN device must be manually configured with the AT&T provided device's assigned WAN IP address and gateway information from your AT&T Gateway's WAN configuration.

Dave

6 Messages

1 month ago

@JefferMC 

IP passthrough with DHCPS-fixed is still failing - Deco system still has a private address as WAN IP address.

In attempting IP passthrough with the Manual option, the Broadband IPv4 Address and Gateway IPv4 Address have the last two octets different - could you let me know how to compute the netmask in this case:

Broadband IPv4 Address: xxx.xxx.55.113
Gateway IPv4 Address: xxx.xxx.54.1

ACE - Expert

 • 

35.6K Messages

1 month ago

In case you need to return to manual, the net mask would be 255.255.254.0 in your case.

ACE - Professor

 • 

5.6K Messages

1 month ago

@rsyg 

Interesting to see new wifi 7 systems starting to appear.  

Something to think about.  If such a system is needed to replace wifi of the gateway (always a good idea with Att), said system typically can run in access point mode.  Simpler for most users to manage their home network, allows the gateway to run in factory default settings, will eliminate that extra hop you’re seeing.  It’s generally good practice to factory reset the gateway after each firmware update which occurs on a quarterly basis.  

ACE - Expert

 • 

35.6K Messages

1 month ago

OP said, with regards to Access Point mode:

I'm hoping to not have to do this.

Also, I disagree with:

It’s generally good practice to factory reset the gateway after each firmware update which occurs on a quarterly basis.  

I'd do a factory reset when you first receive the gateway to get it in a known state.  I would not hesitate to do it again when it doubt.  However, I do not think routinely doing it after every firmware update is necessary.  And, the firmware updates may appear roughly 4 times a year, but they are by no means "quarterly" in the sense that one will appear every 90 days.

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.