Community Support
•
2.7K Messages
Bridge-mode vs IP Pass-through - Info from the AT&T Community
Learn how to set up your own router
The Arris BGW210-700 BGW320 is an advanced residential gateway that supports VoIP, IPv6, video delivery, security firewall, and extensive remote management features.
The BGW210-700 Broadband Gateway delivers robust video, primary line telephony, and high-speed data over broadband networks via high-speed Internet connectivity.
The four Gigabit Ethernet ports can be separated into different services allowing the configuration of dedicated ports for data. It is designed for advanced DSL network service deployments and supports Quality of Service (QoS) and IP Passthrough.
Heads up: MAC Filtering has been disabled on the 5268AC. If you are in need of a modem that requires MAC Filtering, please reach out to us in the AT&T Community.
Determining the Business Need
You may need your gateway configured or placed into a Bridged Mode. The internet architecture does not allow for bride mode, but you can setup IP Passthrough, which should allow for most of the same things.
IP Passthrough means the AT&T supported CPE device terminates the DSL, authenticates with the network (Receives a WAN IP) and shares that IP address with a single device connected to the AT&T supported CPE equipment. This configuration is often times suitable for a business customer desiring to connect third party equipment to AT&T supported equipment. The IP Passthrough configuration still allows AT&T support groups to access the AT&T supported equipment while allowing end-users to connect third party equipment in a configuration they desire. The IP Passthrough configuration will only allow one connection to AT&T supported equipment to be "unfiltered" or pingable from the WAN or internet side of the AT&T equipment (does not support multiple pingable connections).
The IP Passthrough feature allows a single PC on the LAN to have the AT&T Gateway's public address assigned to it. It also provides port address translation (PAT) or network address and port translation (NAPT) via the same public IP address for all other hosts on the private LAN subnet.
Using IP Passthrough, the public WAN IP is used to provide IP address translation for private LAN computers. The public WAN IP is assigned and reused on a LAN computer.
Note: Remember to make a copy of all current IP settings before proceeding.
Configuring IP Passthrough
Run your Web browser application, such as Firefox and Chrome, from the computer connected to the Arris BGW210-700 and BGW320.
-
Enter http://192.168.1.254 in the Location text box.
-
Click the IP Passthrough tab and configure your settings.
Dynamic host configuration protocol (DHCP) address serving can automatically serve the WAN IP address to a LAN computer.
When DHCP is used for addressing the designated IP Passthrough computer, the acquired or configured WAN address is passed to DHCP, which will dynamically configure a single servable address subnet, and reserve the address for the configured PC's MAC address. This dynamic subnet configuration is based on the local and remote WAN address and subnet mask.
-
The two DHCP modes assign the needed WAN IP information to the client automatically.
-
-
You can select the MAC address of the computer you want to be the IP Passthrough client with fixed mode or with first-come-first-served dynamic. The first client to renew its address will be assigned the WAN IP.
-
-
Manual mode is like statically configuring your connected computer. With Manual mode, you configure the TCP/IP Properties of the LAN client computer you want to be the IP Passthrough client. You then manually enter the WAN IP address, gateway address, and so on that matches the WAN IP address information of your AT&T device. This mode works the same as the DHCP modes. Unsolicited WAN traffic will get passed to this client. The client is still able to access the AT&T BGW210 device and other LAN clients on the 192.168.1.x network.
-
DHCP Lease: By default, the IP Passthrough host's DHCP leases will be shortened to two minutes. This allows for timely updates of the host's IP address, which will be a private IP address before the WAN connection is established. After the WAN connection is established and has an address, the IP Passthrough host can renew its DHCP address binding to acquire the WAN IP address. You may alter this setting.
-
Click Save. Changes take effect upon restart.
Note: IP Passthrough Restriction
Since both the BGW210 Internet Gateway and the IP Passthrough host use the same IP address, new sessions that conflict with existing sessions will be rejected by the BGW210. For example, suppose you are working from home using an IPSec tunnel from the router and from the IP Passthrough host. Both tunnels go to the same remote endpoint, such as the VPN access concentrator at your employer's office. In this case, the first one to start the IPSec traffic will be allowed; the second one from the WAN is indistinguishable and will fail.
Jared, AT&T Community Specialist
AT&T Help
Need help with an account specific question? Post a new question here on the forums by clicking the "Ask a Question" button.
For additional support, please visit us at our AT&T services hub.
*I am an AT&T employee, and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.
dunnjo
Mentor
•
27 Messages
7 years ago
You cant use cascaded router, several posts stating that it doesn't work. All you need is IP Passthrough. I have an SRX345 firewall that is my main device so I turned OFF all the firewall settings on the ARRIS (ATT modem) because I dont need them and they will create issues if I am troubleshooting a problem. I suggest you do the same and just make sure you're router is locked down as much as you can. To recap from a previous post...I have the Arris modem with an ethernet connection to my WAN port on my SRX. Everything else (including my backup Comcast connection) plugs into the SRX. DHCP is handled by the SRX as well. My wireless is disabled on the Arris. I use Meraki APs in some POE switches that also plugin to the SRX.
Hope this helps...
0
0
darrenoia
Voyager
•
2 Messages
7 years ago
Thanks bphagan and dunnjo and others. I finally got over the hump. I gave up on Cascaded Router and went strictly Passthrough. The key (as you both said) was to not turn off the DHCP on the AT&T router and just let it distribute the 192 range to my hardwired Time Capsule, then let the TC distribute addresses in the 10 range. bphagan, for what it's worth, I didn't have to change the "Connect Using" to "static" on my TC. Not sure why mine would work that way when yours didn't.
My TC does give me a "Double Nat" warning but things seem to be functioning fine.
Edit a day later — spoke too soon. While everything functions with the setup described above, it destroys throughput. Where I was getting 900+ Mbps hardwired to the desktop before, it dipped to 25 Mbps. The WiFi was as bad. So I'm back to just using the BGW210 and taking the Time Capsule out of the equation. The main reason I want to use it is that the interface for DHCP reservations is easier, and OS X Server doesn't seem to like non-Apple routers too much.
0
0
dunnjo
Mentor
•
27 Messages
7 years ago
Ok sorry you've had so many problems....i wasn't clear that you were just not even using the ATT router/modem at all...I dont think NOT using their device is a good idea...why even take it out of the equation? If you just stick to using it as a "passthrough" modem leaving DHCP turned on for maybe 3 devices (smaller subnet) then you can let whatever you want be the proverbial "head" or "center" of your network. In my case it's my SRX345. It's a firewall/router....handles DHCP, routing, and everything, including my both my APs plug into it. In my opinion, this is the simplest way to setup without adding too much complexity but continuing to have YOUR device as "king".
Hope this helps...
0
0
daaron
Tutor
•
2 Messages
7 years ago
I'm hoping this will help somebody because I had to work my way through a combination of everyone's instructions to get mine to work.
I hooked one of the 4 switch ports of the ATT modem/router into the WAN port of my TP-Link Router. I then setup the Firewall -> IP Passthrough like everyone else here:
I choose DHCPS-fixed from the Passthrough Mode list and chose my TP-Link router from the Passthrough Fixed MAC Address Device List. Then hit Save. I left the DHCP settings alone.
On the TP-Link router, I set it to a different subnet (192.168.100.x). After that was set, I then went to my WAN section. It was automatically pulling in the DHCP assigned address from the ATT modem/router (192.168.1.10 for example). At that point, the internet worked fine, but it was not what I quite wanted and I didn't feel like I was getting my full speed. I then took the Primary and Secondary DNS from the AT&T modem/router under Broadband -> Status, and I plugged them into the TP-Link WAN settings. As soon as I hit save, that's when the IP Passthrough worked for me, as the Public IP was now being fed through properly to my TP-Link router and I was once again getting full speed. I did all this because I have more control over the port forwarding, and it works properly on my TP-Link router. It seems like the ATT modem/router was restricting too many of my much needed packets.
Afterwards, all of my services worked fine without having to change any of the firewall settings on the ATT modem/router.
I hope this has helped someone. It looks like different things are working for different people. While the basic concept is the same, some implementations just work differently for different equipment.
Thanks,
D
0
dunnjo
Mentor
•
27 Messages
7 years ago
I'n glad you got it working but if you go back to both sets of instructions I provided, one of the most important things was to TURN OFF all firewall features on the ATT modem and only have DHCP and IP Pass-through. Additionally, you shouldn't have to put in ATT's DNS into the WAN ports on the ATT modem as they will come through automatically. The client machines of your network will get those same settings from DHCP whether you make it in the ATT modem OR your router.
Glad you got it working nonetheless....
JD
0
0
daaron
Tutor
•
2 Messages
7 years ago
dunnjo,
While I respect your opinion and probably wouldn't have even tried some of this without some of your instruction on here, I just want to mention that it is in my humble opinion before I performed the IP Passthrough, a lot of my services were not working because the TCP/UDP packets were not coming through. After I setup the IP Passthrough, without changing the Firewall settings, all of my services began to work again (through Port Forwarding on my own router).
That all being said, I do respectfully feel like there is nothing wrong with turning off all of the Firewall services, and even may be detrimental for others to work. I think while the overall process should work for most, I definitely think this could be a "your mileage may vary" type thing, where all situations may require their own tweaking. In my case, services did not work for me until I filled in the DNS servers.
Thank you for your help and I hope that we can help all people use the device(s) that they want to use on their home networks.
D
0
0
dunnjo
Mentor
•
27 Messages
7 years ago
We're saying the same thing....I am saying YES, turn OFF all the firewall services on the ATT router. If not, you're port forwarding would be problematic. There will be complexity where it is not needed. The ATT router should only be a transparent object within your network as it is with mine with your router, or in my case, my firewall as the "proverbial" head of your home network.
Take care
JD
0
0
deemsters
Contributor
•
2 Messages
7 years ago
Thank you everyone, this thread was immensely helpful. I have 2 questions though:
First, with IP Passthrough enabled, is it possible to somehow route access to the RG from your internal network? This would come in handy when wanting to hit the RG's web UI without having to hardwire to it.
And second, are we still restricted by the RG's NAT table limit of 8192 while using IP Passthrough? I have a feeling we are, but just looking for confirmation.
0
0
dunnjo
Mentor
•
27 Messages
7 years ago
If it's a pass-through, then it's a pass-through, right? So it's not going to have an IP since it's sent to your downstream L3 device. Ideally, once you have it setup for pass-through, with DHCP still on (limited amount of client IPs in my opinion), and all the firewall rules turned off, you shouldn't need to get to the GUI of the BGW210 for any reason. Once i get it working, my firewall is now the center of my network and anything i need to do, i do from there which was why i needed to figure out this setup for my environment.
As for your 2nd question, basically the same answer as before. If you're using it as a pass-through, why are you trying to NAT with it? Essentially it is just a "bridge" to send along the public IP to your device. Perhaps I'm totally missing the point here & if so, my apologies but your questions around the BGW210 (which I assume you mean by RG - router gateway) tends to be more along this device as being something that is doing more than just acting as a bridge/pass-through and if so, i dont get why you need pass-through at all.
0
0
deemsters
Contributor
•
2 Messages
7 years ago
dunnjo,
On the first question, that's what I assumed, thank you for confirming. My setup is just like you described.
As to the second question, my main concern is that IP Passthrough is not as transparent as it sounds. I do want it as transparent as possible, but it seems like this may not be true bridge mode. I think that incoming/outgoing connections are still written to the BGW210's NAT table even with IP Passthrough turned on, thus limiting our own internal network to it's table size (which you can see in the web UI under Diagnostics > NAT Table > Total Sessions Available).
Here is a slightly older thread that addresses the same concern, but no concrete answer: http://www.dslreports.com/forum/r31308705-
0
0