Teacher
•
3 Messages
U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?
I am having trouble properly configuring this AT&T 2Wire 3600HGV modem for my network. Maybe someone is aware of a different firmware for this product?
I am completely aware of how to setup the DMZ mode & router behind router setup in these boxes but that is NOT the point. (We have supported firewalled networked equipment working that has all the bells & whistles including QoS)
In the event of a factory reset of the AT&T 2Wire VDSL modem at this business, I want to properly insure the following business requirements are met:
- DHCP - OFF (at min, it appears you must leave one available?)
- WiFi - OFF (Yes this can be turned off, but bridging it always insured it was turned off in the past. ON is a security concern among just bad business i.e. conflict with other business WiFi, employees might see/use this non-content filtered WiFi, etc etc)
- & passing off internet service needs to be easy to another networked supported OUTSIDE of AT&T firewall. (I'm NOT asking for AT&T support on this, but in the bridge DSL world, this was EASY)
- if bridging this 2Wire is NOT an option, backing up the configuration settings would be a nice alternative but that is not available as well?
Bridging the old DSL modems always worked nicely but the 2Wire 3XXXHGV line appears to be the ONLY ones to support the AT&T VDSL Max Turbo speeds. 24Mbps down / 3 Mbps up which we use not only for normal business operations (credit cards, business email, web based training, etc) but this high speed is required to view onsite security video (3Mbps up) and offer customers FAST free WiFi!
AT&T U-Verse offers the right price, contract, speed, internet package & installers to properly handle our resturant locations company's data needs but I'm struggling with the their "business" support of this 2Wire VDSL modem product. We ONLY use the internet, no TV (not legally available for restaurants, yet). No Voip because POTS is our reliable backup. So it's just the internet service ...
For coverage on AT&T Uverse, we have over 50 locations lit up like a Christmas tree but sadly business support on this product is driving me nutz! Maybe because I now see this is listed under "Residential Gateway"? Is this AT&T 2Wire VDSL modem product not meant for business? Is anyone aware of another supported AT&T VDSL modem or a different 2Wire firmware available? Official AT&T support has me running in circles (AT&T U-verse support > AT&T Connecttech > AT&T Connecttech360 > AT&T U-verse support, rinse, repeat)
help?
atbodamer
Tutor
•
8 Messages
12 years ago
Somejoe:
With your help I have a router set up successfully behind the RG.
However, I've been experiencing partial web page loads/timeouts from time to time.
So from a command prompt, I checked MTU fragmentation:
ping www.dslreports.com -f -l 1500
I receive a "packet needs to be fragmented but DF set" response until I take the bytes down to 1272
The RG & the router both have MTU set at 1500
Is this the likely culprit behind my issue? If so, what are your thoughts to remedy.
Thanks for your help.
0
0
SomeJoe7777
Expert
•
9.4K Messages
12 years ago
If everything is working correctly, the following command should result in returned pings:
The maximum Ethernet payload and line MTU for U-Verse is 1500 bytes. Subtract 20 bytes for the IP header and 8 bytes for the ICMP header results in a transmittable payload without fragmentation of 1472 bytes.
If yours is not working unless the bytes are taken down that low, you have an MTU problem on the network. Look for:
1. Manual MTU settings on your machine. Download the tool "Dr. TCP" from DSL Reports and make sure no specific MTU settings have been set.
2. Your router may be artificially limiting the MTU. Make sure there are no settings to this effect in your router.
3. Make sure your firewall is not blocking ICMP packets. Many people block all ICMP for security issues, and that will immediately cause MTU problems on the network because path MTU discovery (PMTUD) no longer works. If you want to block some ICMP, at least make sure that the following ICMP types are allowed:
Type 0 (Echo Reply)
Type 3 (Destination Unreachable)
Type 11 (Time Exceeded)
Personally, I don't see anything wrong with allowing all ICMP. In my opinion, it is not a security issue.
0
atbodamer
Tutor
•
8 Messages
12 years ago
0
0
effadj
Tutor
•
4 Messages
12 years ago
He is another great TCP adjustment utility for PCs: http://www.speedguide.net/downloads.php
-Dave
0
0
hifigal
Contributor
•
1 Message
12 years ago
This question is off topic, but i have seen so much good info on this thread, I thought I would throw it out there in case someone has a suggestion. I started looking here because I wanted to disable the router portion of the 2wire 3600hgv and add my own "better" router, using the ATT one just as a bridge. This suggestion was made by the manufacturer of the audio system I am installing since I am having some issues with the audio components talking to each other over the network. They said they often see these problems with all-in-one ISP provided dsl modem routers. Both my controller/amplifier and my digital music streamer are seeing the internet fine. The problem occurs sometimes when the controller commucicates to the streamer over the network with some command (such as changing a SiriusXM channel). It often causes the streamer to just diplay "stopped" and no artist/song info. Sometimes it just doesn't respond at all. Is there anything I should be checking in the setup of the 3600HGV that would affect the communication of these two devices with each other over the network?
0
0
tstraughn
Tutor
•
6 Messages
12 years ago
0
0
getgray
Teacher
•
32 Messages
12 years ago
SomeJoe:
Thank you for your detailed posts. I have moved my service from DSL to Uverse. I had a Cisco 800 that I'd like to keep in my network. I've tried to setup everyting per your examples but I'm missign some detail.
My original network is setup with 10.10.10.x. The 2Wire router is at it's default (192.168.1.254) per resolution from PC connected to the 2-wire modem via wireless link:
I have followed your instructions::
1. Set your router's WAN interface to get an IP address via DHCP.
Done
2. Plug your router's WAN interface to one of the 2Wire's LAN interfaces.
3. Restart your router, let it get an IP address via DHCP.
Done. sh conf eth1 -> reflects public IP
4. Log into the 2Wire router's interface. Go to Settings -> Firewall -> Applications, Pinholes, and DMZ
5. Select your router under section (1).
6. Click the DMZPlus button under section (2).
7. Click the Save button.
Done. Status screen reflects complete
8. Restart your router, when it gets an address via DHCP again, it will be the public outside IP address. At this point, you can leave your router in DHCP mode (make sure the firewall on your router allows the DHCP renewal packets, which will occur every 10 minutes), or you can change your router's IP address assignment on the WAN interface to static, and use the same settings it received via DHCP.
Initially I did a shut/no shut on int eth1 to renew the IP. That didn't work so I reloaded router. No difference that I saw.
sh int eth1 still reflected the public IP address assignment. Looked OK here.
9. On the 2Wire router, go to Settings -> Firewall -> Advanced Configuration
10. Uncheck the following: Stealth Mode, Block Ping, Strict UDP Session Control.
11. Check everything under Outbound Protocol Control except NetBIOS.
12. Uncheck NetBIOS under Inbound Protocol Control.
13. Uncheck all the Attack Detection checkboxes (7 of them).
14. Click Save
Done, carefully checked each.
All I changed on my router config was the ethernet intefaces and the inbound access-list. Where possible, I tried to mirror your setup. I moved teh appropriate configs from my old dialer interface (for the DSL) to Eth1.
My access list looks like this (sanitized)
I can ping the Cisco (10.10.10.1) from any PC on the 10.1.1 network. I can ping the public IP on Eth1. But I can't get out to the internet.
Can you tell what I'm missing?
0
0
SomeJoe7777
Expert
•
9.4K Messages
12 years ago
show ip int eth1
Also please show your NAT configuration entries, including the nat pool and any static translations.
And finally, show any default routes or default gateway entries you have in the config.
0
0
wesmac75
Tutor
•
8 Messages
12 years ago
Joe! I must admit, after reading some of your posts, you fill me with hope that some people actually know what the heck they are talking about!
I have the 2Wire providing signal to a DIR-857 so that an N Network could be broadcast on my network. Everything is working except for my 3TB HD that is plugged via USB 3.0 to the back of the DIR 857. It's not found, and I think it may be because of how I have the setup configured. The DIR network is 192.168.0.1, while I can still wirelessly connect to the 2Wire via 192.168.1.254. I believe the DIR is handing out DHCP addresses. I have disable the broadcast of the 2Wire wireless network. I get decent speeds, with occasional drop offs. Mostly, I want to be able to communicate with the HD wirelessly throughout.
Any idea of the optimum settings I should be using? The DIR is connected lan to lan.
Thanks in advance! Hope all is well
0
0
SomeJoe7777
Expert
•
9.4K Messages
12 years ago
wesmac,
Yes, the IP addressing and DHCP are probably the problem.
Refer to post #13 in this thread for the proper procedure to make a wireless access point work on the 2Wire's network. Basically, you need to turn off DHCP on the DIR-857, and assign it a static IP address within the 2Wire's subnet.
0