Treo600user's profile

Teacher

 • 

3 Messages

Wednesday, March 16th, 2011 3:18 PM

U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

I am having trouble properly configuring this AT&T 2Wire 3600HGV modem for my network. Maybe someone is aware of a different firmware for this product?

 

I am completely aware of how to setup the DMZ mode & router behind router setup in these boxes but that is NOT the point. (We have supported firewalled networked equipment working that has all the bells & whistles including QoS)

 

In the event of a factory reset of the AT&T 2Wire VDSL modem at this business, I want to properly insure the following business requirements are met:

- DHCP - OFF (at min, it appears you must leave one available?)

- WiFi - OFF (Yes this can be turned off, but bridging it always insured it was turned off in the past. ON is a security concern among just bad business i.e. conflict with other business WiFi, employees might see/use this non-content filtered WiFi, etc etc)

- & passing off internet service needs to be easy to another networked supported OUTSIDE of AT&T firewall. (I'm NOT asking for AT&T support on this, but in the bridge DSL world, this was EASY)

- if bridging this 2Wire is NOT an option, backing up the configuration settings would be a nice alternative but that is not available as well?

 

Bridging the old DSL modems always worked nicely but the 2Wire 3XXXHGV line appears to be the ONLY ones to support the AT&T VDSL Max Turbo speeds. 24Mbps down / 3 Mbps up which we use not only for normal business operations (credit cards, business email, web based training, etc) but this high speed is required to view onsite security video (3Mbps up) and offer customers FAST free WiFi!

 

AT&T U-Verse offers the right price, contract, speed, internet package & installers to properly handle our resturant locations company's data needs but I'm struggling with the their "business" support of this 2Wire VDSL modem product. We ONLY use the internet, no TV (not legally available for restaurants, yet). No Voip because POTS is our reliable backup. So it's just the internet service ...

 

For coverage on AT&T Uverse, we have over 50 locations lit up like a Christmas tree but sadly business support on this product is driving me nutz! Maybe because I now see this is listed under "Residential Gateway"? Is this AT&T 2Wire VDSL modem product not meant for business? Is anyone aware of another supported AT&T VDSL modem or a different 2Wire firmware available? Official AT&T support has me running in circles (AT&T U-verse support > AT&T Connecttech > AT&T Connecttech360 > AT&T U-verse support, rinse, repeat)  

 

help?

Expert

 • 

9.4K Messages

12 years ago

No VPN-specific thread that I know of.

Most types of outbound VPN should work on all 2Wire routers with no issues. Inbound VPN on 2Wire routers may work if configured properly, but I've seen many people say it requires your own DMZ router or static IPs.

Outbound VPN on the Motorola NVG510 works only with the very latest firmware. I don't think inbound VPN works at all without static IPs.

Mentor

 • 

44 Messages

12 years ago

Ugh!  New thread started!

Tutor

 • 

4 Messages

12 years ago

Forgot to check back for reply, and have been to busy to even work on this problem some more.

 

Im using a netgear fvs318n(newer model) behing the 2 wire router, and it is in dmz plus mode with the static IP going to the netgear (it properly receives it),

 

On the other end i have tried netopia 3347 dsl modems, and a netgear fvs318(and old model). Both "connect" and agree on a key with the fvs318n(newer model), but Im not able to ping devices on either end from either side.

Tutor

 • 

4 Messages

12 years ago

In regards to your other questions that i forgot to answer, it is a ipsec vpn tunnel, i dont think those are really "directional" but you can set whether 1 device initiates the tunnel, but i believe both devices are in both mode where either tries to initiate the connection based on who realizes its down first.

 

Im not sure if my "ip routing" is correct, i think the whole problem might be due to some ip routing options to overcome the NAT (2wire) inbetween. But basically the fvs318n is 192.168.0.254, and all the computers at that site are int he .0. subnet and receiver their ip's from the windows server dhcp server. (although as a side note occasioanlly the 2wire will still somehow assign dhcp's throught the netgears wan port, if the windows server dhcp server is offline, i dont get how a dhcp could be passed through the wan port...) but before testing the tunnel i of course make sure im on the .0. subnet.

 

The other end is much simpler with either the netopia or the netgear fvs318(older model) acting as the DHCP and being 192.168.6.1, and assigning addresses in the .6. subnet.

 

I make sure when setting up the vpn tunnel to allow .0. subnet for the 1 location and .6. for the other (in each routers vpn settings) but if any additional ip configuration / settings are required then i probably have not done them (such as i have no static routes, or ports open on either router on either end) i also have no signed certificate on the fvs318n (doubt that matters for ipsec) and

Expert

 • 

9.4K Messages

12 years ago

OK, so it sounds like your tunnel is actually coming up, you just aren't able to route traffic over it.

This is probably not an issue with U-Verse or the 2Wire. Check your routes carefully on each of the routers on each end, they have to have a route to the other network over the tunnel. If they're not running a routing protocol with each other, then these routes need to be entered statically.

Tutor

 • 

4 Messages

12 years ago

Turns out having the negear fvs318n router foward all the inbound ports/traffic to my sip phone server was interfering with vpn tunnels (or with pings / rdp connections i guess). (was only forwarding all the ports temporarily till i had time to tune it just to the right ports.).

 

The good news is that i can further confirm that when in dmz plus mode the 3600hgv does a decent job of allowing IP phone traffic, as well as VPN traffic through, which is good enough for most small businesses.

 

Only big downsides are it being necessary for it to be in DHCP mode (although i feel its more a peculiarty of the netgear that allows devices behind it to ocasionaly get DHCP from the 2wire gateway). And it also appears to have dificulty negotiating 10mbs full duplex with older devices (but i cant see many people running into that problem, and gave me a good excuse to buy the newer model fvs318n to replace my fvs318(older model). 

Tutor

 • 

9 Messages

12 years ago

Hi SomeJoe7777.

 

Spent a lot of time reading this thread but could not find what I was looking for exactly.  It seems to be a combination of 13 and 2 and something else perhaps.  Let's see.

 

So, I have a Linksys behind my 2wire.  I want the linksys for 2 reasons.  1) my desktop (upstairs) has no wireless interface and so I connect via ethernet to the linksys  2) I want to use the access control features of the linksys which the 2wire does not have for my children.

 

I also have two other laptops in the house that need to 1)connect to 2wire (both laptops and the 2wire are downstairs)  2) connect to the desktop upstairs.

 

So, if I configure the linksys so that it is just another static ip and a wireless access point on the same subnet (192.168.1...) by connecting LAN port to LAN port, then everyone gets internet, all computers can see each other, BUT the access controls do not work.  My children can get to the internet via a wireless connection to the linksys regardless of any controls that are in force.  I don't understand why the access controls don't seem to be working.  Is it because they only work if the linksys is acting as a router, and in this configuration it is only acting as a wireless access point / switch?

 

If I make it a dhcp server to issue ips to my children's laptops on 192.168.2..., the access controls work but now I cannot get to my desktop.

 

Thanks, James

ACE - Expert

 • 

34.7K Messages

12 years ago


@jamesvdale wrote:

...

 

So, if I configure the linksys so that it is just another static ip and a wireless access point on the same subnet (192.168.1...) by connecting LAN port to LAN port, then everyone gets internet, all computers can see each other, BUT the access controls do not work.  My children can get to the internet via a wireless connection to the linksys regardless of any controls that are in force.  I don't understand why the access controls don't seem to be working.  Is it because they only work if the linksys is acting as a router, and in this configuration it is only acting as a wireless access point / switch? 

...


Exactly.  Doing IP filtering is a layer 3 activity, opening and looking at the IP routing information in the packet and deciding whether to allow it or not.  Switching operates at layer 2, the MAC/Hardware layer.  The data has to be routed out the WAN port for firewall/access filtering to work.  In the AP/Switch configuration, hardware layer switching is occuring between the ports and the wireless interface.

 


@jamesvdale wrote:

...

 

If I make it a dhcp server to issue ips to my children's laptops on 192.168.2..., the access controls work but now I cannot get to my desktop. 

...


Do you have the Linksys connected via the LAN port still?  You might could make this work by changing the SUBNET mask from 255.255.255.0 to 255.255.251.0  on all your devices that are interested in talking this way.  This allows them to talk directly on the same LAN without routing.  You can probably set up the Linksys to give out this netmask.  I don't think you're going to get the 2WIRE to, so you'd have to switch your PC to a static IP address with this mask set up.

 

Teacher

 • 

14 Messages

12 years ago

I have my belkin router setup behind the ATT router and all is working but when streaming video from the internet, my slingbox or playing xbox live the signal stutters every so often and even times out sometimes losing connection.  On xbox live i get dropped from games and can never finish a game on Madden.  Hooked up to the ATT router this does not happen any ideas what going on?

Expert

 • 

9.4K Messages

12 years ago

jamesvdale,

 

Yes, you simultaneously need the Linksys to act just as a wireless access point upstairs, while also operating as a router for the entire network.

 

This will not be possible using only one Linksys.

 

You will need to get a 2nd one (or perhaps buy just a wireless access point, which might be less expensive).

 

Set up one as a wireless access point upstairs, using the method in post #13.

 

Set up the 2nd one next to the RG using the method in post #2, and configure parental controls on that one.  Turn the wireless on the RG off, and use the wireless on this 2nd Linksys to cover the downstairs.

 

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.