Available Now: Buy the new iPhone 14, iPhone 14 Pro and iPhone 14 Pro Max from AT&T!
Troubleshoot your device issues
easy2's profile

New Member

 • 

7 Messages

Thu, Jul 7, 2022 4:40 PM

IP Passthrough M6 Pro (MR6500)

I apologize in advance for this wall of text since this will be a long, drawn-out inquiry/request. If you do decide you "have time to read all that" I truly thank you in advance if you take the time to read/assist. Disclaimer: I'm in the Army, so I can follow directions pretty well but every now and then I do need something written out in "ELI5" format. I am moderately adept at user level networking, and if things go south, the hard factory reset buttons/options on devices have always been quite handy to start fresh. My goal with the gateway I have is to mount in an external enclosure with PoE injector to a splitter/step-down from 48V to 5V-12V and RJ-45 on the peak of my roof, approximately 35 feet high (about 6 feet above the peak of the roofline). This may not be troublesome for some to mess with and climb up on the roof year-round if needing to access the gateway to hard-factory-reset a gateway with the pin-button if something happens, but where I live (interior Alaska, about 100 miles from the nearest "large" city) with the accompanying frigid temperatures (sustained -40 below zero with occasional dips to -70 below and colder with wind-chill to -120, snow and ice in the winter from October to April) I am hoping to have a stable, working solution in place before winter hits in October.


Why external enclosure? Wireless connection is very spotty here, and hardwired connectivity is virtually non-existent so it's all WISP solutions, unless you want 0.5 Mbps DSL for $90+/month (no thanks). StarLink is on a perpetual shift to the right for target availability since the polar regions will see service dead last (on the pre-order wait-list since February 2021). Antarctica will probably see StarLink before interior Alaska does. Why PoE step-down for the gateway? The gateway I have unfortunately does not power via PoE, so PoE injector will feed to the splitter/step-down that switches this to 5V USB-C and RJ-45 Ethernet. The gateway power block states 5V-12V, so I'll have to research if they make variable voltage power step-down splitters. I have a 50ft CAT7 to run up to the roof through the attic (I know it's not a recognized standard, but for my slow speeds I couldn't justify buying a new CAT8).


For the WISP gateway, I purchased a Netgear Nighthawk M6 Pro through FirstNET (AT&T) and am unfortunately also having "difficulty" as the other posters on this forum with placing the M6 (or any other AT&T gateway for that matter) into proper IP Passthrough mode. I debated purchasing a "more advanced" gateway that is "FirstNET ready/certified", but I had previously tried two other "3rd party, non-AT&T branded gateways" and had to have the device IMEI and SIM provisioned every month while on regular AT&T via a data-only SIM plan reseller (or else connection would revert to 0.3UL/0.1DL if I didn't call for them to reset this every week or so). Also, since AT&T is the ONLY wireless carrier that works out here (other wireless devices work, but all are roaming on AT&T towers), imagine what happens at around 5pm-2am every day...speeds go from a useable 10-15 Mbps down to 0.5 Mbps on AT&T. Since I am eligible for FirstNET, I went that route, because during peak usage times, I'm now shifted to Band 14 and am no longer stuck in the oversold B12/B66, etc. pipes, which is critical if I need the access for work. I went with the "preferred device" from FirstNET (they offered M6 or M6 Pro - the M6 Pro has the X65 chip with "better antennas" with internal 4x4 MIMO setup and also supports 2.5Gbps LAN and 6.0Ghz WiFi when the battery is removed - 6.0Ghz is currently only authorized indoors so I completed initial setup with dual 2.4/5.0 to be FCC compliant, just in case), since carriers have a habit of bumping non-branded 3rd party devices off their network (at least in my previous bad luck experiences).


Here's what I did to get my setup mostly useable in the short-term:

I changed the default gateway (M6) IP from 192.168.1.1 to 192.168.2.254 to avoid any potential conflicts. I switched the DHCP range to mimic this from ...2.1 to .2.99

My ASUS RT-AX68U default is 192.268.1.1, so I changed this to 192.168.0.1 to again avoid any potential conflicts. The router automatically fixed the DHCP range to correspond to the IP change.


The "advanced" tab on the M6 gateway allows disabling DHCP. When doing so, it would not pass through the WISP connection (router let me know DHCP is broken from ISP after I disabled gateway DHCP,) so I had to reenable this. The only "working" option is to check the "IP Passthrough" box, which disables the gateway WiFi. The ASUS router sees the connection via Ethernet, and connectivity to the web is available, but the IP address assigned to the router (from the 2.5Gbps Ethernet on the M6 to the WAN on ASUS) is 10.XX.XXX.XX or other derivative, which shifts periodically, I'm guessing due to lease time. This is a private IP assigned to the router WAN from the gateway (the ASUS is kind enough to tell me this, and a quick check to try to enable DDNS confirms "sorry, your router is in a double-NAT situation".


I can connect to router on the X.0.1 and the gateway on X.2.254 no problem to make changes to settings on either device.


I just completed this rough setup yesterday evening and have not had any web connection drops, but the speed is definitely slower than the gateway by itself. The gateway is currently inside the house while I am testing this, but speed difference is around 10 Mbps slower with router after gateway. Once mounted up high outside for the remarkably better connection (boosts connection by over 25 Mbps on average), the 2.4/5.0 signal is too weak for inside the house if I reenable WiFi (by turning off IP Passthrough). The "easy" solution is to place the ASUS in Access Point AP Mode, but the primary reasons for having the ASUS in proper router mode are: 1. QoS setup by MAC/IP (a must with two kiddos in the house on such a limited connection - at best I'm looking at 45 Mbps on the most ideal days, with realistic speeds around 25-35 MBps with occasional dips to 5-15 Mbps) 2. Advanced routing and network monitoring (I am not an IT technician by trade, but enjoy dabbling on user level side and seeing what is going on and the flexibility for media/printer servers, etc. with proper router) 3. VPN option for all devices connected to the ASUS, which is required for work (and also if I feel the need to watch the occasional regional content such as European TV streaming without hitting the region blocks).


How do I:

Place the gateway into "true" Passthrough Mode to resolve double-NAT on the ASUS/connected devices side and avoid any other potential related hiccups for when I need to VPN to work?

and/or

Allow the router to receive a public IP address instead of the private IP address from the gateway?


My first inclination is to skip all the steps and just put the router in the DMZ behind the gateway (at least that is an option), but I've ran into issues before in the past with the simple "fixes" like this and am looking for a long-term solution. Not even sure if the DMZ solves all the potential issues, as it may just be the placebo pill effect.


If you made it this far, I thank you for reading and hope someone with the motivation and knowledge chooses to help me and others in this situation out.

New Member

 • 

7 Messages

3 m مضت

Commenting on my own post...

After further research, the MiFi data traffic from the MR6500 is behind a private IP in the 10.a.b.c range. The data traffic is rolled up with other wireless customer data traffic at the tower, where it is sent to/from the AT&T tower using their (AT&T) public/static IP address. This is apparently the norm for these devices, and is Carrier-Grade NAT (CGNAT).

If you have the option to request a public/static IP address from AT&T, this may be a solution. I elected to do so by adding MyAccessLAN service to my account for a monthly surcharge, which allows a static IP to be assigned. I am still waiting on this to process, but will update what the results are once the static IP is assigned and I have configured everything (hopefully...I am not an IT pro).

New Member

 • 

4 Messages

3 m مضت

Has anyone successfully assigned a static IP w/ a customized APN and allowed passthrough to a router behind this device w/ ATT? I have been working on this for days. After I more hours than I care to admit fighting w/ ATT support I cannot get mine to work. I set the APN, the IP they give me begins to ping...but the MR6500 will then show "No Connection to Internet". My device on the LAN port is still getting internal DHCP 192.x range. I have tried disabling DHCP on the 6500, doesn't appear to matter. I just want this to be a WAN connection to my router and passthru the static IP. My assumption is my WAN should be set for DHCP since ATT only gave me an IP, no netmask or gateway. Any help is greatly appreciated.

ATTHelp

Community Support

 • 

200.4K Messages

3 m مضت

Hello @jrobinsonitp, let's get you pointed in the right direction on if the MR6500 has the selection for IP Passthrough in its web interface.

 

Essentially the NETGEAR Nighthawk (MR6500) is a wireless hotspot and not a router. You would need to reach out to the manufacturer (NETGEAR) to check if this option would be available.

 

We're here if you have any questions. Thank you for contacting the AT&T Community Forums.

 

Alasani, AT&T Community Specialist 

New Member

 • 

4 Messages

3 m مضت

Alasani

I called NETGEAR - they absolutely will not support the device b/c it is locked to ATT. I have been pushed around thru about every department w/ ATT all week an no one has been able to help me. The MR6500 has the IP Passthrough feature - I can plainly see it in the web UI. My issue is when I assign the ATT given APN for static IP, the MR6500 shows 'Not Connected' to internet. Let's take IP Passthrough out of the picture, I still can't get it to work w/ given APN on static IP. 

Been a hard week w/ ATT for sure, I hope to get some help soon or I'll have to move to another provider. I appreciate your input, maybe my response can help drive a solution.

New Member

 • 

7 Messages

3 m مضت

@jrobinsonitp I am waiting on a call back from one of the FirstNET/AT&T Engineers. The initial request to add the "AccessMyLAN" feature in order to be assigned a static IP through the automated request for "feature upgrade" on webpage failed, so I called customer service. The first CS rep suggested I visit the nearest corporate store to try to remedy. I live two hours away from "civilization" so any resellers or corporate stores aren't exactly nearby, and I doubt they'd be able to fix this on the spot anyways. I called back again a couple hours later and the second CS rep patched me through to one of the engineers at FirstNET/AT&T almost right away. The initial attempt through the engineer did not get processed, but the engineer received a note from higher level support on how to send the request up a second time. Now just patiently waiting on that to hopefully get processed. If it works then I'm also hoping I don't run into the same issue you are having.

New Member

 • 

4 Messages

3 m مضت

K, so here's what I found out. My ATT sales rep hooked me up w/ a reseller that handles custom APN stuff. Basically the old i2gold is dead, and you have to get a custom APN now for static IP. They sell in blocks, they are pricey. He mentioned FirstNET as an option to use to get a SIM and APN from, but the guy on the phone actually has a block and is gonna ship me a new device preprogrammed w/ his APN info. He will just sell me the service instead of ATT. 

The reseller said ATT made changes recently and no one knows what's going on (evident from my week of support calls). 

ATT rep said to get a single custom IP/APN setup is minimum $500, said they sell blocks of 100 to resellers for ~$3000? Then the reseller just sells services and devices they have programmed w/ their static blocks.

ATTHelp

Community Support

 • 

200.4K Messages

3 m مضت

Thanks for the update, @jrobinsonitp.

 

For further assistance with getting your network configuration working behind your AT&T gateway, we recommend reaching out to HomeTech (paid subscription service) for further assistance. They offer specialized support for your home network and for 3rd party devices.

 

Let us know if you have any other questions or concerns, and thanks for reaching out on the AT&T Community Forums!

 

Jarod, AT&T Community Specialist

New Member

 • 

7 Messages

2 m مضت

Unfortunately after multiple attempts of adding the feature update request myself through the "Change/Upgrade Features" drop-down on AT&T/FirstNET account management, and each time receiving the more-or-less "automated" reply a day or two later letting me know my request had been cancelled due to "feature unavailable", I tried calling customer service.


The first representative could not assist, as her manager was also unable to override. The representative recommended I visit the AT&T store I ordered the service through. Figuring they would probably have to call someone themselves on the technician/engineer side, and since that's about two hours away from me (also the closest one to where I am), I waited a couple hours and tried customer service again.


The second representative patched me through to one of the FirstNET/AT&T Engineers within a few minutes, and he also had difficulty adding the feature. After multiple days of back-and-forth updates on how the engineer team above him recommended he resubmit the request, and after nearly two weeks, I received the call with "Sorry, this feature is not available for customer paid FirstNET plans. You must be on an agency-managed plan and the FirstNET agency manager can assign a static IP."


Oh well. I guess if you want this feature, either be on a regular AT&T MiFi plan and add the "AccessMyLAN" feature for between $7.50-10.00 per month, or if you are on FirstNET as I am, then be on an agency-managed plan.


At least they tried, but seems silly why the feature isn't available. Had to let work know they can't VPN in to my work machine if I have to access work stuff remotely and they have to check something. Since the agency I work for doesn't have anymore agency-managed devices to dole out, I guess we'll just have to deal with it or they can add some more to their managed plan to dole out if they want critical stuff like remote management to work.


FirstNET/AT&T doesn't want the extra money from me to add the feature to this customer paid plan.


¯\_ (ツ)_/¯

Need help?
Fix, replace or check device delivery
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.