- edited 10-20-2017 11:19 AM
The Arris BGW210-700 is an advanced residential gateway that supports VoIP, IPv6, video delivery, security firewall, and extensive remote management features.
The BGW210-700 Broadband Gateway delivers robust video, primary line telephony, and high-speed data over broadband networks via high-speed Internet connectivity.
The four Gigabit Ethernet ports can be separated into different services allowing the configuration of dedicated ports for data. It is designed for advanced DSL network service deployments and supports Quality of Service (QoS) and IP Passthrough.
Determining the Business Need
Business customers sometimes state that they need DSL/Broadband CPE that can be configure or placed into a Bridged Mode where they are putting other CPE behind the DSL/Broadband CPE. Many times, these customers can be better served with a configuration known as IP Passthrough. The below information explains the difference between IP Passthrough vs Bridged mode and provides instructions on how to configure the Arris BGW210-700 Internet Gateway for IP Passthrough.
IP Passthrough means the AT&T supported CPE device terminates the DSL, authenticates with the network (Receives a WAN IP) and shares that IP address with a single device connected to the AT&T supported CPE equipment. This configuration is often times suitable for a business customer desiring to connect third party equipment to AT&T supported equipment. The IP Passthrough configuration still allows AT&T support groups to access the AT&T supported equipment while allowing end-users to connect third party equipment in a configuration they desire. The IP Passthrough configuration will only allow one connection to AT&T supported equipment to be "unfiltered" or pingable from the WAN or internet side of the AT&T equipment (does not support multiple pingable connections).
The IP Passthrough feature allows a single PC on the LAN to have the AT&T Gateway's public address assigned to it. It also provides port address translation (PAT) or network address and port translation (NAPT) via the same public IP address for all other hosts on the private LAN subnet.
Using IP Passthrough, the public WAN IP is used to provide IP address translation for private LAN computers. The public WAN IP is assigned and reused on a LAN computer.
Note: Remember to make a copy of all current IP settings before proceeding.
Configuring IP Passthrough:
Run your Web browser application, such as Firefox and Chrome, from the computer connected to the Arris BGW210-700.
Dynamic host configuration protocol (DHCP) address serving can automatically serve the WAN IP address to a LAN computer.
When DHCP is used for addressing the designated IP Passthrough computer, the acquired or configured WAN address is passed to DHCP, which will dynamically configure a single servable address subnet, and reserve the address for the configured PC's MAC address. This dynamic subnet configuration is based on the local and remote WAN address and subnet mask.
Note: IP Passthrough Restriction
Since both the BGW210 Internet Gateway and the IP Passthrough host use the same IP address, new sessions that conflict with existing sessions will be rejected by the BGW210. For example, suppose you are working from home using an IPSec tunnel from the router and from the IP Passthrough host. Both tunnels go to the same remote endpoint, such as the VPN access concentrator at your employer's office. In this case, the first one to start the IPSec traffic will be allowed; the second one from the WAN is indistinguishable and will fail.
If you need further assistance with your IP Passthrough setup and configuration contact ConnecTech Support.
Jared, AT&T Community Specialist
Need help with an account specific question? Post a new question here on the forums by clicking the "Ask a Question" button.
For additional support, please visit us at our AT&T services hub.
Solved by: Go to Solution.
08-17-2017 11:57 AM
You cant use cascaded router, several posts stating that it doesn't work. All you need is IP Passthrough. I have an SRX345 firewall that is my main device so I turned OFF all the firewall settings on the ARRIS (ATT modem) because I dont need them and they will create issues if I am troubleshooting a problem. I suggest you do the same and just make sure you're router is locked down as much as you can. To recap from a previous post...I have the Arris modem with an ethernet connection to my WAN port on my SRX. Everything else (including my backup Comcast connection) plugs into the SRX. DHCP is handled by the SRX as well. My wireless is disabled on the Arris. I use Meraki APs in some POE switches that also plugin to the SRX.
Hope this helps...
- edited 08-19-2017 10:21 AM
Thanks bphagan and dunnjo and others. I finally got over the hump. I gave up on Cascaded Router and went strictly Passthrough. The key (as you both said) was to not turn off the DHCP on the AT&T router and just let it distribute the 192 range to my hardwired Time Capsule, then let the TC distribute addresses in the 10 range. bphagan, for what it's worth, I didn't have to change the "Connect Using" to "static" on my TC. Not sure why mine would work that way when yours didn't.
My TC does give me a "Double Nat" warning but things seem to be functioning fine.
Edit a day later — spoke too soon. While everything functions with the setup described above, it destroys throughput. Where I was getting 900+ Mbps hardwired to the desktop before, it dipped to 25 Mbps. The WiFi was as bad. So I'm back to just using the BGW210 and taking the Time Capsule out of the equation. The main reason I want to use it is that the interface for DHCP reservations is easier, and OS X Server doesn't seem to like non-Apple routers too much.
08-19-2017 8:02 PM
Ok sorry you've had so many problems....i wasn't clear that you were just not even using the ATT router/modem at all...I dont think NOT using their device is a good idea...why even take it out of the equation? If you just stick to using it as a "passthrough" modem leaving DHCP turned on for maybe 3 devices (smaller subnet) then you can let whatever you want be the proverbial "head" or "center" of your network. In my case it's my SRX345. It's a firewall/router....handles DHCP, routing, and everything, including my both my APs plug into it. In my opinion, this is the simplest way to setup without adding too much complexity but continuing to have YOUR device as "king".
Hope this helps...
09-02-2017 10:26 AM
I'm hoping this will help somebody because I had to work my way through a combination of everyone's instructions to get mine to work.
I hooked one of the 4 switch ports of the ATT modem/router into the WAN port of my TP-Link Router. I then setup the Firewall -> IP Passthrough like everyone else here:
I choose DHCPS-fixed from the Passthrough Mode list and chose my TP-Link router from the Passthrough Fixed MAC Address Device List. Then hit Save. I left the DHCP settings alone.
On the TP-Link router, I set it to a different subnet (192.168.100.x). After that was set, I then went to my WAN section. It was automatically pulling in the DHCP assigned address from the ATT modem/router (192.168.1.10 for example). At that point, the internet worked fine, but it was not what I quite wanted and I didn't feel like I was getting my full speed. I then took the Primary and Secondary DNS from the AT&T modem/router under Broadband -> Status, and I plugged them into the TP-Link WAN settings. As soon as I hit save, that's when the IP Passthrough worked for me, as the Public IP was now being fed through properly to my TP-Link router and I was once again getting full speed. I did all this because I have more control over the port forwarding, and it works properly on my TP-Link router. It seems like the ATT modem/router was restricting too many of my much needed packets.
Afterwards, all of my services worked fine without having to change any of the firewall settings on the ATT modem/router.
I hope this has helped someone. It looks like different things are working for different people. While the basic concept is the same, some implementations just work differently for different equipment.
09-02-2017 11:52 AM
I'n glad you got it working but if you go back to both sets of instructions I provided, one of the most important things was to TURN OFF all firewall features on the ATT modem and only have DHCP and IP Pass-through. Additionally, you shouldn't have to put in ATT's DNS into the WAN ports on the ATT modem as they will come through automatically. The client machines of your network will get those same settings from DHCP whether you make it in the ATT modem OR your router.
Glad you got it working nonetheless....
09-04-2017 8:58 AM
While I respect your opinion and probably wouldn't have even tried some of this without some of your instruction on here, I just want to mention that it is in my humble opinion before I performed the IP Passthrough, a lot of my services were not working because the TCP/UDP packets were not coming through. After I setup the IP Passthrough, without changing the Firewall settings, all of my services began to work again (through Port Forwarding on my own router).
That all being said, I do respectfully feel like there is nothing wrong with turning off all of the Firewall services, and even may be detrimental for others to work. I think while the overall process should work for most, I definitely think this could be a "your mileage may vary" type thing, where all situations may require their own tweaking. In my case, services did not work for me until I filled in the DNS servers.
Thank you for your help and I hope that we can help all people use the device(s) that they want to use on their home networks.
09-04-2017 10:07 AM
We're saying the same thing....I am saying YES, turn OFF all the firewall services on the ATT router. If not, you're port forwarding would be problematic. There will be complexity where it is not needed. The ATT router should only be a transparent object within your network as it is with mine with your router, or in my case, my firewall as the "proverbial" head of your home network.
09-17-2017 8:59 PM
Thank you everyone, this thread was immensely helpful. I have 2 questions though:
First, with IP Passthrough enabled, is it possible to somehow route access to the RG from your internal network? This would come in handy when wanting to hit the RG's web UI without having to hardwire to it.
And second, are we still restricted by the RG's NAT table limit of 8192 while using IP Passthrough? I have a feeling we are, but just looking for confirmation.
09-18-2017 7:28 AM
If it's a pass-through, then it's a pass-through, right? So it's not going to have an IP since it's sent to your downstream L3 device. Ideally, once you have it setup for pass-through, with DHCP still on (limited amount of client IPs in my opinion), and all the firewall rules turned off, you shouldn't need to get to the GUI of the BGW210 for any reason. Once i get it working, my firewall is now the center of my network and anything i need to do, i do from there which was why i needed to figure out this setup for my environment.
As for your 2nd question, basically the same answer as before. If you're using it as a pass-through, why are you trying to NAT with it? Essentially it is just a "bridge" to send along the public IP to your device. Perhaps I'm totally missing the point here & if so, my apologies but your questions around the BGW210 (which I assume you mean by RG - router gateway) tends to be more along this device as being something that is doing more than just acting as a bridge/pass-through and if so, i dont get why you need pass-through at all.
09-18-2017 1:20 PM
On the first question, that's what I assumed, thank you for confirming. My setup is just like you described.
As to the second question, my main concern is that IP Passthrough is not as transparent as it sounds. I do want it as transparent as possible, but it seems like this may not be true bridge mode. I think that incoming/outgoing connections are still written to the BGW210's NAT table even with IP Passthrough turned on, thus limiting our own internal network to it's table size (which you can see in the web UI under Diagnostics > NAT Table > Total Sessions Available).
Here is a slightly older thread that addresses the same concern, but no concrete answer: http://www.dslreports.com/forum/r31308705-
09-19-2017 6:45 AM
Ravi, thank you for your help...had a question though. Step 4, how did you go about setting a fixed IP for your router? I see no option to do that on the BGW210.
09-19-2017 6:55 AM
09-19-2017 7:24 AM
The way i setup a fixed IP for my router is before setting up an IP passthrough in DHCP mode on the ATT router - disable the wifi networks / and with only the router connected to the att router go to home network | Ip allocation and you should be able to click on 'Allocate' and change the ip address if you want. I hope this helps?
09-19-2017 7:32 AM
If you're talking about the LAN IP of the router and you want it to be 'static' then why not do it on the router itself? The DHCP on the ATT modem has to be on for pass-through to work. I only have a 4 client scope on there because i'm paranoid and dont want more than that but it is NOT giving out any IP addresses and why should it? It just makes things more complex & difficult to troubleshoot in my opinion. Once you decide on the internal LAN subnet you want to use, put that in the ATT modem and leave it. Statically assign your LAN router and define your DHCP subnet on your router as well and eliminate the need to use the ATT modem except for required functionality.