03-16-2011 8:18 AM - edited 03-16-2011 8:59 AM
I am having trouble properly configuring this AT&T 2Wire 3600HGV modem for my network. Maybe someone is aware of a different firmware for this product?
I am completely aware of how to setup the DMZ mode & router behind router setup in these boxes but that is NOT the point. (We have supported firewalled networked equipment working that has all the bells & whistles including QoS)
In the event of a factory reset of the AT&T 2Wire VDSL modem at this business, I want to properly insure the following business requirements are met:
- DHCP - OFF (at min, it appears you must leave one available?)
- WiFi - OFF (Yes this can be turned off, but bridging it always insured it was turned off in the past. ON is a security concern among just bad business i.e. conflict with other business WiFi, employees might see/use this non-content filtered WiFi, etc etc)
- & passing off internet service needs to be easy to another networked supported OUTSIDE of AT&T firewall. (I'm NOT asking for AT&T support on this, but in the bridge DSL world, this was EASY)
- if bridging this 2Wire is NOT an option, backing up the configuration settings would be a nice alternative but that is not available as well?
Bridging the old DSL modems always worked nicely but the 2Wire 3XXXHGV line appears to be the ONLY ones to support the AT&T VDSL Max Turbo speeds. 24Mbps down / 3 Mbps up which we use not only for normal business operations (credit cards, business email, web based training, etc) but this high speed is required to view onsite security video (3Mbps up) and offer customers FAST free WiFi!
AT&T U-Verse offers the right price, contract, speed, internet package & installers to properly handle our resturant locations company's data needs but I'm struggling with the their "business" support of this 2Wire VDSL modem product. We ONLY use the internet, no TV (not legally available for restaurants, yet). No Voip because POTS is our reliable backup. So it's just the internet service ...
For coverage on AT&T Uverse, we have over 50 locations lit up like a Christmas tree but sadly business support on this product is driving me nutz! Maybe because I now see this is listed under "Residential Gateway"? Is this AT&T 2Wire VDSL modem product not meant for business? Is anyone aware of another supported AT&T VDSL modem or a different 2Wire firmware available? Official AT&T support has me running in circles (AT&T U-verse support > AT&T Connecttech > AT&T Connecttech360 > AT&T U-verse support, rinse, repeat)
Solved by: Go to Solution.
03-16-2011 6:52 PM
There is no true bridge mode on the 2Wire routers. However, you can still configure it such that almost all functions of your own router will work properly.
1. Set your router's WAN interface to get an IP address via DHCP. This is required at first so that the 2Wire recognizes your router.
2. Plug your router's WAN interface to one of the 2Wire's LAN interfaces.
3. Restart your router, let it get an IP address via DHCP.
4. Log into the 2Wire router's interface. Go to Settings -> Firewall -> Applications, Pinholes, and DMZ
5. Select your router under section (1).
6. Click the DMZPlus button under section (2).
7. Click the Save button.
8. Restart your router, when it gets an address via DHCP again, it will be the public outside IP address. At this point, you can leave your router in DHCP mode (make sure the firewall on your router allows the DHCP renewal packets, which will occur every 10 minutes), or you can change your router's IP address assignment on the WAN interface to static, and use the same settings it received via DHCP.
9. On the 2Wire router, go to Settings -> Firewall -> Advanced Configuration
10. Uncheck the following: Stealth Mode, Block Ping, Strict UDP Session Control.
11. Check everything under Outbound Protocol Control except NetBIOS.
12. Uncheck NetBIOS under Inbound Protocol Control.
13. Uncheck all the Attack Detection checkboxes (7 of them).
14. Click Save.
Your router should now be able to route as if the 2Wire was a straight bridge, for the most part.
Inbound port 22 might be blocked, and inbound ports 8000-8015 might also be blocked, and there's nothing that can be done about it.
This is how I have my 2Wire configured, and I have a Cisco 2811 behind it doing IPSec, IPv6 tunnels, etc.
01-15-2012 8:27 PM
Eh... setup isn't going as planned. I set the static IP and subnet on my router to your suggestions but when I try to save the changes, I get this error "IP is out of range in [1-254]". I'm not really sure why though b/c I've set the static IP to 192.168.1.10. And that seems to be in range...
I tried attaching a picture of my routers admin panel but doesn't look like I can upload for some reason. Here's what I've got...
Under Internet Settings, I've got 192.168.1.10 for my IP, 255.255.255.0 for the Subnet Mask, and 0's for Default Gateway and DNS 1 through 3.
Under Network Setup, I've got the router IP still set to 192.168.1.1 but tried changing that to .10 and i get the same error.
I've disabled DHCP Server.
01-15-2012 9:17 PM
01-16-2012 12:09 PM - edited 01-16-2012 12:14 PM
Got the bridge going with an Asus RT-16 however my OUTgoing email fails. Double checked all the settings in the setup mentioned on the first page of this thread but no luck. Incoming works fine. Did reboots etc. double checked the smtp was was good for outgoing.
Also using RT-16 in 192.168.2.1-254 network with static IP of public IP from 2wire in WAN mode on RT-16.
01-16-2012 4:20 PM
01-16-2012 5:28 PM
Wow very suprized they block 25 never had that issue on ANY other ISP including comcast which I will not cancel if they don't open this port my emai service is not going to change.
Thanks again! - dan
01-20-2012 8:59 AM - edited 01-20-2012 9:02 AM
So you are only interested in the wireless aspect of the router?
In that case, you do not want to follow these directions at all, since you do not need special routing functionality. Instead, all you want is a wireless access point.
To do this, do the following:
1. Turn off DHCP on your router.
2. Change the link between the 2Wire router and your router to use the LAN ports on both ends. (In other words, plug the cable from one of the LAN ports of the 2Wire to one of the LAN ports of your router. Leave your router's WAN port empty).
3. Change the LAN IP address of your router to a static IP on the same subnet as the 2Wire router. For example, if the 2Wire router is using 192.168.1.x, and the DHCP range is 192.168.1.64 - 192.168.1.253, set your router to 192.168.1.10.
4. If necessary, configure the wireless parameters on your router, such as SSID, encryption, pre-shared key, and MAC filtering.
Your wireless computers connected to your router will now be able to communicate with wired computers on the 2wire router since everything will be on the same subnet.
I assume these instructions allow connecting to either the RG access point, or the new routers access point? Is that correct? And, and, as far as the LAN, anything wired or wireless will be able to communicate.
I have the same issue. The RG wireless range isn't good enough. I see significant dropoff in speed beyond about 30 feet or so. A couple walls, single story home.
Just bought a refurb Cisco E2500 which is supposed to have "good" range, whatever that means.
01-20-2012 9:16 AM
01-23-2012 1:23 PM
Hi. I have a Linksys RV016 behind the RT and followed the very helpful instructions in post 2. My RG Unit is the defaullt IP: 192.168.1.254
I changed my router's IP to 10.10.1.1 and set it to DHCP IPs in the 10.10.1.10-50 range
Is this OK? or is it better to use the 192.168.2.X range?
Everything is working as I have it. I'm just wondering if one network range is better than the other...
01-29-2012 2:07 PM
01-30-2012 8:49 AM
Blocking 25 is very common among ISPs.
It helps protect their network from being a relay for spam bots on infected uses computers.
The usual work around is to use a second port. Some mailservers open up 26 specifically for this pupose.
Most people don't run into the issue because they use their ISPs email address, or they use a web based address like gmail/aol/yahoo.
As a mailserver admin, I have walked many businesses through this issue.
01-30-2012 11:00 AM - edited 01-30-2012 11:02 AM
I think you deserve an award. I have been doing this sort of thing for decades now and this is one of the meatiest and effective threads I have ever seen. Great job, and of course, thanks. For many of us, U-Verse is our only high speed option, and its a great service. But working with it can be tricky. You are really helping to make a great service become exceptional.
My question is simple, and I think the answer is still "No", but I will ask again anyway. I read all 14 pages, including post 120 on the 15th with focus on my question.
All I want to do is use OpenDNS (or an equivalent parental control feature) for the DNS servers for all of my connected devices, not the STB. I have been running the "inside" router setup now for a while, successfully (but I will go back and setup the RG with the other options you mention in post#2.
So, is there any way to use an alternate DNS for specific devices without the extra routing?
01-31-2012 4:33 PM
Welcome to the internet boards! Check out our troubleshooting articles below and don’t forget to search the forums - your question may have been answered already!
Service acting up? Click here to troubleshoot now!
For DSL related issues. We highly recommend chatting with our teams to address this as quickly as possible.