U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Teacher

U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

[ Edited ]

I am having trouble properly configuring this AT&T 2Wire 3600HGV modem for my network. Maybe someone is aware of a different firmware for this product?

 

I am completely aware of how to setup the DMZ mode & router behind router setup in these boxes but that is NOT the point. (We have supported firewalled networked equipment working that has all the bells & whistles including QoS)

 

In the event of a factory reset of the AT&T 2Wire VDSL modem at this business, I want to properly insure the following business requirements are met:

- DHCP - OFF (at min, it appears you must leave one available?)

- WiFi - OFF (Yes this can be turned off, but bridging it always insured it was turned off in the past. ON is a security concern among just bad business i.e. conflict with other business WiFi, employees might see/use this non-content filtered WiFi, etc etc)

- & passing off internet service needs to be easy to another networked supported OUTSIDE of AT&T firewall. (I'm NOT asking for AT&T support on this, but in the bridge DSL world, this was EASY)

- if bridging this 2Wire is NOT an option, backing up the configuration settings would be a nice alternative but that is not available as well?

 

Bridging the old DSL modems always worked nicely but the 2Wire 3XXXHGV line appears to be the ONLY ones to support the AT&T VDSL Max Turbo speeds. 24Mbps down / 3 Mbps up which we use not only for normal business operations (credit cards, business email, web based training, etc) but this high speed is required to view onsite security video (3Mbps up) and offer customers FAST free WiFi!

 

AT&T U-Verse offers the right price, contract, speed, internet package & installers to properly handle our resturant locations company's data needs but I'm struggling with the their "business" support of this 2Wire VDSL modem product. We ONLY use the internet, no TV (not legally available for restaurants, yet). No Voip because POTS is our reliable backup. So it's just the internet service ...

 

For coverage on AT&T Uverse, we have over 50 locations lit up like a Christmas tree but sadly business support on this product is driving me nutz! Maybe because I now see this is listed under "Residential Gateway"? Is this AT&T 2Wire VDSL modem product not meant for business? Is anyone aware of another supported AT&T VDSL modem or a different 2Wire firmware available? Official AT&T support has me running in circles (AT&T U-verse support > AT&T Connecttech > AT&T Connecttech360 > AT&T U-verse support, rinse, repeat)  

 

help?

Message 1 of 636 (565,661 Views)
Expert

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

A standard Windows 7 VPN as well as the Cisco VPN client should both work without issue.

I would suspect that there's something wrong with your 2Wire. I would recommend you reset it to factory defaults using the reset button at the bottom of the following page:

http://192.168.1.254/xslt?PAGE=C_5_7

Use the button at the bottom that says "Reset to Factory Defaults". If you have any custom settings in the 2Wire RG, like a custom wireless SSID or password, or custom DHCP settings, firewall settings, etc. you need to write those down before you do the reset so that you can put them back in later.
Message 346 of 636 (2,909 Views)
Voyager

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

After resetting 2Wire back to factory defaults and open DMZplus mode.  The VPN is not connecting.  I have been using this VPN for few years and travel to many companies/places with my NB and I don't have this problem before switching to U-verse. 

Message 347 of 636 (2,889 Views)
Expert

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Unfortunately, I don't know what else to tell you.  I use PPTP, L2TP/IPSec, and IKE/IPSec VPN connections all the time through my U-Verse connection with a 2Wire 3800 without any issues.

 

I would recommend that you send a Private Message to Community Support. They are part of the AT&T customer service team and may be able to resolve your Issue. You can expect a reply via return PM between the hours of 7am-10pm CST.

 

AT&T customer care can also be found online through these channels.

 

Message 348 of 636 (2,870 Views)
Voyager

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

I just bought the Netgear R6300. I have the Uverse 2Wire 3600.  Currently my desktop is plugged into a LAN port on the 2Wire, and everything else in the house is on the wireless network of the 2Wire.

 

I bought the Netgear to improve the strength and range of my wireless signal. After reading thru all 12 pages here, it looks like my best option is to follow post #13. To make sure I understand things correctly:

 

1) Turn off DHCP on the Netgear (uncheck the box at routerlogin.net that says "Use Router as DHCP Server."

 

2) Change it to LAN to LAN. (I currently have it as LAN to WAN on the Netgear so I can access routerlogin.net - otherwise I wouldn't know how to access routerlogin.net for the Netgear).

 

3) I'm not quite sure how to determine what my range is for the 2Wire, but all assigned IP addresses show as 192.168.1.64-87. I assume the example you gave of setting it to 192.168.1.10 would be alright.

 

I do this on the same screen where it says "LAN TCP/IP Setup IP Address 10.0.0.1 and IP Subnet Mask 255.255.255.0"  Just change the 10.0.0.1 to 192.168.1.10, correct?

 

4) Do I need to do anything else? Turn off the wireless on the 2Wire? Reboot any systems? Plug my desktop into the Netgear LAN or keep it in the 2Wire LAN?

 

I appreciate your time here... it is very much appreciated!

 

 

Message 349 of 636 (2,730 Views)
Expert

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

I recommend you access your NetGear router directly, using it's LAN IP address, rather than using routerlogin.net.

See the following thread for an example and some detailed pointers on what to do and what to try to accomplish:

http://forums.att.com/t5/Residential-Gateway/Using-my-Belkin-router-with-the-2wire/td-p/3373355
Message 350 of 636 (2,718 Views)
Voyager

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

SomeJoe,

 

Followed the directions at the link you provided. Thank you.

 

Looks like things are good... final question - does it matter if I have my desktop plugged into the Netgear or the 2Wire? It is not wireless and needs the wired connection into one of the routers. Was just wondering if it mattered.

 

Thank you once again!

Message 351 of 636 (2,744 Views)
Expert

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

It should not matter in your case unless the NetGear has Gigabit Ethernet. If it does, then use the NetGear for higher speeds between computers on the LAN.
Message 352 of 636 (2,737 Views)
Contributor

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

SomeJoe7777, this is an older post so hopefully you are still monitoring it.  I have been trying to figure out how to enable Time Limits and other Parental Controls on my network and the 2Wire unfortunately lacks any of these.  After reading your post it seems that since I cannot do away with the 2Wire 3800HGV I can simply park a 'good' router with parental features in the DMZ+ behind the 2Wire GW, setting the GW up as you have specified.  Then, for all intents, the new router's features will be fully accessable.  Right?  I have tried to make it work with a 2Wire LAN port connected to one of my router's LAN ports but it does not protect this path.  It  would be nice if I could implement the controls via any port, or macID, or IP but it only seems to work if the network is coming in the WAN port.

 

Have I driven off the road?  I primarily want the time limits so if you have an alternate idea, I'd love to hear it.

 

Thanks again for all your insight.

Message 353 of 636 (2,651 Views)
Expert

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

You're correct -- you need a router with parental controls set up behind the 2Wire as the DMZ device, set up according to post #2 in this thread.

On parental controls/time limits, remember that physical security is also required otherwise it's trivial to bypass. The 2Wire and your router need to be in a locked area, inaccessible to those who would attempt such things. Smiley Happy
Message 354 of 636 (2,645 Views)
Voyager

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

[ Edited ]

I just wanted to thank SomeJoe for this great tutorial. I can confirm that these steps work perfectly for the new flagship Centria (WNDR4700) from Netgate. It took me a couple of reboots of the Netgate on step 8 before it would pick up the IP, but other than that the setup was flawless! Thanks again!

 

Edit: I actually have the 2wire i38HG unit with the iNID outside of the house. Smiley Happy

Message 355 of 636 (2,399 Views)
Highlighted
Contributor

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Somejoe - one more question? If I have AT&T Uverse Reciever hooked on to the 2Wire gateway, can I leave that on the 2-Wire gateway or should I move that to the Linksys? Which would be better and preffered?

Thanks

Message 356 of 636 (2,175 Views)
Expert

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

U-Verse IPTV receivers must always be connected to the RG. They will not work correctly if connected behind your own router.
Message 357 of 636 (2,172 Views)
Explorer

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?


SomeJoe7777 wrote:
You need to configure the Linksys such that it's LAN IP address is a different subnet than the RG's LAN.

If the RG is using 192.168.1.x on it's LAN, you need to change the Linksys to use something else.

Use the 192.168.2.x subnet. Configure the Linksys LAN IP address to 192.168.2.1, subnet mask 255.255.255.0.

Somejoe7777, first let me just say I can not adequately express how much I appreciate you being here and helping people, thank you!

 

If you would be so kind as to advise me what you think I should do. I've been doing network engineering for many years, I worked for a company for 7 years doing it as a field engineer and now do it with my own small business. I've setup countless ADSL, SDSL, MetroE, Bonded T1 etc. Prior to 2008 I was using a dedicated Qwest T1 on a Cisco 1721 as you know quite expensive but I was on the same backbone as a major client and needed very good latency which was 5-10ms.

 

Had to reduce costs in 2008 and switched from T1 to Comcast Cable (don't think Uverse was available yet) and since I am 12k feet from CO the DSL was only 1.5. Jan 2010 Comcast wanted to keep my business and offered me 50/10 for 99.95 a month couldn't refuse so signed up for 2 yr contract, then Jan 2011 they started dinging me for a $7 a month modem fee claiming it was supposed to be there all along.

 

At that point Jan 2011 I had Uverse Business Class 24mbps installed with a 2wire 3801 and static IP (running Exchange and Activesync), I already had existing wiring in place for the T1 (this is a home office location) ran tests to laptop directly from 3801 and no problems 21-22mbps down and forget my upload I think it was 2.8-2.9 normal tcp overhead. Did note that the latency time (ping) was double or more of my Comcast cable and I've read that it has to do with interleaving which standard DSL doesn't have (fastpath usually) and nothing can be done about it. All testing of signal margins, line attenuations, distance to vrad and I forget the other "DSL/VDSL" areas I checked were all Good to Excellent in quality. Also the line did not drop at all for a week straight with packet loss testing and connection testing to my laptop (not yet connected to my network)

 

Here's where the problem comes in... I'm running ESXi server with Exchange and part of that is also my Astaro Firewall (linux based app quite popular) its been flawless for 4 years (almost 5 years now) with my comcast SMC router that has a static IP and NAT&DHCP disabled so it is bridged and on its public IP. Also have many other clients running Astaro firewalls no problems.

 

I figured out pretty quickly the 2Wire was a problem and it wasn't going to be straight forward, calls to Tech Support didn't work out too well so reading found your post and other's posts as well including someone running a "pFsense" linux based firewall. I followed your directions precisely but am not 100% sure only about 95% sure that I changed the LAN IP subnet of the 3801. Pretty sure I did. Because changing my LAN side on my network would involve a lot of changes including server's IP, Firewall LAN, ESXi server IP and a few other static IPs on my network something I really don't want to do.

 

Was able to get the 3801 working through my firewall eventually following your directions BUT.... as someone else posted somewhere on here or another forum my speed tests were greatly reduced to erratic behavior 12-18 down, 0.5-0.7 up.... and the results were terrible and different every time I tested. So here are my questions and sorry for this being SO long. I won't go into the fact AT&T should have business class modems/routers available for businesses. This is Internet Only no phone no TV.

 

1. My network is 192.168.1.x, you mention it must be different than the RG, I seem to recall changing the RG LAN (not sure) and DHCP is there any issues with doing this? If I recall correctly it offered 10.x and 172.x but wouldn't let me specify exactly what I wanted to use.

2. Can DHCP be turned off on the RG? My Server hands out DHCP

3. Is the RG doing NAT still in this DMZPlus mode following your directions could my slow issues and erratic speed tests have been a result of a double NAT scenario with my firewall?

4. I remember having to set my WAN NIC on my firewall to DHCP, I think you mentioned after it initially gets an IP (mine would be static) that I could set my WAN NIC to the static IP and subnet mask and default gateway? Is this true or does it have to be left as DHCP?

5. I also remember at one point my WAN NIC of my firewall received a private 192.168.1.x IP from the 2wire, just to confirm if setup correctly it should be receiving the public static IP (goes with #4)

6. Have the 2wires had any improvements in the last year Jan 2012-present that would maybe help my issue?

 

When I completely my order yesterday they advised me that this deal was only going to be for 12 months and that normally this was going to run me 140 a month and I was getting the discounted 60 off to make it 80 a month. Do I have to worry when my 12 months is up that they won't extend the deal offered? Comcast has 27/7 @ 110 right now without promotions so wouldn't make sense.

 

Sales also checked with Tech Support to verify I wouldn't be getting a 2wire 3801 or any 2wire at all even as I expressed my troubles a year ago, after 15-20 min she confirmed I would be getting a "Motorola 3600" and that Tech Support would easily bridge it just like my Comcast is with a static IP. After searching later on I realized there is no AT&T UVerse Motorola 3600 and called support, they checked the order and I'm getting an "Internet Gateway" which is the 2wire 3600.... I know that the 3800/3801 have TV/Phone etc and the 3600 is usually internet only, will it offer me less troubles than the 3801 did to setup with my firewall or is it pretty much the same thing minus capabilities.

 

Thanks in advance.

 

 

 

Message 358 of 636 (2,106 Views)
Expert

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

HI Pentium,

To answer your questions:

1. If you're using 192.168.1.x internally behind your firewall/router, then yes, you need to change the RG's LAN to something else to avoid routing difficulties. The RG's latest firmware update no longer allows the 10.x.x.x addresses, so you'll need to change it to 192.168.2.x or something in the 172.16.x.x space.

You can connect a computer directly to the RG, let it get an address via DHCP, and log into the RG from there to change it/configure it.

2. No, DHCP cannot be disabled on the RG. But if the networks you have (the RG's LAN and your private LAN) have a layer 3 router/firewall device in between, then this is no problem because the DHCP packets will not cross a router.

3. No, in DMZPlus mode, there is no NAT. It's not a straight bridge either, because the packets are still handled by the routing code (i.e. no fast-switching or Cisco express forwarding like the Cisco would do), but there will be no NAT.

Yes, slow or erratic speeds could be because of a double NAT scenario, but it's more likely routing difficulties with two 192.168.1.x networks as I described above.

4. You can change the firewall to static if you need to, but the RG is happier if everything uses DHCP. Some firewalls will need to have inbound UDP to port 68 open from all IP addresses for DHCP renewal to occur correctly. This is due to a bug in the RG DHCP code.

5. If you set up DMZPlus correctly, the WAN interface of the firewall should get the public IP address. If it's getting a private IP, the DMZPlus mode isn't setup correctly.

6. Not really, the last firmware update removed the ability for 10.x.x.x addresses to be used on the LAN. Other than that, there hasn't been any changes to the RG firmware in a couple years.

I would verify your DMZPlus setup and your different LAN subnet assignments, and correct those problems if required. After that, perform some further speed tests and see if you're getting close to the 24/3 speed.
Message 359 of 636 (2,062 Views)
Explorer

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Thank you so much for replying. I spoke to several people today at AT&T and also the engineer that qualified my line was nice enough to make a couple of calls. Is there any reason at all for me to get a 3600 right now? I've been told that AT&T wants to use the 3801 instead because it is a dual core processor and for 24mbps speeds it runs a little faster?

 

My install tech is scheduled for 11am tomorrow and if you could recommend either the 3600 or 3801 I'd appreciate it. If they both have the same DMZplus issues then shouldn't I get the faster/newer model? Speaking with billing/sales an hour ago the nice lady says AT&T has had several meetings about this issue on not offering a true bridged modem/router and they are planning to resolve that issue because it is creating a fair amount of cancelled orders for them.

 

Will I face any issues with getting my PTR record setup for RDNS with AT&T? With Comcast 4 years ago it was pretty easy and I've had that same static IP and PTR record without having any email issues. I'm assuming that the static IP I receive from AT&T will be on a business class block where the IP won't be blacklisted on various internet lists?

 

Really hoping I don't have that issue with speed problems after going through my firewall, a year ago I finally had it working with my firewall but that was after so much time spent so I gave up not having more time to troubleshoot and just kept my Comcast for another year. If you say DMZPlus mode there is no NAT then I wouldn't have a double NAT scenario the only problem is will my firewall (Astaro) WAN interface pass the traffic in the same manner as it did with the bridged SMC from Comcast.

 

If I set the firewall WAN NIC to DHCP to receive the IP then set it to static IP, subnet mask, default gateway what's the best way to access the RG after I set it up that way? I'm assuming set my laptop to LAN IP same subnet as the RG and access it that way? I seem to recall when I set the LAN IP it had a drop down of 192.168.1.x or 10.0.x.x or 172.x.x.x as you said with new firmware 10.0.x.x no longer available so can I not choose to put the LAN IP as 192.168.2.254 for the RG? Also setting the LAN IP of the RG should have nothing to do with the static public IP of the DMZPlus should it?

 

Thanks

Message 360 of 636 (2,052 Views)