Treo600user's profile

Teacher

 • 

3 Messages

Wednesday, March 16th, 2011 3:18 PM

U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

I am having trouble properly configuring this AT&T 2Wire 3600HGV modem for my network. Maybe someone is aware of a different firmware for this product?

 

I am completely aware of how to setup the DMZ mode & router behind router setup in these boxes but that is NOT the point. (We have supported firewalled networked equipment working that has all the bells & whistles including QoS)

 

In the event of a factory reset of the AT&T 2Wire VDSL modem at this business, I want to properly insure the following business requirements are met:

- DHCP - OFF (at min, it appears you must leave one available?)

- WiFi - OFF (Yes this can be turned off, but bridging it always insured it was turned off in the past. ON is a security concern among just bad business i.e. conflict with other business WiFi, employees might see/use this non-content filtered WiFi, etc etc)

- & passing off internet service needs to be easy to another networked supported OUTSIDE of AT&T firewall. (I'm NOT asking for AT&T support on this, but in the bridge DSL world, this was EASY)

- if bridging this 2Wire is NOT an option, backing up the configuration settings would be a nice alternative but that is not available as well?

 

Bridging the old DSL modems always worked nicely but the 2Wire 3XXXHGV line appears to be the ONLY ones to support the AT&T VDSL Max Turbo speeds. 24Mbps down / 3 Mbps up which we use not only for normal business operations (credit cards, business email, web based training, etc) but this high speed is required to view onsite security video (3Mbps up) and offer customers FAST free WiFi!

 

AT&T U-Verse offers the right price, contract, speed, internet package & installers to properly handle our resturant locations company's data needs but I'm struggling with the their "business" support of this 2Wire VDSL modem product. We ONLY use the internet, no TV (not legally available for restaurants, yet). No Voip because POTS is our reliable backup. So it's just the internet service ...

 

For coverage on AT&T Uverse, we have over 50 locations lit up like a Christmas tree but sadly business support on this product is driving me nutz! Maybe because I now see this is listed under "Residential Gateway"? Is this AT&T 2Wire VDSL modem product not meant for business? Is anyone aware of another supported AT&T VDSL modem or a different 2Wire firmware available? Official AT&T support has me running in circles (AT&T U-verse support > AT&T Connecttech > AT&T Connecttech360 > AT&T U-verse support, rinse, repeat)  

 

help?

Expert

 • 

9.4K Messages

11 years ago

If you set your AE to use a static IP instead of DHCP, then yes, you will have to set the DNS server and domain manually.

You can use AT&T's DNS servers if you want:

68.94.156.1
68.94.157.1

Or you can use a 3rd-party DNS provider like OpenDNS:

208.67.222.222
208.67.220.220

Or Google:

8.8.8.8
8.8.4.4

For the domain name, it really doesn't matter, but you can put in att.net.

Explorer

 • 

15 Messages

11 years ago

Setup the 3801 exactly the same way it was connected to my laptop for testing. Experiencing the same issue as I did a year ago. My speedtests are erratic. All day yesterday I tested 22-23mbps all over with 2.8-2.9. Now I get 14mbps and 2.4mbps and the tests are erratic and often never the same even to the same servers. Just tested now and got 5.07mbps and 2.7mbps something seriously wrong. 3801 has been reset so has my Astaro. However if I plug my laptop in and obtain a 192.168.2.x IP and test it is full speed.

 

Same server from laptop on LAN IP just tested @ 23.03mbps / 2.91mbps ping 25

Going through my Astaro Firewall WAN IP tested @ 10.36mbps / 2.89mbps ping 32

 

Any ideas why this is happening would be greatly appreciated.

 

When I try to trace route places hop 3-13 time out when going through the Astaro firewall then hop 14-30 just keep repeating same ping reply but only first 2 replies 3rd always times out.

 

When I connect laptop to the DHCP Port 2 of the RG it trace routes just fine with no time outs.

 

This seems troubling as well.... Something is going on in this RG that the Astaro routing doesn't like... Feels like it has to do with something on this other "sticky IP" that starts with public IP 108.233.x.x (the RG is 192.168.2.254)

 

Tracing route to 192.168.2.254 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.1.17
  2    <1 ms    <1 ms     *     192.168.2.254
  3    <1 ms    <1 ms     *     192.168.2.254
  4    <1 ms    <1 ms     *     192.168.2.254
  5    <1 ms    <1 ms     *     192.168.2.254
  6    <1 ms    <1 ms     *     192.168.2.254
  7    <1 ms    <1 ms     *     192.168.2.254
  8    <1 ms    <1 ms     *     192.168.2.254
  9    <1 ms    <1 ms     *     192.168.2.254
 10    <1 ms    <1 ms     *     192.168.2.254
 11     1 ms    <1 ms     *     192.168.2.254
 12    <1 ms    <1 ms     *     192.168.2.254
 13    <1 ms    <1 ms  ^C

 

Update: any IP address trace route past the WAN IP of the firewall's NIC replies first 2 as seen above then 3rd is always * when it reaches its destination it repeats until it reaches max of 30 hops.

 

The only IPs I can successfully trace route are before it leaves the WAN NIC of the firewall, internal machines etc. This likely has to do with why my speed tests are very erratic data is not passing through properly.

Explorer

 • 

15 Messages

11 years ago

I think I have resolved this issue with my Astaro in ESXi Vmware. I thought it was many things including virtual nics vswitch etc.

 

Turns out the erratic speeds and pings and behavor stemmed from a packet filter rule on my internal interface to the outside. Instead of having the rule as Internal > any > Internet IPV4, I had and still was using a rule that was Internal > Any > External WAN....

 

This type of setup was from many many years of using Astaro any worked perfectly fine with any normal bridged router or modem that provided a static IP and default gateway. However, most of you reading this are aware the RG is far from "normal" it behaves differently because of the need for TV and Phone. Having been through more hours than I can think of this weekend I now know the reasoning behind the need for this gateway as a defense for AT&T at least. Hopefully they'll get one option for business internet only someday.

 

In the end it took me loading the new Sophos (which is Astaro) UTM V9 installation fresh as a new VM going through basic configuration by default it added the NAT Masquerading then I watched a youtube video of someone that spent about 15 minutes showing the installation of an older version V8 and when he created his "packet filter rule" which is now called "firewall" he pointed all internal traffic to a different destination as mentioned above instead of the physical WAN.

 

I am now pinging, trace routing, and speed testing the same as my laptop that is connected directly to the RG on DHCP. FYI through some research I found that trace routes are hit and miss when you are behind the RG as a static IP still not working exactly right. However I can trace route to my "sticky IP" and to the gateway of my "sticky IP" they begin with 108.233 and are similar I think to a serial IP on a T1.

 

AT&T had my PTR record for reverse DNS setup in less than 24 hours (not sure exactly when it was) but it could have been as early as 8 hours from when I requested it (they say it can be up to 48 hours) now I just need to change my MX record in my DNS and I'm all set. They opened port 25 for me in a few clicks. I might have slightly higher pings than I had with comcast but STABILITY factory is much higher when I run pingtest and voip testing I get 98-99% vs comcast 85-95% stable and jitter is better as well. Overall very stable connection.

 

Update: a few minutes later after walking away and returning to my desk I tested some more and like a lie detector test my speedtest.net got 4mbps down with huge spikes and valleys showing issues during the test. Different server 5.87mbps, at my wits end with this nonsense. Meanwhile my laptop that's testing connected directly to the RG using its NAT gets perfect tests from any server everytime.

Explorer

 • 

15 Messages

11 years ago

Using laptop as a physical NIC and I created a new VM of Win7 64bit install I was able to test the problem further. It is NOT present on the laptop as a static IP route 172.9.x.x and in the VM Win7 session with virtual nic and virtual mac the testing and trace routing are about the same. Still have a lot of * * * time outs though when going through the static IP DMZplus vs if a machine is connected to the LAN DHCP with the "sticky IP" as WAN (trace routes usually almost the entire route)

 

So I am now going to work with Astaro engineering as they can logon remotely and assess what is happening to the traffic and why it is behaving erratically. Simple solution would be for me to just hook up an old dlink NAT router but I have mail scanning, IPS etc on the Astaro/Sophos product and been using it for a long time.

 

I know it must have something to do with the way this RG does this Static IP routing to Sticky IP and perhaps they have a solution with some kind of DNAT/SNAT or masquerading. Late last night I changed to my Static IP for Comcast SMC and instantly was online so wish this RG would just bridge and bypass all this residential stuff. Comcast annoyed me enough though with billing that I am hopeful I can get this troubleshot and resolved for myself and others that run into this issue.

Explorer

 • 

15 Messages

11 years ago

After finding out what I believe to be the solution to this issue it seems this resolution will apply to a very very limited number of people.

 

First of all in a way I would have never found out about the issue without the RG being what it is, somehow the way it routes the packets affected my situation because it was not observed from any bridged router.

 

After a lot of hours was a blurb from one forum about vnic drivers in vmware reference http://www.astaro.org/gateway-products/management-networking-logging-reporting/45400-astaro-esxi-vm-best-network-setup.html

Someone made a comment in response to another's post where he had erratic speed issues on AT&T Uverse his solution though was HTTP filtering enabled on his Astaro/Sophos configuration however my HTTP filtering was turned off.

 

Often times it seems by default many VMs use what's called a "Flexible" vnic adapter reference http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1001805

 

In my case with Linux (Astaro/Sophos) it was utilizing the vlance adapter which is quite older and likely not jumbo frames etc. even though it indicated it was linked at 1000mbps LAN and 100mbps WAN the vlance vnic adapter says 10mbps throughput. Not sure this is quite accurate since on my comcast I was getting 52mbps down and 12mbps up for 2 years on the same installation.

 

Be that as it may I needed to change the default OVF template and made Astaro/Sophos engineer aware that the installation guide to use the OVF should be changed as he agreed the flexible adapter is not really a good idea. I changed to E1000 adapter based on Intel Gigabit NIC and it ran almost identical to my laptop. After some time of testing I decided to change the "Guest operating system" of the install to Suse Linux Enterprise v10 64-bit which was required to utilize the VMXNET 3 adapter a 10 Gbps adapter and it is next generation highest performing. Speed tests indicate I'm getting same performance as my laptop now that's directly connected to the RG.

 

TL;DR - This won't apply to people running current gen hardware based routers or people running linux based that utilize a standalone machine (microATX etc) as the NIC drivers will not use a vnic. Anyone using Vmware should definately check and NOT use the Flexible adapter. My Server 2003 was using Flexible for no reason, changed to VMXNET 3 or you should at least change to E1000 or E1000e or VMXNET 2 (Enhanced) as it supports jumbo frames.

 

I'll come back to this thread in a couple weeks and hopefully report my happiness. Here is a link to an older DSL basic guideline of establishing a good sync which applies to AT&T UVerse if you are on VDSL SN Margin (DSL) = Noise Margin (VDSL) Line Attenuation = Attenuation http://www.dslreports.com/faq/16220

 

Just took a speed test 24mbps/3mbps Uverse FTTN

 

2454189665.png

1 Attachment

Explorer

 • 

9 Messages

11 years ago

I’m stumped.  I’ve had my 3800HGV-B configured exactly as described by SomeJoe7777 in message 2 of this 377 message thread.  For the last 9 months everything worked perfectly - until yesterday.

 

AT&T is having major network difficulties in the entire southeast (I’m in Florida).  Yesterday, my RG rebooted by itself and the WAN IP changed (it never changed before, for years, but no big deal).

 

All my 25+ devices are behind my Router (D-link DIR-655) and all seemed to be working after the reboot except my two VOIP phone adaptors (Ooma) which worked flawlessly for over 3 years on Uverse and DSL.

 

I could not make outbound calls to any numbers, even other Ooma VOIP numbers.  I hear no ringing and eventually get a fast busy.  Inbound calls ring and the Caller ID is correct, but when I answer, I get dead air and the caller still hears ringing.  It seemed some of the VOIP traffic is blocked but not the signaling.

 

I discovered that I could make my VOIP work by simply turning on the RG Firewall (by checking “Maximum Protection”, which automatically un-checks “Allow all applications DMZplus mode”) followed by doing a release/renew on my Router to get the new IP address.

 

Likewise I could return my VOIP to the failed state by turning off the Firewall by re-checking “DMZplus” and doing a release/renew on my Router.

 

This works, but seems totally backwards – Turning off the Firewall blocks traffic????    I can’t help but suspect that AT&T may have upgraded their network gear and caused this.  But I've searched and haven't seen any others with this problem, yet.

 

Rebooting of everything didn’t help and I even hit the Reset Button on the RG and did a fresh reconfigure, but that didn’t help.

 

My temporary work-around is to leave the RG Firewall on, but I want to turn it off because of the many devices that I have forwarded ports to (Slingbox, Cameras etc) and I don't want to have to open ports in both the RG and the Router.  I also only spend part-time at this house and my Router has good secure remote configuration capability and the RG doesn't.

 

Any help would be greatly appreciated.

Explorer

 • 

15 Messages

11 years ago

You should be running Static IP with user defined supplimentary networks, located in Broadband > Status then scroll down after Internet Details it shows Public Networks and User Defined Supplemental Networks should be Status Enabled Router Address then subnet mask.

 

If you aren't configured like this then you are using the "sticky IP" which is best described like a serial IP of a T1 etc. This is not guaranteed to stay the same as it is a DHCP on a Class B with 1024 IPs. AT&T made it clear with me last week that they won't troubleshoot issues with internal servers behind the RG such as mail or web and they won't setup PTR or DNS records unless an account has a static IP which makes sense.


Not sure if this is related at all and perhaps you were just getting away with the sticky ip as a static until it changed.

Explorer

 • 

9 Messages

11 years ago

Thanks for the reply.

 

I don’t pay for a Static IP because I really don’t care if the IP address changes. My Router has a free dyn.com client that works fine, so I can reach my house from anywhere, even if the IP address changes. I also use the same Router at my other house, with DSL, and it works well with a regularly changing IP address.  My VOIP also doesn’t need a fixed IP address - it normally will work from anywhere.

 

My problem is how to “dumb down” the RG so my Router does all the work, like the DMZplus used to do - until yesterday!

 

The “Supplemental Network” that you describe is on my RG under “Broadband/Link Configuration” and not under “Broadband/Status”.

 

Question - Instead of using DMZplus as SomeJoe7777 described, can I use that “Supplemental Network” section to make my RG a “dumb” modem even if I don’t pay for a Static IP?

Explorer

 • 

15 Messages

11 years ago

I believe you would only use the supplemental network with static IP assignment. The difference in location is probably because I'm using the 3801HGV. I'm going on 2 days now of testing and decided a few hours ago to change my MX record and my mail is flowing perfectly.

 

Since yours worked for so long it is very hard to recommend any changes. You could possibly try to get static IP assignment and utilize the supplementary networks which would make your RG on a static ip and the WAN interface of your router another static IP and wouldn't be the "sticky IP" that can change.

 

The only thing I can think of if all things are equal is that the sticky ip isn't bypassing the nat/firewall anymore like it used to? Sorry I don't have many more suggestions I'm pretty new to using this 2wire RG and gave up a year ago on it when I had issues.

Explorer

 • 

9 Messages

11 years ago

For anyone that may stumble upon this thread with a similar problem to mine - It is now solved or, maybe I should say "understood".

 

The UDP-type tunnels to my Ooma VOIP adaptors stopped working after the big recent Uverse outage. This may be due to the MTU being knocked down to 576 or something else.

 

Ooma reconfigured me to a different type of VPN tunnel and both my phone adaptors are now running normally (with my Uverse Firewall set the way I want it - OFF - in what AT&T calls "DMZplus mode").

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.