03-16-2011 8:18 AM - edited 03-16-2011 8:59 AM
I am having trouble properly configuring this AT&T 2Wire 3600HGV modem for my network. Maybe someone is aware of a different firmware for this product?
I am completely aware of how to setup the DMZ mode & router behind router setup in these boxes but that is NOT the point. (We have supported firewalled networked equipment working that has all the bells & whistles including QoS)
In the event of a factory reset of the AT&T 2Wire VDSL modem at this business, I want to properly insure the following business requirements are met:
- DHCP - OFF (at min, it appears you must leave one available?)
- WiFi - OFF (Yes this can be turned off, but bridging it always insured it was turned off in the past. ON is a security concern among just bad business i.e. conflict with other business WiFi, employees might see/use this non-content filtered WiFi, etc etc)
- & passing off internet service needs to be easy to another networked supported OUTSIDE of AT&T firewall. (I'm NOT asking for AT&T support on this, but in the bridge DSL world, this was EASY)
- if bridging this 2Wire is NOT an option, backing up the configuration settings would be a nice alternative but that is not available as well?
Bridging the old DSL modems always worked nicely but the 2Wire 3XXXHGV line appears to be the ONLY ones to support the AT&T VDSL Max Turbo speeds. 24Mbps down / 3 Mbps up which we use not only for normal business operations (credit cards, business email, web based training, etc) but this high speed is required to view onsite security video (3Mbps up) and offer customers FAST free WiFi!
AT&T U-Verse offers the right price, contract, speed, internet package & installers to properly handle our resturant locations company's data needs but I'm struggling with the their "business" support of this 2Wire VDSL modem product. We ONLY use the internet, no TV (not legally available for restaurants, yet). No Voip because POTS is our reliable backup. So it's just the internet service ...
For coverage on AT&T Uverse, we have over 50 locations lit up like a Christmas tree but sadly business support on this product is driving me nutz! Maybe because I now see this is listed under "Residential Gateway"? Is this AT&T 2Wire VDSL modem product not meant for business? Is anyone aware of another supported AT&T VDSL modem or a different 2Wire firmware available? Official AT&T support has me running in circles (AT&T U-verse support > AT&T Connecttech > AT&T Connecttech360 > AT&T U-verse support, rinse, repeat)
Solved by: Go to Solution.
03-16-2011 6:52 PM
There is no true bridge mode on the 2Wire routers. However, you can still configure it such that almost all functions of your own router will work properly.
1. Set your router's WAN interface to get an IP address via DHCP. This is required at first so that the 2Wire recognizes your router.
2. Plug your router's WAN interface to one of the 2Wire's LAN interfaces.
3. Restart your router, let it get an IP address via DHCP.
4. Log into the 2Wire router's interface. Go to Settings -> Firewall -> Applications, Pinholes, and DMZ
5. Select your router under section (1).
6. Click the DMZPlus button under section (2).
7. Click the Save button.
8. Restart your router, when it gets an address via DHCP again, it will be the public outside IP address. At this point, you can leave your router in DHCP mode (make sure the firewall on your router allows the DHCP renewal packets, which will occur every 10 minutes), or you can change your router's IP address assignment on the WAN interface to static, and use the same settings it received via DHCP.
9. On the 2Wire router, go to Settings -> Firewall -> Advanced Configuration
10. Uncheck the following: Stealth Mode, Block Ping, Strict UDP Session Control.
11. Check everything under Outbound Protocol Control except NetBIOS.
12. Uncheck NetBIOS under Inbound Protocol Control.
13. Uncheck all the Attack Detection checkboxes (7 of them).
14. Click Save.
Your router should now be able to route as if the 2Wire was a straight bridge, for the most part.
Inbound port 22 might be blocked, and inbound ports 8000-8015 might also be blocked, and there's nothing that can be done about it.
This is how I have my 2Wire configured, and I have a Cisco 2811 behind it doing IPSec, IPv6 tunnels, etc.
02-14-2013 10:24 AM - edited 02-14-2013 10:47 AM
One last questrion, do I need to keep my RG's wireless signal on in order for the wireless and wired STB to function? Or can I turn it off and hook up the ATT wireless access box which came with the wireless STB into one of the ports on my WD router? Thanks in advance!
I performed step #2 and everthing seems to be working fine...fingers crossed. My bedroom Dropcam is connected wirelessly to the WD router and seems to be steaming ok. My garage Dropcam is connected to my Linksys ddWRT setup as a repeater bridge.
So now it appears my setup consists of 3 separate "networks" - one in the garage, one from the WD router, one from RG.
02-14-2013 10:24 AM
Read through the 13 pages of this thread, really great stuff. However, my setup is a little different than what I've read so far so I'd like some input on what I've done.
Before getting Uverse, my hardware was:
dual WAN router: a Peplink Balance 210 router (no built-in wireless):
- small side story: I initially ordered the Peplink Balance 20 and Peplink screwed up my initial order. To make up for their screw-up, they sent me a Balance 210 instead which I was totally fine with.
D-Link DIR-655 Wireless N Gigabit Router (setup as a wireless access point)
Motorola SB6120 SURFboard DOCSIS 3.0 Cable Modem (for Comcast Internet Performance package, 20Mbps down, 4Mbps up)
Motorola Netopia 2210-02 ADSL2+ Gateway modem (for AT&T DSL Internet FastAccess DSL Direct 6.0M package, 6Mbps down, 1.5Mbps up)
RingCentral Polycom IP 335 2-line SIP phone
and a multitude of other devices such as desktops, laptops, switches, security and home automation systems, game consoles, HDHomeRun TV tuners, smartphones, tablets, and other various devices that need occasional Internet access. Upwards of 30 devices have access to my local network. My entire house is wired CAT6 with at least one wired drop in every room. Wireless is really only used for casual Internet surfing from smartphones and tablets and the occasional laptop out on the patio.
I work from a home office along with my wife and we need virtually 100% Internet uptime. In my area, Comcast residential Internet is actually very solid, but still has infrequent drops throughout the year, hence the dual WAN router and two Internet connections. With over two years of this setup, I never once was without Internet.
The network hardware for this was pretty easy to setup even though I don't have a background in IT. I had Comcast on Peplink WAN1 with DHCP and AT&T DSL on Peplink WAN2 with PPPoE. I had the D-Link wireless router going from D-Link LAN1 to Peplink LAN1. I had the D-link setup as a wireless access point with DHCP turned off and setup with a static IP in the D-Link Admin. Everything load balanced properly between the Comcast and AT&T DSL connections and wireless mostly worked properly (just intermittent connection drops in the wireless connection for some reason that I've never been able to figure out).
About six months ago, I canceled all AT&T services including DSL to save a little money, but mostly because I was upset with some additional charges on my AT&T cellphone bill (long story). Recently Comcast Internet has become a little unstable because of upgrades going on in my area so I decided to get DSL again. However, AT&T informed me that there were no longer any free "DSL slots" in my area and if I wanted Internet from AT&T, I would have to get Uverse so I did.
I got the Uverse Max package with self-install, 12 Mbps down, 1.5Mbps up. The self-install kit arrived with an AT&T branded 2Wire 3600HGV router. I did some initial research and came across this thread which was great, especially the steps by SomeJoe7777 in post #2:
After reviewing these steps, I thought perhaps that some of those listed may not apply to me in the same way because of the Peplink dual WAN router I was using. My first steps were:
- I plugged the 3600HGV directly into a laptop to register and configure. Everything worked properly and the laptop had Internet connection in less than 20 minutes.
- I then went to the 3600HGV admin at 192.168.1.254 to Settings > LAN > Wireless and disabled wireless since I would be using the D-Link DIR-655 for wireless.
- then to Settings > Firewall > Advanced Configuration and unchecked the boxes indicated in steps 9 thru 14 in post #2 by SomeJoe7777.
- Hoping it would just "work", I made no other changes and unplugged from the laptop and plugged the 3600HGV into WAN2 on the Peplink router.
I setup WAN2 on the Peplink as DHCP, enabled WAN2 and waited to see what would happen. Unfortunately, WAN2 picked up the internal IP address and gateway of the 3600HGV (192.168.x.x addresses) so I knew I had to try something different. I plugged the 3600HGV back into the laptop and went to Settings > LAN > DHCP and changed the "DHCP Network Range" from "192.168.1.0 / 255.255.255.0" to "172.16.0.0 / 255.255.0.0" and clicked the SAVE button. I guess this would be like post #7 suggested:
Once the 3600HGV rebooted, I made note of the IP address, subnet mask, default gateway, and DNS server IPs under Settings > Broadband > Status > Internet Details. After this, I unplugged from the laptop and re-plugged back into WAN2 on the Peplink.
In the Peplink admin, I went to Network > WAN2 and changed the "Connection Method" from "DHCP" to "Static IP". I then went to the "Static IP Settings" section and entered the "IP Address", "Subnet Mask", "Default Gateway", and "DNS Servers" numbers I had gotten from the 3600HGV's "Internet Details" section, clicked the SAVE button, then "Apply Changes" and the Peplink Balance 210 router refreshed the WAN2 connection (WAN1 never dropped during these changes which was great).
After the refresh, both WANs in the Peplink admin showed as connected and both showed outside IPs which seemed encouraging. I successfully connected to the Internet with several devices including my main desktop, a laptop, my smartphone, the SIP phone, and even a game console. As another test, I disconnected WAN1 (the Comcast connection) to see if everything would switch over to WAN2 (the Uverse connection) and that worked as well.
I reconnected WAN1 so both connections were available and then tested about 10 devices in the house to have a bunch of connections going at the same time. I then went to the Peplink admin, Status > Active Sessions to see if the Peplink was load balancing between WAN1 and WAN2 and the "Outbound" section showed devices on both WAN1 and WAN2. So everything seems to be functioning properly as far as I can tell (again, completely lacking any IT background, I'm a web designer and developer by trade). As a side note, to connect to the Uverse admin, I have to go to http://172.16.0.1/.
So my questions are:
1. Since everything seems to be working properly, is it ok that I deviated from the 14 steps in post #2 because of the advanced nature of the Peplink dual WAN router? Have I overlooked something that will cause me issues in the future?
2. Also, does anyone think that I should still go to the 3600HGV admin and go to Settings > Firewall > Applications, Pinholes and DMZ > 1) Select a computer, and set the Peplink to "Allow all applications (DMZplus mode)". I guess this would be steps 4 thru 7 in post #2.
Since everything seems to be functioning properly over a 12 hour period with no connection drops, I'm probably not going to make any other changes unless someone here sees any issues with my setup or thinks there are ways to improve it. Again, thanks to SomeJoe7777 and everyone else for all the information.
02-14-2013 4:08 PM
02-14-2013 4:23 PM - edited 02-14-2013 4:24 PM
That Peplink is a nice unit.
I do think you still need to go into the 2Wire and designate the Peplink WAN2 port as the DMZPlus device. That way it will be sure to be recognized by the 2Wire as always needing the outside IP address. If you don't do this, the 2Wire will be expecting the Peplink WAN2 port to be in the 172.16.x.x subnet, and will be confused when the WAN2 port presents itself as the registered outside IP.
Furthermore, you won't be able to inbound load balance at all unless you do this, because the 2Wire won't have any NAT port translation entries for services/servers behind the Peplink.
Once you do that, reboot the Peplink and you should be good.
02-14-2013 9:11 PM
thanks for the help. I set it to DMZPlus as you suggested. I went back and re-read the 14 steps in post #2 and decided to set WAN2 to DHCP in the Peplink admin to see what would happen. When I did, the connection still works. However, I noticed the DNS Server for WAN2 in the Peplink admin is now 172.16.0.1 not 184.108.40.206 and 220.127.116.11.
1. Should I just manually enter the the DNS server IPs for WAN2 or should I leave it as 172.16.0.1 in the Peplink admin?
2. Or, should I just switch back to static IP for WAN2 and just enter everything manually? Is one way better than the other in my case?
thanks again for your help.
02-15-2013 6:23 AM
02-20-2013 1:15 PM
More than half a year ago I went with powerline adapters and ended up scrapping the whole idea because performance was abysmal and the fact that it became a pain because I can't add a static route on the residential gateway. I went ahead and collapsed it all back down to just the residential gateway.
Now I am wanting to set up my own DNS server/domain on the network and a pain point with this is that I cannot specify the DNS servers to use when giving out DHCP leases. My thoughts are to use a third party router to provide DHCP to the entire network AND have it on the same subnet as the residental gateway.
Heres my idea:
1. Reduce the DHCP scope size on the residential gateway to only give out one IP address, 192.168.1.10
2. Plug in the third party router with the WAN router's port getting the single DHCP lease in the residential gateway's DHCP scope.
3. Turn on DHCP server on the router and use that to serve DHCP to the entire network (scope would start at 192.168.1.11).
Anything glaringly wrong with this? Anyone have any opinions?
02-22-2013 9:41 AM
Fantastic info here. Your patience is astounding!! If this question has already been answered, I apologize...
First of all, I have U-verse TV, phone and internet service. I will be setting up an AirPort Extreme as the router for my PCs and mobile devices. I see when configuing my RG, that a pinhole has aleady been set for a Cisco device. I can only assume this is for the Cisco branded DVR that ATT has supplied. It is on port 43 and has already been "mapped" to an outside ip address.
My question is, will setting up DMZplus with MY router interfere with any of the set top boxes on the RG's inside network (192.168.1.254)? I was under the assumption that there was only one outside static IP that ATT supplies for a residential setup.
Thanks in advance,
02-22-2013 1:04 PM
02-22-2013 1:44 PM - edited 02-22-2013 2:11 PM
If you set up router-behind-router, your router (your Asus) will have full control of QOS within the limits of the Internet package that you've purchased.
So do I have to do everything you described in post #2 or just plug the Asus into the RG, turn on router behind router detection and turn off wireless in the RG, and everything would be good to go? This was my original post from way back in August. I know, I'm late to the party haha. *EDIT* Would router behind router detection allow the RG to detect it, or is it just for a notification?
I tried searching for the answer, but either it was beyond my understanding or I just could not find the information.
I have a 3801HGV and I am looking to "bridge" it to an Asus RT-N56U dual band router. Obviously, it will not be a full bridge, but close enough (according to what I have read). My question is, will the new router have control of the traffic shaping or will that still be under the 2wire gateway? I am not knowledgable enough with wireless/internet terms and uses to know if this will work, but it was my understanding that QoS from the Asus would be superior to what is used on the 2wire. Would this be true or should I just use the Asus as an access point for the dual band frequencies?
My main applications are gaming, watching HD videos, and sometimes torrenting.
02-22-2013 5:30 PM
Ok, got my Asus RT-N56U working with my 3801HGV. Plugged it into an ethernet port on the RG and did the automatic setup for the Asus. Everything is working now for both 2.4Ghz and 5Ghz. One question though, when I enable the QoS on the Asus, it has 4 preset services, Websurf (Port 80), HTTPS (Port 443), File Transfer (Port 80), File Transfer (Port 443). Do those ports have to be opened on the 2Wire RG or is it just through this router? Also, I have the wireless TV receivers, and the Cisco AP for them is set to port 443 on the 2Wire RG, will this conflic with the Asus QoS?
Any other tips or tricks I can do to optimize my setup? Thanks for the help so far.
02-23-2013 1:05 PM - edited 02-23-2013 1:06 PM
If the DMZPlus mode is turned on in the AT&T RG for your Asus router, then no, you do not have to open any ports on the AT&T RG. You only need to open them on the Asus.
See the message right above yours (http://forums.att.com/t5/Residential-Gateway/U-verse-for-BUSINESS-2Wire-3600HGV-bridge-mode-or-anoth...) for the explanation of the AT&T wireless receiver for the wireless TV set-top boxes. Basically, yes, it steals port 443 and renders your router unable to use it. If you need INBOUND connections on port 443 (not outbound) because you're running your own HTTPS server, and you want to keep the wireless STBs, then you have to buy static IPs to work-around this restriction.
03-10-2013 1:56 AM
I'm thinking of getting another 3801 HGV (for a total of 2 in my house). My thought is that they could talk to one another over the coax line via HPNA, and both would be able to serve LAN clients and wireless clients, ALL on the same subnet.
The point is I wouldn't have to get an HPNA Coax to ethernet adapter, and it would also effectively extend my wireless range (both on the same SSID as well).
is this possible?
How would I setup the networking and settings on both?
03-10-2013 8:08 AM
03-13-2013 8:18 AM
I found this post purely by accident when I began having DMZ issues with my 2Wire router. Sparing all the boring details, I will get right to my question.
I too have been having the 10 minute timeout issue. I read the thread and there seems to be 2 options.
Assign IP as Static which I have done and it appears to have worked.
Forward from port 67 to port 68 on my firewall.
My setup is as follows:
All is set up as described in post #2. My issue is that I cant figure out WHERE to forward ports 67-68 on my LAN. Tried my router IP/gateway(192.168.2.1) which made perfect sense, but the setup won't even allow me to save it. FAIL. Then I tried my PC's LAN IP, which, predictably failed as well.
So I have sucessfully set it up as static, and I know that AT&T rarely changes your WAN IP so its really not a big deal except that I travel regularly for my job, and if the IP gets changed while I am away, my internet will be down for the duration of my absence which will definitely raise the ire of the Missus. LOL.
Any assistance as to WHERE I can route the renewal packets would be greatly appreciated.
Welcome to the internet boards! Check out our troubleshooting articles below and don’t forget to search the forums - your question may have been answered already!
Service acting up? Click here to troubleshoot now!
For DSL related issues. We highly recommend chatting with our teams to address this as quickly as possible.