U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

I am having trouble properly configuring this AT&T 2Wire 3600HGV modem for my network. Maybe someone is aware of a different firmware for this product?


I am completely aware of how to setup the DMZ mode & router behind router setup in these boxes but that is NOT the point. (We have supported firewalled networked equipment working that has all the bells & whistles including QoS)


In the event of a factory reset of the AT&T 2Wire VDSL modem at this business, I want to properly insure the following business requirements are met:

- DHCP - OFF (at min, it appears you must leave one available?)

- WiFi - OFF (Yes this can be turned off, but bridging it always insured it was turned off in the past. ON is a security concern among just bad business i.e. conflict with other business WiFi, employees might see/use this non-content filtered WiFi, etc etc)

- & passing off internet service needs to be easy to another networked supported OUTSIDE of AT&T firewall. (I'm NOT asking for AT&T support on this, but in the bridge DSL world, this was EASY)

- if bridging this 2Wire is NOT an option, backing up the configuration settings would be a nice alternative but that is not available as well?


Bridging the old DSL modems always worked nicely but the 2Wire 3XXXHGV line appears to be the ONLY ones to support the AT&T VDSL Max Turbo speeds. 24Mbps down / 3 Mbps up which we use not only for normal business operations (credit cards, business email, web based training, etc) but this high speed is required to view onsite security video (3Mbps up) and offer customers FAST free WiFi!


AT&T U-Verse offers the right price, contract, speed, internet package & installers to properly handle our resturant locations company's data needs but I'm struggling with the their "business" support of this 2Wire VDSL modem product. We ONLY use the internet, no TV (not legally available for restaurants, yet). No Voip because POTS is our reliable backup. So it's just the internet service ...


For coverage on AT&T Uverse, we have over 50 locations lit up like a Christmas tree but sadly business support on this product is driving me nutz! Maybe because I now see this is listed under "Residential Gateway"? Is this AT&T 2Wire VDSL modem product not meant for business? Is anyone aware of another supported AT&T VDSL modem or a different 2Wire firmware available? Official AT&T support has me running in circles (AT&T U-verse support > AT&T Connecttech > AT&T Connecttech360 > AT&T U-verse support, rinse, repeat)  



Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

There is no true bridge mode on the 2Wire routers.  However, you can still configure it such that almost all functions of your own router will work properly.


1. Set your router's WAN interface to get an IP address via DHCP.  This is required at first so that the 2Wire recognizes your router.

2. Plug your router's WAN interface to one of the 2Wire's LAN interfaces.

3. Restart your router, let it get an IP address via DHCP.

4. Log into the 2Wire router's interface.  Go to Settings -> Firewall -> Applications, Pinholes, and DMZ

5. Select your router under section (1).

6. Click the DMZPlus button under section (2).

7. Click the Save button.

8. Restart your router, when it gets an address via DHCP again, it will be the public outside IP address.  At this point, you can leave your router in DHCP mode (make sure the firewall on your router allows the DHCP renewal packets, which will occur every 10 minutes), or you can change your router's IP address assignment on the WAN interface to static, and use the same settings it received via DHCP.

9. On the 2Wire router, go to Settings -> Firewall -> Advanced Configuration

10. Uncheck the following: Stealth Mode, Block Ping, Strict UDP Session Control.

11. Check everything under Outbound Protocol Control except NetBIOS.

12. Uncheck NetBIOS under Inbound Protocol Control.

13. Uncheck all the Attack Detection checkboxes (7 of them).

14. Click Save.


Your router should now be able to route as if the 2Wire was a straight bridge, for the most part.


Inbound port 22 might be blocked, and inbound ports 8000-8015 might also be blocked, and there's nothing that can be done about it.


This is how I have my 2Wire configured, and I have a Cisco 2811 behind it doing IPSec, IPv6 tunnels, etc.


Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Hi drumrguy,

Unfortunately, setting up your own router as directed in this thread will only work for computers and other Internet devices. It will not work for the TV boxes -- those must be connected directly to the RG.

The TV boxes receive the IPTV signal using a combination of unicast and multicast packets. When you first tune to a channel, the stream is unicast. After about 20-30 seconds, the TV box joins the multicast stream seamlessly.

However, consumer routers (and even most professional routers) are not set up to route multicast traffic, nor can your Asus be configured to do so. So what happens is that the STB begins displaying the channel, but the channel freezes as soon as the box attempts to shift to the multicast stream, because the multicast stream won't go through your Asus.

You will have to either run an Ethernet cable separately for the TV box, or if the wiring is such that only the computer network (off your Asus) is coming to the TV box's location, you can also solve this problem with VLANs, but you will have to purchase at least 2 VLAN-capable switches (least expensive models that will work with U-Verse are $70-$90 each).
Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Joe, thanks for the great instructions. I purchased a new wireless router (TP-LINK TL-WDR3500 Wireless N600 Dual Band) to get better signal and speed in my house with 5 PCs on LAN and a few devices on wifi. It does actually work very well even in areas of my house that the 2Wire barely reached. Initially I followed your post 13 only using the wireless features of the TP-Link. I had one issue with wireless dropping out once in a while on the 2.4GHz while the 5GHz kept working nonestop. Couldn't figure out the problem and went as far as resetting both the 2Wire router and the TP-Link. It wasn't too bad and every other day or so I had to reboot the TP-Link to get the 2.4GHz working again.

I then decided to follow your instructions from post 2. I got everything working after I gave the TP-Link a static IP. No more issues with wireless dropping (knock on wood). It's nice to have everything under one router and bypassing the 2Wire. I have one issue remaining and I am hoping you may have an answer. I have a Server 2012 Essentials running for backups and media streaming. The client PCs have been deployed with skipping domain setup (trick found at Paul Thurrot's site). Almost everything works between clients and server (backup, media,  shared folders, dashboard), except "Anywhere Access" (remote web access) which allows the connection to the server and its clients from "anywhere" via a domain name.

The server is directly hooked up to the TP-Link and uses the same IP range as everything else. Remote Access worked fine when everything was running through the 2Wire alone. When I try to set this up with the TP-Link behind the 2Wire I get an error that the server is blocked. The wizard set port forwarding on the TP-Link router correctly (443 and 80) for this to work and I see the entries. The wizard is smart enough to suggest that there is more than one router on the LAN and that they may not be working together properly.

It seems that even though the correct ports are forwarded somehow the 2Wire prevents this from working. The server wizard lists the correct server IP address and the TP-Link as default gateway.  

enough rambling. any hints are appreciated.

thank you

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?


If the TP-Link is the DMZPlus device, then normally, nothing in the 2Wire would prevent inbound connections on port 443. Check your TP-Link configuration carefully.

There is one item you need to be aware of: If you have wireless STBs, the wireless access point that is used for the wireless STBs takes port 443 away from you, and nothing can be done about it. The only work-around if this applies to you is to purchase a block of static IP addresses and set up one of them as the DMZPlus device.
Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

thanks Joe, it worked fine with just the 2Wire router and I do not have wireless STBs. I will go back and carefully look at the TP-Link settings. In the meantime I found in the MS 2012 forums that it is a common problem that the remote access stops working in a multi router situation. I still have to digest what their conclusions are. There are some directions but I do not understand them entirely.


thanks for your help.



Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Well, wouldn't you know. I did some browsing, after I wrote my post, around the wireless router settings and there were settings for IPTV

I set the correct port and it worked. I didn't get any freezes. nothing. I was finally able to get rid of the hub I was using to splice the feed from the RG.


There's also settings for the unicast and multicast items you mentioned in my router as well.

I'm assuming I don't have to tweak those since I'm getting the TV feed just fine.


Now, my only problem is my wireless router isn't sending out the wifi signal but I don't know if that's a result of me switching on that IPTV setting. I'm guessing it isn't but I'm going to bug ASUS about that tomorrow. Would you have any suggestions on that? Smiley Happy


and Thanks again

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

OK, the IPTV settings there are unusual, I have not seen a consumer router with those settings before. They must be new.

Anyway, if they're working, then leave them as they are currently set.

For the wireless, you'll need to check the wireless settings in the Asus and verify that you have wireless enabled and that the access point's SSID is not hidden (or you'll have to manually add it to your devices if it is hidden).
Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

so I fiddled around a little more with the TP-Link router and the Server 2012 Essentials issue of non-working remote access. After giving up I removed all special settings I applied (e.g. forwarding not under UPnP) or giving the server a static IP or putting into DMZ  mode from the TP-Link).

A day later it started to work. I have no idea why. I have a slight guess that it may have to do with certificate reinstated for the server which may have taken some time after I initialized the Anywhere Access with the new router.


All works - thank you Joe!


Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?



I have read through this entire thread (across several of days of course...tons of good info here!) and have 2 external wireless AP's running on my network (both hard-wired back to the RG), as according to post #13, along with wireless enabled on the 2-wire 3801HGV itself.  I can connect to any one AP just fine, but switching from one to the other when walking throughout the house causes issues.  My devices can see each AP's signal but cannot get an IP address when switching to a different AP.  I suspect this is due to caching on the RG itself (it is handling the DHCP), as when I "Clear the List" on the LAN->Status page of the RG, I can then connect to a different AP just fine.  This happens no matter which AP I switch to or from - I have to "Clear the List" each time to get a connection.  When using only one AP (doesn't matter which one but the other two disabled), everything works fine when connecting/disconnecting.  I am using the same SSID on all 3 AP's, but have tried having 3 different SSID's with the same result.  Am I right there is a caching or DHCP release/renew issue on the 2-wire RG itself and is there a fix?


At one point I threw in the towel on having the 2-wire do the DHCP and set up a 2nd router using the "post #2" instructions.  Everything worked in my test, but that isn't a long-term solution for me due to needing the 2-wire for my TV STB's.  The way my house wiring is set up, I don't have the ability to run 2 separate networks for each, hence why I am doing AP's only.


This has been so frustrating...please help! 

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?


The 2Wire is quirky on IP address renewals. The IP DHCP request must come from the same MAC address when you roam from one access point to another. If it doesn't, then things will not work properly.

Make sure of the following:

- The access points are set up in accordance with post #13 (DHCP on the access point turned off, wired connection going to a LAN port, not WAN port, wireless mode must be normal access point infrastructure mode -- not ad-hoc or wireless bridging, etc.)
- All SSIDs should be identical
- The 3 access points should be on different channels, and should be at least 4 channels away from each other -- try 1/5/9, 2/6/10, or 3/7/11.
- All access points should have the same encryption type and password, and no MAC filtering should be in use.
- If you're running alternate firmware on either of your two access points like DD-WRT or Tomato, make sure the access points are not doing MAC-NAT or anything like that. The MAC address in the packets traversing over the network must be the MAC address of your laptop, not the MAC address of the access point or one of its internal interfaces. (See above -- disable wireless bridging/proxy/etc.)

If you still can't get it to work, I would begin to suspect your access points. What manufacturer and model wireless access points are these?
Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Hi Joe,

Thanks for the quick reply. I can confirm all of your bullet points above are true for my setup. The two other access points besides the 3801HGV are a Linksys e1000 v2 and WRT54G v8. The e1000 has DD-WRT which I just flashed a couple days ago hoping that might help (it did not).

In further testing that I just did today, I set up the e1000 to be a true router (a-la post #2 and using with the WRT54G assigned to 3801HGV wireless disabled. I went back and forth turning wireless on and off on one or the other and my devices transitioned to the other AP seamlessly when the e1000 DD-WRT was giving out the IP's. This test setup was done all within one room - unfortunately this isn't practical for me for the long-term because of house wiring limitations.

This certainly seems more and more like quirky IP renewals on the 3801 to me. However it sounds as if you're saying it should work if I have everything else set up correctly. Is there something else I could be missing?

Thanks for your help!
Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Well, there are a few other people who have reported that they're using the 2Wire + another wireless access point together and are able to roam between them. However, I don't think anyone has reported that they're doing it with 2Wire + 2 additional WAPs.

Indeed, it could be the 2Wire's DHCP causing problems. You may try to factory reset the 2Wire, I've seen that cure some inexplicable problems in the past.



Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Just to give a quick update....

I did the factory reset on my 2-wire, and unfortunately it did not help. Still having the same issues when switching from one AP to another. Sometimes it will get an IP and connect, sometimes it won't. When it does connect, it gets a very poor connection - not in terms of wireless signal but in terms of actual speed/performance. A speedtest shows ping times of > 1s and speeds in the Bytes range (not Mega, but Bytes). Almost as if something is wrong in the routing.

I'm now going to move towards setting up the 2 separate networks, on two different subnets. I'm sure it's been discussed here before, but how do I route one subnet to the other using the 2-wire so that I can access computers across both networks? I know it's pretty straightforward in DD-WRT but don't know how to do the same on the 2-wire. Because of my house wiring, I will have to have computers on each of the subnets, that will need to be able to share across the subnets.

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Unfortunately, there is no facility in the 2Wire router for inserting a static route, thus it's not possible for it to route between subnets.

At this point, I would probably recommend a 3rd router to be used at the 2Wire's location, and set it up as discussed in post #2. Then use the existing 2 as wireless access points only, set up as in post #13, connected to the new router. Then turn the wireless access point in the RG off.
Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?



One other interesting tidbit - when both AP's are connected through the 2-wire, using the Wifi Analyzer app on my tablet, I see that one of the AP's signals cuts in and out while the other stays constant.  It's visible for a couple seconds, and then cuts out for a couple seconds (and back and forth like that continously).  However, when both AP's are running through the Linksys router, both signals are constant and do not disappear.  How would the 2-wire be affecting the signal/connection like this?

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

I have no idea. The access points shouldn't be changing their signal like that under any circumstances that I'm aware of.

I would chalk it up to just general 2Wire weirdness. Hence my previous recommendation for using at least one of them as a router in accordance with post #2.
