Treo600user's profile

Teacher

 • 

3 Messages

Wednesday, March 16th, 2011 3:18 PM

U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

I am having trouble properly configuring this AT&T 2Wire 3600HGV modem for my network. Maybe someone is aware of a different firmware for this product?

 

I am completely aware of how to setup the DMZ mode & router behind router setup in these boxes but that is NOT the point. (We have supported firewalled networked equipment working that has all the bells & whistles including QoS)

 

In the event of a factory reset of the AT&T 2Wire VDSL modem at this business, I want to properly insure the following business requirements are met:

- DHCP - OFF (at min, it appears you must leave one available?)

- WiFi - OFF (Yes this can be turned off, but bridging it always insured it was turned off in the past. ON is a security concern among just bad business i.e. conflict with other business WiFi, employees might see/use this non-content filtered WiFi, etc etc)

- & passing off internet service needs to be easy to another networked supported OUTSIDE of AT&T firewall. (I'm NOT asking for AT&T support on this, but in the bridge DSL world, this was EASY)

- if bridging this 2Wire is NOT an option, backing up the configuration settings would be a nice alternative but that is not available as well?

 

Bridging the old DSL modems always worked nicely but the 2Wire 3XXXHGV line appears to be the ONLY ones to support the AT&T VDSL Max Turbo speeds. 24Mbps down / 3 Mbps up which we use not only for normal business operations (credit cards, business email, web based training, etc) but this high speed is required to view onsite security video (3Mbps up) and offer customers FAST free WiFi!

 

AT&T U-Verse offers the right price, contract, speed, internet package & installers to properly handle our resturant locations company's data needs but I'm struggling with the their "business" support of this 2Wire VDSL modem product. We ONLY use the internet, no TV (not legally available for restaurants, yet). No Voip because POTS is our reliable backup. So it's just the internet service ...

 

For coverage on AT&T Uverse, we have over 50 locations lit up like a Christmas tree but sadly business support on this product is driving me nutz! Maybe because I now see this is listed under "Residential Gateway"? Is this AT&T 2Wire VDSL modem product not meant for business? Is anyone aware of another supported AT&T VDSL modem or a different 2Wire firmware available? Official AT&T support has me running in circles (AT&T U-verse support > AT&T Connecttech > AT&T Connecttech360 > AT&T U-verse support, rinse, repeat)  

 

help?

Expert

 • 

9.4K Messages

10 years ago

What you're running into is a limitation of the 2Wire gateway in that it is hard coded to expect a 1-to-1 relationship between IP addresses and MAC addresses. Each static IP address you're using must appear to the 2Wire gateway to be coming from a different MAC address. I suspect that your Linux router is answering the 2Wire with the same MAC address for all IP addresses, which will not work.

If your Linux router can assign different MAC addresses to eth0:1, eth0:2, etc. then that should solve the problem.

If not, there is another potential workaround if your 2Wire gateway is running the very latest firmware (6.9.1.42). Can you log into the 2Wire and check to see what firmware version it's running?

Tutor

 • 

4 Messages

10 years ago

The FW level is 6.9.1.42-enh.tm.   The eth1:X is more like an iP alias. All of the :X's share the eth1 mac address.  More over putting MACADDR=  or HWADDR in the X's is ignored and the eth1 mac address is inserted.

Expert

 • 

9.4K Messages

10 years ago

OK, I have not tested this because it is so new.  But you are a good candidate for the cascaded router option in the new firmware.  Follow these steps:

  1. Remove all of the eth0:X addresses from your Linux router.
  2. eth0 will be the "outside" interface of your Linux router.  You will assign it a private IP address within the same private subnet that the 2Wire 3801 uses.  By default, the 2Wire uses 192.168.1.0/24, with the 2Wire itself at 192.168.1.254.  Give your Linux router a private address in this range, but outside the DHCP range that the 2Wire is issuing.  By default, the 2Wire issues 192.168.1.64 through 192.168.1.253.  Pick an address below .64, for example 192.168.1.20.
  3. eth0 will be 192.168.1.20, subnet mask 255.255.255.0, gateway 192.168.1.254.
  4. eth1 will be the "inside" interface of your Linux router, you will assign it an address from your static range.  For example, use 162.192.165.97.  You can then assign 162.192.165.98 through 162.192.165.126 to your servers and devices.
  5. On the 2Wire router, go to Settings -> Broadband -> Link Configuration.  Uncheck the "Add Additional Network" checkbox and click the Save button.  This removes the static IP addresses from the 2Wire's LAN network.
  6. Verify you can now reach the Internet from the Linux box.
  7. Now on the 2Wire router, again go to Settings -> Broadband -> Link Configuration.  Check the "Add Cascaded Router" checkbox, and use 162.192.165.96 for the network address, 255.255.255.224 for the subnet mask, and then choose your Linux router's outside IP address (192.168.1.20) for the "router that will host the secondary subnet", and click Save.
  8. Configure your servers and other devices with the remainder of the static IP addresses.  Example: 162.192.165.98 for the IP address, 255.255.255.224 for the subnet mask, 162.192.165.97 for the default gateway.  All of these servers should be connected to the network segment that is connected to eth1 on the Linux router.

 

Those servers should now be able to reach the internet, and you can configure the firewall on the Linux router as you want.  Some other notes:

 

  • Even though the Linux router's outside IP address is a private IP, there is no NAT/masquerade going on here.  Packets are routed over the private 192.168.1.x network, but no address from your static block is ever translated.
  • Yes, I know that having a private IP on the "outside" and a public IP on the "inside" looks backwards, but this is correct routing for this setup.
  • No need to configure the firewall on the 2Wire, since it is now acting as a pure router for your static IPs.
  • Some protocols may still not work due to upstream AT&T interference.  IP protocol 41 (IPv6 in IPv4) is currently blocked by this version of the 2Wire firmware.
  • I have not tested this configuration at all (I intend to as soon as I get back from a business trip), so no guarantees.

 

 

 

Tutor

 • 

4 Messages

10 years ago

Thanks, SomeJoe7777. I too am on a business trip. Since this requres taking the interface down with the potential of it not coming back up, I'll try it when I get home.  After you described the problem for me, I was able to find a potential way to get my firewall to present a different mac address for each ip by using the bridge function and taps.  If I get that to work, I'll post the solution.

Tutor

 • 

4 Messages

10 years ago

Hello Somejoe,

 

I'm not sure if this is still an active post, but i'm trying to figure out a couple things in your config or really just wanted to double check.. what does the address 192.168.160.20 belong to? My first thought was an attach switch from your router connect to int fa0/0 on the switch.

 

I'm trying to figure out how to get my 2600 cisco router to play nice with my AT&T router. I have followed the instructions that you have provided, well the best that i can anyways..

 

my setup is like this:

Port 2 on the AT&T router is connect to the Cisco 2600 router on port fa0/1

Cisco 2600 port fa0/0 is connect to 2950 layer 2 switch on port 23

Host machine is connected to port 1 on the 2950 switch

 

this setup allows me to ping the outside world like google, yahoo etc from the my host machine but does not allow me to use an internet browser to browse to the site. it just keeps loading with no results. I believe this has something todo with my acl or routing. I was wondering if you or anyone could please take a look at my configs and suggest anything that might help..

 

at&t Router

is setup as a bridge per your instructions (DMZplus mode)



Router Configs

Building configuration...

Current configuration : 1047 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password password
!
no aaa new-model
ip subnet-zero
ip cef
!
!
ip name-server 68.94.156.1
ip name-server 68.94.157.1
!
ip dhcp pool TEST_CLIENTS
   import all
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.254
   dns-server 68.94.156.1 68.94.157.1
!
!
!
!
!
!
interface FastEthernet0/0
 description Internal LAN
 ip address 192.168.2.254 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip nat inside
 duplex auto
 speed auto
 arp timeout 600
!
interface FastEthernet0/1
ip address dhcp            (this recieves the public IP address)
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
 no cdp enable
!
ip nat inside source list 101 interface FastEthernet0/1 overload
no ip http server
ip classless
!
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
!
line con 0
line aux 0
line vty 0 4
 password password
 login
!
!
end

SWITCH 2950 CONFIGS
Building configuration...

!
ip subnet-zero
!
ip name-server 68.94.156.1
ip name-server 68.94.157.1
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface Vlan1
 ip address 192.168.2.2 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.2.254
ip http server
!
end

 

 

Expert

 • 

9.4K Messages

10 years ago

Can you verify that your f0/1 interface is getting correct DHCP information from the 2Wire? Post the output of:

show ip int f0/1

show ip route

Tutor

 • 

4 Messages

10 years ago

Thanks you for the responce, below is the information that you requested.

 

Gateway of last resort is 99.109.100.1 to network 0.0.0.0

     99.0.0.0/22 is subnetted, 1 subnets

C       99.109.100.0 is directly connected, FastEthernet0/1

     192.168.1.0/32 is subnetted, 1 subnets

S       192.168.1.254 [254/0] via 99.109.100.1, FastEthernet0/1

C    192.168.2.0/24 is directly connected, FastEthernet0/0

S*   0.0.0.0/0 [254/0] via 99.109.100.1

 

FastEthernet0/1 is up, line protocol is up
  Internet address is 99.109.100.xxx/22 (my public IP address I X'ed the last octet hope thats ok, but it is my public IP address)
  Broadcast address is 255.255.255.255
  Address determined by DHCP
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is disabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are never sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Feature Fast switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain outside
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled
  BGP Policy Mapping is disabled

 

And sorry about the late responce

Expert

 • 

9.4K Messages

10 years ago

Hmmm ... almost everything looks correct, but I notice you have not defined any static routes.

Do the following:

show dhcp lease

In that output, there should be a default gateway listed. Using that IP insert the following two lines:

ip route 0.0.0.0 0.0.0.0
ip route 192.168.1.0 255.255.255.0 FastEthernet0/1

See if this makes a difference.

Contributor

 • 

2 Messages

10 years ago

After 3 weeks of effort, with support from 3 levels of AT&T tech support as well as this forum, I have concluded that the AT&T router is incapable of supporting my environment.  I installed Time Warner Cable Business Internet last Friday and had my environment running in less than 3 hours.  (The only reason it took 3 hours, was that TWC had messed up a routing table which caused the routing to go into an infinite loop resulting in a timeout. Bottom lline, the TWC router worked just like the T1 router, passing everything down the pipe.

 

I want to thank SomeJoe for his effort in trying to get this to work. Another week of work may have yielded sucess, but I ran out of time.  

 

Tutor

 • 

4 Messages

10 years ago

thanks for the suggestions, I have applied the settings you suggested, and it seem to have kind of worked. I can now start to see some a little bit of the page before it times out. I have tried many different sites to rule out the possible that the site is having issues. so i'm kinda lost at the moment I would think that it would be a routing issue in there somewhere but i can't seem to find.. Any idea's would be awesome.. Thank you! 

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.