U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Teacher

U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

[ Edited ]

I am having trouble properly configuring this AT&T 2Wire 3600HGV modem for my network. Maybe someone is aware of a different firmware for this product?

 

I am completely aware of how to setup the DMZ mode & router behind router setup in these boxes but that is NOT the point. (We have supported firewalled networked equipment working that has all the bells & whistles including QoS)

 

In the event of a factory reset of the AT&T 2Wire VDSL modem at this business, I want to properly insure the following business requirements are met:

- DHCP - OFF (at min, it appears you must leave one available?)

- WiFi - OFF (Yes this can be turned off, but bridging it always insured it was turned off in the past. ON is a security concern among just bad business i.e. conflict with other business WiFi, employees might see/use this non-content filtered WiFi, etc etc)

- & passing off internet service needs to be easy to another networked supported OUTSIDE of AT&T firewall. (I'm NOT asking for AT&T support on this, but in the bridge DSL world, this was EASY)

- if bridging this 2Wire is NOT an option, backing up the configuration settings would be a nice alternative but that is not available as well?

 

Bridging the old DSL modems always worked nicely but the 2Wire 3XXXHGV line appears to be the ONLY ones to support the AT&T VDSL Max Turbo speeds. 24Mbps down / 3 Mbps up which we use not only for normal business operations (credit cards, business email, web based training, etc) but this high speed is required to view onsite security video (3Mbps up) and offer customers FAST free WiFi!

 

AT&T U-Verse offers the right price, contract, speed, internet package & installers to properly handle our resturant locations company's data needs but I'm struggling with the their "business" support of this 2Wire VDSL modem product. We ONLY use the internet, no TV (not legally available for restaurants, yet). No Voip because POTS is our reliable backup. So it's just the internet service ...

 

For coverage on AT&T Uverse, we have over 50 locations lit up like a Christmas tree but sadly business support on this product is driving me nutz! Maybe because I now see this is listed under "Residential Gateway"? Is this AT&T 2Wire VDSL modem product not meant for business? Is anyone aware of another supported AT&T VDSL modem or a different 2Wire firmware available? Official AT&T support has me running in circles (AT&T U-verse support > AT&T Connecttech > AT&T Connecttech360 > AT&T U-verse support, rinse, repeat)  

 

help?

Message 1 of 636 (565,943 Views)
Voyager

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Ok in the setup in message 13, the 2wire box now is a switch so the remaining 3 lan ports can still be used for other devices.  On your router, which is now merely a wireless access point, can you use any remaining lan ports?  Obviously you can not use the wan port.

 

Thanks for all the helpful advice.

Message 226 of 636 (6,033 Views)
Expert

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?


JamaicaPM wrote:

Ok in the setup in message 13, the 2wire box now is a switch so the remaining 3 lan ports can still be used for other devices.  On your router, which is now merely a wireless access point, can you use any remaining lan ports?  Obviously you can not use the wan port.

 

Thanks for all the helpful advice.


 

Actually, for the setup in post #13 (using a 3rd-party router as a wireless access point only), the 2Wire unit remains functioning as a router, not just a switch.

 

But yes, you can still use it's LAN ports for devices.

 

Yes, on most 3rd-party routers, once they're set up according to the instructions in post #13, you can also use their LAN ports for devices as well.  You are correct in that you cannot use the WAN port.

 

Message 227 of 636 (6,014 Views)
Tutor

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

I have followed the RG setup steps recommended here except I have an i38hg RG connected to a I3812v iNiD box on the outside.  The router I am using off the DMZ port is Asus RT-N56U.  Everything works for a day or more then it suddenly stops allowing clients access to the Internet.  I reboot the router with no success.  I repeat the setup and then it seems to work for at least  8 hours to 1 day.  The router is on the 192.168.2.x subnet and the i38hg is assigned to 192.168.1.1.  Everything looks correct but I can not figure why it just stops accessing the Internet.

 

Any advice?

 

Thanks.

Message 228 of 636 (6,364 Views)
Expert

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

effadj,

This could be a DHCP renewal issue. Go into your Asus router's configuration page and get the status of the WAN port, and write down the IP address, subnet mask, default gateway, and DNS servers. Then try setting the Asus router's WAN port to use a static IP address instead of DHCP, use the exact same information that was displayed and your wrote down.

See if this solves the problem.
Message 229 of 636 (6,363 Views)
Tutor

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Looks like thats the case.  Weird thing was that it did not time-out after 10 minute.  The last time it was it took about a hour to stop working.  It kind of various for some reason.  Maybe it waits until all the connections to drop and then it renews.

 

I have since gone back to dynamic DHCP of the WAN address but added a Port Forwarding rule on my router to pass Port 67 to 192.168.2.1 Port 68.  It's been running now for 2 days like this.  Fingers Crossed!

 

-Dave

Message 230 of 636 (6,339 Views)
Expert

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Cool, that works, too. It would have been the next thing I suggested.
Message 231 of 636 (6,336 Views)
Tutor

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Somejoe:

With your help I have a router set up successfully behind the RG.

However, I've been experiencing partial web page loads/timeouts from time to time.

So from a command prompt, I checked MTU fragmentation:

ping www.dslreports.com -f -l 1500

I receive a "packet needs to be fragmented but DF set" response until I take the bytes down to 1272

 

The RG & the router both have MTU set at 1500

 

Is this the likely culprit behind my issue? If so, what are your thoughts to remedy.

Thanks for your help.

Message 232 of 636 (6,249 Views)
Expert

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

[ Edited ]

If everything is working correctly, the following command should result in returned pings:

ping www.dslreports.com -f -l 1472



The maximum Ethernet payload and line MTU for U-Verse is 1500 bytes. Subtract 20 bytes for the IP header and 8 bytes for the ICMP header results in a transmittable payload without fragmentation of 1472 bytes.

If yours is not working unless the bytes are taken down that low, you have an MTU problem on the network. Look for:

1. Manual MTU settings on your machine. Download the tool "Dr. TCP" from DSL Reports and make sure no specific MTU settings have been set.

2. Your router may be artificially limiting the MTU. Make sure there are no settings to this effect in your router.

3. Make sure your firewall is not blocking ICMP packets. Many people block all ICMP for security issues, and that will immediately cause MTU problems on the network because path MTU discovery (PMTUD) no longer works. If you want to block some ICMP, at least make sure that the following ICMP types are allowed:

Type 0 (Echo Reply)
Type 3 (Destination Unreachable)
Type 11 (Time Exceeded)

Personally, I don't see anything wrong with allowing all ICMP. In my opinion, it is not a security issue.

Message 233 of 636 (6,233 Views)
Tutor

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Thanks. My MTU was 1300, I set it to blank and now the ping works at 1472. Web pages loading much faster, without partial loads/timeouts. Thanks so much!
Message 234 of 636 (6,225 Views)
Tutor

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

He is another great TCP adjustment utility for PCs:  http://www.speedguide.net/downloads.php

 

-Dave

Message 235 of 636 (6,223 Views)
Contributor

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

This question is off topic, but i have seen so much good info on this thread, I thought I would throw it out there in case someone has a suggestion.  I started looking here because I wanted to disable the router portion of the 2wire 3600hgv and add my own "better" router, using the ATT one just as a bridge.  This suggestion was made by the manufacturer of the audio system I am installing since I am having some issues with the audio components talking to each other over the network.  They said they often see these problems with all-in-one ISP provided dsl modem routers.  Both my controller/amplifier and my digital music streamer are seeing the internet fine.  The problem occurs sometimes when the controller commucicates to the streamer over the network with some command (such as changing a SiriusXM channel).  It often causes the streamer to just diplay "stopped" and no artist/song info.  Sometimes it just doesn't respond at all.  Is there anything I should be checking in the setup of the 3600HGV that would affect the communication of these two devices with each other over the network?

Message 236 of 636 (6,092 Views)
Tutor

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Awesome post. Simply awesome. I was starting to regret having switched to UVerse (not like I had a choice, though). I was going to have to switch to something, because they were taking down DSL service in this area. I was pretty close to testing the aerodynamic qualities of that stinkin 3801HGV RG and telling AT&T to shove UVerse where the sun don't shine. Sideways. But, the WNDR3700 is working beautifully now.
Message 237 of 636 (5,512 Views)
Tutor

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

SomeJoe:

 

Thank you for your detailed posts.  I have moved my service from DSL to Uverse.  I had a Cisco 800 that I'd like to keep in my network.  I've tried to setup everyting per your examples but I'm missign some detail.

 

My original network is setup with 10.10.10.x.  The 2Wire router is at it's default (192.168.1.254) per resolution from PC connected to the 2-wire modem via wireless link:

 

C:\Users\xxxxx>ping gateway.2wire.net

Pinging gateway.2wire.net [192.168.1.254] with 32 by
Reply from 192.168.1.254: bytes=32 time=2ms TTL=255
Reply from 192.168.1.254: bytes=32 time=3ms TTL=255

 

 

I have followed your instructions::

 

1. Set your router's WAN interface to get an IP address via DHCP. 

Done

 

2. Plug your router's WAN interface to one of the 2Wire's LAN interfaces.

3. Restart your router, let it get an IP address via DHCP.

Done.  sh conf eth1 -> reflects public IP

 

4. Log into the 2Wire router's interface.  Go to Settings -> Firewall -> Applications, Pinholes, and DMZ

5. Select your router under section (1).

6. Click the DMZPlus button under section (2).

7. Click the Save button.

Done.  Status screen reflects complete

 

8. Restart your router, when it gets an address via DHCP again, it will be the public outside IP address.  At this point, you can leave your router in DHCP mode (make sure the firewall on your router allows the DHCP renewal packets, which will occur every 10 minutes), or you can change your router's IP address assignment on the WAN interface to static, and use the same settings it received via DHCP.

 

Initially I did a shut/no shut on int eth1 to renew the IP.  That didn't work so I reloaded router.  No difference that I saw. 

sh int eth1 still reflected the public IP address assignment.  Looked OK here.

 

9. On the 2Wire router, go to Settings -> Firewall -> Advanced Configuration

10. Uncheck the following: Stealth Mode, Block Ping, Strict UDP Session Control.

11. Check everything under Outbound Protocol Control except NetBIOS.

12. Uncheck NetBIOS under Inbound Protocol Control.

13. Uncheck all the Attack Detection checkboxes (7 of them).

14. Click Save

 

Done, carefully checked each.

 

All I changed on my router config was the ethernet intefaces and the inbound access-list.  Where possible, I tried to mirror your setup.  I moved teh appropriate configs from my old dialer interface (for the DSL) to Eth1.

 

interface Ethernet0
 description $FW_INSIDE$$ETH-LAN$
 ip address 10.10.10.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip nat inside
 arp timeout 600
 no cdp enable
!
interface Ethernet1
 description $ETH-WAN$$FW_OUTSIDE$
 ip address dhcp
 ip access-group 122 in
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 no cdp enable

 

My access list looks like this (sanitized)

 

# the Uverse router is set to its default


access-list 122 permit ip host 192.168.1.254 any  

# dont' think this is needed but put there in case.
access-list 122 permit ip host 10.10.10.1 any



access-list 122 deny   tcp any any eq 25565
access-list 122 deny   udp any any eq 25565
access-list 122 deny   udp any any eq 407
access-list 122 deny   tcp any any eq 1417
access-list 122 deny   tcp any any eq 1418
access-list 122 deny   tcp any any eq 135
access-list 122 deny   tcp any any eq 136
access-list 122 deny   tcp any any eq 137
access-list 122 deny   tcp any any eq 138
access-list 122 deny   tcp any any eq 139
access-list 122 deny   tcp any any eq 445
access-list 122 deny   tcp any any eq 4444
access-list 122 deny   tcp any any eq 4662
access-list 122 deny   udp any any eq 135
access-list 122 deny   udp any any eq 136
access-list 122 deny   udp any any eq netbios-ns
access-list 122 deny   udp any any eq netbios-dgm
access-list 122 deny   udp any any eq netbios-ss
access-list 122 deny   udp any any eq 445
access-list 122 deny   udp any any eq snmp log
access-list 122 deny   udp any any eq snmptrap log
access-list 122 deny   udp any any eq 12406
access-list 122 deny   tcp any eq 135 any
access-list 122 deny   tcp any eq 136 any
access-list 122 deny   tcp any eq 137 any
access-list 122 deny   tcp any eq 138 any
access-list 122 deny   tcp any eq 139 any
access-list 122 deny   tcp any eq 445 any
access-list 122 deny   tcp any eq 4444 any
access-list 122 deny   tcp any eq 1417 any
access-list 122 deny   tcp any eq 1418 any
access-list 122 deny   tcp any eq 1419 any
access-list 122 deny   tcp any eq 1420 any
access-list 122 deny   tcp any eq 1025 any
access-list 122 deny   tcp any eq 1029 any
access-list 122 deny   tcp any eq 5000 any
access-list 122 deny   udp any eq 135 any
access-list 122 deny   udp any eq 136 any
access-list 122 deny   udp any eq netbios-ns any
access-list 122 deny   udp any eq netbios-dgm any
access-list 122 deny   udp any eq netbios-ss any
access-list 122 deny   udp any eq 445 any
access-list 122 deny   udp any eq 407 any
access-list 122 deny   udp any eq 1035 any
access-list 122 deny   udp any eq 1203 any
access-list 122 permit ip any any

 

I can ping the Cisco (10.10.10.1) from any PC on the 10.1.1 network.  I can ping the public IP on Eth1.  But I can't get out to the internet.

 

Can you tell what I'm missing?

 

 

 

Message 238 of 636 (5,452 Views)
Expert

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Please show the output of the Ethernet 1 current configuration:

show ip int eth1

Also please show your NAT configuration entries, including the nat pool and any static translations.

And finally, show any default routes or default gateway entries you have in the config.
Message 239 of 636 (5,441 Views)
Tutor

Re: U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

Joe!  I must admit, after reading some of your posts, you fill me with hope that some people actually know what the heck they are talking about!

 

I have the 2Wire providing signal to a DIR-857 so that an N Network could be broadcast on my network.  Everything is working except for my 3TB HD that is plugged via USB 3.0 to the back of the DIR 857.  It's not found, and I think it may be because of how I have the setup configured. The DIR network is 192.168.0.1, while I can still wirelessly connect to the 2Wire via 192.168.1.254.  I believe the DIR is handing out DHCP addresses.   I have disable the broadcast of the 2Wire wireless network.  I get decent speeds, with occasional drop offs.  Mostly, I want to be able to communicate with the HD wirelessly throughout.

 

Any idea of the optimum settings I should be using?  The DIR is connected lan to lan.

 

Thanks in advance!  Hope all is well

Message 240 of 636 (5,394 Views)