Treo600user's profile

Teacher

 • 

3 Messages

Wednesday, March 16th, 2011 3:18 PM

U-verse for BUSINESS? : 2Wire 3600HGV bridge mode? or another AT&T supported VDSL modem?

I am having trouble properly configuring this AT&T 2Wire 3600HGV modem for my network. Maybe someone is aware of a different firmware for this product?

 

I am completely aware of how to setup the DMZ mode & router behind router setup in these boxes but that is NOT the point. (We have supported firewalled networked equipment working that has all the bells & whistles including QoS)

 

In the event of a factory reset of the AT&T 2Wire VDSL modem at this business, I want to properly insure the following business requirements are met:

- DHCP - OFF (at min, it appears you must leave one available?)

- WiFi - OFF (Yes this can be turned off, but bridging it always insured it was turned off in the past. ON is a security concern among just bad business i.e. conflict with other business WiFi, employees might see/use this non-content filtered WiFi, etc etc)

- & passing off internet service needs to be easy to another networked supported OUTSIDE of AT&T firewall. (I'm NOT asking for AT&T support on this, but in the bridge DSL world, this was EASY)

- if bridging this 2Wire is NOT an option, backing up the configuration settings would be a nice alternative but that is not available as well?

 

Bridging the old DSL modems always worked nicely but the 2Wire 3XXXHGV line appears to be the ONLY ones to support the AT&T VDSL Max Turbo speeds. 24Mbps down / 3 Mbps up which we use not only for normal business operations (credit cards, business email, web based training, etc) but this high speed is required to view onsite security video (3Mbps up) and offer customers FAST free WiFi!

 

AT&T U-Verse offers the right price, contract, speed, internet package & installers to properly handle our resturant locations company's data needs but I'm struggling with the their "business" support of this 2Wire VDSL modem product. We ONLY use the internet, no TV (not legally available for restaurants, yet). No Voip because POTS is our reliable backup. So it's just the internet service ...

 

For coverage on AT&T Uverse, we have over 50 locations lit up like a Christmas tree but sadly business support on this product is driving me nutz! Maybe because I now see this is listed under "Residential Gateway"? Is this AT&T 2Wire VDSL modem product not meant for business? Is anyone aware of another supported AT&T VDSL modem or a different 2Wire firmware available? Official AT&T support has me running in circles (AT&T U-verse support > AT&T Connecttech > AT&T Connecttech360 > AT&T U-verse support, rinse, repeat)  

 

help?

Explorer

 • 

15 Messages

11 years ago

One more most important question. If the DMZPlus mode "pass through" goes from the RG to my Firewall (WAN NIC) with a static public IP then how could there be any conflicting traffic if my network is 192.168.1.x and the RG LAN IP is 192.168.1.x? Since I would have nothing else connected to the RG and my Firewall's NIC would be processing the traffic with its own NAT how could the RG get confused or interferance if it was just passing all traffic through?

 

Also even if the RG is processing/routing traffic through the DMZPlus mode that means it is seeing past my WAN NIC public IP and able to see the other LAN NIC on my firewall and see devices on my network? Doesn't make sense really.

 

Another concern is the Astaro firewall (linux based) runs on a VMWare ESXi box with my Server and Exchange. There are two physical NICs and two physical MAC addresses for each card and I've really only had Comcast SMC and an older Comcast modem/router in bridged mode where I just simply set the WAN NIC for public static IP with subnet mask and default gateway. So I'm concerned that this Vmware VNICS are maybe causing the RG confusion and resulting in that speed processing problem?

Expert

 • 

9.4K Messages

11 years ago

The problem with having both the RG's LAN and your firewall's internal LAN as the same subnet is two fold:

a. After the DMZPlus mode is enacted, there is no routing conflict and things actually will work. But because of the way that DHCP works on the RG, you have to allow your firewall to get a private IP first before you can switch it to DMZPlus mode. During that time, you have an illegal network configuration with the same subnet on both interfaces of the firewall, and because MAC addresses get cached in all devices, this will cause problems with the switch-over to DMZPlus.

b. You cannot reach the RG from inside the firewall in that configuration, because you can't insert the proper static route into your firewall.

On your ESXi box, remember that the NIC physical MAC is only used for traffic originating or terminating on the ESXi box itself. Traffic to and from VMs uses the configured MAC address in the VM setup options, which is different.

In any case, the physical interface connected to the RG needs to be isolated at the layer 2 level from the physical interface carrying internal LAN traffic. Do not let both NICs be connected together through a switch such that they can see each other, because things like proxy ARP will get in the way of proper routing and cause problems.

Explorer

 • 

15 Messages

11 years ago

Astaro firewall management shows this for the interfaces.

 

Eth0 being my LAN on 192.168.1.x and Eth1 is the WAN with the static IP, snm, gw

 

Both seem to provide a different MAC address. As a side note I used to actually run all traffic LAN and WAN through a single VLAN NIC interface and some items such as my Bluray player, Samsung TV and other smaller devices had issues connecting to the internet, since I added a second physical NIC I've had none of those issues for about 2 years now.

 

eth1Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
Slot:n/a
Auto negotiation:On
Supported link modes: 
MAC Address:00:50:56:12:32:11
Interrupt (IRQ):19
PCI Device ID:0x2000:0x2000
MII capable:No
HA link monitoring:Yes

 

 eth0Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
Slot:n/a
Auto negotiation:On
Supported link modes: 
MAC Address:00:50:56:23:11:31
Interrupt (IRQ):18
PCI Device ID:0x2000:0x2000
MII capable:No
HA link monitoring:Yes

 

 
 
 
 
 
 
 
 
 

Tutor

 • 

7 Messages

11 years ago

does this allow for the Airports 1000base/T (Gigabit) speeds ? Tech is telling me they cannot turn off NAT services and do not offer a dedicated Modem.

Explorer

 • 

15 Messages

11 years ago


@decoff wrote:

does this allow for the Airports 1000base/T (Gigabit) speeds ? Tech is telling me they cannot turn off NAT services and do not offer a dedicated Modem.


I can at least help with this question. The 2wire 3801 has 10/100 ports, I'm going to assume the 3800 and 3600 are the same.

 

Even if you had gigabit ports on it the internet isn't going to come in any faster unless you approach a 100mbps internet connection actually even if you were at a 50mbps or higher you might want GB ports but I think even at 50mbps a 100mbps port would be ok. Suggest if you want to have gigabit on your LAN to use what a lot are doing in this thread and do the "ip passthrough" since none of AT&T Uverse VDSL (except older DSL tech) have a router/modem that will fully bridge.

 

With the help of SomeJoe7777 who is well known by AT&T techs I am going to be trying to "pass through" all my traffic this evening and see if my erratic download and upload speed tests are gone with his solutions. My install was excellent, less than 48 hours and I am fully installed!!! The disappointment however is as others have mentioned ping times tend to be a little higher. This might have mattered when I was younger in the BF2 days where I played a lot of ping sensitive games.

 

Speed tests 23-23.5mbps down and 2.8-2.9mbps up very nice... Max user rate 54mbps/8mbps Profile 32mbps/5mbps (pretty standard) I was told I was 1200-1700 ft from the vrad so when pair bonding and 48mbps comes out I should be good to go several pairs of copper available near my location.

 

Of note to some people I'm on AT&T Uverse Business Class, when I browsed online with the modem to agree to terms setup accounts etc. I noticed the 250GB limit (which they haven't started metering yet) but this limitation says clearly "Applies ONLY to residential customers" I confirmed that with tech support and a supervisor. Pretty much on par with Comcast no usage limitations on business. Already did checks on my static IP and it is clear from all spam/blacklist databases.

 

Remember everyone that is on Comcast or other cable providers, when the physical cable is cut or damaged hundreds of people go down like the old Christmas tree lights if you are on that node you'll be down. Also power outages you'll lose your internet (at least here it goes down). I've found in the past when dealing with AT&T (then Bellsouth) I always had a truck roll immediately even in the night if necessary and better tech support. This would probably not apply the same for residential support as you probably get thrown overseas.

 

I really do hope that I can post great results when tomorrow when I can bring my existing connection offline and setup the uverse connection to my firewall. AT&T offered me a great rate and locked me in for 2 years at my request, in which time I can elect to upgrade or downgrade my plan if necessary. No monthly modem fee either, where Comcast was raping me for $7 a month and wouldn't even allow me to buy my own.

 

Last note back Oct 2005 when Hurricane Wilma hit south florida (eye passed over my city) light to moderate damage I had cable and it took them over a month to get it working again. Meanwhile the day after the storm I ordered a Bellsouth ADSL and since I had an old modem and a pots phone line I was up in 3 business days. Found out from others that Bellsouth DSL never went down, all wires underground and self powered. Not sure if AT&T Uverse would stay up without power but it sure isn't run next to power lines. This doesn't apply to some people that have cable buried underground.

Explorer

 • 

15 Messages

11 years ago

Just informed by AT&T that my Public IP block starts with 172.x.x.x although my router receives its DHCP address as a 108.x.x.x was told that I could not follow or use DMZPlus mode with a static IP address because that's how AT&T does things. Period end of story after over an hour of arguing. How am I supposed to setup a PTR record with 2 different networks? Ridiculous and inexcusable. I'm going to try calling back a few times but it seems I am going to have to cancel my service.

Expert

 • 

9.4K Messages

11 years ago

While most of the AT&T help desk technicians cannot properly answer the technical questions about their network and gateway setup, it is unfortunate in this instance that he does happen to be mostly correct.

The AT&T gateways do not have the ability to insert a static route, so you cannot route a static IP block behind your own routing device.

Also, if they gave you an IP block of 172.16.x.x through 172.31.x.x, then you're behind Carrier-Grade NAT anyway, so you couldn't run servers on those IPs even if you tried.

There is an extremely complex work-around to use a static IP block behind your own router, but it requires either a custom coded Linux box, a Cisco IOS router capable of running Hot Standby Router Protocol (HSRP), or the router has to have some type of ability to present multiple MAC addresses on it's WAN interface.

For your requirements, it's looking less and less likely that you're going to be able to set up your network like you want. I would recommend you take a look at a provider who can provide a true business solution.

Explorer

 • 

15 Messages

11 years ago

Supervisor at AT&T helped me and configured the router for me and I took NOTES!

 

He was able to assign my static IP so that my WAN NIC on my firewall has the same 172.9.x.x range it is not a private range. He reset to factory defaults then went to do the following:

 

Broadband, Link Configuration, Supplementary Network >Enable>Router Address 172.9.x.x>Subnet 255.255.255.248>AutoFirewall Open check

 

Settings>LAN>IP Address Allocation>

 

Device XYZ

 

Firewall Disabled

Address Assignment> Public (Select WAN IP Mapping)

WAN IP Mapping > Public Fixed: 172.9.x.x

 

Firewall Applications>Pinhole>DMZ>DMZPlus mode

 

The confusion came from the previous tech telling me that we would assign my 172.9.x.x static IPs to the device but that the outside world would see my "sticky IP" that you get when you release renew your RG 108.233.x.x that is why I flew off the handle after him telling me that's just how it works etc etc. Now the supervisor is setting up my PTR record for RDNS (up to 48 hours) so that mail will function properly on my static IP.

 

Again directions in Post #2 don't apply but when you examine my configuration I am in DMZPlus to the MAC of my firewall's NIC (currently going to my laptop to test) but speeds are excellent. Working great so far. Will report back when entire network is working through my firewall.

Expert

 • 

9.4K Messages

11 years ago

Oh, you only wanted to use one of the IPs from the static block? If that's the case, then yes, that method that the supervisor told you is correct and will work perfectly.

I was under the impression that you wanted to use the 172.9.x.x addresses BEHIND your firewall, which isn't possible without the trickery I mentioned above.

Voyager

 • 

1 Message

11 years ago

I am trying to use the 3600HGV as a bridge and use the Airport Extreme (5th generation) as my router.  I am trying to follow SomeJoe's instructions in message 2 to active DMZPlus on the 2Wire to emulate bridge mode, and set up the AE as my router.  

 

At Step 8, after reboot of the AE, I verified the 2Wire had changed the AR's IP address.  The settings before the reboot were IPv4 address = 192.168.1.67, subnet mask = 255.255.255.0, router address = 192.168.1.254 (the 2Wire), DNS server = 192.168.1.254 (the 2Wire), and domain name = gateway.2wire.net.  After the reboot, the IPv4 setting changed  to 99.36.108.212 and subnet mask changed to 255.255.252.0, and router address changed to 99.36.108.1.  The DNS server address and the domain name did not change and remained 192.168.1.254 and gateway.2wire.net, respectively.  Using Airport Utility on a Mac Lapbook Pro, I then changed the IP address to static using the new address, and told the AE router to use DHCP and NAT as the router mode since it had been set at OFF (bridge mode)).  The settings also showed the DHCP range would be 10.0.1.2 to 10.0.1.200.  I tried to save all of that so I could go to Step 9, but I kept getting a message that no valid DNS server or domain name had been set.  I finally chose to ignore the message, the AR rebooted, and I went on and made the other changes to the 2Wire modem/router set out in Steps 9 through 14.

 

Now I am not getting internet service, which I guess means I have to change the DNS server and domain names in the AE router, which is the only step set out in message 2 that didn't seem to go correctly.  Can anyone help?  Is SomeJoe still posting? 

 

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.