Welcome to the new AT&T Community
We've got a fresh look! Take the tour to see what's new.
I am having trouble properly configuring this AT&T 2Wire 3600HGV modem for my network. Maybe someone is aware of a different firmware for this product?
I am completely aware of how to setup the DMZ mode & router behind router setup in these boxes but that is NOT the point. (We have supported firewalled networked equipment working that has all the bells & whistles including QoS)
In the event of a factory reset of the AT&T 2Wire VDSL modem at this business, I want to properly insure the following business requirements are met:
- DHCP - OFF (at min, it appears you must leave one available?)
- WiFi - OFF (Yes this can be turned off, but bridging it always insured it was turned off in the past. ON is a security concern among just bad business i.e. conflict with other business WiFi, employees might see/use this non-content filtered WiFi, etc etc)
- & passing off internet service needs to be easy to another networked supported OUTSIDE of AT&T firewall. (I'm NOT asking for AT&T support on this, but in the bridge DSL world, this was EASY)
- if bridging this 2Wire is NOT an option, backing up the configuration settings would be a nice alternative but that is not available as well?
Bridging the old DSL modems always worked nicely but the 2Wire 3XXXHGV line appears to be the ONLY ones to support the AT&T VDSL Max Turbo speeds. 24Mbps down / 3 Mbps up which we use not only for normal business operations (credit cards, business email, web based training, etc) but this high speed is required to view onsite security video (3Mbps up) and offer customers FAST free WiFi!
AT&T U-Verse offers the right price, contract, speed, internet package & installers to properly handle our resturant locations company's data needs but I'm struggling with the their "business" support of this 2Wire VDSL modem product. We ONLY use the internet, no TV (not legally available for restaurants, yet). No Voip because POTS is our reliable backup. So it's just the internet service ...
For coverage on AT&T Uverse, we have over 50 locations lit up like a Christmas tree but sadly business support on this product is driving me nutz! Maybe because I now see this is listed under "Residential Gateway"? Is this AT&T 2Wire VDSL modem product not meant for business? Is anyone aware of another supported AT&T VDSL modem or a different 2Wire firmware available? Official AT&T support has me running in circles (AT&T U-verse support > AT&T Connecttech > AT&T Connecttech360 > AT&T U-verse support, rinse, repeat)
There is no true bridge mode on the 2Wire routers. However, you can still configure it such that almost all functions of your own router will work properly.
1. Set your router's WAN interface to get an IP address via DHCP. This is required at first so that the 2Wire recognizes your router.
2. Plug your router's WAN interface to one of the 2Wire's LAN interfaces.
3. Restart your router, let it get an IP address via DHCP.
4. Log into the 2Wire router's interface. Go to Settings -> Firewall -> Applications, Pinholes, and DMZ
5. Select your router under section (1).
6. Click the DMZPlus button under section (2).
7. Click the Save button.
8. Restart your router, when it gets an address via DHCP again, it will be the public outside IP address. At this point, you can leave your router in DHCP mode (make sure the firewall on your router allows the DHCP renewal packets, which will occur every 10 minutes), or you can change your router's IP address assignment on the WAN interface to static, and use the same settings it received via DHCP.
9. On the 2Wire router, go to Settings -> Firewall -> Advanced Configuration
10. Uncheck the following: Stealth Mode, Block Ping, Strict UDP Session Control.
11. Check everything under Outbound Protocol Control except NetBIOS.
12. Uncheck NetBIOS under Inbound Protocol Control.
13. Uncheck all the Attack Detection checkboxes (7 of them).
14. Click Save.
Your router should now be able to route as if the 2Wire was a straight bridge, for the most part.
Inbound port 22 might be blocked, and inbound ports 8000-8015 might also be blocked, and there's nothing that can be done about it.
This is how I have my 2Wire configured, and I have a Cisco 2811 behind it doing IPSec, IPv6 tunnels, etc.
One last questrion, do I need to keep my RG's wireless signal on in order for the wireless and wired STB to function? Or can I turn it off and hook up the ATT wireless access box which came with the wireless STB into one of the ports on my WD router? Thanks in advance!
I performed step #2 and everthing seems to be working fine...fingers crossed. My bedroom Dropcam is connected wirelessly to the WD router and seems to be steaming ok. My garage Dropcam is connected to my Linksys ddWRT setup as a repeater bridge.
So now it appears my setup consists of 3 separate "networks" - one in the garage, one from the WD router, one from RG.
Read through the 13 pages of this thread, really great stuff. However, my setup is a little different than what I've read so far so I'd like some input on what I've done.
Before getting Uverse, my hardware was:
dual WAN router: a Peplink Balance 210 router (no built-in wireless):
- small side story: I initially ordered the Peplink Balance 20 and Peplink screwed up my initial order. To make up for their screw-up, they sent me a Balance 210 instead which I was totally fine with.
D-Link DIR-655 Wireless N Gigabit Router (setup as a wireless access point)
Motorola SB6120 SURFboard DOCSIS 3.0 Cable Modem (for Comcast Internet Performance package, 20Mbps down, 4Mbps up)
Motorola Netopia 2210-02 ADSL2+ Gateway modem (for AT&T DSL Internet FastAccess DSL Direct 6.0M package, 6Mbps down, 1.5Mbps up)
RingCentral Polycom IP 335 2-line SIP phone
and a multitude of other devices such as desktops, laptops, switches, security and home automation systems, game consoles, HDHomeRun TV tuners, smartphones, tablets, and other various devices that need occasional Internet access. Upwards of 30 devices have access to my local network. My entire house is wired CAT6 with at least one wired drop in every room. Wireless is really only used for casual Internet surfing from smartphones and tablets and the occasional laptop out on the patio.
I work from a home office along with my wife and we need virtually 100% Internet uptime. In my area, Comcast residential Internet is actually very solid, but still has infrequent drops throughout the year, hence the dual WAN router and two Internet connections. With over two years of this setup, I never once was without Internet.
The network hardware for this was pretty easy to setup even though I don't have a background in IT. I had Comcast on Peplink WAN1 with DHCP and AT&T DSL on Peplink WAN2 with PPPoE. I had the D-Link wireless router going from D-Link LAN1 to Peplink LAN1. I had the D-link setup as a wireless access point with DHCP turned off and setup with a static IP in the D-Link Admin. Everything load balanced properly between the Comcast and AT&T DSL connections and wireless mostly worked properly (just intermittent connection drops in the wireless connection for some reason that I've never been able to figure out).
About six months ago, I canceled all AT&T services including DSL to save a little money, but mostly because I was upset with some additional charges on my AT&T cellphone bill (long story). Recently Comcast Internet has become a little unstable because of upgrades going on in my area so I decided to get DSL again. However, AT&T informed me that there were no longer any free "DSL slots" in my area and if I wanted Internet from AT&T, I would have to get Uverse so I did.
I got the Uverse Max package with self-install, 12 Mbps down, 1.5Mbps up. The self-install kit arrived with an AT&T branded 2Wire 3600HGV router. I did some initial research and came across this thread which was great, especially the steps by SomeJoe7777 in post #2:
After reviewing these steps, I thought perhaps that some of those listed may not apply to me in the same way because of the Peplink dual WAN router I was using. My first steps were:
- I plugged the 3600HGV directly into a laptop to register and configure. Everything worked properly and the laptop had Internet connection in less than 20 minutes.
- I then went to the 3600HGV admin at 192.168.1.254 to Settings > LAN > Wireless and disabled wireless since I would be using the D-Link DIR-655 for wireless.
- then to Settings > Firewall > Advanced Configuration and unchecked the boxes indicated in steps 9 thru 14 in post #2 by SomeJoe7777.
- Hoping it would just "work", I made no other changes and unplugged from the laptop and plugged the 3600HGV into WAN2 on the Peplink router.
I setup WAN2 on the Peplink as DHCP, enabled WAN2 and waited to see what would happen. Unfortunately, WAN2 picked up the internal IP address and gateway of the 3600HGV (192.168.x.x addresses) so I knew I had to try something different. I plugged the 3600HGV back into the laptop and went to Settings > LAN > DHCP and changed the "DHCP Network Range" from "192.168.1.0 / 255.255.255.0" to "172.16.0.0 / 255.255.0.0" and clicked the SAVE button. I guess this would be like post #7 suggested:
Once the 3600HGV rebooted, I made note of the IP address, subnet mask, default gateway, and DNS server IPs under Settings > Broadband > Status > Internet Details. After this, I unplugged from the laptop and re-plugged back into WAN2 on the Peplink.
In the Peplink admin, I went to Network > WAN2 and changed the "Connection Method" from "DHCP" to "Static IP". I then went to the "Static IP Settings" section and entered the "IP Address", "Subnet Mask", "Default Gateway", and "DNS Servers" numbers I had gotten from the 3600HGV's "Internet Details" section, clicked the SAVE button, then "Apply Changes" and the Peplink Balance 210 router refreshed the WAN2 connection (WAN1 never dropped during these changes which was great).
After the refresh, both WANs in the Peplink admin showed as connected and both showed outside IPs which seemed encouraging. I successfully connected to the Internet with several devices including my main desktop, a laptop, my smartphone, the SIP phone, and even a game console. As another test, I disconnected WAN1 (the Comcast connection) to see if everything would switch over to WAN2 (the Uverse connection) and that worked as well.
I reconnected WAN1 so both connections were available and then tested about 10 devices in the house to have a bunch of connections going at the same time. I then went to the Peplink admin, Status > Active Sessions to see if the Peplink was load balancing between WAN1 and WAN2 and the "Outbound" section showed devices on both WAN1 and WAN2. So everything seems to be functioning properly as far as I can tell (again, completely lacking any IT background, I'm a web designer and developer by trade). As a side note, to connect to the Uverse admin, I have to go to http://172.16.0.1/.
So my questions are:
1. Since everything seems to be working properly, is it ok that I deviated from the 14 steps in post #2 because of the advanced nature of the Peplink dual WAN router? Have I overlooked something that will cause me issues in the future?
2. Also, does anyone think that I should still go to the 3600HGV admin and go to Settings > Firewall > Applications, Pinholes and DMZ > 1) Select a computer, and set the Peplink to "Allow all applications (DMZplus mode)". I guess this would be steps 4 thru 7 in post #2.
Since everything seems to be functioning properly over a 12 hour period with no connection drops, I'm probably not going to make any other changes unless someone here sees any issues with my setup or thinks there are ways to improve it. Again, thanks to SomeJoe7777 and everyone else for all the information.
That Peplink is a nice unit.
I do think you still need to go into the 2Wire and designate the Peplink WAN2 port as the DMZPlus device. That way it will be sure to be recognized by the 2Wire as always needing the outside IP address. If you don't do this, the 2Wire will be expecting the Peplink WAN2 port to be in the 172.16.x.x subnet, and will be confused when the WAN2 port presents itself as the registered outside IP.
Furthermore, you won't be able to inbound load balance at all unless you do this, because the 2Wire won't have any NAT port translation entries for services/servers behind the Peplink.
Once you do that, reboot the Peplink and you should be good.
thanks for the help. I set it to DMZPlus as you suggested. I went back and re-read the 14 steps in post #2 and decided to set WAN2 to DHCP in the Peplink admin to see what would happen. When I did, the connection still works. However, I noticed the DNS Server for WAN2 in the Peplink admin is now 172.16.0.1 not 126.96.36.199 and 188.8.131.52.
1. Should I just manually enter the the DNS server IPs for WAN2 or should I leave it as 172.16.0.1 in the Peplink admin?
2. Or, should I just switch back to static IP for WAN2 and just enter everything manually? Is one way better than the other in my case?
thanks again for your help.
More than half a year ago I went with powerline adapters and ended up scrapping the whole idea because performance was abysmal and the fact that it became a pain because I can't add a static route on the residential gateway. I went ahead and collapsed it all back down to just the residential gateway.
Now I am wanting to set up my own DNS server/domain on the network and a pain point with this is that I cannot specify the DNS servers to use when giving out DHCP leases. My thoughts are to use a third party router to provide DHCP to the entire network AND have it on the same subnet as the residental gateway.
Heres my idea:
1. Reduce the DHCP scope size on the residential gateway to only give out one IP address, 192.168.1.10
2. Plug in the third party router with the WAN router's port getting the single DHCP lease in the residential gateway's DHCP scope.
3. Turn on DHCP server on the router and use that to serve DHCP to the entire network (scope would start at 192.168.1.11).
Anything glaringly wrong with this? Anyone have any opinions?
Fantastic info here. Your patience is astounding!! If this question has already been answered, I apologize...
First of all, I have U-verse TV, phone and internet service. I will be setting up an AirPort Extreme as the router for my PCs and mobile devices. I see when configuing my RG, that a pinhole has aleady been set for a Cisco device. I can only assume this is for the Cisco branded DVR that ATT has supplied. It is on port 43 and has already been "mapped" to an outside ip address.
My question is, will setting up DMZplus with MY router interfere with any of the set top boxes on the RG's inside network (192.168.1.254)? I was under the assumption that there was only one outside static IP that ATT supplies for a residential setup.
Thanks in advance,
If you set up router-behind-router, your router (your Asus) will have full control of QOS within the limits of the Internet package that you've purchased.
So do I have to do everything you described in post #2 or just plug the Asus into the RG, turn on router behind router detection and turn off wireless in the RG, and everything would be good to go? This was my original post from way back in August. I know, I'm late to the party haha. *EDIT* Would router behind router detection allow the RG to detect it, or is it just for a notification?
I tried searching for the answer, but either it was beyond my understanding or I just could not find the information.
I have a 3801HGV and I am looking to "bridge" it to an Asus RT-N56U dual band router. Obviously, it will not be a full bridge, but close enough (according to what I have read). My question is, will the new router have control of the traffic shaping or will that still be under the 2wire gateway? I am not knowledgable enough with wireless/internet terms and uses to know if this will work, but it was my understanding that QoS from the Asus would be superior to what is used on the 2wire. Would this be true or should I just use the Asus as an access point for the dual band frequencies?
My main applications are gaming, watching HD videos, and sometimes torrenting.
Ok, got my Asus RT-N56U working with my 3801HGV. Plugged it into an ethernet port on the RG and did the automatic setup for the Asus. Everything is working now for both 2.4Ghz and 5Ghz. One question though, when I enable the QoS on the Asus, it has 4 preset services, Websurf (Port 80), HTTPS (Port 443), File Transfer (Port 80), File Transfer (Port 443). Do those ports have to be opened on the 2Wire RG or is it just through this router? Also, I have the wireless TV receivers, and the Cisco AP for them is set to port 443 on the 2Wire RG, will this conflic with the Asus QoS?
Any other tips or tricks I can do to optimize my setup? Thanks for the help so far.
If the DMZPlus mode is turned on in the AT&T RG for your Asus router, then no, you do not have to open any ports on the AT&T RG. You only need to open them on the Asus.
See the message right above yours (http://forums.att.com/t5/Residential-Gateway/U-verse-for-BUSINESS-2Wire-3600HGV-bridge-mode-or-another-AT-amp/m-p/3435055#M9038) for the explanation of the AT&T wireless receiver for the wireless TV set-top boxes. Basically, yes, it steals port 443 and renders your router unable to use it. If you need INBOUND connections on port 443 (not outbound) because you're running your own HTTPS server, and you want to keep the wireless STBs, then you have to buy static IPs to work-around this restriction.
I'm thinking of getting another 3801 HGV (for a total of 2 in my house). My thought is that they could talk to one another over the coax line via HPNA, and both would be able to serve LAN clients and wireless clients, ALL on the same subnet.
The point is I wouldn't have to get an HPNA Coax to ethernet adapter, and it would also effectively extend my wireless range (both on the same SSID as well).
is this possible?
How would I setup the networking and settings on both?
I found this post purely by accident when I began having DMZ issues with my 2Wire router. Sparing all the boring details, I will get right to my question.
I too have been having the 10 minute timeout issue. I read the thread and there seems to be 2 options.
Assign IP as Static which I have done and it appears to have worked.
Forward from port 67 to port 68 on my firewall.
My setup is as follows:
All is set up as described in post #2. My issue is that I cant figure out WHERE to forward ports 67-68 on my LAN. Tried my router IP/gateway(192.168.2.1) which made perfect sense, but the setup won't even allow me to save it. FAIL. Then I tried my PC's LAN IP, which, predictably failed as well.
So I have sucessfully set it up as static, and I know that AT&T rarely changes your WAN IP so its really not a big deal except that I travel regularly for my job, and if the IP gets changed while I am away, my internet will be down for the duration of my absence which will definitely raise the ire of the Missus. LOL.
Any assistance as to WHERE I can route the renewal packets would be greatly appreciated.
Stock out of the box. I am completely baffled as to where this is going and how to get there......LOL
Static works perfectly. Was just trying to avoid the pitfalls of a static assignement.
If I gotta stay with Static, then I will. Justrr wanted to avoid a DHCP change.
I am interested in replacing the wireless gateway from the i38HG with a Linksys E3000 in order to provide better performance when streaming movies to my Roku.
1. In your wireless access point solution you say to link 2Wire routher to one of the LAN ports on the router I plan to use. My question is for linking to the 2Wire can I connect to a LAN port on the i38HG or do have have to connect to i3812V outside?
2. I assume that I will need to disable the wireless access point on the i38HG. Is that correct?
then I just need to change the LAN IP address of my E3000 to a static IP on the same subnet as the 2Wire router but outside the DHCP range.
Thanks for your help.
I'm trying to use a proxy (BTGuard) with my Mac Mini and MacBook that are connected to a 2wire 3800HGV-B (Uverse). I've tried opening the ports that the proxy is using to no avail. When I try it as a PC (running Paralells) it works fine, which leads me to beleive the Macs are not getting along with the 2wire. Would opening the 2wire on DMZPlus to an Airport Extreme resolve this issue? And would the Airport Extreme act as the firewall? Any help would be appreciated. I hate running Paralells. Thanks!
I am trying to setup my Linksys router as a wireless access point behind a Gateway. I am following one of your earlier post on this. I can disable the WI-FI on the Gateway. On the Local Network Tab of the Linksys I can disable the DHCP server and set the Linksys IP address to be on the same subset as the Gateway but outside its DHCP range. I have some questions however:
1) The Linksys Internet Settings Tab shows the Internet Connection Type as "Auto Configuration - DHCP". Do I leave that as is? If I try to set it as Static IP then it asks for IPv4, Subset Mask, Default Gateway and DNS 1 addresses that I am unable to set up. If I leave it as "Auto Configuration - DHCP" it appears to work ok. Is that the correct setting?
2) On the Advanced Routing Tab, NAT is enabled. Do I leave that as is also?
A little more detail on my earlier post this afternoon. At the moment I am trying to set up a new router as an access point behind an old router to test this setup for a new UV Gateway. Regading my question on the Internet Connection Type - Automatic Configuration DHCP. I can actually change that to Static IP on the new router and fetch addresses from the old router "status" page. However, when I reboot the modem/old router, the modem gets a new IP address of course and the default gateway changes also. Subnet Mask stays at 255.255.255.0 and DNS 1 stays at 192.168.0.1 It appears to work ok nonetheless either way - either with Static IP and the now incorrect Internet IPv4 address and incorrect default gateway address and also appears to work ok if I just set the Internet Connection Type to Automatic - DHCP. Of course the DHCP Server on the new router is turned off ok. So which way should I leave it so there are no conflicts. Unfortunately I am not very knowledgeable on this. Your help appreciated....
You just need to follow post 13 in this thread to set up your Linksys as a wireless access point.
The settings you are referring to regarding Internet connection type are not applicable to this configuration, so just leave those settings at the default.
Check your connections carefully -- for post 13, the link between the 2Wire and your Linksys is LAN to LAN ... the WAN port on your Linksys is not used.
I have followed your post 13 verbatim (no problem on the LAN to LAN). What confused me on that post is the word "static" on item no. 3, I quote: "Change the LAN IP address of your router to a static IP....." so I was trying to accomplish that by changing the Internet Connection Type from "Auto -DHCP" to "Static IP". I will leave it as-is. Thanks for the help,
Indeed... Linksys EA4500 - there is a tab called Local Network that allows me to edit the LAN IP address of the router and turn off DHCP. I have done that successfully. There is also a tab called Internet Settings that allows me to change form "Auto - DHCP" to "Static IP". I was confused about the Static IP part but based on your earlier post I now have at default - Auto - DHCP and left NAT enabled on another tab, default also. Everything appears to be working OK... Thanks again, great resource
I have a 2Wire 3801HGV-B with uverse and I'm trying to set it up as a bridge to a Linksys E2000 router. I tried to follow the steps in post #2, but I get hung up on step 3. I performed the following steps:
I have the internet port on the E2000 plugged into one of the LAN parts on the 2Wire, and my computer plugged into the lan port of the E2000.
-Reset both to factory settings
-logged into the e2000 and disabled hdcp server and set IP address to 184.108.40.206.1.
-Rebooted the router and checked the status and saw that no IP address has been assigned. Unable to browse the internet.
- Unplugged my computer and plugged it directly into the 2Wire. Went to Firewall>Applications, Pinholes and DMZ and only my computer shows up as a device, not the router.
As this point I can't go any farther, and I messed around with any setting I could think of with no effect. I would appreciate any guidance you can give me.
Sign up now to post, reply, and join the conversation.
© 2015 AT&T Intellectual Property.© 2015 AT&T Intellectual Property. link. This link will open a new window All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. AT&T 36USC220506