Question Any reason AT&T Fiber would just stop working totally mostly over wireless one day when using BGW 210 gateway in IP Passthrough mode with a RT-AX86U?

[pcslookout]

It makes no sense.

I prefer using my Asus RT-AX86U as my main device and the AT&T Gateway as a dummy modem only if possible. I get more control and tweaking! So having the Asus RT-AX86U as just a wireless access point makes me sad.

Though at least it works now.

Just curious if anyone else had this problem lately? Guessing no.

It is ok either way.

 

[Ranulf]

No idea myself but you might try asking on dslreports.com .

I think this is the ATT forums there,

AT&T U-verse forum | DSLReports, ISP Information

AT&T U-verse forum, broadband news, information and community

www.dslreports.com

 

[aigomorla]

well im using the same modem, but my router is a UDM Pro SE.
Haven't had issues like you describe, unless internet itself went down.

Had that happen a couple of times which lasted 10 minutes, but once it came back up, it would be fine again.
IP Passthough also assigns the gateway IP address, and not the internal subnet so i have no issues with double NAT.

Maybe your router is giving out?
Asus routers do not have the best longevity recording from my experience.
Actually no consumer based router i owned has lasted more then 2 yrs without giving me headaches.

 

[pcslookout]

well im using the same modem, but my router is a UDM Pro SE.
Haven't had issues like you describe, unless internet itself went down.

Had that happen a couple of times which lasted 10 minutes, but once it came back up, it would be fine again.
IP Passthough also assigns the gateway IP address, and not the internal subnet so i have no issues with double NAT.

Maybe your router is giving out?
Asus routers do not have the best longevity recording from my experience.
Actually no consumer based router i owned has lasted more then 2 yrs without giving me headaches.

Thanks got it working as a AP instead for now. Still prefer it to be used as a router. Oh well. Not giving up.

Someone else told me they had the same issue.

I like using my own DNS but can't without using it as a router.

 

[Tech Junky]

Did you try a hard reset and reconfigure the ATT box again as a bridge? They might have pushed a FW update to it that broke things. Also, with ATT they're known to use VLAN's for different traffic types like HSI / IPTV / etc.

Seems like this might not be the case with this particular device though. Seems they've really dumbed things down.

https://help.sonic.com/hc/en-us/articles/360059074954-How-to-configure-your-AT-T-modem-for-use-with-a-3rd-party-router

Configuring IP Passthrough with an AT&T BGW210-700 and a UDM Pro

The steps I took to configure an AT&T (Arris) BGW210-700 router for IP Passthrough mode, going to a Unifi Dream Machine Pro.

spin.atomicobject.com

 

[pcslookout]

Did you try a hard reset and reconfigure the ATT box again as a bridge? They might have pushed a FW update to it that broke things. Also, with ATT they're known to use VLAN's for different traffic types like HSI / IPTV / etc.

Seems like this might not be the case with this particular device though. Seems they've really dumbed things down.

https://help.sonic.com/hc/en-us/articles/360059074954-How-to-configure-your-AT-T-modem-for-use-with-a-3rd-party-router

Configuring IP Passthrough with an AT&T BGW210-700 and a UDM Pro

The steps I took to configure an AT&T (Arris) BGW210-700 router for IP Passthrough mode, going to a Unifi Dream Machine Pro.

spin.atomicobject.com

Yes.

 

[aigomorla]

Thanks got it working as a AP instead for now. Still prefer it to be used as a router. Oh well. Not giving up.

Someone else told me they had the same issue.

I like using my own DNS but can't without using it as a router.

Build your own especially for a 1gb fiber.

And you can still use that asus as a AP, but get a reliable switch.
For SOHO type applications which i think most homes are now, unless your living alone:
Mikrotik > Zyxel = Netgear >>>>>> Tplink

I have a adversion to TPLink.... ive always had there stuff fail on me.
But if you want to setup a IoT subnetwork you might want to look at managed switches, so you can manually setup VLAN's for IoT devices.
IoT -> Ip Cameras, Smart Outlets, Alexa, Google.... so you don't get back door'd into your network if some bored 16 yr old hacks you next door.

Avoid Things which are labeled "Gamer" and "SOHO" on the box.

But really you should build yourself a pfsense box on dual intel nics, and then have a good switch right after that.
So Modem (IP Passthough) -> Pfsense -> Switch -> your entire network.

That is the minimum i would go about for my house, unless you want to get into pricey stuff like Cisco Miraki, or Ubiquiti.

 

[skull]

Whats the point of the switch? Why so much love for pfsense and not openwrt around here?

I've been looking into stepping up my home network setup, grabbed a belkin RT3200 I can put openwrt on. Was thinking about going with one of those dual network port pi kinda things and running openwrt on that to the belkin. I'm usually the only one on ethernet everyone else in the house is on wifi stuff. Convince me to step it up to a x86 over arm and why I need a managed switch over the router. It shouldn't take much, I might do both to play ha. I am on cable and not fiber though. I also got an actual pi around here was contemplating pi hole too. Also whats with the vlans it seems a lot of people think they're a must have and others think its a pain in the ass and useless anyway. I got a couple older routers I can make APs to grab the smart tvs and such if that helps.

 

[Tech Junky]

@skull

A switch gives you port density

Pfsense / openwrt just a preference but they're both open source

Managed switch gives you options like vlans

Vlans are useful for segregating traffic at layer 2 to keep devices from talking to each other

Pinole is a software package that runs Linux based os's it's more useful than some spinoff packages for blocking DNS lookups whether ads or telemetry

 

[Fallen Kell]

Whats the point of the switch? Why so much love for pfsense and not openwrt around here?

I've been looking into stepping up my home network setup, grabbed a belkin RT3200 I can put openwrt on. Was thinking about going with one of those dual network port pi kinda things and running openwrt on that to the belkin. I'm usually the only one on ethernet everyone else in the house is on wifi stuff. Convince me to step it up to a x86 over arm and why I need a managed switch over the router. It shouldn't take much, I might do both to play ha. I am on cable and not fiber though. I also got an actual pi around here was contemplating pi hole too. Also whats with the vlans it seems a lot of people think they're a must have and others think its a pain in the ass and useless anyway. I got a couple older routers I can make APs to grab the smart tvs and such if that helps.

Pfsense and OpenWRT are two COMPLTELY different animals designed for 2 completely different uses. OpenWRT is a great firmware replacement for use on WiFi access points/routers for unlocking the features that the WiFi access point should have had from the factory (but do not). It also double duty provides basic home network services, DHCP, basic routing, basic firewall, basic NAT address translation (basically all the services that you minimally need to get your home network up and running).

Pfsense is first and foremost a router/firewall. It is a full fledged, security hardened, product. It will let you do deep-packet inspection, full intrusion detection/protection system (IDS/IPS), network virus scanning, DNS threat blocking (PIHole on steroids as it not only gives a "not found" on DNS lookups to blacklisted sites and domains, but also provides firewall rules to block outgoing traffic to those IP addresses preventing a piece of malware from being able to bypass a PIHole by simply directly using a hardcoded IP address without the need to look it up). It an entirely different level of product.

As for your VLAN question, they are there to segregate your network for security reasons (if you have used a WiFi router that had a "guest" network, you have already used these and this concept). The idea is that devices on the "guest network" can not communicate to the other devices on your production network. This way, if that device was compromised, it can't attack your devices on your production network. Using proper VLANs and VAPs (the wireless equivelent), you will limit your exposure to outside threats.

 

[skull]

Pfsense and OpenWRT are two COMPLTELY different animals designed for 2 completely different uses. OpenWRT is a great firmware replacement for use on WiFi access points/routers for unlocking the features that the WiFi access point should have had from the factory (but do not). It also double duty provides basic home network services, DHCP, basic routing, basic firewall, basic NAT address translation (basically all the services that you minimally need to get your home network up and running).

Pfsense is first and foremost a router/firewall. It is a full fledged, security hardened, product. It will let you do deep-packet inspection, full intrusion detection/protection system (IDS/IPS), network virus scanning, DNS threat blocking (PIHole on steroids as it not only gives a "not found" on DNS lookups to blacklisted sites and domains, but also provides firewall rules to block outgoing traffic to those IP addresses preventing a piece of malware from being able to bypass a PIHole by simply directly using a hardcoded IP address without the need to look it up). It an entirely different level of product.

As for your VLAN question, they are there to segregate your network for security reasons (if you have used a WiFi router that had a "guest" network, you have already used these and this concept). The idea is that devices on the "guest network" can not communicate to the other devices on your production network. This way, if that device was compromised, it can't attack your devices on your production network. Using proper VLANs and VAPs (the wireless equivelent), you will limit your exposure to outside threats.

Sold guessing a lower end amd system from around 2010 with a couple nics is a bad idea?

Was thinking something like this...

https://www.amazon.com/dp/B082KR9KX5/ref=cm_sw_r_apa_i_NXTMQTF0YMBR1HF8FTXT_1

Is that appropriate I'm about to retire my pentium 3250 which would probably do it but rather pass that down to the kid or the old lady.

I saw on another thread I can do single Ethernet to the switch with the cable modem on a port to the switch? That's crazy and makes no sense to me but if that works will one of the extra cheap mini computers on Amazon work? Take it it's like the pihole with the dns stuff. Used to pass thru modem to wan and out. Imagined it being two port with same passing to wifi router.

Then that leads to how crazy do I have to get with the switch think I saw a managed tplink for like 30 but most seemed closer to 80.

Then I just plug the Belkin in setup some vlans one for kids one iot and so on. I do the vlans on the switch? Not the wifi router or the pfsense machine. Never used a managed switch.

I was looking at the nano pi 5 with the two ports for wrt is that an option for pfsense with Ubuntu core or something.

NanoPi R5S

The NanoPi R5S is a RK3568 SoC-based ARM board

www.friendlyelec.com

Pretty obvious should of started my own thread in retrospect.

 

[Fallen Kell]

Sold guessing a lower end amd system from around 2010 with a couple nics is a bad idea?

Was thinking something like this...

https://www.amazon.com/dp/B082KR9KX5/ref=cm_sw_r_apa_i_NXTMQTF0YMBR1HF8FTXT_1

Is that appropriate I'm about to retire my pentium 3250 which would probably do it but rather pass that down to the kid or the old lady.

I saw on another thread I can do single Ethernet to the switch with the cable modem on a port to the switch? That's crazy and makes no sense to me but if that works will one of the extra cheap mini computers on Amazon work? Take it it's like the pihole with the dns stuff. Used to pass thru modem to wan and out. Imagined it being two port with same passing to wifi router.

Then that leads to how crazy do I have to get with the switch think I saw a managed tplink for like 30 but most seemed closer to 80.

Then I just plug the Belkin in setup some vlans one for kids one iot and so on. I do the vlans on the switch? Not the wifi router or the pfsense machine. Never used a managed switch.

I was looking at the nano pi 5 with the two ports for wrt is that an option for pfsense with Ubuntu core or something.

NanoPi R5S

The NanoPi R5S is a RK3568 SoC-based ARM board

www.friendlyelec.com

Pretty obvious should of started my own thread in retrospect.

In terms of hardware, you want a CPU that supports AES-NI as a minimum. You also need NICs that have proper driver support for operating systems other than Windows (specifically FreeBSD).

In terms of a single Ethernet to the switch with the cable modem on a port to the switch, yes, it can be done. But you need managed switches to do this. It is called "router-on-a-stick", and uses VLANs in order to handle the different traffic. My pfsense system is configured like this, mainly so that I am set for whatever interface/speed my cable modem can handle. The cable modem connects to my switch via bonded ethernet right now (2x1Gb connections). The port it connects into is tagged with my "WAN" VLAN (such that all packets that come from that port are tagged by my switch as being from that VLAN). My pfsense system connects to my switch via 40Gb to a QSFP+ port, which is configured as a "VLAN trunk port" which has both my "WAN" and "LAN" VLANs as acceptable VLANs going to that port which I then configured the pfsense to use the appropriate "VLAN tagged interface" to route the traffic between either the "WAN" or "LAN" VLAN. If in the future my cable modem has a 10Gb or a multi-gig connection, I will just connect that to an appropriate interface on my switch and tag it with the "WAN" VLAN and everything is up and running again with no need to change anything else. But you need to recognize, I am using a Layer 3/4 managed enterprise grade networking switch (with 24x1Gb ports, 16x10Gb ports, and 2x40Gb ports) which does all my internal routing with no routing interface configured on the "WAN" VLAN (and firewall rules to block anything from that VLAN from reaching anything but the pfsense system).

You will probably want something with a little more horsepower than a Pi for pfsense. Not saying you can't do it with something that lightweight, but if you want to take advantage of the more advanced features and capabilities, you need the CPU performance to do so. You also want NICs that have hardware based offload engines to take care of a lot of their processing needs (if you are trying to support high traffic rates).

I picked up a Dell Optiplex 9020 SFF for my system (with a i7-4790 CPU and 16GB RAM). I picked this model because it has a PCIe 3 16x slot (which is where I put my 40Gb network card).

 

[skull]

In terms of hardware, you want a CPU that supports AES-NI as a minimum. You also need NICs that have proper driver support for operating systems other than Windows (specifically FreeBSD).

In terms of a single Ethernet to the switch with the cable modem on a port to the switch, yes, it can be done. But you need managed switches to do this. It is called "router-on-a-stick", and uses VLANs in order to handle the different traffic. My pfsense system is configured like this, mainly so that I am set for whatever interface/speed my cable modem can handle. The cable modem connects to my switch via bonded ethernet right now (2x1Gb connections). The port it connects into is tagged with my "WAN" VLAN (such that all packets that come from that port are tagged by my switch as being from that VLAN). My pfsense system connects to my switch via 40Gb to a QSFP+ port, which is configured as a "VLAN trunk port" which has both my "WAN" and "LAN" VLANs as acceptable VLANs going to that port which I then configured the pfsense to use the appropriate "VLAN tagged interface" to route the traffic between either the "WAN" or "LAN" VLAN. If in the future my cable modem has a 10Gb or a multi-gig connection, I will just connect that to an appropriate interface on my switch and tag it with the "WAN" VLAN and everything is up and running again with no need to change anything else. But you need to recognize, I am using a Layer 3/4 managed enterprise grade networking switch (with 24x1Gb ports, 16x10Gb ports, and 2x40Gb ports) which does all my internal routing with no routing interface configured on the "WAN" VLAN (and firewall rules to block anything from that VLAN from reaching anything but the pfsense system).

You will probably want something with a little more horsepower than a Pi for pfsense. Not saying you can't do it with something that lightweight, but if you want to take advantage of the more advanced features and capabilities, you need the CPU performance to do so. You also want NICs that have hardware based offload engines to take care of a lot of their processing needs (if you are trying to support high traffic rates).

I picked up a Dell Optiplex 9020 SFF for my system (with a i7-4790 CPU and 16GB RAM). I picked this model because it has a PCIe 3 16x slot (which is where I put my 40Gb network card).

Thanks got a optiplex 7050 i5 7500 250 gig ssd 8gb on the way from ebay for a little more than that pi with extras and about the same less than that celeron, bench mark has it 3x that celeron which is seemingly neck and neck with my g3250. Have to see how the ram is set up in its probably going to get 16gb one way or another. This comp started with 4gb and now 8 has it using the swap constantly running ubuntu just screwing around on the web and such.

Am I tripping or is a dual 10gbE nic and a 5ish port managed switch going to cost me 2x as much as the computer? I don't want to know what that switch your running cost. Hope it was a hand me down freebie from work or something. Depending where and if I move I'm probably going 1 or 2g fiber, I can get 1g here now. Should i forget it and go 1gig? Damn it just realized I didn't check how many lane pci the dell has. I agonized over what motherboard for the 5600g so id atleast have full pcie 3 nvme for the drive after the APU drops the stupid thing down from pcie4 to 3. So many only got sata then the bios thing jesus. Got a qflash board thats supposed to be ready regardless. Case is the last piece to puzzle it'll be here tomorrow. Shit lying gotta get rgb fans for the kids I promised went with boring old man case.

 

[Fallen Kell]

My switch only cost me just over $200 shipped. Most companies are dumping their 10/40Gb networks as they are all upgrading to 25/100 network switch (or even the 100/400 ones).

And my 40Gb NICs only cost $29 each when I bought them (10Gb NICs are still 3-4x that price, but you need a 16xPCIe slot for it which I made sure my system had).