dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3018
share rss forum feed

gadawg

join:2006-01-27
Louisville, KY
Reviews:
·AT&T U-Verse
·Insight Communic..

New install and existing router

We are getting Uverse internet and TV installed Tuesday. Will the installer put my wireless router after the gateway if I ask him to? I would rather use my router because I restrict access by MAC addresses. I would rather not have to enter all the MAC addresses again in the ATT router.

Any advice before the install? Move furniture away from wall, disconnect existing cable from the TV's, etc.


crash58

join:2012-05-22
Clarksville, TN

It can be done and there are many post about it. I though wouldn't recommend it! I followed the instructions from other posters on here and it caused problems. I enabled DMZ plus mode for my own router from the 2wire gateway....All ports on the inside 2wire gateway didn't work, just my own router. Let me repeat....all I did was enable the DMZ plus, that is what was advised by other users....I lost tv on all of my receivers and had to have a tech come out. They had to replace my gateway. I wouldn't recommend to use your router. I went out and bought a true 'switch' since I needed more than the 4 Ethernet ports and it was plug and play!



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
reply to gadawg

It is possible, but you may run into issues (typically not as severe as crash58's - not sure why the gateway had to be replaced) with some services that require ports to be opened and things like that.

Where/how do you use the MAC address filter? If it's only for Wireless, you can turn off the DHCP server on your router and connect it as a switch/AP to the AT&T gateway. Your MAC filter will still work without the headaches of a router behind a router.

With that said, MAC address filtering is a really poor way to do security and it's easily defeated (only takes a few seconds). With a good WPA2 passphrase, you should never have to worry about registering MAC addresses with your router.
--
University of Southern California - Fight On!


Austinloop

join:2001-08-19
Austin, TX
kudos:1
reply to crash58

I would suspect that crash58's gateway problem was probably due to "infant mortality", no putting it in the DMZ.



ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9
Reviews:
·AT&T U-Verse
reply to gadawg

said by gadawg:

We are getting Uverse internet and TV installed Tuesday. Will the installer put my wireless router after the gateway if I ask him to? I would rather use my router because I restrict access by MAC addresses. I would rather not have to enter all the MAC addresses again in the ATT router.

Any advice before the install? Move furniture away from wall, disconnect existing cable from the TV's, etc.

Router behind router can be done a couple of different ways. However it is not the job of the installer to set the network up that way (nor is he/she trained to). The U-Verse installer will connect devices directly to the 2Wire/Pace. Any configuration beyond that is a "do at your own will/risk" type deal

As far as advice:
1) Move furniture away from any and all TV/Coax jacks as well as phone jacks.
2) Make sure the wiring entry point for both the phone and/or coax wiring is accessible, as well as any & all coax splices & splitters. Typically these are located near the electric panel, but can be in other areas in basements, crawl spaces, and/or attics.
3) Make sure the Telco Network Interface Device is accessible outside (typically located next to the power meter on the outside wall).
4) Access to the telephone pole (if aerial fed service) or telephone pedestal (if buried fed service) may also be needed.
5) It is also appreciated if any dogs on the premise are secured while the technician is working inside/outside
6) Depending on what all needs installed, prepare for the installation to take anywhere from 4-6 hours. Some installs take less, some take more, but be prepared for about that duration

gadawg

join:2006-01-27
Louisville, KY
Reviews:
·AT&T U-Verse
·Insight Communic..
reply to Thinkdiff

said by Thinkdiff:

Where/how do you use the MAC address filter? If it's only for Wireless, you can turn off the DHCP server on your router and connect it as a switch/AP to the AT&T gateway. Your MAC filter will still work without the headaches of a router behind a router.

With that said, MAC address filtering is a really poor way to do security and it's easily defeated (only takes a few seconds). With a good WPA2 passphrase, you should never have to worry about registering MAC addresses with your router.


gadawg

join:2006-01-27
Louisville, KY
Reviews:
·AT&T U-Verse
·Insight Communic..
reply to Thinkdiff

said by Thinkdiff:

Where/how do you use the MAC address filter? If it's only for Wireless, you can turn off the DHCP server on your router and connect it as a switch/AP to the AT&T gateway. Your MAC filter will still work without the headaches of a router behind a router.

With that said, MAC address filtering is a really poor way to do security and it's easily defeated (only takes a few seconds). With a good WPA2 passphrase, you should never have to worry about registering MAC addresses with your router.

I use MAC address filtering for wireless devices. I also use a passpharse for the devices on the MAC address filtering list. 2 levels of security I suppose


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

MAC address filtering is not security, it's just a hoop to jump through for yourself. A MAC address filter can be defeated in seconds.

Just something to consider, so you're not changing settings and configuring work arounds all for something that doesn't add much value.
--
University of Southern California - Fight On!


gadawg

join:2006-01-27
Louisville, KY
reply to ILpt4U

Thanks for the tips. I have or will do all of the above.


gadawg

join:2006-01-27
Louisville, KY
Reviews:
·AT&T U-Verse
·Insight Communic..
reply to gadawg

So, once uverse is installed, attach my wireless router to the gateway and turn off DHCP server? All our wireless devices will still work? Would I still use the passphrase from the router for the wireless devices?

Should I eliminate MAC address filtering and just use a passphrase for wireless devices?

Do I turn off the WIFI for the gateway or leave it on?



Mangix

join:2012-02-16
united state
reply to gadawg

Disabling DHCP will work yes. Ideally you'd want to set your router in WAN disabled mode or bridged mode depending on the router and the firmware but just disabling the DHCP server as well as not using the WAN port should work.

As someone who has experience hacking wifi networks, I can tell you that MAC filtering is completely useless. When a wifi adapter is set to monitor mode, it can see all the wifi traffic including the MAC address of your router and the clients that connect to it. Just changing your own MAC address is enough to defeat it.

Leave the Gateway WiFi off. unless your router has weak wifi antennas, or is not n, or w/e reason.


gadawg

join:2006-01-27
Louisville, KY

The wireless router is not N. So use the gateway as the router and the wireless router as an access point/bridge?



techguyga
Premium
join:2003-12-31
Cumming, GA
Reviews:
·AT&T U-Verse

I see 2 choices you have:

1) Use your router in DMZ+ mode. This would let your wireless router do routing/NAT/DHCP to any wireless or connected wired clients. If you choose this route, you'll want to make sure that the wireless router's LAN addressing is not in the 192.168.1.0/24 subnet to prevent conflicts with the RG. In this scenario, you would connect the RG to the WAN port of your router and the RG will give the router a public IP.

2) Use your router as an AP by disabling DHCP and connecting the RG to a LAN port on your router as opposed to the WAN port. I would also statically set the router's LAN IP to something like 192.168.1.253 so that you can access the configuration pages of both the RG and router.

In either case, you could disable the wireless on the RG to prevent confusion or interference. I would also fore-go MAC filtering as it only adds an unneeded layer of complexity.

Please note that unless you do heavy communications between devices on your LAN, I would not expect to see dramatic increases in WAN speed by using 802.11n over 802.11g. U-verse doesn't support data throughput to the WAN high enough to warrant 802.11n.

One other piece of advice...if you use the AT&T apps on your mobile devices, like the remote control, you'll want to go with option 2. In option 1 above, wireless devices connected to your router will not be able to communicate with the STBs to control them.

Personally, I use option 2. I have a lot of heavy LAN traffic between devices (file transfers, cron jobs, etc) that can take advantage of my 802.11ac router (access point, per se). And I'm still able to use the mobile apps to control my STBs.

My $0.02
--
My hourly rates:
$35 per hour.
$45 per hour if you want to watch.
$55 per hour if you want to help.
$100 per hour if you already tried to fix it.


gadawg

join:2006-01-27
Louisville, KY

Thanks. I will try option 2 and not use MAC address filtering as many of you suggest.

Is the WAN port the one labeled "internet" on the router?



Mangix

join:2012-02-16
united state
reply to gadawg

yes



brookeKrige

join:2012-11-05
San Jose, CA
kudos:3
reply to gadawg

Bit off OP's topic, but for my own curiosity:

Saw option#2 case (config your router as wireless-AP) for a while. Ended once he tried using its QoS to prioritize VOIP devices: rude awakening that [linksys E4200] QoS settings do not work in bridge-mode, nor even in informal bridge config (just disabling DHCP&NAT and avoiding its WAN port).

Option#1 worked with and without placing in DMZ+. Posters HEAVILY favor DMZ+ mode. As a newbie, I don't fully understand why yet (for majority installs not needing port-forwarding). One implied it avoids double-NAT, which was implied to break some VOIP devices (SIP-ALG packet rewriting stuff?).

With router in DMZ+ of 3800HG I saw RG's LAN - IP Allocation page say router was Firewall=Disabled (and didn't allow enabling it). Again, posters and obsolete RG manuals HEAVILY claim router in DMZ+ mode is still somehow firewall protected; and I don't understand yet what subset survives despite Firewall=Disabled.

For option#1 (with DMZ+) case, saw both the router (192.168.2.x) and RG's (192.168.1.254) config web-GUI's were accessible (from the router's LAN). Not sure why (some posts appeared to imply RG's config IP should become unreachable). The router's WAN broadcasts for a DHCP server, the RG answers (to assign router the RG's self-same WAN IP), therefore router makes routing-table entry for RG's LAN IP (i.e. RG is reachable by side-effect of the RG answering as a DHCP server)?



techguyga
Premium
join:2003-12-31
Cumming, GA
Reviews:
·AT&T U-Verse

Hi brookeKrige See Profile,

I'll take a stab at some of these...

quote:
Saw option#2 case (config your router as wireless-AP) for a while. Ended once he tried using its QoS to prioritize VOIP devices: rude awakening that [linksys E4200] QoS settings do not work in bridge-mode, nor even in informal bridge config (just disabling DHCP&NAT and avoiding its WAN port).
You'll find very few, if any, home or SOHO routers that will provide QoS on switched interfaces. Most, if not all, will only apply QoS to traffic traversing the external interface.
quote:
Option#1 worked with and without placing in DMZ+. Posters HEAVILY favor DMZ+ mode. As a newbie, I don't fully understand why yet (for majority installs not needing port-forwarding). One implied it avoids double-NAT, which was implied to break some VOIP devices (SIP-ALG packet rewriting stuff?).
Placing the router in the DMZ+ does indeed avoid double NAT. It also forwards all external traffic directly to the router (there is a caveat discussed below) so that the router handles firewall/forwarding rules. The advantage to this is that you can manage your router remotely if you wish, as well as the advantages of other advanced features of the router. QoS will also fully work in this scenario.
quote:
With router in DMZ+ of 3800HG I saw RG's LAN - IP Allocation page say router was Firewall=Disabled (and didn't allow enabling it). Again, posters and obsolete RG manuals HEAVILY claim router in DMZ+ mode is still somehow firewall protected; and I don't understand yet what subset survives despite Firewall=Disabled.
When the router is placed into the DMZ+ of the RG, all external traffic is forwarded directly to the router EXCEPT packets that have an implicit rule on the RG. So if there is a rule on the RG to forward all requests on port 443 to a STB connected to the RG, that rule will still be in effect, and no 443 requests will make it to the router. This is just an example.
quote:
For option#1 (with DMZ+) case, saw both the router (192.168.2.x) and RG's (192.168.1.254) config web-GUI's were accessible (from the router's LAN). Not sure why (some posts appeared to imply RG's config IP should become unreachable). The router's WAN broadcasts for a DHCP server, the RG answers (to assign router the RG's self-same WAN IP), therefore router makes routing-table entry for RG's LAN IP (i.e. RG is reachable by side-effect of the RG answering as a DHCP server)?
This is correct. As long as the RG and router have their LAN segments configured on different subnets, they should be accessible from one another. The only caveat here is that broadcast traffic is dropped at the router or RG, depending on where the broadcast originates. This is by design in any router. The problem that this introduces is that some applications, such as apps that control a STB, when connected to the router, are not able to send a broadcast to find a STB on the RG's subnet.
--
My hourly rates:
$35 per hour.
$45 per hour if you want to watch.
$55 per hour if you want to help.
$100 per hour if you already tried to fix it.

gadawg

join:2006-01-27
Louisville, KY
reply to gadawg

Is it better to use the AT&T gateway as my wireless router or use my current router after the AT&T gateway? What are the advantages and disadvantages of doing it either way? Current router is a linksys wrt54g2 v1. Wireless g.



techguyga
Premium
join:2003-12-31
Cumming, GA
Reviews:
·AT&T U-Verse

Personally, I would just use the RG wireless if my personal router was 802.11g. In my opinion, adding the additional router doesn't really get you anything extra for the headache you put into it.

Thant's just my opinion, though. Others may disagree



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

Unless the wireless is incredibly crappy on the AT&T RG, I'd retire that WRT54G. You're not going to see any benefit.

One option for keeping it around may be using it to extend the RG's wireless network if you find the range isn't good enough.

Edit: Obviously this was a reply to the OP, but I was agreeing with techguyga.
--
University of Southern California - Fight On!


gadawg

join:2006-01-27
Louisville, KY
Reviews:
·AT&T U-Verse
·Insight Communic..

The AT&T tech installed a 2 wire box on the outside of the house and a 2wire modem inside the house. I am going to use the AT&T equipment only. Now to set up all our wireless devices to access the network.

4 hours to install and everything appears to be working well. Any last pieces of advice for the wireless network security?

Currently I am using it as it was set up.



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

Might want to change the default SSID (wireless name) and password for the wireless network as they are relatively easy to crack. Make sure the wireless security is at least WPA. WPA2 is better.
--
University of Southern California - Fight On!



Lagz
Premium
join:2000-09-03
The Rock
reply to gadawg

What model 2wire did you get?



Canezoid
End of line

join:2001-02-16
Powder Springs, GA
Reviews:
·Comcast
reply to gadawg

This was an INID install per his installation info, so the inside unit is an I38hg, it is an access point only. Hookup to that could be changed if tech wired to the ethernet port directly, but most don't, then the op could just use his own equipment.

Routing logic is handled by the unit outside.

Just my 2c.


gadawg

join:2006-01-27
Louisville, KY
reply to Thinkdiff

Ok. I will do that. Settings, LAN and then wireless after I go to the IP address? Only change those correct?
Leave the Wireless Access Point List and Unique Settings alone?

Wi-Fi Protected Setup is currently disabled (default)


gadawg

join:2006-01-27
Louisville, KY
reply to Lagz

i3812V outside and i38hg inside(router).



Lagz
Premium
join:2000-09-03
The Rock

Here's the manual for your setup »www.att.com/support_media/images···2_UG.pdf

The modems config pages look similar to my 2wire. I have multiple routers, switches, and non-switched hubs behind my modem. If you feel comfortable messing with router/modem settings then you can try a few things.

I would give your current router an IP address within the DHCP range of the modem. Then go to the modem and open its config page. Go to settings tab > LAN tab > IP address allocation and turn off the modems firewall for that device.




This is currently how I have my networks configured behind my 2wire modem.
--
When somebody tells you nothing is impossible, ask him to dribble a football.

gadawg

join:2006-01-27
Louisville, KY
Reviews:
·AT&T U-Verse
·Insight Communic..
reply to gadawg

I will use the ATT equipment. Much stronger wirelsss signal than our old router. Changed the network name and password. ATT support had to do it because I couldn't find the system password. Tech support and I finally found it on the battery backup. Not on the wireless router.

Very happy with the whole setup. Better DVR's than our old cable provider. Liking the guide as well.



Lagz
Premium
join:2000-09-03
The Rock
reply to gadawg

Just a note of caution about Wi-Fi Protected Setup(WPS) security issues. »en.wikipedia.org/wiki/Wi-Fi_Prot···Security
--
When somebody tells you nothing is impossible, ask him to dribble a football.



Mangix

join:2012-02-16
united state

Not applicable to 2Wire U-Verse gateways.

On this 3600HG-V I have, neither the pin method nor the push button method work. It's completely broken.