US Telco Support > Verizon > Verizon Online DSL > VersaLink+Wireless+Hub with another FireWall

VersaLink+Wireless+Hub with another FireWall

One word....

WHY!?

reply to ChrisDAT
Some of us have invested a great deal of money, time and effort to get a very good hardware firewall setup that allows them to support services and do everything they need to do -- the firmaare and hardware of the VersaLink is very new, so it canot be expected to be fully developed and bulletproof for quite some time -- The whole puropse of this "exercise" is to break the box down into it's components, so that only some of them can be incorporated into an pre-existing and fully developed design...

Every Westell PPPoE modem ever shipped to a Verizon customer will work with the new 3.0/768 speed, so maybe I don't want to use the Versalink modem ... maybe, the modem is all I want to use... really, I want to use the modem and the wireless, but not the NAT and firewall because my LinkSys is bulletproof and perfect for the job [and it does more].

It's up to you.

reply to ChrisDAT
My setup is actually the other way around. I don't trust the LinkSys WRT54Gv2 firmware all that much (there have been some known issues with PPPoE going down intermittently), so I have a Westell 2200 connected to the DSL line, with the ethernet connected to the LAN side on the WRT54G, with the WAN port empty. I use it as a wireless AP, nothing more.

I don't really think that what you are trying to do is possible, not unless you actually have a second, seperate DSL modem with an ethernet connection on it.

If you use the DSL modem part of the Versalink, then that necessarily becomes the WAN port. The only way to put some device "in front of" the Versalink, would be to use the WAN port as an ethernet ('Versajack' - I don't own one, so I don't know if the ones that VZ are currently shipping out include that feature), and then connect a traditional router (such as a LinkSys), and then connect it's WAN port to another DSL modem.

So effectively, you have the Versalink functioning as a wireless AP or as a router (if you want double-NAT), and then your LinkSys, and then some other DSL modem connected to the line, perhaps an older Westell 2100 or 2200 model.

If that makes sense - I'm not entirely sure if that's what you want to do or not. It seems impossible to "slice" the Versalink into two effective halves, because the DSL-line/WAN connection is connected internally. You can bypass the DSL line and use it as an ethernet jack, but then it doesn't expose a seperate additional ethernet jack *and* telco jack to be able to do what you want.

First of all, there's no double NAT in my future.

Right now, I have two ethernet ports and the wireless on VLAN 2 -- connected to a second network [net2] I have on my LAN serving wireless clients like everything was OK... To my LAN, this part is just a wireless AP and 2 port hub/repeater/switch.

The other two Ethernet ports are on VLAN 1 and IP net1 and that is how I access the config utility...

Reconfig is necessary when I want to "break out" the modem... The firewall/NAT will not be in the picture, since I will use the PPPoE "shim" from the LinkSys to control the modem, and it wil communicate only through the WAN port of the LinkSys.

When it gets late and my net services become less active, I'll swap some cables and reconfig the box to test the setup...

You would be surprised how well this box can be dis-integrated... the more I "play" with it, the more potential it apears to have....

Stay Tuned....

reply to ChrisDAT
I just got mine today, and have read the .pdf as a manual, and will play with it this weekend.

I want something similar:

. a bridged modem
. my WRT54G as router for DHCP and NAT, port forwards, etc.
. the VersaLink to be a bridge modem, and a second wireless AP

It does not seem to me that I need to more than:

. put the modem in bridge mode
. disable DHCP
. use the WAN connection from VersaLink to Linksys WRT54g (just as I do now with the Westell 2200 in bridge mode)
. set the wireless SSID, channel and WEP settings as I need

From the documentation, which is poor, it still seems as if you have an xDSL modem, a router, a 4-port switch, and a wireless AP/bridge. They seem as if they are separate devices in one box, and I intend to treat them this way.

I will post again when i get a chance to test this, but see this much earlier post by Tom's Hardware about the general notion of using two routers without a double-NAT: »www4.tomshardware.com/network/20···dex.html

Just got my versalink modem and played with it a bit before putting it back in the box it came with and pluggin the very old white westy back.

I have a BSD 5.3-STABLE box doing the NAT/LAN/PPPoE side of things with two nics one for the internet hooked up to the modem and the other for LAN hooked up to the hub.

I have 2 windows machines (dell laptop and desktop) and my custom AMD Linux box connecting to the net.

Can the versalink be made into a bridge like the old westell? I might put a wireless card on the laptop soon and that would free the wired port on the back of versalink. As i understand when port 1 is used it acts as uplink leaving only 3 ethernet ports open, is this right?

Or would it be easier to remove the second nic from BSD box and make the versalink do PPPoE only while the existing NAT/firewall would be left intact on the BSD box?
--
"Linux is like a wigwam: no windows, no gates, Apache inside." -Albert Arendsen

reply to bcastner
From notes elsewhere on this Forum by wyoon quoting SnoopBobb:

. access the router setup page at 192.168.1.1
. Configuration, Advanced WAN, WAN
. the first edit button, drop down protocol list
. Bridge, Set VC, OK, OK
. Configuration, Advanced LAN
. DHCP, DHCP Server, set of OFF, save settings

reply to VirtualLarry
How is the Versalink as a wireless AP? My current setup is in the basement, looking to connect a laptop and desktop on the 3 floor of a wood frame house. Have you upgrade the antenna on the Versalink?

reply to ChrisDAT
masmith,

I have not seen anything other than anecdotal comments of the wireless range of the Versalink. No comment I have seen yells and screams.

For a shot from the basement the third story of a frame house, I would likely replace the antenna and use a parabolic reflector. Then antenna uses an SMA connector.
Something like this should work: »www.rangeextender.com/5ruduan.html

Then do-it-yourself and build a small parabolic reflector. Should take about twenty minutes, and works terrificly: »www.freeantennas.com/projects/te···dex.html

reply to ChrisDAT

Congratulations!! We kicked some of this around the other day here: »Westell Versalink config question... Been waiting for someone who had 1 of these to see if it really could be optimized this way.

reply to ChrisDAT
I did something slightly different, and obtained your results as well:

On the Versalink:
. I disabled the DHCP server
. I placed the VC1 in Bridge Mode
. I enabled Tunneling to VLAN1
. I placed Eth1 in VLAN1
. I placed all other Ethx and WLAN in VLAN2
. I set the WLAN to the same SSID and WEP as my existing wireless router, different channel
. I connected Eth1 to Linksys router WAN
. I connected a second drop cable from Eth2 to the Linksys

On the Linksys:
. No changes

The Linksys controls PPoE authentication and line control, SPI firewall, and routing. The Linksys is a WRT54G and both its wireless and the wireless Versalink are active, as are the free Ethx on both boxes.

Best,
Bill Castner

reply to ChrisDAT
bcastner:
. I placed Eth1 in VLAN1
. I placed all other Ethx and WLAN in VLAN2

I tried this config as well because I was concerned about having broadcasts from the LAN finding their way to the BB router WAN_to_E1 (327W modem) link [w/all ports in the same VLAN] -- and that is the way to totally [physically+logically] isolate the modem and WAN link from your LAN.

The downside was that I couldn't access the Versalink config page from the LAN anymore.. Does your config do this? I could never access the Westell LAN IP via a port that was in any other VLAN other than 1. I also found that I could only access the modem with a PPPoE shim via ports in VLAN 1.

. I placed the VC1 in Bridge Mode
. I enabled Tunneling to VLAN1

I'm interested in the settings package you used above -- specifically which bridge "mode" did you use? there are three according to the dox [bridge, routed bridge, VLAN bridge], but I only see two [bridge, VLAN bridge] upon changing VC1 from PPPoE to bridge.

{Edit:add} What I was thinking is to put:
. Eth1 [E1] in VLAN 5
. place all other Ethx and WLAN in VLAN 1
. place the VC1 in Bridge Mode
. enable Tunneling to VLAN 5

This will allow the LAN to see the Westell config utility from the LAN, but would it still allow the BB router WAN to see the modem on Eth1 [E1]?

. No changes --- This is the wonder of it all and there's always more than one way to skin da kat!

reply to ChrisDAT
ChrisDAT,

I will write down all the settings I did later tonight.

But, no I cannot access the configuration page of the modem with my setup. But this is "usual" in Bridge Mode for my earlier Westell modems, and "usual" if using Wireless Access Points or a router configured as an AP. So the notion of making a direct connection to the modem for settings is nothing unusual for me.

For my WAP11s, there is a SNMP based setup you can use in the alternative, and it was a handy feature.

Bill

This is exactly what I'm looking for. I have the BEFW11S4 also. Except the wireless part doesn't seem to work well. Everytime I apply changes, the wireless doesn't work unless i reset the whole router. Anyway, can you put a step by step intruction on how you set up your configuration? I seem to be missing some parts you mentioned like the routed bridge, vlan brige. I don't know where to find those. I'm not familiar with the lingo. All I know so far, is to set up the connection as Manual, ADvanced Wan-WAn and make the ppoe to bridge, and make sure tunnelling is enabled. turn off dhcp, That's about it.

Did anyone try this? Setting the Versalink to have Single Static IP (sharing the Versalink's obtained IP with one other IP). This other IP would be your old router. What this does is not apply the Versalink NAT/Firewall to that traffic.

Turn off DHCP on the Versalink and ... you're gold? Your old router would have to be configured with a Static IP that the versalink would always know to use for the Single Static IP feature.

What does this whole thing buy you? Well, you get one LAN with one NAT/Firewall and you can talk everywhere. The reason it interests me is because my old router's PPPoE client sucks (resets the router when it drops) and I'd like to use the Versalink PPPoE client.

I'll let you know if this works.

It's not automatic so it's a pain. Stupid manual labor.

reply to ChrisDAT
I still can't get this configuration to work. Can you provide a step by step process and the order of how to do it? I even tried following bcastner's intstructions, but it didn't work. everytime i tried to save the settings, it wouldn't let me back in modem/router and i have to reset the modem.