You can use your router behind the UV router/gateway, but as for the details, the experts will have to answer the how-to.

Yeah, I know I can use it as I would a regular router or switch internally, but I'm mostly worried about my vpn functionallity.  Thanks for the response. 

I figured you knew that, didn't mean to sound otherwise.  

 

Welcome to Utalk! 

http://utalk.att.com/utalk/search?submitted=true&q=vpn

---

Lan_61 wrote:

Before I have to trust the word of an AT&T salesman, I thought I'd ask you fine people if I can still get UVerse TV and internet and still keep my VPN router as the main external gateway/firewall.  I really want to be able to give UVerse a try, but me having my VPN router availible comes first.  And if it can't be setup the way I need it to be, then I'll have to cancell my order.  Any light you all could shed on this subject would be appreciated.  Thanks!

---

Well, your VPN router CANNOT be the main external gateway/firewall; the 2Wire "residential gateway" (RG) has to be the gateway device.

 

Having said that, you still might be able to achieve what you want:

 

• Connect the WAN port of your VPN router to one of the LAN ports on the RG
• In the RG's configuration, set the port connected to your VPN router to be in "DMZPlus" mode

 

The caveat to this is that the TV set-top boxes MUST have a direct connection to the RG; they cannot end up behind your VPN router.  Other than that, it SHOULD work...but of course, you won't be able to be sure until you try it.

---

Lan_61 wrote:

...

Before I have to trust the word of an AT&T salesman, I thought I'd ask you fine people if I can still get UVerse TV and internet and still keep my VPN router as the main external gateway/firewall.  I really want to be able to give UVerse a try, but me having my VPN router availible comes first.  And if it can't be setup the way I need it to be, then I'll have to cancell my order.  Any light you all could shed on this subject would be appreciated.  Thanks!

---

Yes you can do this...this is exactly the way I have my network set up.  When the installers came, I asked them to let me configure things the way I needed to.  I already had it set up this way because I want any wireless "outside" my actual network...that way if anyone ever hacked my wireless, all they would have is internet/bandwidth, but would have to hack back in through my VPN/Firewall appliance to get access to my network...then, even I have to VPN back into my network to gain access if I use wireless.  This way I can also grant any guests wireless access and they are not inside my network.  Here are the basics of my setup:

- The RG (AT&T 2Wire Wireless Gateway/Router) must be at the head of the network

- All STB's should be directly off the RG switch

- The WAN port of the VPN/Firewall appliance should be connected to the RG

- The VPN/Firewall appliance should be configured to use the RG as its gateway

  (for example: inside network has 10.10.10.x/24x subnet ... RG has 10.10.11.x/24x subnet ...outside interface of VPN appliance

   is on the RG subnet using the RG IP as the gateway & DNS)

- RG needs to have the "Firewall Setting"/Rule/Forwarding setup to pass the proper protocols through to the VPN/Firewall Appliance

 

Took me less than 15 minutes to get this done (I was not familiar with the 2Wire interface, so it took a few minutes to familarize myself with it.)  But, everything is working fine.

If you have highly "customized" network, and don't want to reconfigure everything, I suggest using your own router behind the RG.

This is what I did to use an "internal" router. I set my "internal" router to use DHCP for the WAN address, plugged it's WAN port in to the RG, let the RG assign a local address to the "internal" router and then set that address to the DMZ in the RG. When I go to the "internal" router it shows as having the same WAN, gateway, and DNS addresses that the RG uses.

I set the "internal" router to assign addresses to "my" side of the network in a different IP range than what the RG uses (192.168.2.* instead of 192.168.1.*) but using the same subnet mask (255.255.255.0). My internet works fine with no interuptions and local network tasks (back ups, streaming, etc.) work as expected. I can also still access the RG from "my" side of the network when I need to without having to change any network settings or swap any cables. Leave DHCP running on the RG. You do not need to disable the firewall in the RG as the DMZ will open a pinhole through it to the address you pick (your internal router). If you have existing wireless on your router that your satisfied with and want to keep, just make sure to turn off the wireless in the RG.

As for the STBs they should be run straight out of the RG with CAT5 or RG6 Coax.

If you currently have your router behind a basic DSL or Cable modem, Your setup will be pretty much the same. The RG will replace your modem, then go into your existing router and change it's internet connection type to Dynamic or DHCP. Then change it's internal network IP adress and DHCP Pool and you should be good to go.

Thanks for the replies everyone.  I assume that the U-Verse RG has all applicable firewall settings and Port Forwarding availible?  It sounds like it can be done.  *grumbles* I still don't like being forced to use their hardware though...

 

My internal subnet is already changed, 192.168.6.x/24.  So my internal running off a DMZ'd WAN shouldn't be a problem as long as the VPN works.

 

As for the recievers for the TV, can I have a small switch in between the Reciever and RG without causing any issues?  Just a small 4 port unmanaged, nothing big.  I already have one in place for the better bandwith on my PS3 and Wii.

 

Thanks!

---

Lan_61 wrote:

I still don't like being forced to use their hardware though...

---

You sort of have to though to get service.  Unless your current network has a VDSL modem in there compatible with AT&T's service and knows how to authenticate...

---

Lan_61 wrote:

Thanks for the replies everyone.  I assume that the U-Verse RG has all applicable firewall settings and Port Forwarding availible?

---

 Yep.

---

As for the recievers for the TV, can I have a small switch in between the Reciever and RG without causing any issues?  Just a small 4 port unmanaged, nothing big.  I already have one in place for the better bandwith on my PS3 and Wii.

 

Thanks!

---

Yep, that's not a problem.

---

Lan_61 wrote:

...

As for the recievers for the TV, can I have a small switch in between the Reciever and RG without causing any issues?  Just a small 4 port unmanaged, nothing big.  I already have one in place for the better bandwith on my PS3 and Wii.

 

Thanks!

---

Yes...I have a small switch at each of three STB locations for my STB and other gaming, HD DVD/Blu-ray, etc... devices.  All these devices though/then are outside your network (you can get to them FROM inside, but you cannot get back inside from the device ... unless of course they have a VPN client to get through your appliance.)

See, I told you the experts would fix you up.  Good luck with your install!

---

Lan_61 wrote:

Thanks for the replies everyone.  I assume that the U-Verse RG has all applicable firewall settings and Port Forwarding availible?  It sounds like it can be done.  *grumbles* I still don't like being forced to use their hardware though...

 

My internal subnet is already changed, 192.168.6.x/24.  So my internal running off a DMZ'd WAN shouldn't be a problem as long as the VPN works.

 

As for the recievers for the TV, can I have a small switch in between the Reciever and RG without causing any issues?  Just a small 4 port unmanaged, nothing big.  I already have one in place for the better bandwith on my PS3 and Wii.

 

Thanks!

---

From what I've read on here, don't use anything less than a gigabit switch.

---

Computer-Joe wrote:

---

Lan_61 wrote:

Thanks for the replies everyone.  I assume that the U-Verse RG has all applicable firewall settings and Port Forwarding availible?  It sounds like it can be done.  *grumbles* I still don't like being forced to use their hardware though...

 

My internal subnet is already changed, 192.168.6.x/24.  So my internal running off a DMZ'd WAN shouldn't be a problem as long as the VPN works.

 

As for the recievers for the TV, can I have a small switch in between the Reciever and RG without causing any issues?  Just a small 4 port unmanaged, nothing big.  I already have one in place for the better bandwith on my PS3 and Wii.

 

Thanks!

---

From what I've read on here, don't use anything less than a gigabit switch.

---

Nonsense.  I don't even think the set-top boxes have gigabit ports.  In any case, I have three of my receivers on satellite Fast Ethernet switches (which are then connected to my core FE switch) and haven't had an issue.

I am having a devil of a time with a similar issue.  I am trying to itegrate the RG into my existing Nplus net, which I have a networked storage drive hooked up to.  I first started out by changing the RG's IP address range so that I didn't have an IP conflict.  Hooked up my Linksys router to Ethernet port 1  from the incoming port on router got the IP Address assigned then set it to DMZPlus mode.  When I finally got the wireless network to function, I lost TV signal.  my STB is connected to the gateway at Port 4.  STB is trying to read box as a computer, assigned it an IP address etc, but I get nothing more than the blue Uverse screen. 

 

Tech support was no use, told me a technician might be availible to check this out sometime in December.  Any ideas that I might try.  I have hard booted every device in network at least once.

---

badinplaid wrote:

I am having a devil of a time with a similar issue.  I am trying to itegrate the RG into my existing Nplus net, which I have a networked storage drive hooked up to.  I first started out by changing the RG's IP address range so that I didn't have an IP conflict.  Hooked up my Linksys router to Ethernet port 1  from the incoming port on router got the IP Address assigned then set it to DMZPlus mode.  When I finally got the wireless network to function, I lost TV signal.  my STB is connected to the gateway at Port 4.  STB is trying to read box as a computer, assigned it an IP address etc, but I get nothing more than the blue Uverse screen. 

 

Tech support was no use, told me a technician might be availible to check this out sometime in December.  Any ideas that I might try.  I have hard booted every device in network at least once.

---

scroll up and read my previous post

doing as you suggested, I cannot access my linksys WRVS4400n router.  Any further advice?  Thanks.

 

Greetings compucoach1z!  Welcome to the U-talk forums!

 

You have exactly the same piece of equipment that I have, and I'm having nothing but success using it.  It is a wonderful router with a top-notch business class firewall, and as such it has a great Intrusion Prevention System...

 

Here are the steps I had to pursue:

1.) What I had to do is hook up the RG (3800HGV-B) first, get that working and happy. 

2.) With your computer plugged-in to the Linksys, set your Linksys to receive it's DHCP assignment from upstream (WAN page, "Automatic Configuration - DHCP". Set HOSTNAME to something recognizable), Save Settings.

3.) Now, plug in the Linksys WRVS4400N into one of the four 2Wire 3800HGV-B ethernet ports.  

4.) With your computer plugged into the RG, log into the RG's Browser Interface and go to the Firewall section.

5.) Select the device-id corresponding to your router from the drop-down list on Step #1 onscreen (you may recognize the HOSTNAME selected in step 2 above), then scroll down to the very bottom and select "Set to DMZ Zone".  Click OK/Done.

6.) Your 2Wire RG (3800HGV-B) now knows to treat your Linksys as a DMZ client by giving it direct access to your Public IP Address and the Internet, bypassing the 2Wire Firewall.

7.) Plug back into to your Linksys WRVS4400N and confirm that it's IP Address in the Setup Summary screen corresponds to your Public IP Address. 

8.) If not, click on DHCP Release button and then DHCP Renew until it appears correct.

9.) Once you get the correct Public IP address to appear in the Setup > Summary screen, then you can begin hooking-up the permanent connections for your computer network into the back of the Linksys.

 

You're done!  

I hope this works for you.  Good luck!

 

 

Hello.  Bumping this because I just got U-Verse and am in a similar situation.

 

I'd like to keep using my router for all its features.  My special need is that I need outside web access to one of my machines which controls home automation and surveillance devices. From what I gather from the posts here, this should do the trick:

 

1) Connect my router's WAN port to the 2Wire box.

2) Put the router in the 2Wire's DMZ.

3) Change the IP range of the router.

4) Make the router use the 2Wire as its gateway.

5) Plug all STBs into the 2Wire.

 

Two questions:

1) If I did this, do I need to setup port forwarding on the 2Wire to forward all requests, like access to the home automation box, to the router, or will just being in the DMZ be enough?

2) The router will be handling all IP assignments, right?  So I would still need to turn on DHCP on the router?  Do I need to turn it off on the 2Wire?

 

Thanks a lot for any advice.

Greetings ShutheMoody!

 

To answer your questions:

1.) DMZ is all you need, as long as the actual personal router handles the actual port calls itself.  Port forwarding is only used for forwarding ports to different machines/devices at different IP addresses.

2.) Yes, the 2Wire will be handling your IP assignment for the personal router, but you can elect to set the personal router to hand-out addresses as well.   That's what I'm doing, and it works just fine.

I am confused by some of the comments in this thread. Some say you must have all of your set top boxes wired directly to the residential gateway, but others say there can be a switch between the residential gateway and the set top box. I am very concerned if one port on the RG is for the network and all STB must be direct, leaves only three ports for TV's. It sounds like the STB's must be stationery and cannot move to another location in the home if another person wants to watch TV from another room. Are three locations all you can have wired to the RG? If so, this is a huge limitation as I just wire my house with structured wiring so that TV could be watched in any room at any time.  Please help me understand my error in thought.

methods

 

 

 

 

 

 

 

---

bevo wrote:
I am confused by some of the comments in this thread. Some say you must have all of your set top boxes wired directly to the residential gateway, but others say there can be a switch between the residential gateway and the set top box. I am very concerned if one port on the RG is for the network and all STB must be direct, leaves only three ports for TV's. It sounds like the STB's must be stationery and cannot move to another location in the home if another person wants to watch TV from another room. Are three locations all you can have wired to the RG? If so, this is a huge limitation as I just wire my house with structured wiring so that TV could be watched in any room at any time.  Please help me understand my error in thought.

---

 

STBs must be on the same logical network (i.e. IP subnet) as the RG.  Thus, a switch can be in between the STBs and the RG, but not a router.

 

This setup would indeed allow you to move an STB from room to room, provided all rooms were wired to a switch that was then wired to the RG.

 

I have several switches in my home network (diagram here).

 

Thanks for the info SomeJoe7777. Thought there had to be a way since you can get 8 STB's. Reading this and seeing your diagrams have lowered my stress level considerably. Thanks for all your help.

---

bevo wrote:
Thanks for the info SomeJoe7777. Thought there had to be a way since you can get 8 STB's. Reading this and seeing your diagrams have lowered my stress level considerably. Thanks for all your help.

---

 

By the way, I forgot to mention, the switches you select need to support 802.1p, which is a QOS mechanism that the STBs rely on.  Almost all Gigabit switches support this, and some 100Mbps switches do as well.  If your switch does not support this, there can be problems with picture freezes.

 

The Netgear GS-105 and GS-108 switches support 802.1p and are known to work very well in the U-Verse environment.

 

Two questions:

 

Considering buying just Internet through U-Verse, but I'm very concerned I'll be stuck with their crummy "Residential Gateway" as a router in my network, which I don't want--to the point that I'll continue paying twice as much for Comcast so I can avoid that fate.

 

So, with this in mind:

 

1) Is there a "pass-through" mode for the gateway? In other words, if I have to connect their hand-off to it, can the device be configured to act only as a level-2 device? Can I use the RG as a modem-only and assign my IP to my existing Cisco ASA?

2) Failing this option, does the fact that I'm not using TV at all impact my requirement to use the RG as a router? I'm sure their TV content requires this--why wouldn't it?--but if I'm not using that, has anybody had any success plugging AT&T's hand-off directly into their ASA? What is the handoff? Ethernet? Fiber? Phone?

 

AT&T's call-center has not been very helpful... For some reason the concept of "pre-sales technical support" is totally foreign to them.

 

Ideas?

 

---

tommindy wrote:

 

1) Is there a "pass-through" mode for the gateway? In other words, if I have to connect their hand-off to it, can the device be configured to act only as a level-2 device? Can I use the RG as a modem-only and assign my IP to my existing Cisco ASA?

2) Failing this option, does the fact that I'm not using TV at all impact my requirement to use the RG as a router? I'm sure their TV content requires this--why wouldn't it?--but if I'm not using that, has anybody had any success plugging AT&T's hand-off directly into their ASA? What is the handoff? Ethernet? Fiber? Phone?

---

 

1) Yes.  The RG has a "DMZ Plus" mode.  It will issue the outside IP address to your device via DHCP.  Your device must be able to use DHCP (at least initially) to set up this configuration.  Note that even though this IP addressing scheme implies that the RG becomes a layer 2 device, it does not technically do that.  It secretly still routes traffic at layer 3 even in this mode, although your device won't really notice.

 

2) The RG is required for U-Verse in all cases.  It is the only device AT&T has that has the VDSL modem inside it.  The RG's input from AT&T's network can be category 3 phone wire, category 5 carrying VDSL on one pair, Category 5 Ethernet (used with FTTP/ONT installations), or coax carrying VDSL.  The RG's handoff to your device is 100Base-TX Ethernet.

 

 

Though I have hooked a Cisco 2811 behind the RG in the DMZ Plus configuration (and run IPSec tunnels and so forth), be aware that the RG is a consumer device, not an enterprise device.  Expect small idiosyncracies.  I ran into an MTU issue that needed special configuration on the Cisco to avoid IP fragmentation, for example.

 

---

SomeJoe7777 wrote:  

1) Yes.  The RG has a "DMZ Plus" mode.  It will issue the outside IP address to your device via DHCP.  Your device must be able to use DHCP (at least initially) to set up this configuration.  Note that even though this IP addressing scheme implies that the RG becomes a layer 2 device, it does not technically do that.  It secretly still routes traffic at layer 3 even in this mode, although your device won't really notice.

 

.....

 

Though I have hooked a Cisco 2811 behind the RG in the DMZ Plus configuration (and run IPSec tunnels and so forth), be aware that the RG is a consumer device, not an enterprise device.  Expect small idiosyncracies.  I ran into an MTU issue that needed special configuration on the Cisco to avoid IP fragmentation, for example.

 

---

 

...But the MTU stuff is one thing I do worry about--I've had this problem with an ASA and a cable-modem before, though, so I guess sometimes you can't win 'em all. Interestingly enough, the problematic Cable-Modem also came with a "modem-router" that didn't "really" become an Layer 2 pass-through device...

 

Interesting. I suppose, if they really will give you a refund when/if it doesn't work, I guess there is no harm in trying

I just got uverse today...

and set it up exactally like you guys did (w/o the VPN stuff)

although it works...

you will find that  your speed will drop by a factor of 50%.

I did the following speed tests...

1) - PC connected directly to the RG - >10meg D/l  - 1.4 meg u/l

2) - Pc connected to Intenel Router /firewall THEN to RG 5.7m D/l 1.4m u/l

I had to disable the firewall in the Linksys router just ot get 7m D/l

 

Im still working on the getting around this