Side Ads

Sunday, July 19, 2015

Filled Under:

Motorola IP Passthrough for U-verse Business

This article explains IP Passthrough setting options for Motorola devices that are commonly used in U-verse Business (Ubiz/U-biz) installations.

Determining the Business Needs

Business customers sometimes state that they need DSL/Broadband CPE that can be configured or placed into a bridged mode where they are putting other CPE behind the DSL/Broadband CPE. Many times these customers are better served with a configuration known as IP Passthrough.

The information below explains the difference between IP Passthrough vs. bridged mode and provides instructions on how to configure the Motorola NVG510 gateway and Motorola 2210/2310 modems for IP Passthrough.

IP Passthrough is not necessary if a customer has static IPs.

Bridge Mode

Bridge mode means the DSL/Broadband modem/gateway device only terminates a DSL connection. In a bridged mode, the modem/gateway device does not authenticate, does not manage, has no ability to perform any firewall protection, and does not allow for remote access into the modem/gateway device. The subsequent device connected to the DSL/Broadband CPE has to perform all these tasks, if needed.
Bridged mode is not possible on the AT&T U-verse platform. The reasons for that are:
  • Bridged mode is not compatible with AT&T U-verse services, because AT&T requires all U-verse CPE to have 802.1x proprietary authentication.
  • AT&T DSL Help Desk has no way to remotely access the modem/gateway device in order to do diagnostics testing.
  • A bridged mode configuration does not allow a way for the device to receive any future firmware updates from AT&T as remote access is disabled with a bridged mode setting.
  • PPPoE is not applicable on the U-verse platform.
IP Passthrough Configurations
  • Since all the devices on private IP addresses (Like 192.168.1.X) behind the Gateway and the Device configured for IP Passthrough use the same public WAN IP address, new sessions that conflict with existing sessions are rejected by the Gateway.
    Example: A customer is using an IPSec tunnel from a PC on a private IP address and a second person sets up a VPN connection from the PC configured for IP Passthrough with both PCs going to the same remote endpoint, such as the VPN access concentrator at a remote office. In this case, the first one to start the IPSec traffic is allowed to connect; but the second PC, since both appear to be coming from the same public WAN IP, is indistinguishable and fails.
  • When a device is configured to receive the AT&T provided RG's public IP address, it is typically not able to communicate properly with other devices on the LAN, because they are effectively on a separate subnet.
  • If there is more than one device connected directly (either wireless or hardwire) to the Motorola RG and there is a loss of power to some or all of the devices, the RG may assign the IP that is being used for IP Passthrough (DHCPS-dynamic only) or Default Server to a different device than the one which was initially selected. One workaround is to have the customer statically configure the IP address of the preferred device with a private IP address that is outside of the DHCP pool (ex: 192.168.1.5) that the RG uses for its LAN. However, this is not supported by AT&T U-verse. The other option is to use one of the other available passthrough modes.

IP Passthroughs on NVG510 and Later RGs

Default Server

Default Server mode allows the AT&T provided RG to forward all externally initiated IP traffic (TCP and UDP protocols only) to a specified device (default host) on the LAN. This may be ideal if you cannot anticipate what port number or packet protocol an in-bound application might use. For example, some network applications do not always use the same port numbers when a connection is opened which prevents specific pin holes from being applicable. 

A customer may also want to allow all incoming connections, that are not started by a computer on the customer's network (AKA unsolicited traffic), sent to a specified device (default host) on the LAN. This will not assign the public (WAN) IP address of the RG to the device designated as the Default Host; it will forward all traffic to it.

IP Passthrough

IP Passthrough (Passthrough Mode) means the AT&T provided RG obtains sync and service on the U-verse network and shares its DHCP assigned public WAN IP address with a single device on the LAN. This configuration is often suitable for a business customer desiring to connect third party equipment to the AT&T provided RG. The IP Passthrough configuration only allows one connection to the AT&T provided RG to be assigned the public DHCP WAN IP address.
There are three ways that the Motorola RG can be configured to pass the DHCP WAN IP address to a device on the LAN.
  1. DHCPS-dynamic: The public WAN IP address is handed out by the AT&T provided RG's DHCP server to the first device that requests a DHCP address on the LAN.
  2. DHCPS-fixed: The public WAN IP address is handed out by the device's DHCP server to the device whose MAC address has been specified.
  3. Manual: A LAN device must be manually configured with the AT&T provided device's assigned WAN IP address and gateway information. Configuration of the LAN device is out of scope for Ubiz care so we can only provide the customer with the information they need, which is the WAN IP, Default Gateway IP, and Subnet mask.
Configuring Default Server Allocation Mode
  1. Open a browser on a computer that is directly connected to the RG.
  2. In the address bar, enter http://192.168.1.254
  3. Select the Firewall tab in the RG GUI page.
  4. Click IP Passthrough below the Firewall tab.
  5. Enter the Device Access Code if prompted.
  6. Select the Default Server option from the Allocation Mode drop-down menu.
  7. Enter the IP address of the Device to be set as the default server in the Default Server Internal Address field.
  8. Click Save. A re-starting Gateway reminder message appears.
  9. Click Restart Now to complete the setting change.
Configuring Passthrough Allocation Mode
The IP Passthrough feature allows a single PC on the LAN to have the Router's public address assigned to it. It also provides Port Address Translation (PAT)/Network Address Port Translation (NAPT) via the same public IP address for all other hosts on the private LAN subnet. Here are the steps for configuring the Gateway in IP Passthrough.
Make a copy of all current IP setting before proceeding.
DHCPS-dynamic
  1. Open a browser on a computer that is directly connected to the RG.
  2. In the address bar, enter http://192.168.1.254
  3. Select the Firewall tab in the RG GUI page.
  4. Click IP Passthrough below the Firewall tab.
  5. Enter the Device Access Code if prompted.
  6. Select the Passthrough option from the Allocation Mode drop-down menu.
  7. Select DHCPS-dynamic from the Passthrough Mode drop-down.
  8. Click Save. A re-starting Gateway reminder message appears.
  9. Click Restart Now to complete the setting change.
  10. Refresh the network connection on the device that is to be set up to receive the public IP address. Typically this can be done with a power cycle of the device.
DHCPS-fixed
  1. Open a browser on a computer that is directly connected to the RG
  2. In the address bar, enter http://192.168.1.254
  3. Select the Firewall tab in the RG GUI page.
  4. Click IP Passthrough below the Firewall tab.
  5. Enter the Device Access Code if prompted.
  6. Select the Passthrough option from the Allocation Mode drop-down menu.
  7. Select DHCPS-fixed from the Passthrough Mode drop-down.
  8. Enter the MAC address of the device that is to be set up to receive the public IP address in the Passthrough Fixed MAC Address field.
  9. Click Save. A re-starting Gateway reminder message appears.
  10. Click Restart Now to complete the setting change.
  11. Refresh the network connection on the device that is to be set up to receive the public IP address. Typically this can be done with a power cycle of the device.
Manual
  1. Open a browser on a computer that is directly connected to the RG.
  2. In the address bar, enter http://192.168.1.254
  3. Select the Firewall tab in the RG GUI page.
  4. Click IP Passthrough below the Firewall tab.
  5. Enter the Device Access Code if prompted.
  6. Select Passthrough option from the Allocation Mode drop-down menu.
  7. Select manual from the Passthrough Mode drop-down.
  8. Click Save. A re-starting Gateway reminder message appears. 
  9. Click Restart Now to complete the setting change.
The customer needs to configure their device with the following information, which Care agents can find in the results of the WANIPConnection test within the CPE real Time Tool in LSBBT.
Once the customer has been provided with this information, Care has reached the end of what we will be able to provide regarding manual passthrough mode.
  • WAN IP Address
  • Default Gateway
  • Subnet Mask
Configuring Motorola 2210/2310 Modem in IP Passthrough
  1. Open a browser on a computer that is directly connected to the RG.
  2. In the address bar, enter http://192.168.1.254
  3. Select the Firewall tab in the RG GUI page.
  4. Enter the Device Access Code, if prompted.
  5. Click Connection Configuration.
  6. Select Yesuse public IP address.
  7. Click Save.
On the Motorola 2210 and 2310 Modems the only IP Passthrough option follows the DHCPS-dynamic model. 
Since there is only one LAN port on these modems this should not be an issue.

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)