Morals:
- Don’t run router/firewall devices in series
- Don’t let the AT&T Fiber installer fob you off with an Arris 5268ac or equivalent
- Do insist on getting a BGW-210. AT&T has them, but they’re more newer and more expensive and, for whatever reason, the installers tend net to offer them.
- If you can’t get a BGW-210 from AT&T, buy your own online. They’re pretty simple to install and configure. Plus, they’re much, much more configurable than the other Arris stuff — they even have extensive help documentation built in! — and are also much, much faster.
Some months ago I switched from Comcast’s cable-based data system to AT&T fiber. At least where I live (San Carlos, CA) it was a bit cheaper and much faster. It was wonderful getting downstream — and upstream! — data rates that were consistently above 900 megabit.
Only there was one problem. Those speeds tended not to last long, degrading, without warning to somewhere around 50 megabit. Which is below what I had been getting with Comcast.
For a while I could work around the problem by rebooting the AT&T-supplied modem/router. But the intervals at which I’d have to do that kept getting shorter and shorter and, besides, it wasn’t solving the problem, it was merely resetting things until the problem appeared again.
Actually, AT&T provides two different devices when you buy the fiber package: something that probably is the actual modem, in that it converts between the optical fiber and gigabit ethernet, and a device that I suspect is a fairly typical firewall/router with the capability of handling the output from the actual modem and splitting off VOIP for your phones. It was the router/firewall/whatever I kept rebooting, not the modem itself (which doesn’t appear to even have a reboot button).
It finally dawned on me that my problem might have been due to the fact that the AT&T router fed into a Cisco RV-325 router/firewall/VPN server. The Cisco device played an important rule during my Comcast era because the Comcast modem really was more of a modem, and didn’t contain a firewall. Putting two router/firewall devices in series like that is silly, and prone to causing problems. Even when I put the AT&T router/firewall/whatever device into something akin to “pass thru” mode (i.e., a mode which supposedly makes it act more like just a modem).
I didn’t want to abandon the Cisco device because I had finally figured out how to get its VPN capability to work with my iOS devices. That was both cool and useful, as it enabled me to fire up and remotely run my home computers when we were traveling. The AT&T hardware, an Arris 5268ac, doesn’t offer many configuration options — it appears to be intended to be used by customers with simple needs — and is pretty slow to boot.
I struggled to get the 5268ac working but finally gave up on the advice of some helpful fellow users on the AT&T Fiber Equipment forum.
I tried to get help from AT&T tech support, but it was generally pretty useless. Most of the techs denied there was any way to set up the VPN I wanted, and the one tech who said he thought it was possible arranged for me to get a BGW-210 replacement for the 5268ac…but the AT&T fulfillment department sent me a different Arris device instead and it was no better than the 5268ac.
So I bought my own BGW-210 from Amazon and installed it. The only two parts I was nervous about turned out not to be problems at all: connecting it to the modem was as simple as plugging in the special ONT cable that came out of the modem to the BGW-210, and interfacing my home phones to the VOIP outlet, even though it was designed as a “two line” outlet — the 5268ac has dual “single line” outlets — was just a matter of plugging in my “single line” plug into the “two line” outlet.
One minor PITA that may bite some people: none of the AT&T equipment I used allowed you to set up LANs in the 10.x.x.x space (there’s a reason for the limitation, which I’m not currently remembering, but you can research it online). That forced me to reconfigure my LAN into 192.168.1.x, causing some degree of hair-pulling, but it all worked out in the end.
BTW, if you are setting up a LAN that you want to VPN into, you should think about using something other than 192.168.0.x or 192.168.1.x. Those are very commonly used, and apparently problems can occur if you VPN out of a 192.168.0.x network into a 192.168.0.x network. That’s not a risk I face, but I thought I’d pass it along.
As for my adventures setting up a VPN…that’s another story.