Uverse 2-wire modem/router/Wireless Question

I just got uverse and they gave me the 2-wire 3800 hgv model. I have a vpn router and private network at my office so I turned on the dmz plus mode and directed it to my vpn router. That is working great.

The question: I would also like to have a public wifi access point for visitors to my office. If I turn on the wireless capabilities of the 2-wire router, will it be able to work in parallel with my vpn router. In other words, will it assign local addresses based on the 2-wire subdomain and not interfere with my private vpn network behind that router? As it is, the 2 wire modem has given my vpn router its external address. So I am a little vague on if that means the 2 wire router can no longer use that external address for its own routing.

Thanks!

Those AT&T modems can be a real treat to work with...

When I work with them, I pretty much always put them in full Bridge mode letting them act only as a modem; then I put the PPPoE settings in my router so it does everything. It seems like the DMZ Plus is doing some NAT/PAT to basically give your router the public IP.

If you were to get it to work as you describe, what you'd ultimately have is a double NAT - which often works fine but isn't ideal.

There are a couple ways to accomplish what you're after. 1st, does your current wireless support multiple concurrent SSID's? If so, you can generally set one to be in Client Isolation mode, meaning it can't talk to anything on your network - just the gateway and the internet. It might even support VLAN's which is even better.

If that isn't an option, another AP that supports Client Isolation is still feasible.

My personal preference is to use a smart enough router to be able to put this guest traffic on its own VLAN, turn on client isolation on the AP, and have the router have an interface just for this wifi (with VLANs it can be a virtual interface) so it can handle the routing correctly.

Yes, i would have liked to put it in bridge mode. . . if it existed. To my knowledge there are only 2 modems ATT allows to work with uverse and neither of them has a bridge mode. The 2wire one I have and a motorola model I used to have. I am quite pleased with the operation of my unit in its current configuration and can't complain one bit about 11mbit downloads 1.5 uploads for $30/mo. When I had regular DSL I had a Netopia router from ATT that did have bridge mode, but at that time I also had 5 static IP's so I was able to use one of the other static addresses for my public LAN.

I am not familiar with VLAN. I don't think my router (the one behind the ATT one) offers it. The router I have is matched to the one at home creating a vpn tunnel between the two LAN's. So I can't just switch out one without probably having to switch out the other.

I look at the settings on these devices and see if any of your thoughts exist on the settings page, but off the top of my head, I am thinking not as none of that stuff sounds familiar.

I just looked through my wireless access point menus and there does not appear to be any way to set a second ssid or isolate any traffic on it.

Is there a wireless access point that you might suggest?

I'll try and look that model up in the morning; I was actually pleasantly surprised with an ATT modem a couple weeks ago, with the VLAN support and bridge mode options.

As far as bridge mode, I've yet to find an ATT modem that didn't support the option; however they make it pretty obscure. I've done it on a couple dozen modems.

I'm using whatever Verizon gives you as a FIOS combo router/AP et al. I have it configured as above bridging one port to a separate firewall / access point. That said its functional and it has a very graphical interface which basically is useless to me. Kind of similiar in fact to the older Cisco SOHO firewall routers which where easier to configure using a CLI than to try to figure out the logic in the graphical interace.

I have gone from using the DD-WRT Access points in stand alone mode to the small Ubiqutio AP's and have one in place which has been doing fine for over a year now.

There's no reason why you can't use the built in wireless for public guest access. In FL I have three subnets configured with the FIOS combo switch/AP. In IL I have 3 firewalled networks which talk to each other from 3 separate internal network cards on a software firewall (smoothwall),

Never looked at the ability (if it exist) to do QOS/Bandwidth from one/two ports on the FIOS router but you could divide up the pipe and give 10% of the pipe to the public wireless if you have the ability to do so. A few years back shared my CC broadband giving my neighbors their own AP with about 256k worth of access; it worked for the basics for a time.

Here is a page that someone wrote summarize the residential gateway. http://www.ka9q.net/Uverse/nat.html It points out why it doesn't have a bridge mode and that is because it would prevent any traffic from being routed to the voice or video services. U-verse isn't the same as regular dsl because of those services.

I have a feeling I can turn on the wifi antenna built into the residential gateway and have it not mess with the dmz-plus mode of directing external traffic to my vpn router.

That makes sense - I've been luck enough to not deal with a single uVerse connection yet - all standard ATT DSL's yet lately they're trying to force even those into uVerse.

Try the built in wifi - if that works, you're home free... otherwise - I personally have never used a router/wifi combo - Routers are rarely located in the ideal location for an access point, so I've always used separate units. If you just want to add a new AP for guests, then something like a $50 netgear AP will work just fine (I even have one in the classifieds).

Personally I, like Pete above, use Ubiquiti products. If there are any other issues you'd like to solve at the same time, like increased coverage, bandwidth limiting for kids, etc, then that could be a good time to upgrade wireless as a whole. They have a lot of solutions depending on what you're trying to do.

Not really ever looked in a granular level at the FIOS router but the physicall connections are as follows:

Fiber = = > Coax ==> FIOS router (box is in a media cabinet with AP off and antenna removed)

================> TV's via coax (with DHCP addressing) - main subnet
================> wireless AP connected (NAT'd) to - main subnet
================> ethernet out via a few ports that can be on the main subnet and/or run in bridged mode (I have two 2 autonomously bridged networks)

With a POE connected AP like the Ubiquito you can run one network cable to some ideal for wireless RF footprint spot.

I have mine in the attic with a connection to the basement MM "wall" two floor down. I did the same in FL with the AP/Antenna wired above the MM closet in the attic via POE.

I went ahead and turned the 2 wire gateways wifi on. It appears that it keeps them separate. I gave the gateway the same subnet as my private lan and there are no conflicts showing. I also can not communicate between the gateway's connected devices and my private lan's devices. So I guess this is easier than I thought. I probably shouldn't have said that.