How to configure the AT&T (Arris) BGW-210 router for IP Passthrough using static IP(s) and pointing to UniFi Dream Machine Pro

bridgepassthroughunifi

We are setting up AT&T fiber internet with 5 usable static IPs and the Ubiquity UniFi Dream Machine Pro (UDM-Pro). I would like to configure the BGW-210 to act as a bridge to the UDM-Pro.

I found this article on how to configure the BGW-210 in IP Passthrough mode (similar to bridge), but some of the details are a bit unclear and I need to adjust this setup process to use one or more of my static IP addresses on the UDM-Pro.

In one paragraph, the article said DHCP is not needed for Passthrough mode:

The DHCP Server option can be turned off if you're doing IP
Passthrough, but you must leave it on if you are doing Default
Server…

But later on it said that you are still using DHCP:

It is worth mentioning that this is still a DHCP address that your
internal device is getting…

Which leaves some confusion on whether or not DHCP server should be configured or disabled.

Here are the things I'm fairly certain of:

  1. Set the "Public LAN Subnet" different than the UDM-Pro LAN subnet.
  2. Setup the IP addresses provided by AT&T under the "Public Subnet" section. I did this and we can connect to the Internet.
  3. I need to enable "Allocation Mode" to Passthrough.
  4. I need to set the "Passthrough Mode" to DHCPS-fixed.
  5. I need to enter the MAC address of the UDM-Pro in "Passthrough Fixed Mac Address".
  6. I need to setup the UDM-Pro to get its WAN address from a DHCP server.

What I'm unclear about is:

  1. Under "Public Subnet" section, do I leave "Public Subnet Mode" On and "Allow Inbound Traffic" Off?
  2. Do I leave "DHCP Server Enable" On and what IP address ranges should be there? The author of the post seems to mix the Default Server instructions with the Passthrough instructions.
  3. After putting the BGW-210 in Passthrough mode, do I still need to turn off packet filtering and firewall features or does Passthrough mode bypass these automatically?

Again, the goal is to "bridge" the AT&T router and have the UDM-Pro manage all routing and security.

Thank you.

Best Answer

I never used AT&T but in general the ISP is the one that should setup the router to be in pass through or not. Some ISP do reset automatically their gear to the correct setup when it boot, as such I strongly suggest to ask AT&T for that part to be sure you dont wake up someday and your AT&T gear is back in routing mode.

After the passthrough is enabled you can easily put a router or firewall that allow you to use all those public IPs underneath it or you could use a switch under the ISP gear to use any routers you have to use those IP.

I tell that as not all firewall will allow you to set 5 IP on the same interface. Some firewall will need the 5 cable in to be able to set one per interface, or you might be able to only set inbound NAT rules for secondary IP you have (4) and set one primary.

Related Topic