How To Configure Static IP in 2Wire 2701

Your customer has a Public Static IP he wants to configure in an ATT 2Wire 2701HG-B Gateway. This is How it is done!

When you want to use multiple broadband IP addresses with your 2Wire gateway, you need to configure the gateway to use these IP addresses with local network devices. There are prerequisites to using multiple broadband addresses:

The associated service providing the multiple IP addresses has been ordered and installed.

The IP address and networking information has been identified for the subscribed service.

Your 2Wire gateway is running software version 3.5.5 or higher.

The network devices are already configured for TCP/IP networking and are connected to the Gateways LAN via one of the available interfaces (Ethernet, USB, HPNA, or 802.11b/g Wireless).

The configuration process is divided into four logical steps.

Set up and configure the HomePortal for broadband access using the first IP address

Enable the HomePortal bridge network function and configure it with the appropriate subnet mask

Assign the broadband IP address(es) to the intended network devices

(Optional) Configure firewall rules to direct unsolicited traffic to the associated network devices

Step 1: Configuring the HomePortal with the first IP address

You need to have at least one computer connected to the HomePortal and is able to access the main GUI (http://gateway.2wire.net) You can do this by either running the HomePortal Setup Wizard software (included with your HomePortal) and following the on-screen instructions, or manually configuring the network adapter for DHCP and obtaining an IP address from the HomePortal.

Determine the type of broadband network access assigned by your ISP. Your choices are PPPoE/PPPoA or RFC 2684 (Direct IP). If your 2Wire gateway has already been configured with this information, go to Step 2.

PPPoE/PPPoA Users Only: – If you are running the Setup Wizard software, go to Step 2.

PPPoE/PPPoA Users

Go to http://gateway.2wire.net/setup and use the PPPoE/PPPoA activation key code for your provider to establish broadband connectivity with one IP address. Verify Internet connectivity by accessing public Websites.

RFC 2684 Users

Go to http://gateway.2wire.net/setup and use the static IP activation key code to establish broadband connectivity. Use the IP address and subnet mask as provided by your ISP. Verify Internet connectivity by accessing public Websites.

Step 2a: Enabling Bridge Network Mode or Public Proxied Subnet

For 2Wire gateways runnning 3.x or 4.x firmware

Go to the Management and Diagnostic Console (MDC) (http://homeportal/management). Under the Local Network – Configure link, select the Bridge Network option (Figure 1) and enter the subnet mask provided to you by your ISP. Click “Submit” to save your results.

 

For 2Wire Gateways running 5.x firmware

Go to the 2Wire Gateway UI (http://gateway.2wire.net). Click the Local network icon then click “advanced settings.” Select the Public Proxied Subnet option and enter your subnet mask.

 

Step 2b: Enabling Public Network or Public Routed Subinterface

Typically there are 2 sets of IP address are used; one used between the router and network and the second used with end devices. If you are provided with two sets of IP address, you need to configure your 2Wire gateway with the first set. If you are running 3.x or 4.x series software, use the Public Network option. For example, if you were provided with a WAN gateway address of 66.124.231.65, a WAN IP address for your router of 66.124.231.66, and told that your LAN devices were to use addresses in the range 207.214.87.137 through 207.214.87.141.

 

For 2wire gateways running 5.x firmware

Go to the 2Wire Gateways UI (http://gateway.2wire.net). Click the Local network icon then click “advanced settings.” Enable Public Routed Subinterface and enter your subnet mask and router address.

 

If you are provided with IP addresses but no subnet mask, you can look up the associated subnet mask in the following table. Because this information have been identified in different ways; therefore, it is presented here in different ways.

Total Address Used by the Subnet

CIDR

Number of Useable Addresses

Address Required for 2wire Gateway

Addresses Available for LAN Devices

Subnet Mask to Use

8

/29

6

1

5

255.255.255.248

16

/28

14

1

13

255.255.255.240

32

/27

30

1

29

255.255.255.224

64

/26

62

1

61

255.255.255.192

128

/25

126

1

125

255.255.255.128

256

/24

254

1

253

255.255.255.0

 

Step 3: Allocating Public IP Addresses to the LAN Clients

Turn on the power on all network devices that you want to configure with a broadband IP address and connect them to HomePortal.

When the HomePortal is configured to use multiple broadband IP addresses, you can configure network devices for one of three modes. Access the Address Allocation page of the MDC to select the desired option (Figure 2) for each LAN device.

Note: On the OfficePortal, you can also set this information using the standard Web pages in addition to those under the MDC.

      1.  DHCP Private Network – The network client is given a private IP address on the private network (default is the 172.16.0.0). This is the normal mode   of operation for all LAN devices by default (with or without the use of multiple broadband addresses.)

2.       DHCP Public Network– The network client is given one of the currently available broadband IP address. The address may change as the IP address lease is renewed, but always comes from the pool of available Broadband IP addresses.

3.       DHCP Fixed Public Network – The network client is permanently assigned one of the broadband IP address. The address will not change until the HomePortal is reconfigured via the Address Allocation page. This is the most common configuration for publicly accessible network devices.

In all of the above cases, the network device should be configured to enable their DHCP client. From this point on, the IP addresses for these LAN devices are managed by the HomePortal.

In addition, a LAN device can be configured with a static IP address hard coded in the TCP/IP settings for that device. The IP address can be from either the DHCP Private Network addresses or from the DHCP Bridged Network addresses.

When a DHCP Private Network address is statically assigned to a LAN device, the proper range must be used. The default range is 172.16.0.0, so the network device may statically use 172.16.1.1 through 172.16.1.32, inclusive. Devices assigned with these addresses act as if they were assigned an IP address in mode 1 above.

When a DHCP Bridged Network address is statically assigned to a LAN device, the device assigned with this address acts as if they were assigned an IP address in mode 3 above. Use the IP address information as provided by the ISP.  The HomePortal automatically detects the usage of a broadband IP address on the LAN network and correctly routes the return traffic to the appropriate LAN device. When HomePortal detects a broadband IP address as being statically coded on the PC, the Address Allocation page will no longer displays its entry.

Note: The ability to use DHCP in assign WAN addresses to LAN devices is different from the operation of other routers. These other routers usually require that the address be hard coded on the LAN device.

 

Step 4: Configure Firewall Rules

LAN devices using addresses from the bridge network are still protected by the HomePortal firewall. To allow unsolicited inbound traffic to any of these LAN devices, you need to modify the firewall settings specified for that device; that is, a LAN device can receive inbound traffic associated with outbound traffic (for example, Web browsing) but needs to have a firewall rule established to function as a server.

To change the firewall settings, access the Firewall - Settings page of the MDC or the Firewall Settings page of the standard Web pages to configure the Hosted applications allowed for each device to be used with unsolicited traffic.

Note: This is different from the operation of other routers. These other routers automatically allow all traffic to pass through from the WAN to the LAN devices configured with WAN IP addresses.

If the device only requires the public IP address then no rules need to be established. In most cases a firewall rule is required if you want to host an application or access a server from the public Internet. This is also known as creating a pinhole in the firewall.

Note: The 2Wire firewall only allows traffic for a bridged IP address to be directed to a local LAN device with the same bridged IP address. That is, except for traffic sent to the single broadband IP address assigned to the router and shared through NAPT, traffic send to other specific broadband IP addresses associated with the connection cannot be directed to local LAN devices that may be using private IP addresses.

Sample Configuration


This network consists of a public Web server, a private Web server, a public FTP server, and a number of desktop devices. Only the public servers need be accessed from outside the network. The FTP server needs to be accessed from inside.

1.       Configure the 2wire gateway for Internet access. Enable the Bridge Network features with the proper subnet mask.

2.       Use DHCP Private Network for all the desktop devices by default. These devices will use NAT and share one of the broadband IP addresses. Addresses given out by the DHCP server in the 2Wire gateway will range from 172.16.1.33 to 172.16.1.250 (for software version 3.7.x or lower) or 192.168.1.64 - 192.168.1.253 (for software version 3.7.x or higher).

3.       Set the FTP server to one of the Fixed Bridged Network IP addresses. This will route all incoming traffic for the specific public IP address to the designated network device. In this case, the traffic is routing to the FTP server. Optionally if the FTP server does not have a DHCP client, you can configure the server with a public static IP address and the 2Wire gateway will correctly route the traffic. If unsolicited inbound traffic is expected, you need to configure the firewall to allow FTP traffic to pass clicking the Firewall Settings link (Figure 6) of the MDC (http://gateway.2wire.net/mdc) or using the Firewall tab (Figure 7) of the main GUI (http://gateway.2wire.net/mdc).

4.       Similar to the FTP example, set the public Web server to one of the Fixed Bridged Network IP addresses. This will route all traffic to the specific pubic IP address to the designated network client. You need to configure the firewall (as described in step three above) to route inbound port 80 traffic to the server.

  1. Set the private Web server to a static private IP address, so that it is always accessible at the same address to the local desktop clients. For example, use 192.168.1.1 as the server’s IP address.
     

 

2Wire 2701HG-B IP Config ScreenShot