Reply
Member
Posts: 202
Registered: ‎03-09-2017
Kudos: 57
Solutions: 11
Accepted Solution

How to eliminate AT&T gateway from a UniFi setup

[ Edited ]

There is NO need to use the crappy passthrough mode on AT&T's gateway.  In fact, there is no need to use the gateway after a connection has been established. My connection has been up for over 60 days with the AT&T gateway turned off and stored in a corner.

 

All credit for this information goes to brianlan on DSL Reports Forums.

 

Brianlan’s posts can be found at AT&T Residential Gateway Bypass - True bridge mode! Be warned this is a very long thread. The important posts by brainlan are found on pages 1, 19, 20 of the thread.  To make it easier I have copied and pasted these three posts into the attached document. My current setup is based on Brianlan’s post found on page 19 of the thread (page 8 of the attached document).

 

A couple of important points:

1. Connect the AT&T ONT and Netgear's inexpensive 5 or 8-Port Gigabit Smart Managed Plus Switch to a battery backup. If they lose power you will need to reboot the system using the AT&T Gateway. Once it is all up an running you can disconnect the AT&T Gateway from the Netgear switch and connect your USG WAN port to the same Netgear switch port.

2. The MAC address of the AT&T Gateway's WAN Port needs to be cloned to the USG's WAN port. There is currently no way to do this on the controller so a json file is required. The following YouTube video provides a very good explanation of how to do this. How To Clone MAC address on UniFi Security gateway|Ubiquiti USG|Via Cli and json file.


Accepted Solutions
Member
Posts: 202
Registered: ‎03-09-2017
Kudos: 57
Solutions: 11

Re: How to eliminate AT&T gateway from a UniFi setup

[ Edited ]

@dcarlton82

First configure VLANs on all ports of a NETGEAR ProSAFE Switch (must be 802.1Q). I personally have had success with the following models: JGS524E, GS108Ev3, and GS105Ev2. Others have had success with TP-Link semi smart switches.  The key is the capability to configure basic 802.1Q VLANs.

This is done by clicking on the VLAN tab, select 802.1Q, select Basic, Set ports 1, 2, and 3 to VLAN 1 and remaining ports are set to a seperate VLAN such as 2.  Save.

 

Capture.JPG

 

Next you will need to spoof the MAC address of your AT&T Gateway on the WAN port of the USG.  This is done with a JSON file.

Instructions on how to do this can be found here  https://youtu.be/ZZXFqa2OUws

My JSON file is attached.  To use it you will need to insert the MAC address of your AT&T Gateway (found on the label) and change eth0 to your WAN port.  Save it as config.gateway.json

 

Initial provisioning of the ONT

1. ONT-->NETGEAR ProSAFE Switch Port 1 

2. USG WAN --> NETGEAR ProSAFE Switch Port 2 (do not power up until the the internet has finished provisioning and the AT&T Gateway has been disconnected.)

3. AT&T Gateway ONT port --> NETGEAR ProSAFE Switch Port 3

4. Power up the NETGEAR ProSAFE Switch.  Power up the ONT.  Now power up the AT&T Gateway - set to factory default settings as it will be removed and powered down after setup is complete.

5. Wait for AT&T Gateway to finish provisioning - green light.  Just to be safe give it a few minutes after broadband light is green and solid.

6. Disconnect the AT&T Gateway and power it down but DO NOT turn off or disconnet the ONT or the NETGEAR switch.  The internet connection will be maintained as long as both the ONT and NETGEAR switch remain on and connected.  I suggest a battery backup on the ONT and NETGEAR switch to avoid power loss and the resulting loss of the connection to the internet.

7. Power up the USG.  The WAN port should be set to DHCP.  AT&T does not routinely reset the connection or change the IP address.  I have two sites which have been up for more than 4 months with USGs and another site more than 2 months with an Edgerouter.  So far the IP addresses have never changed even with reboots of the routers.

8. Keep the AT&T Gateway.  If the ONT or NETGEAR switch experience powerloss you will need it to get the connection to AT&T up and running using the procedures above. I just leave an ethernet cable plugged into Port 3 of the switch in case I ever have to do this.  So far I have only had to do this if I unplug the ONT or NETGEAR router.  Otherwise there have never been any glitches.

 

See my original post for more details: https://community.ubnt.com/t5/UniFi-Routing-Switching/How-to-eliminate-the-AT-amp-T-Gateway-from-a-U.... Credit for this method of how to eliminate AT&T's gateway from a network goes to brianlan on DSL Reports Forums

 

 

 

View solution in original post


All Replies
New Member
Posts: 11
Registered: ‎06-29-2018
Kudos: 2

Re: How to eliminate AT&T's gateway from a UniFi setup

[ Edited ]

Thanks for sharing this in the other thread!  I assume all of this is still possible to accomplish with the 150w UniFi PoE switch 8, right?  I’m going to tinker with this guide once my family leaves, as disrupting internet service doesn’t go over well.  I’ve noticed I’m not getting anywhere near 1 gb speeds from AT&T since setting the USG behind the Pace gateway and before I switched to the USG, the Pace Gateway was showing close to 1 gb speeds during my tests.  I even turned off DPI and IDS/IPS within the USG and the best I got was 270 MB down and up.  Hopefully, eliminating the Pace gateway gives me 1 gb speeds again. I’ll post again once I’ve attempted this guide. Thanks again for sharing!

 

Edit: Just had a duh moment...realized I’ll need a second switch regardless, so I’ll pick up the Netgear switch used in this case.

Member
Posts: 202
Registered: ‎03-09-2017
Kudos: 57
Solutions: 11

Re: How to eliminate AT&T gateway from a UniFi setup

[ Edited ]

@dcarlton82

First configure VLANs on all ports of a NETGEAR ProSAFE Switch (must be 802.1Q). I personally have had success with the following models: JGS524E, GS108Ev3, and GS105Ev2. Others have had success with TP-Link semi smart switches.  The key is the capability to configure basic 802.1Q VLANs.

This is done by clicking on the VLAN tab, select 802.1Q, select Basic, Set ports 1, 2, and 3 to VLAN 1 and remaining ports are set to a seperate VLAN such as 2.  Save.

 

Capture.JPG

 

Next you will need to spoof the MAC address of your AT&T Gateway on the WAN port of the USG.  This is done with a JSON file.

Instructions on how to do this can be found here  https://youtu.be/ZZXFqa2OUws

My JSON file is attached.  To use it you will need to insert the MAC address of your AT&T Gateway (found on the label) and change eth0 to your WAN port.  Save it as config.gateway.json

 

Initial provisioning of the ONT

1. ONT-->NETGEAR ProSAFE Switch Port 1 

2. USG WAN --> NETGEAR ProSAFE Switch Port 2 (do not power up until the the internet has finished provisioning and the AT&T Gateway has been disconnected.)

3. AT&T Gateway ONT port --> NETGEAR ProSAFE Switch Port 3

4. Power up the NETGEAR ProSAFE Switch.  Power up the ONT.  Now power up the AT&T Gateway - set to factory default settings as it will be removed and powered down after setup is complete.

5. Wait for AT&T Gateway to finish provisioning - green light.  Just to be safe give it a few minutes after broadband light is green and solid.

6. Disconnect the AT&T Gateway and power it down but DO NOT turn off or disconnet the ONT or the NETGEAR switch.  The internet connection will be maintained as long as both the ONT and NETGEAR switch remain on and connected.  I suggest a battery backup on the ONT and NETGEAR switch to avoid power loss and the resulting loss of the connection to the internet.

7. Power up the USG.  The WAN port should be set to DHCP.  AT&T does not routinely reset the connection or change the IP address.  I have two sites which have been up for more than 4 months with USGs and another site more than 2 months with an Edgerouter.  So far the IP addresses have never changed even with reboots of the routers.

8. Keep the AT&T Gateway.  If the ONT or NETGEAR switch experience powerloss you will need it to get the connection to AT&T up and running using the procedures above. I just leave an ethernet cable plugged into Port 3 of the switch in case I ever have to do this.  So far I have only had to do this if I unplug the ONT or NETGEAR router.  Otherwise there have never been any glitches.

 

See my original post for more details: https://community.ubnt.com/t5/UniFi-Routing-Switching/How-to-eliminate-the-AT-amp-T-Gateway-from-a-U.... Credit for this method of how to eliminate AT&T's gateway from a network goes to brianlan on DSL Reports Forums

 

 

 

New Member
Posts: 11
Registered: ‎06-29-2018
Kudos: 2

Re: How to eliminate AT&T gateway from a UniFi setup

[ Edited ]

@Jdld

Thanks for the detailed instructions. I have a Cyberpower UPS/surge protector and I have the USG and ONT connected to it.  Once I pick up the Netgear switch you recommended above, I’ll also connect it to the UPS. Do I need to perform a factory reset on my UniFi gear to include my cloud key or just the AT&T gateway? Currently, my AT&T gateway is passing everything through to the USG. I have a 150w UniFi PoE Switch 8 connected to the USG, and the cloud key dongle and 2 AC HD APs connected to the UniFi switch. 

 

My ”to-be” architecture (after AT&T Gateway is removed):

ONT——> Netgear ProSafe switch Port 1 (VLAN 1)

USG WAN——> Netgear ProSafe switch port 2 (VLAN 1)

USG LAN——> Unifi PoE Switch 8 Port 1

UniFi cloud key dongle——> Unifi PoE Switch 8 Port 2

2 AC HD APs——> Unifi PoE Switch 8 Ports 3 & 4

Member
Posts: 202
Registered: ‎03-09-2017
Kudos: 57
Solutions: 11

Re: How to eliminate AT&T gateway from a UniFi setup

No need to factory default anything other than the AT&T gateway. 

No need to change any settings on your UniFi devices as this change will not impact your internal network and it is unlikely your WAN IP will even change. 

New Member
Posts: 2
Registered: ‎08-09-2018

Re: How to eliminate AT&T gateway from a UniFi setup

Great post! Thank you a million times for this!!!

 

What kind of throughput are you getting with this setup? Can you screenshot some speedtest results?

 

Thanks!

Member
Posts: 202
Registered: ‎03-09-2017
Kudos: 57
Solutions: 11

Re: How to eliminate AT&T gateway from a UniFi setup

Full speed based upon DSLReports speed testing.    Test over time range from 650 to 930 down and >900 up.  This seems to be the norm for AT&T fiber in California and consistent with what AT&T’s fine print states.

New Member
Posts: 2
Registered: ‎08-09-2018

Re: How to eliminate AT&T gateway from a UniFi setup

Awesome, thanks for letting me know. I'm giving this a shot this week so wish me luck.  

New Member
Posts: 11
Registered: ‎06-29-2018
Kudos: 2

Re: How to eliminate AT&T gateway from a UniFi setup

Finally ordered the 105Ev2 and it should arrive Tuesday.  Been a hectic summer and I’m finally able to work on this. I’ll post my results once I’m finished.  Thanks again for sharing this solution!

New Member
Posts: 1
Registered: ‎01-12-2016

Re: How to eliminate AT&T gateway from a UniFi setup

Interested to hear your results. I was never able to get it to work but I'm not the most savvy networking person. 

New Member
Posts: 9
Registered: ‎09-10-2017
Kudos: 4

Re: How to eliminate AT&T gateway from a UniFi setup

I had this working great for several weeks/months until i made the mistake and updated my USG firmware to 4.4.28!! The USG would no longer connect to the internet. Which makes things very difficult to fix. After several hours and downgrading back to 4.4.22 (which was a real pain since the USG wants a ftp or http url for the custom firmware or to do it via ssh). and doing a factory reset I got the USG to work again plugged directly into the ATT gateway. Followed the steps again and got it working without Att gateway again but man lesson learned. If everything is working great dont mess with it!  Lol. 

New Member
Posts: 11
Registered: ‎06-29-2018
Kudos: 2

Re: How to eliminate AT&T gateway from a UniFi setup

[ Edited ]

Dang! That’s a really big hurdle to consider.  You want to keep firmware updated for security purposes. So it sounds like the only way to do so is through the ATT gateway?  It doesn’t sound like there’s a way to get around having to re-configure everything...but if I’m able to get 600-900 MB down instead of the 100-300 I’m currently getting, it’ll be worth the hastle.

New Member
Posts: 9
Registered: ‎09-10-2017
Kudos: 4

Re: How to eliminate AT&T gateway from a UniFi setup

I just tried again to upgrade to the USG 4.4.28 after reading some other posts, it seems others that run a standard setup have the same issue with losing connection after upgrading. The suggestion was to upgrade to 4.4.28 and then Forget This Device on the USG.. It resets everything back to factory and then Adapt it again. When you adapt it again it restored all my settings from the cloudkey and connected without any issues. So I am back to using my USG as my gateway instead of AT&T gateway and running 4.4.28.

I am not expert but I think it is a bad firmware and has nothing to do with how we have it setup to bypass the ATT crappy gateway. I think in the end it just makes me want to be really careful when upgrading firmware.. lol.. Hopefully this is helpful to someone else.
Member
Posts: 202
Registered: ‎03-09-2017
Kudos: 57
Solutions: 11

Re: How to eliminate AT&T gateway from a UniFi setup

[ Edited ]

I have three sites with this setup and have never had a problem when upgrading firmware over the past 6-8 months. 

All three site are on 4.4.28. 

 

If the USG WAN ever loses connection to the internet do the following::

Disconnect the USG WAN from the NETGEAR switch.

Reboot the NETGEAR switch.

Reboot the AT&T ONT.

Connect the AT&T gateway ONT port to the NETGEAR switch port used by the USG WAN.  The gateway settings should be factory default.

Boot the AT&T gateway and allow it to fully establish a connection.

Do not shut off the ONT or NETGEAR switch.

After a couple of minutes disconnect the gateway from the NETGEAR switch. 

Now connect the USG WAN port to the NETGEAR switch port and boot it up. The external IP assigned by DHCP to the USG WAN will be the same one that was assigned to the AT&T gateway.  Remember your USG JSON file is spoofing the AT&T gateway MAC address on the USG WAN.

 

If the ONT or NETGEAR switch ever lose power the above steps must be followed.  Otherwise the established connection should stay up. 

New Member
Posts: 11
Registered: ‎06-29-2018
Kudos: 2

Re: How to eliminate AT&T gateway from a UniFi setup

I’ve managed to edit and save the JSON file with my MAC address of my ATT Pace router...I got stuck while following the YouTube video to drop the file in the cloud key directory. I’m using the physical cloud key device and not the OS version. I’m not sure where to place the JSON file. I managed to WinSCP into the cloud key, but the directory structure isn’t the same as the YouTube video’s. Any ideas where I should drop this file? I’m having trouble trying to attach a pic of the file directory I’m seeing in WinSCP...

 

Here are the folders:

 

bin

boot

data

dev

etc

home

lib

lib64

lost+found

media

mnt

opt

proc

root

run

sbin

srv

sys

tmp

usr

var

 

Any suggestions? I’ve already changed the MAC address in the USG using putty, but now I’m stuck figuring out where to drop the json file on the physical cloud key 🤔🤷🏻‍♂️

New Member
Posts: 9
Registered: ‎09-10-2017
Kudos: 4

Re: How to eliminate AT&T gateway from a UniFi setup

[ Edited ]

Should be /srv/unifi/data/sites/default/ if you have the actual CloudKey device. 

New Member
Posts: 11
Registered: ‎06-29-2018
Kudos: 2

Re: How to eliminate AT&T gateway from a UniFi setup

You. Are. AWESOME! Thanks for the prompt reply! Yep, that path exists!

New Member
Posts: 11
Registered: ‎06-29-2018
Kudos: 2

Re: How to eliminate AT&T gateway from a UniFi setup

[ Edited ]

Not sure where I went wrong, but is it possible that I may have to forget the USG and adopt it again? It was already adopted when I performed the YouTube video steps. The MAC is correct in the json file and I correctly set eth0 in the USG (confirmed this twice now). Performed the steps as described above with powering everything on but not getting broadband into the WAN. Also, I noticed the MAC address for the USG is still showing it’s true address in properties, details. Should it reflect the spoofed address?

 

UPDATE: After going through all the steps again I realized I configured the wrong VLAN settings in the switch!  I had configured port based instead of 802. Doh! Anyway, after fixing that, it’s working perfectly! Much thanks and kudos all around!

Highlighted
Emerging Member
Posts: 91
Registered: ‎05-29-2015
Kudos: 31

Re: How to eliminate AT&T gateway from a UniFi setup


@Jdld wrote:

I have three sites with this setup and have never had a problem when upgrading firmware over the past 6-8 months. 

All three site are on 4.4.28. 

 

If the USG WAN ever loses connection to the internet do the following::

Disconnect the USG WAN from the NETGEAR switch.

Reboot the NETGEAR switch.

Reboot the AT&T ONT.

Connect the AT&T gateway ONT port to the NETGEAR switch port used by the USG WAN.  The gateway settings should be factory default.

Boot the AT&T gateway and allow it to fully establish a connection.

Do not shut off the ONT or NETGEAR switch.

After a couple of minutes disconnect the gateway from the NETGEAR switch. 

Now connect the USG WAN port to the NETGEAR switch port and boot it up. The external IP assigned by DHCP to the USG WAN will be the same one that was assigned to the AT&T gateway.  Remember your USG JSON file is spoofing the AT&T gateway MAC address on the USG WAN.

 

If the ONT or NETGEAR switch ever lose power the above steps must be followed.  Otherwise the established connection should stay up. 


Can this be done with a dumb switch? If you connect the AT&T ONT and Gateway to a dumb switch, wait for the connection to be established then swap the gatway for the USG will it work?

Member
Posts: 202
Registered: ‎03-09-2017
Kudos: 57
Solutions: 11

Re: How to eliminate AT&T gateway from a UniFi setup


@andcbii wrote:

@Jdld wrote:

I have three sites with this setup and have never had a problem when upgrading firmware over the past 6-8 months. 

All three site are on 4.4.28. 

 

If the USG WAN ever loses connection to the internet do the following::

Disconnect the USG WAN from the NETGEAR switch.

Reboot the NETGEAR switch.

Reboot the AT&T ONT.

Connect the AT&T gateway ONT port to the NETGEAR switch port used by the USG WAN.  The gateway settings should be factory default.

Boot the AT&T gateway and allow it to fully establish a connection.

Do not shut off the ONT or NETGEAR switch.

After a couple of minutes disconnect the gateway from the NETGEAR switch. 

Now connect the USG WAN port to the NETGEAR switch port and boot it up. The external IP assigned by DHCP to the USG WAN will be the same one that was assigned to the AT&T gateway.  Remember your USG JSON file is spoofing the AT&T gateway MAC address on the USG WAN.

 

If the ONT or NETGEAR switch ever lose power the above steps must be followed.  Otherwise the established connection should stay up. 


Can this be done with a dumb switch? If you connect the AT&T ONT and Gateway to a dumb switch, wait for the connection to be established then swap the gatway for the USG will it work?


@andcbii No.  This requires a managed switch which is a specific flavor of 802.1Q VLAN capable.

 

From one of my earlier posts:

First configure VLANs on all ports of a NETGEAR ProSAFE Switch (must be 802.1Q). I personally have had success with the following models: JGS524E, GS108Ev3, and GS105Ev2. Others have had success with TP-Link semi smart switches.  The key is the capability to configure basic 802.1Q VLANs.

Reply