2G ISP fiber w/2.5G wired network (AiMesh) Input/Feedback needed

[helminiak247]

BackGround: 50+ wifi with a few hardwired lan devices (lots of IoT devices)
I used Solarwinds Orion to monitor network

ISP Router just keeps dropping nodes(ISP said to many nodes), Upgraded to RT-AC88U kept dropping nodes. Asus support said "to many devices". Added (2) XT8's with wired 1G backhaul, *works- not well* but AX would not connect to network.
(all above equipment going back as returns)

*****feedback on if I get get something better working?*****
At this point I'm thinking of:
ISP modem (BGW320-505) in IP Passthrough mode (2-gig fiber internet)
Main router: GT-AX6000 (just because of 2 multi gig ports)
8-Port Unmanaged 2.5G Switch
Nodes: Two RT-AX86U Both wired into 2.5G switch
*Even thinking of adapters to hardwire Firestick's into network.

I'm frustrated and upset I cant get this network to work correctly. The house 2000sq ft but mostly one level with a bonus room above garage. None of the routers I have had would provide "great" coverage over whole area. Backyard BBQ wifi was zero coverage

When we have family over my network grows by 20 easy. Seems like all the kids have multiple devices. All the TV's are streaming in different rooms. Just need/want everything to be rock solid.

 

[Tech Junky]

Bridge the ISP
Get a router that can handle a 2ge connection with enough CPU and RAM
Deploy APs for the WiFi instead of relying on mesh junk
APs can handle multiple SSIDs and significantly more devices.

Look for a 4x4 AP for coverage and performance. You can have typically up to 8 SSID per band for a total of 16. Breaking out the devices by classification for management ease. Most iot devices only need 2.4 for distance or even to connect.

 

[helminiak247]

I cant Bridge the modem. ATT will not allow it. I've asked at 3rd tier tech support. I was on the phone for 3 days when this first started.

A router that has two >2.5GBase-T ports is the issue. Not many of those around. I believe ASUS only has 3, GT-AX11000, GT-AX1100 and GT-AX6000

Well maybe Ubiquiti Access Point WiFi 6 Pro but it does NOT have the 2.5G port MSRP $150

 

[Tech Junky]

Microtik - https://mikrotik.com/product/rb5009ug_s_in

There's a 2.5GE thread around here too that discusses using a USB 2.5 adapter in addition to the one built in. What type of media is coming out the wall into the "router' ? ethernet? fiber?

Chances are you can bypass the ATT box completely and run your own device instead. Kind of depends on how much you want to invest to get the most out of the connection.

 

[helminiak247]

Fiber right out of the wall. I have a SFP on the back of the modem. I asked about not using their router at all but they said it couldn't be done. I think they have some certs in the router. Have a spare fiber SFP. And I like where you are going with this. I was just looking into building my own router and running pfSense.

I do get full speed from their modem minus the bit of overhead. When I plug into it.

 

[helminiak247]

Found that 2.5G USB thing you were talking about:

USB to 2.5Gbe adapter on AX88U

Total noob to CLI and non windows networking configuration (and I struggle with that). I was hoping to install USB to 2.5Gbe adapter to be able to take full advantage of the onboard 2.5Gbe of my PC with the already configured WAN aggregation on my AX88U...

www.snbforums.com

I like this. I think just 3 AX86U's would cover me. But your idea of the AP is much better "looking" for the house. I can put a AP on a wall or ceiling and no body really says anything. Put a spider (any wifi router) in the open and it ends up behind a tv or inside a closet

 

[Tech Junky]

Chances are you can bypass their equipment with an SFP either SR or LR depending on the fiber. You're probably assigned a VLAN and that's the "authentication" to make packets flow. A clue on the SFP type is the sheathing color. Blue is SR and yellow would be LR. Confirmation should be writing on the fiber indicating the wavelength.

DIY would be ideal for more control with pfsense. Our of the box might not get you the vlan control to get it working. To figure out the vlan being used means either packet sniffing or some sleuthing online. If their box is handing a public IP it might be easier to just keep it in place and pfsense using Ethernet and using a normal setup. There are muiltigig SFP modules though.

 

[Tech Junky]

Went digging a bit and stumbled across some starting points.

Looks like a mixed bag of options from dumb switch to EAP certificate authentication. If I could get fiber I would find a way to hack it into a bypass situation as I got rid of commercial gear and connect directly to my cable modem and push everything through my DIY setup using Ubuntu / 4-port 5GE card. A lot less to deal with on cable than some of these other ISP hurdles. It's not like ATT or anyone else needs to make things so difficult with fiber runs.

Yeah this is how AT&T fiber forces you to pay for their router/WiFi combo box. T... | Hacker News

news.ycombinator.com

Bypass AT&T Fiber Gateway with OpenWrt

AT&T requires the use of their Residential Gateway to access their network. If you’ve attempted to connect your own router directly to the ONT (Fiber-to-Ethernet adapter), you likely didn’t get very far. Why? Perhaps you want full control of your network. Maybe you are already using your own...

pyther.net

How to Use Your Own Router with AT&T Fiber

Find step-by-step instructions on how to use your own router with AT&T fiber Internet, and configure AT&T fiber router. It’s easy to follow along!

www.buytvinternetphone.com

https://www.reddit.com/r/HomeNetworking/comments/mku1ii

I've seen simpler options like using a dumb switch / VL0.

https://community.ui.com/questions/...p-needed/8ba105e2-0b73-44fb-9976-093aea553fde - -this would be helpful if you're also getting TV service

 

[helminiak247]

I ran across those as well, after a lot of reading it seems like in the newer areas of ATT Fiber they changed some/added more layers to the authentication process.

Who knew what a kind of rabbit hole I was going down when I started to have issues with the network. I dont even think I do anything special on my network and lots of people will end up with the same issues and just dont know/care about it.

 

[Tech Junky]

It tends to be the case where people just get complacent with things if they're not very cumbersome / frequent. Eventually though they tend to switch providers after awhile subconsciously. I tend to take the fight to the provider and force a fix.

Making a lab experience out of this might be the best case for getting around the GW they provide. Otherwise find a way into it and disable everything you can and put a router behind it like you normally would and use AP's instead of the pucks / nodes / mesh / (insert marketing term).

It really shouldn't be that difficult to take a fiber and plug it into the SFP and go from there. Using some sort of accounting for authentication on the provider side just asks for issues IMO. Being ATT though it's not surprising. All carriers though can be a real PITA to deal with when it doesn't work right.

https://help.sonic.com/hc/en-us/articles/1500000066642-ARRIS-BGW320

How to enable IP Passthrough on ATT BGW320-505 - Devon Stephens

Looking for how to enable IP Passthrough on your ATT BGW320? Here are step-by-step instructions

www.devonstephens.com

https://forums-att.sprinklr.com/conversations/att-fiber-equipment/use-own-bgw320-fiber-gateway/6000ed72a06270303c0b6e6a

This kind of makes it sound like the RG is provisioned similar to Cable / MAC authentication. Which in theory means you could clone the MAC of the RG to the NIC and call it a day. Though there are mentions of the 802.1X / EAP certificate.

 

[helminiak247]

That 802.1X / EAP certificate is what was throwing people off. And Im on a "new" att area that supports 5ge for residential users so it seems I have the "newer" authentication

 

[Tech Junky]

the "newer" authentication

So, MAC authentication? If that's the case it's easy to spoof a MAC which is what you normally see with Cable providers since they put the MAC on your account as verification / permit data.

 

[helminiak247]

I'm not sure. I had 2 gateways at one time and spent 2 hours on the phone because they (att) want to send someone out to fix what ended up being a gateway issue. New gateway would not authentication until someone updated something on the att side. First 2 tech guys said "you don't have a signal at your house" I replied with "well the old gateway works fine if I plug it in" It was the same M/N BGW320. They patched in some other tech guy that didnt say much but fixed the issue. I only know we have to wait over 15mins for one tech to get a hold of the "correct" dept

 

[Tech Junky]

Yeah, front line people tend to only do the basics like power cycle and check cables. People that have been there over a year tend to do more of the backend stuff like checking account codes / provisioning. I'm guessing they swapped / updated the MAC and pushed it through the billing system which updates the provisioning DB to enable service to work. Sounds like they took a page from the Cable playbook of provisioning services and accounting to measure data use.

It's interesting because Arris is well known in the Cable side for modems / telephone MTA's. From a cellular perspective there's AAA system that authenticates based on the sim ID similar to the MAC but swappable between devices. Seems ATT might have employed some billing / monitoring from one side of the business to the other.

I would say with some certainty using a SFP in a PC and cloning the MAC of the RG would produce the same activation sequence needed to be online. From there deploying PF or some other Linux distro as a router / firewall would work fine. Based off that then deploying a couple of AP's would be a cake walk and if you need the outdoors option a 3rd AP or reuse an old router w/ Ethernet backhaul.

I would start off small w/ the PC + cloning and see if it works and then build from there. No need to invest a ton of cash upfront if it doesn't work. This is where Amazon comes into play for me w/ the 30-day window to test and/or return for refund. Works well for bigger projects or one time use situations. I've done it with my car projects w/o issue other than an e-mail complaining about the returns in a short period of time. Ordered a bunch of tools needed to get some stuff done and knew they weren't needed long term. Played with some HDD replacement options for the MMI replacement with some sort of SSD option due to the drive being 7+ years in age I figured it was time to swap to SSD and converted it to a mSATA w/ caddy setup fairly easily and the system sped up a little bit. Ultimately though I ended up adding an Android head unit w/ touchscreen that I spliced into the factory system for more of a factory look / feel.

I guess the biggest question in the final build is if you want to build out the internal LAN at 2.5GE or 5GE and/or add a NAS function to the PF box. If you're doing media from the box then CPU will make a big difference as well for VPN if you want to do line rate encryption / whole network protection. I would probably do a single SFP NIC and then a 4-port 5GE for the LAN since you won't need a "router" hooked up to the PC to extend service to the AP's. The PC though gives a ton of options when it comes to the speeds you can deploy vs off the shelf solutions which usually give 1 or 2 ports beyond 1GE and charge an arm and leg for those alone.

 

[helminiak247]

This is what came out of the old gateway https://www.addonnetworks.com/produ...-lucent-nokia/sfp/2.4gbs-1.2gbs/3fe46899ab-ao

I've really been giving some heavy thought into turning my old intel i7 4770k w/16G ram into my router. Its a Mini-ITX so only one PCI Express 3.0 slot that I can use. But saw they do have some very high end cards I can put in there. I.E. SFP+, 40ge or just about anything. I could have one "overkill" lab by the time i'm done with this

 

[Tech Junky]

So, a couple of things that are of interest when looking at this is the SM (single mode) and SC (connector type)

Keeping in mind the card also needs to be multigig to be able to hand off 2.5/5GE speeds with the SFP. At least that's how I envision it since older cards / designs wouldn't have the ability to hit those middle speeds under NBASE-T.

SM = longer distance / yellow typically in color / also consider to be LR
MM = multi-mode / bluish color / shorter distances / aka SR

https://www.amazon.com/dp/B07QWW79SH/?tag=snbforums-20 - this is what I was thinking about potentially using for flexibility of 1/2.5/5/10GE copper

We'll need to get creative in search terms to find a compatible card / SFP(+) as NBASE-T is copper terminology and multi-gig is optical.

 

[helminiak247]

I talked to the techs that buried the "arial line" (They didn't use the direct burial with a tracer wire. SMH, but that is another story.)
I asked if it was multimode and they said no, it was single mode. I have a line/box that is at the street that services 4 houses.

 

[Tech Junky]

Yup, the SFP tells us that as noted above. The thing that gets me is that it's a 2.4GE SFP not 1 or 10.. Fiber doesn't usually run at odd rates.

Anyway... so, this might be the hurdle or test with a 10GE card / SFP or offload to a switch to hit that 2.5GE sweet spot w/ SFP or use a media converter from fiber to copper . I found some nerds talking about different SFP / ONT / etc regarding ATT and this is why I hate telcos in general.

BGW320-505 new gateway with integrated ONT, - AT&T U-verse | DSLReports Forums (Page 27)

Forum discussion: Can't find much info other than from the FCC site so far. (Page 27)

www.dslreports.com

3FE46899AAAA NOKIA GPON ONU 1310nm - Normal
3FE46900AAAA NOKIA GPON ONU 1550nm - Alternate Optics -- more for the box on the street
3FE46269AA XGS-PON 10G/10G ONU SFP+ SC/UPC -- different system

I'm painting a picture in my head about how they're threading all of this together logically to make it work and it's a bit convoluted. Not surprising though since it's Telco. Would be more efficient to upgrade a block to all fiber and rip out the copper .The SFP is rated for 20KM which is way too much distance unless they're going completely passive from the house all the way back to the CO. It might be the case they've engineered things this way when thinking back to the hay day of DSL deployments. Finding though that the RG is Nokia / ALU based kind of explains the odd characteristics.

 

[drinkingbird]

Does their router work ok for non-wifi stuff? If so, maybe just keep it as your router only and deploy APs rather than try to rig up your own router plugged into their fiber. I'm surprised Asus can't handle 50 devices, that isn't a big load these days. Maybe upgrade to something more professional for your APs, even if the Ubiquiti are only 1 gig, the sum of 3 or 4 of them would take advantage of your >1G internet. My experience is they can handle a lot of clients, though you still want to spread them out as the more clients, the less throughput you'll end up getting from that box. Microtik is popular too but haven't used them.

 

[drinkingbird]

Yup, the SFP tells us that as noted above. The thing that gets me is that it's a 2.4GE SFP not 1 or 10.. Fiber doesn't usually run at odd rates.

Anyway... so, this might be the hurdle or test with a 10GE card / SFP or offload to a switch to hit that 2.5GE sweet spot w/ SFP or use a media converter from fiber to copper . I found some nerds talking about different SFP / ONT / etc regarding ATT and this is why I hate telcos in general.

BGW320-505 new gateway with integrated ONT, - AT&T U-verse | DSLReports Forums (Page 27)

Forum discussion: Can't find much info other than from the FCC site so far. (Page 27)

www.dslreports.com

3FE46899AAAA NOKIA GPON ONU 1310nm - Normal
3FE46900AAAA NOKIA GPON ONU 1550nm - Alternate Optics -- more for the box on the street
3FE46269AA XGS-PON 10G/10G ONU SFP+ SC/UPC -- different system

I'm painting a picture in my head about how they're threading all of this together logically to make it work and it's a bit convoluted. Not surprising though since it's Telco. Would be more efficient to upgrade a block to all fiber and rip out the copper .The SFP is rated for 20KM which is way too much distance unless they're going completely passive from the house all the way back to the CO. It might be the case they've engineered things this way when thinking back to the hay day of DSL deployments. Finding though that the RG is Nokia / ALU based kind of explains the odd characteristics.

20KM LX SFP should be fine, SFPs automatically negotiate and adjust their output power, and they may even be employing attenuators for houses that are close to the node. I wouldn't try to use a ZX ultra long haul SFP but I doubt they're using that on their end anyway. LX is usually 10KM but there are more powerful ones that do 20. In data centers, I use LX 10KM SFPs for runs that are only a few hundred feet, and light levels are right within spec after the SFP does its "biasing". Your fiber run can be pretty long. It usually doesn't go all the way to the CO but it can go several streets away to their node. Everything is passive until it gets there, beam splitters (or combiners when in reverse) combine you and several neighbors onto the same fiber.

2.5G is a valid speed for WDM which is what FTTP uses. 10G over WDM/DWDM is actually 4x 2.5G wavelengths (or even 8x 1.25 if they run non-concatenated mode) multiplexed together. This new multigig that the ISPs are using, they're just using SFPs with a single wave in them to keep costs lower.