Help needed. Switched ISPs and now my internal network is sub par

[revelstone777]

I recently switched from Xfinity to ATT fiber and my network performance has gone to hell. I put the fiber gateway into passthru and assigned the mac of the router and that much seems to work. I can web into my Blue Iris and home automation systems from outside just fine. Internally, everything is slow. Web searches are painfully slow and even wifi seems to be intermittent. I'm running an RT-AX88, not a pro with the latest Merlin build on it. In DHCP I have 8.8.8.8 and 8.8.2.2 configured for DNS servers. When I run Speedtest through my router i get <400MB, when I connect directly to the gateway wifi I get >900MB. Any ideas? Did I miss something in the gateway?

Hal

 

[ColinTaylor]

In DHCP I have 8.8.8.8 and 8.8.2.2 configured for DNS servers.

8.8.2.2 is not a valid address. You probably meant to use 8.8.4.4.

Have you put these addresses in the LAN - DHCP Server > DNS Server 1/2 settings? If so, don't. Leave those DNS fields empty. If you want to use those Google DNS servers rather than your ISP's servers put the addresses in the WAN - Internet Connection > DNS Server settings.

When I run Speedtest through my router i get <400MB, when I connect directly to the gateway wifi I get >900MB.

Ignore the router's built-in speed test and run the test from a LAN client. Your speed can become limited by the router's CPU if you've enabled options like QoS and AiProtection.

 

[Analog-1]

Even with the AT&T gateway in passthrough it's still doing a double nat there is no way around it. Just something to understand.

 

[bennor]

I recently switched from Xfinity to ATT fiber and my network performance has gone to hell.

Do you need the ATT provided router or gateway? If you have fiber they may have installed an "ONT" from which you can connect the ONT ethernet output direct to the Asus router WAN port rather than to the ATT provided router/gateway.

With some ATT router/gateway's you cannot really put it into true bridge mode or true passthrough mode. One may have to put the Asus router into the ATT router/gateway's DMZ zone to see if that works.

 

[Analog-1]

Do you need the ATT provided router or gateway?

Yes he does because AT&T needs the gateway to authenticate his connection. There use to be ways to get around this not sure if it still works.

 

[ColinTaylor]

Even with the AT&T gateway in passthrough it's still doing a double nat there is no way around it. Just something to understand.

Really? I'm not an AT&T customer but from what I've read passthrough mode removes NAT and gives the target machine a public IP address. In other words, it's a bridge mode for a specific device (e.g. a customer's router). Or is this NAT something that only applies to their fibre offering?

Configuring IP Passthrough and DMZplus

When configured for IP Passthrough (Passthrough Mode) the AT&T provided gateway shares its Dynamic WAN IP address with a single device on the LAN.

www.att.com

 

[Martinski]

Even with the AT&T gateway in passthrough it's still doing a double nat there is no way around it. Just something to understand.

That's a false general statement, and certainly not true for all the ASUS routers that I have set up and configured myself over the years (4 total so far) with AT&T FTTH plans.

I have had the 1Gbps Up/Down AT&T FTTH plan since 2020, my previous and current ASUS routers were set up in "passthrough" mode, and I get a public WAN IP address every time. My parents and 2 next-door neighbors also have AT&T FTTH plans, and they all get public WAN IP addresses on their ASUS routers that I set up in "passthrough" mode.

Here are some screenshots from my own setup:

 

[Analog-1]

Look at the nat table on the AT&T gateway in passthrough mode. You will see the natting keeps being logged.

 

[Martinski]

Look at the nat table on the AT&T gateway in passthrough mode. You will see the natting keeps being logged.

Keep in mind that the "IP Passthrough" mode of the AT&T gateway applies to only one single device, which is typically a 3rd-party router, but that may not always be the case, so the AT&T gateway continues to function as an active network router to be able to manage traffic for all "non-passthrough" devices connected directly to it. For example, you can enable the built-in 2.4GHz and 5GHz radios on the AT&T gateway, so all the clients connected to the associated WiFi subnets will need to have NAT functionality. IOW, the "IP Passthrough" mode is not the typical "bridge" mode in the sense that it does not completely disable the gateway's NAT and routing functions.

The key point is that the NAT table serves 2 purposes:

1) To show & manage traffic for all non-passthrough clients. Since you can still connect devices directly to the AT&T gateway via its own built-in WiFi bands and LAN ports, these clients must have their traffic processed and managed through NAT.

2) To track sessions for the single "passthrough" device. Even though the assigned passthrough device gets a public WAN IP address, the AT&T gateway still maintains table entries to track and manage the device's sessions for logging, state-tracking, and diagnostics/troubleshooting purposes, but *not* for network address translation because the "IP Passthrough" mode avoids double-NAT for the single device.