How to implement setting for ATT microcell

[Butchfoote]

We just upgraded to ASUS n66u. We are pleased with router speed on connected PC's and Macs.

ATT microcell used to work on old WRT54g. Doesn't work on new "Dark Knight" (drop the k).

Att recommends a bunch of port forwarding/protocol, mtu changes. We need help on how to do this. Do we use port triggering or forwarding. etc. Can someone lay this out step by step?

We don't want to expose the ATT microcell to the net through a DMZ because once hacked, they bad guys would be right inside our pipe.

Here's what ATT says:

- DHCP is on <-no prob
- Data is not restricted from passing through ports 4500 and 500 (AKA Port Blocking). <-???
- MTU size is set to 1492 Finally found this
- MAC address filtering is either turned off or allowing the MAC address of the AT&T 3G MicroCell <-no prob
- IPSec Pass-Through is Enabled Finally found this in NAT passthrough
- Block Fragmented Packets is Disabled Nowher???


If using multiple routers, the 3G MicoCell must be connected to the first router connected to the broadband modem no prob

If the 3G MicroCell is connected to a router that is connected to a modem and both the router and the modem have NAT (Network Address Translation) enabled, disable NAT either in the router or the modem.
We are on FIOS, ethernet connection

Ensure the modem / router is using the latest software (firmware). Please see the manufacturer's documentation.

TCP/UDP Ports

NOTE: All ports listed need to be configured for inbound and outbound connections.
Found this but unsure about config details

Are the following configs or comments?
123/UDP: NTP timing (NTP traffic)
443/TCP: Https over TLS/SSL for provisioning and management traffic
4500/UDP: IPSec NAT Traversal (for all signaling, data, voice traffic)
500/UDP: IPSec Phase 1 prior to NAT detection (after NAT detection, 4500/UDP is used)
4500/UDP: After NAT detection, 4500/UDP is used

TIA

 

[Butchfoote]

Situation Update

Well, we did a hard reset on the microcell. It didn't brick and came back up fine. Then I removed a hand entered 'Default Gateway' address in the n66u config (i.e. I left it blank) that I had brought over from the Linksys.

Voila! About 30 mins later we got the 'activation' complete email and it's been working fine since.

We are running with the port forwardings noted above and PPPoE enabled, thought I am not sure that it matters.

Thanks for your viewings.

 

[CaptainSTX]

Micro Cell DMZ

While I'm not a big fan of putting devices in the DMZ I'm fairly sure that putting a Micro Cell in the DMZ exposes you and your network to minimal risk from hackers.

First the Micro Cell has three options for installing and setting it up.

1. Connect it to your router using a LAN port and if necessary forwarding ports.

2. Connect your Micro Cell directly to your modem and then plug your router into the pass through port on the Micro Cell. To me this is the same as putting the Micro Cell in the DMZ.

3. Use power over Ethernet to remotely connect your Micro Cell to your router.

The Micro Cell does not have a web interface. When it is connected to my network I can not connect to it over the LAN. All I can do is ping it. Perhaps you can Telenet into it but I'm not aware you can.

The way you set up and manage your Micro Cell is by signing into your your account with AT&T wireless and then set it up.

Through your AT&T account the things you can change are the Micro Cell's location, authorized users, device's nickname and if automatic hand off is activated. For a user to be authorized a phone number has to be an AT&T customer and they must have a 3G phone. Any minutes that they would use would be charged to their phone's plans minutes so the only thing a hacker could do was use a tiny bit of your Internet connection's bandwidth if they were within a hundred feet of your Micro Cell.

Perhaps someone could hack into the Micro Cell and knock you off line but the exposure is minimal if you have a strong password on your AT&T wireless account.