Configuring IP Passthrough with an AT&T BGW210-700 and a UDM Pro

I’ve long wanted to have more control/flexibility in my home network, and 2020 finally gave me the justification to make some upgrades. While there’s no question the Unifi Dream Machine Pro is overkill for a home network, it was just the combination of power, control, and convenience I’d been looking for.

With the UDM Pro, I had a real gateway, and I no longer needed my AT&T BGW210-700 gateway/router to handle any of the services it was previously performing. Unfortunately, some research showed that I couldn’t drop the AT&T router entirely; it was providing the authentication for my internet service.

My research indicated that I’d want to enable “bridge mode” on my router, but it turns out the BGW210-700 doesn’t have support for a true bridge mode*. The closest it comes to a bridge mode is its “IP Passthrough” mode.

I found Reddit posts and Help/Support pages that got me most of the way there. But I still got a few things wrong along the way, so I thought I’d document what my BGW210-700 configuration looked like when I finally got my UDM Pro assigned the public WAN IP address.


What worked for me was to leave DHCP enabled, Public Subnet off, and Cascaded Router off.

Firewall Filters

I wanted the UDM Pro to provide all of the firewall filtering, so I disabled the filters on the Firewall | Packet Filter tab. This is what it looked like when I was done:

I also turned off all of the “advanced filters” on the Firewall | Firewall Advanced tab.

IP Passthrough

The Firewall | IP Passthrough tab was, obviously, the most important page in this process. I needed to set the Allocation Mode to “Passthrough” and the Passthrough Mode to “DHCPS-fixed,” then select the Passthrough Fixed MAC Address from the list of devices.

The Passthrough Fixed MAC Address is what actually tripped me up the most. The instructions I’d been following indicated that I needed to type in the MAC address of the router I wanted the passthrough to go to (the UDM Pro, in my case). I looked in the Devices section of the Unifi Controller web interface and used the MAC address in the form.

But after restarting the BGW210-700 (from the Device | Restart Device tab) and then restarting the UDM Pro, the UDM Pro was still getting a 192.168.1.x IP address — not the public WAN IP address.

It turns out the MAC address displayed in the Unifi Controller interface is not the WAN1 MAC address. To get the right MAC address, I used the “Clear and Rescan for Devices” button on the BGW210’s Device | Device List tab. After scanning, I saw two devices: the laptop I had plugged into the router that I was using to make the changes, and the UDM Pro.

Going back to the Firewall | IP Passthrough tab, I now saw that same MAC address in the dropdown. I selected it, saved the changes, restarted the BGW210 again, and then finally restarted the UDM Pro. (I never did find a way to restart it other than pulling the power.)

When it came back up, it had the public WAN IP address. Success!

Firewall Status

This is what the Firewall | Status tab looked like when everything was working:

Wi-Fi Configuration

Lastly, I turned off both the 2.4 GHz and 5 GHz Wi-Fi networks on the Home Network | Wi-Fi tab. This isn’t necessary for IP Passthrough, but I no longer wanted devices connecting directly to the AT&T router at all, so I turned it off entirely.

*True Bridge Mode

While it’s true that the BGW210-700 doesn’t support a real bridge mode, there are a couple of workarounds that people have come up with — at least one of which, the eap_proxy-udmpro, works with the UDM Pro.

So far, the IP Passthrough mode has been working well enough for me, but if I start to see a deterioration of performance over time, I’ll be looking into the eap_proxy workaround.

The post Configuring IP Passthrough with an AT&T BGW210-700 and a UDM Pro appeared first on Atomic Spin.

Source: Atomic Object

Leave a Reply

Your email address will not be published.