5268ac and OpenWRT

This article is about the Pace / Arris / AT&T 5268ac Router / "Gateway" / Wireless Access Point / VoIP device / etc. Depending on your internet provider, the 5268ac (referred to from this point on as just the 5268ac), it could have various logos, names etc. on the exterior. And bad news on the support of the device, Arris, the original manufacturer was bought by a company named CommScope in 2019. All CommScope is interested in is selling you a battery for the 5268ac, so no new firmware from them. The next piece of bad news, is that there's more bad news. That bad news is AT&T still has new firmware that they pump out to these routers whether you want them to or not. They say this is to fix bugs add new "features", etc. But more often that not, it also breaks things. That's why this article is being written.

Even though the main subject is focused on the 5268ac Router, there's also information for anyone who uses OpenWRT (which may also apply to Tomato, DD-WRT, etc.)

The Issue

My router was working fine until AT&T pushed out a firmware update a couple of years ago. After that, I figured out a way to get things working. But then another firmware update and things were broken again.

The Circumstance

Now mine is not the typical network setup. The capabilities of the 5268ac are not sufficient for what I need. If I could have it my way, I'd love to go back to the old days when AT&T and other providers would give me a dumb stupid network bridge device. It might seem derogatory to use the terms 'dumb' and 'stupid', but that's not the case. I really would love it they would just give me a simple bridge device and forget about these complex combo devices that do VoIP, wireless, routing, firewall, and other stuff. I don't need it.

My router is a heavily modified Linksys WRT32X running OpenWRT. It has all the extra bells and whistles like a TTL / Serial adapter added onto it for terminal access. The OS runs on an external NVMe SSD plugged into a USB 3.0 hub, which is plugged into the USB 3.0 port on the router. Extra storage is provide via an 8GB external eSATA device plugged into the router's eSATA port, and of course all the custom network configuration.

The router is set up as a dual WAN router (AT&T / Comcast) with the remaining three ports on the builtin 5 port switch segregated into 3 separate VLANs which service 3 different subnets. The router has all the amenities of a CentOS / RockyOS Linux box, such as Webmin, Apache, OpenVPN, PoPtOp, BIND / NAMED, MySQL, VSFTPD, Monit, LightHTTPD, NGinx, DHCPD, DDNS, etc.

We'll get back to OpenWRT later on

The Information about the 5268ac

The documentation available for this device is horrible. As in it has been all "Appled Up" (IE, is stupid, useless, only for novices, and is no help for experts or other knowledgeable people). The information on various forums is also terrible (no offense). Information on the forums falls under the category of the blind trying to lead the blind (again, no offense to those people, they're just making their best guess).

Scenario

You have static IP Addresses (usually in a block of 8, 5 usable, sometimes 4, 1 usable (the most wasteful)) from your internet provider AT&T (possibly others too). How do you make functional use of those IP Addresses (notice the use of the word 'functional'). Use the 'powers' of the 5268ac they gave you? Nope. It can't do that. So why did they give you that router? Not sure. Bottom line is that you'll need to use your own equipment for those static IP Addresses.

Next question, how do you make the AT&T Router get along with your equipment so those 5 usable IP Address can be used? There are two ways to configure the 5268ac router to do this;

  • "Add Additional Network" 'Mode'
  • "Add Cascade Router" 'Mode'

Both of these 'modes' (really a radio button setting) can be found here: Settings Tab, Broadband Sub-Tab, Link Configuration Sub-Sub-Tab, Supplementary Network Section

"Add Additional Network" 'Mode'

This is the mode to use if you have multiple routers / devices (as opposed to a single device) behind the 5268ac

You'll need the information AT&T hopefully gave you for your static IP Addresses, which includes the following;

  • Subnet Information (IP Address range and Subnet Mask (for 5 Static IPs, the subnet mask will be 255.255.255.248, AKA a /29 subnet))
  • Usable IP Addresses
  • Default Gateway
  • There's other information AT&T gave you (DNS servers, etc), but not necessary here.

In the "Settings Tab, Broadband Sub-Tab, Link Configuration Sub-Sub-Tab, Supplementary Network Section", there are three items (two to fill in and one to check / tick on)

  • Router Address: Fill this field with the Default Gateway Address provided by AT&T. This will be the IP Address of the 5268's "LAN Side" (AT&T's misleading term, which should be titled "Customer Facing WAN")
  • Subnet Mask: 255.255.255.248 (assuming you have 5 usable static IPs, adjust as needed with the information provided by AT&T)
  • Auto Firewall Open: Check this off as it makes life easier (explained below). I'd also swear this wasn't originally available and was one of the useful items added with some firmware update.

As you configure your device(s) 'behind' the 5268ac, you can check whether the 5268 is detecting those devices here: Settings Tab, LAN (remember, that's AT&T's misleading term) Sub-Tab, LAN IP Address Allocation Sub-Sub-Tab, Public-Private NAT Mappings and Device IP Allocation Section. You should see your devices listed in this section. There should also be some settings in the form of dropdown boxes, see below;

  • Firewall (Disabled / Enabled): Make sure this is set to Disabled as the router behind the 5268ac will have it's own capability. If using a computer, make sure it has a software firewall. In years past, this defaulted to Enabled, so one would have to select Disabled manually. Thanks to one useful firmware update (see the above 'Auto Firewall Open' setting), the 'default' can be set to Disabled (at least for devices in the IP Address range assigned by AT&T)
  • Address Assignment: You can pick any setting you want. Assuming you've configured your router behind the 5268ac correctly (IE, a static IP Address is assigned to it from the pool provided by AT&T), this is a bit of a trick, as there is only one choice: Static IP - no DHCP. If you've chosen to leave your device's WAN port set for DHCP, then you'll have a choice. But that shouldn't be the case very often as the entire point of having a static IP is to make a devices WAN IP predictable, IE static.
  • WAN IP Mapping: Usually the 5268ac picks this up automatically and correctly, but check against the MAC Address to make sure.
    • The MAC Address is displayed above each subsection as 'unknownWhateverMACaddress'. It can also be changed to a different name here: Settings Tab, LAN Sub-Tab, Status Sub-Sub-Tab, Devices Section, Edit Name Link


"Add Cascade Router" 'Mode'

Using this mode, there can only be ONE device that has the 5 Static IP Addresses assigned to it, as the 5268ac will send ALL packets to ONLY ONE device.