Linksys WRT AC Series Router Networking with OpenWRT
The Scenario
A WRT3200ACM router running OpenWRT 19.07.3, during the fall of 2020. It is configured as a dual WAN router with the "WAN" port connected to Comcast Business Internet with 5 static IP Addresses available. Port 4 (as it is labeled, but is really port 0 as the internal switch 'sees' it) is configured as a WAN port connected to AT&T Broadband with 5 static IP Addresses available. The remaining three ports on the switch are used for three different local sub-nets, each configured with a different range of IP Addresses.
AT&T Special Note for the Pace 5268AC Router
It took a LOT of effort to configure a WRT3200ACM router to work with the AT&T Pace 5268AC router. But in the end, got it all working.
Issue 1: Configuring the 5268AC to Facilitate Static IP Addresses on another Router
Sadly, as with most devices from Comcast, AT&T, etc, the 5268AC Router cannot be configured as a simple bridge device. This would make things so much easier if they included this capability as devices from the past used to do. But they don't, so one must work within the boundaries of what can be done. Another really depressing thing is that most AT&T techs that come out for installation do not know how to configure the AT&T equipment for this scenario. It's difficult to fault the individual techs, as 99% of the time they're doing normal residential installations that don't require the need to configure an AT&T router in this fashion.
To configure the 5268AC Router for static IP Address, several settings must be configured. It is recommended to reset the device to factory defaults, so no other previous settings can cause issues.
- Reset to Factory Defaults: Settings, Diagnostics, Resets, Reset to Factory Default State, Reset to Factory Default State, Reset Button
- Add "Additional Network": Settings, Broadband, Link Configuration, Supplementary Network, Add Additional Network
- AT&T will supply the static IP Address information (hopefully the tech has it readily available). The important items is the "Network Address" and "Subnet Mask". The "Network Address" will be similar to the usable IP Addresses. An example is given below;
- Usable IP Address Range: 63.202.47.98 - 63.202.47.102 (in this example, the default gateway is at the bottom of the subnet range, if it were at the top, this range would be 63.202.47.97 - 63.202.47.101)
- Subnet Mask: 255.255.255.248 (sometimes represented as /29)
- Default Gateway: 63.202.47.97 ('classically', a default gateway was always at the bottom of the subnet range, but since the early to mid noughties providers typically put it at to the top of the subnet range, 63.202.47.102)
- Broadcast IP Address: 63.202.47.103
- Network Address: 63.202.47.96 (regardless of 'classic' or 'new' subnet organization, this will always be at the very bottom of the subnet)
- ...so, using the information from AT&T, and comparing it to the above example, the "Network Address" will be an IP Address at the bottom / beginning of the subnet AT&T allocates to a customer
- AT&T will supply the static IP Address information (hopefully the tech has it readily available). The important items is the "Network Address" and "Subnet Mask". The "Network Address" will be similar to the usable IP Addresses. An example is given below;
- Turn firewall off / disable firewall: LAN, LAN IP Address Allocation, Firewall, dropdown menu with Enable / Disable choice (a "login" prompt will occur at some point where the device's key # will need to be entered)
- Configure this after a device is connected to the LAN side of the 5268AC Router, otherwise there will be no firewall setting to disable
- For testing purposes it is useful to enable ping responses: Settings, Firewall, Advanced Configuration, Enhanced Security, Block Ping, uncheck the Enable box
Issue 2: MAC Addresses and the DYNAMIC "LAN IP Address Allocation"
Menu: 5268AC Router, Settings, LAN, LAN IP Address Allocation (a "login" prompt will occur at some point where the device's key # will need to be entered)
Sadly, this router has a unique feature where it "scans" the LAN side (AT&T refers to this as the "private network) of itself for any devices connected to it. Whenever it detects a device, it enters the device's MAC Address into it's "connected device database", associates the MAC Address with an IP Address from the static pool, and enables the firewall by default. It is understandable why the firewall is enabled by default. But it does have a frustrating side effect. Whenever a new device, such as a router, is connected to the LAN side of the 5268AC Router, any incoming connections will be blocked until the firewall on the 5268AC router is disabled. Firmware updates automatically pushed out by AT&T often times resets the "connected device database" which re-enables the firewall for all connected devices.
Keep in mind all of the above comments are applicable when the 5268AC Router is configured for static IP Addresses. Functionality is different for different modes.
Other Sources
Network IP Commands: https://openwrt.org/docs/guide-developer/networking/network.interfaces
Switch Commands:
ip link Commands: https://man.cx/ip(8), https://man.cx/ip-link(8)
Ability to assign alternate MAC Addresses to a physical or virtual interface:opkg install kmod-macvlan