cancel
Showing results for 
would you rather see results for 
Did you mean: 
Need help?

bridge mode working on HG633

Reply
28 REPLIES 28
ianr_tt
Team Player

Hi

Thought I'd post this up as it may be of use, especially anyone who is studying Cisco.

I just got bridge mode working on the HG633 (v2.00t firmware). This allows me to effectively switch off NAT/Routing/Firewall/PPP Authentication on the HG633 and bridge or forward it over to another device. No nasty double NAT or anything like that. VPNs still work fine too.

In my case it goes

ADSL phone line > HG633 > Cisco 3825 router > Cisco 3550 switches > PC

The Cisco 3825 takes care of NAT/Routing/Firewall and PPP Authentication. What threw me for a while was that Bridge mode is not the same as Modem mode. I had to configure the Cisco for a lot more than just listening for a public IP on the external interface. Once I got my head around that though, it all worked great. If anyone was wondering if there is a difference in ping or throughput with this setup - there isn't. Everything is the same.

When you enable bridge mode on the HG633 the power and broadband lights remain solid green but the Internet light goes red. The ethernet light continues to flash as normal. I assume the red Internet light means no authentication and the green Broadband light means a valid link to the Exchange.

Settings on the HG633 are:

Internet menu > Internet Connection > Edit button > from Service type untick TR069,  from Connection type drop down list select Bridged  and finally from Link mode drop down list select EoA.  Click save and OK. That's it - just 3 options and it will work.

On the Cisco you have to do a *lot* more. This page was really helpful: https://www.dslreports.com/faq/8199

The important bits are:

interface GigabitEthernet0/0            
 description ADSL_WAN_PORT
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly in
 duplex auto
 speed auto
 media-type rj45
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no cdp enable
 no mop enabled


interface Dialer1
 description ADSL_WAN_Dialer
 ip address negotiated
 no ip unreachables
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly in
 zone-member security out-zone
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname <your phone number>@talktalk.net
 ppp chap password <your talktalk broadband password>
 ppp ipcp dns request accept
 ppp ipcp route default
 ppp ipcp address accept
 no cdp enable

ip nat inside source list NAT interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1

ip access-list standard NAT
 permit <your internal IP network and wildcard mask>

dialer-list 1 protocol ip permit

 

 

Don't forget to configure your ZBF (zone based firewall). Some instructions for that are here: https://supportforums.cisco.com/t5/security-documents/ios-zone-based-firewall-step-by-step-basic-con...

You can perform some basic checking of the firewall using "Shields UP" available here: https://www.grc.com


Hope this helps someone :)





pgc30
Chatterbox

In the hg633 settings you say 'Link mode drop down list select EoA'.  I don't see that option within the Internet Connections screen. Is that  Link Mode option on another screen? I have firmware v2.00t

 

Ultimately I want to put the modem in bridging mode and then use a Google WiFi mesh router etc to do the routing.

PGC
KeithFrench
Community Star

Hi @pgc30

 

Bridging mode totally disables all routing functions, so you cannot get off the local network on to the public (WAN) IP network, this is why you need to work in modem mode. There is no official way of doing this on the HG633, but @ianr_tt may have found a workaround.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please mark it as the Best Answer.
OCE's and Community Stars - Who are they? 

ianr_tt
Team Player

Hi

 

Yes, that option should be listed under the "internet connection" screen, scroll down and find the section "Link information" - It's the next option under VPI/VCI.

Like mode  >>on the drop down select EoA. It's the top option on the list, above PPPoA and IPoA. I'm on ADSL and using firmware v2.00t as well.

 

You will need to configure your TalkTalk broadband username and password details on the Google router and turn on NAT and firewalling. If your Google router gets an internal IP from the DHCP scope on the HG633 then turn off the DHCP server on the HG633. I used a static private 10.x.x.x IP for my PC when I did this.

 

 

KeithFrench
Community Star

Surely the idea of modem mode is that it will supply the public IP address to the other router?

 

If you are going to use a Mesh, that normally does not include a router. Therefore why not simplify this & use the TalkTalk router in the default configuration, except for disabling the Wi-Fi. Connect that to the incomingline & then connect the Mesh to one of the TT router's LAN ports?

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please mark it as the Best Answer.
OCE's and Community Stars - Who are they? 

stagger321
Chat Champion

@ianr_tt Sorry to re-open an old post, but it migt be relevant to resolve an issue I have.

 

I have been having issues with my TT line and as part of the troubleshooting one of the OCE's has agreed to send a new HG633 to me.

This may or may not resolve the issue, nevertheless its worth a try.

 

In the past I had to ditch my old HG533 and buy a TP-Link router as I was having wifi disconnects regularly. The TP-LInk router fixed this issue.
There is still a chance that this may happen with the new HG633, and there is functionality in the TP-Link router that I'd want to exploit (gigabit ports for faster internal network data transfer being one)
I am interested in how I can either set the HG633 into either modem or bridge mode (as appropriate), so I am after clarity on what can/can't be done.
After all the discussion on Bridging, in the thread bove, @KeithFrench advises a user "........you need to work in modem mode. There is no official way of doing this on the HG633, but @ianr_tt may have found a workaround."

 

You then go on to indicate that there is something in the "internet connection" screen.


This surprised me as all the other googling I did indicated that modem mode was not possible on the HG633, and that bridging was the best approach.
So is it, or do I have to do the bridging stuff you list in the first post, along with another load of TP-Link configs (similar to the stuff you link for cisco router)? I realise you are not a TP-Link expert - I'm just after generic high level guidance.

 

In this setup, Ideally I'd want all the NAT and firewall stuff done via the TP-Link router, and I'd need VPN data to pass through unhindered.

 

 

Cheers

Stagger
ianr_tt
Team Player

Hi

 

Yep, you can get it working on your TP Link router. Much easier than a Cisco, although not as much fun ;)

 

This setup goes ADSL phone line > HG633 > Zyxel P-660 > PC.

 

First of all ensure you configure the HG633 in bridge mode. From my earlier post:

 

Internet menu > Internet Connection > Edit button > from Service type untick TR069,  from the Connection type drop down list select Bridged  and finally from the Link mode drop down list select EoA. It's the top option on the list, above PPPoA and IPoA. Click save and OK. That's it - just 3 options and it will work. Now on the HG633 the power and broadband lights remain solid green but the Internet light goes red. This means you have configured it correctly. Don't panic when you see that red light.

 

 Here is how I configured my Zyxel P-660 router. This will probably be similar to your TP Link router:


mode: routing
encapsulation: PPPoA
username <your phone number@talktalk.net
password : <your password>
multiplexing: VC
VPI: 0
VCI: 38
IP address: obtain automatically
Nailed up connection (ie always on)

 

And then you can give your router LAN side an IP such as 192.168.1.1/24, enable your router's dhcp server and start at say 192.168.1.2 with a pool size of 10 or more IPs for your internal devices.
DNS servers can be anything publicly available. TalkTalk's are 79.79.79.79 and 79.79.79.80

Make sure your router firewall is on. I bypassed the triangle route, dropped wan to lan and permitted lan to wan. I disabled responding to ping on the external interface. I didn't need to set up any static routes. I then plugged the HG633 into port1 of the Zyxel and plugged my PC into port 2 on the Zyxel. Once my PC got an ip address on the 192.168.1 network, I could surf the Internet. The Zyxel was doing the nat/routing/firewalling/pppoa authentication and the HG633 was just functioning as an ADSL modem.

 

Hope that helps

stagger321
Chat Champion

OK, cheers Ian.

I'll give it a try when my HG633 arrives.

 

Many Thanks

Cheers

Stagger
stagger321
Chat Champion

@ianr_tt

 

My HG633 has just arrived.

I will connect everything tomorrow.

Just for clarity - I note you are connected ADSL not VDSL.

Are you aware if the bridge commands are the same for VDSL as they are for ADSL?

 

Thanks

 

Cheers

Stagger
ianr_tt
Team Player

No idea about VDSL, sorry.

I used to be with Virgin Media - here is the Cisco config I used for them. If VDSL works in a similar way it may give you some ideas:

 

interface GigabitEthernet0/0
 description External_Interface
 ip dhcp client broadcast-flag clear
 ip address dhcp
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 zone-member security out-zone
 duplex auto
 speed auto
 media-type rj45
 no cdp enable
 no mop enabled

ip nat inside source list NAT interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 dhcp

ip access-list standard NAT
 permit <your internal network and wildcard mask>

 

 

stagger321
Chat Champion

Got to admit struggling here.

Limited time to check the connection stability of the HG633 at this point. However not happy with the HG633 wifi range in our house (compared with my old TP-Link), or the lack of gigabit ports (for internal ethernet traffic - not WAN), so although it will work after a fashion, it will not suit my requirements.

Have purchased a ASUS RT-AC86U - with is a stonking newish (non modem) wifi router with fantastic speed and range, VPN config options, etc, but can't get it to get bridge connection from the HG633. 

 

Back to the HG633 in bridged mode - Its noticable that there is no Link Mode dropdown list such as @ianr_tt lists above.

All I get is as shownbelow, and a big fat red link error on the ASUS. Can anyone assist?
BTW, the ASUS is set to accept PPPoE (Don't know if that is right), and I have disabled DHCP and Wifi on the HG633.

 

HG633 VDSL settings.JPG

 

ISP Connection seems to be there - but nothing downstream (internal to my ASUS router)


HG633 Internet status.JPG

Cheers

Stagger
charlesb224
Wise Owl

on your Asus (I have an RT-ac66u and rt-ac68u in AiMesh mode)  Set to Dynamic IP  not pppoe

 

On the HG633, you have the WAN correct, but you MUST go to the LAN page and turn off the DHCP server.

stagger321
Chat Champion

I have it sorted folks.

 

The HG633 settings do work. for VDSL bridging. 

 

After advise from the SNB forum I left the connection setting to Automatic (is that what you meant @charlesb224??), i.e let it sort itself out - and voila - it worked. I am getting I am getting a decent throughput on the ASUS router upload & download.

My mistake here was to try and do a manual setup on the Asus before connecting to the HG633 when in bridge mode.

 

Having issues with VPN, but if it continues to work like this, for now I will be very happy for now.

 

Many thanks for the help.

Cheers

Stagger
charlesb224
Wise Owl

@stagger321 : Glad it's working for you.  VPN should work as intended, I use a software VPN for work and I have OpenVPN on my Asus router for inbound connections.

 

Check on your Asus router on the WAN menu, NAT Passthrough tab.  Should look like this:  I highlighted in RED what should be enabled for VPN (I have Voip as well, so all but one of mine are set to Enabled)Wan-passthrough.JPGWAN -NAT Passthrough

 

ParallelPort
Popular Poster

I also would like to setup my Huwei HG633 router as bridged mode so it basically forwards the WAN\Internet IP to a single Ethernet connection.  Which in my case would be a PC setup as a Debian Linux router.

 

But I can't get Bridged mode to work.  I have edited the Internet Connection:

    Connection type: Bridged

    Service type: Untick TR069

    Link mode: EoA

    And in the LAN Interface turned off IPV4 DHCP Server.

 

After doing this my regular games Windows 10 PC, that I am using for testing,  is the only Ethernet device plugged into the Huwei HG633 but it does not pick up a WAN\Internet IP but the PC can still connect to the router if i give it a static IP: 192.168.0.3 that goes to the Router LAN IP which in my case is 192.168.0.2.  So it seems part of the problem is that the Router is keeping its LAN IP instead of forwarding a dhcp WAN\Internet IP

 

Any ideas?

ianr_tt
Team Player
ParallelPort
Popular Poster

Yay I have got a Internet IP on my Windows 10 PC using a PPOE client on top of a regular Ethernet IP connection.  For user name I gave (my telephone number)@talktalk.net and a blank password. This was for testing.  Now I will setup a PPOE client the other Debian Linux router PC.

 

I wrongly assumed that I would get a Internet IP from the TalkTalk router using just a regular Ethernet connection because that worked years ago when my ISP was Virgin and I had a Cable Modem that simply forwarded the Internet IP address.

 

Thank you ianr_tt

ParallelPort
Popular Poster

Today I got my speed upgraded from the basic up to 17Mbit too up to 35Mbit.  After this upgrade my Huawei HG633 went from its custom working Bridged mode\PPPOE setup to a default setup of being a full router with wifi turned on.  So I did a backup of this configuration to a .conf file and tried to restore my backup .conf file that had the Bridged mode PPPOE configuration.  This did not work.  Then I went to Internet > Internet Connection > Edit > changed Connection type to Bridged but I then noticed I was missing some previously available options including Link mode drop down list too select EoA.  So now I can't use the HG633 in modem mode to forward the internet IP across PPPOE to my Debian Linux home server.  I tried to use the Bridged mode with going through the various more limited options but the HG633 would not get a internet IP.  Anyone got any ideas how to solve this so I can get it to work in PPPOE mode again?

 

 

ianr_tt
Team Player

Are you still on the v2.00t firmware? If you are, the only thing I can think of is a pinhole reset and then set it all up manually from scratch to see if the options have come back.

 

 

stagger321
Chat Champion

@ParallelPort

The setup you have looks to be the same as I have - see post above from October.

When you go to a Bridged VDSL2/Fibre setup the list of options ARE reduced like this.

It got me confused as well. 

The way I got it working on my Asus Router was to set the Huawei as you have, then let the Asus work out the settings for itself in a kinda semi - auto mode.

So the way to approach this may be to look into the Linux based server for answer, not the Huawei.

I doubt you will be able to change anything much from what you have on the Huawei, as it does indeed serve bridged with your settings.

Cheers

Stagger