The internet has a lot of data about the NVG510 modem/router. Most of it consists of complaints. I will add to that list of complaints by adding one: The router will not let me use all five of my static IP addresses for five different computers.
But first, any AT&T technicians out there seeing this should know that assigning a static IP address, provided by AT&T, to a system on a local intranet does not make that static IP address accessible to the internet. It’s not really using the static IP address as an internet static IP address at all. Please learn about the work you do, and stop doing a half-assed job. It’s not always your fault if you are trained wrong, but there is no harm in trying to get better at your job.
Now back to my complaint about the router…
Like I said, you cannot assign a static IP address to a computer on your intranet and have it be accessible to the outside world. Fortunately, and seemingly contradictory to that statement, you can let (and only one) computer have a static IP address accessible from the internet. You just can’t configure that address on the PC. The settings are simple:
The image above shows my settings. I configured the router to use a local subset address for it’s private LAN address. The technician had used up one of my static IP addresses for this because he has little knowledge of the internet and of his job. Sheesh.
Once the LAN options are set using typical intranet addresses, I set the Public Subnet settings. I picked a public address for the router using one of the static IP addresses. I then set the DHCP server to have a bank of just 1 DHCP address. It is important to have this be one of the static IP addresses. Using it with DHCP is just plain stupid because it’s static but I’m stuck doing things this way; I should be able to assign static IP addresses on separate computers, but there seems to be no way to tell the router to treat them as public addresses. Maybe I missed a setting somewhere else. I bought five addresses, but I can only use one of them.
Anyhow, the one computer that I need to have a static IP address is configured to use DHCP and it gets this one address. It is then visible to the internet. But again, you only get one address unless you don’t mind letting the DHCP service in the router change which PC gets which address.
Fortunately, I am not connecting any PC to this. I’m connecting a Sonicwall router. The rest of my intranet connects to that.
I made no other changes to the NVG510 configuration. If you were to right now go to address 107.141.106.217, you would connect to my Sonicwall router. Remote admin is disabled, so you can’t do anything with it. Sorry.
Now, how do I get the VPN connection in the Sonicwall router to work? (That’s rhetorical because it all works fine)
Hi Dave. First of all I don’t work for AT&T. I actually despise them. But I live in the cornfields of central Illinois so I have to live with what’s available, and U-Verse is what’s on the menu. I’ve had mine for a couple of years as supplemental bandwidth for work and until two weeks ago I didn’t need the static IPs. When I started down that road I hit Google, hard, and found your page. Your story is VERY typical; it is installed by techs that are woefully undertrained and misinformed, the information they do have is often inaccurate and getting a knowledgeable person at support is exceedingly rare. I was lucky enough to get one of the rare ones when I called in for my static IP info and between the information he gave me and some prodding around on my own I was able to piece together how to setup the NVG510 with a SonicWall behind it. You have all kinds of theoretical stuff posted in the comments above, some right, some a little off track and some dead wrong. Instead of rehashing the same tired stuff how about we just setup your equipment?
Your NVG510 should be setup like this:
Public IPv4 Address 107.141.106.222
Public Subnet Mask 255.255.255.248
DHCPv4 Start Address 107.141.106.217
DHCPv4 End Address 107.141.106.221
Primary DHCP Pool Private
You’re going to have to burn an IP from your usable pool for the SonicWall interface. Set your WAN interface to static with this setup:
IP Address 107.141.106.221
Subnet Mask 255.255.255.248
Default Gateway 107.141.106.222
DNS Servers Your Choice (I use Google DNS Servers)
That’s it. No modem hacking, no static IPs on internal resources. Just use your SonicWall to publish your internal resources on your remaining IP block (217-220) using the wizards. Easy-peasy.
Lee, thanks for the comment. The settings that I used worked fine. If I set the public DHCP pool to have more than one address, it would be possible for the sonicwall router to get a different address in the future. The problem is that it must absolutely never change its address or the other end of the VPN connection will not let it connect.
Dave,
Lee’s is correct and his setup will let you use any (or all) of your IP addresses on the SonicWall.
To clarify… Just because the IPs are defined as a range in the NVG510’s DHCP server settings, it doesn’t mean that they MUST be assigned dynamically. You would absolutely want to assign the IP statically to your SonicWall’s WAN interface. The NVG will see that IP as in-use and will not give it out to any other DHCP clients (not that it would find any because, I assume, the Sonicwall is the only device connected to the NVG). In fact, to test, you could leave your NVG’s config as-is and switch your SonicWall’s WAN interface to static using the 107.141.106.217 address – you’d see that everything continued working.
If you’re convinced after setting your SW’s WAN interface statically, you could expand the NVG’s DHCP scope to include your entire block of IPs. To make use of a different public IP in your SW you don’t assign it to an interface; instead, all you have to do is use the public server wizard and choose an IP from your public block as the public IP of the server.
This way, your VPN endpoint will always be the .217 address assigned to the WAN interface; maybe an internal webserver running on your LAN is published on your .218 public IP; a LAN mail server could be published on your .219 address.
Anyway, hope that clears it up for you… It’s just like running a DHCP server on a LAN, you’re not required to assign all the IPs in the scope dynamically.
-Sam
Sam, I wasn’t aware that a machine on the intranet (LAN) could have a static IP address (static on the LAN) with that address also being in the routers DHCP table range. That seems wrong to me, but only instinctively. I would always worry that the DHCP server was going to give out that same address to some other system.
What I described in my post was what I actually did and it worked fine. It’s been running for a year. The whole point of the post was to say that using one of the static IP addresses assigned by AT&T as an address of a computer on the LAN doesn’t make it visible to the outside world (WAN) at that address. The modem/router still needs to be configured properly with that address in the DHCP range.
But your suggestion is very interesting and I might try it sometime. It would be great to find out that the DHCP server checks for existing machines at an address before assigning it to some other system. If that’s really true, I would be able to use all five static IP addresses and access all five systems from the outsize world (WAN)! Very cool if it works.
But Microsoft says that this won’t work and the DHCP server might give out an address that is set statically on some other system: http://support.microsoft.com/en-us/kb/133490. In fact, I see lots of posts on forums about static IP addresses conflicting with DHCP assigned addresses because the DHCP server doesn’t check to see if an address is already in-use. The DHCP server assumes that it has control and ability to assign each address in it’s DHCP range without worrying about a collision. If this is true then your idea won’t work. I would not be able to set an address on a system statically and also have that same address being in the router DHCP range.
So maybe Lee is still wrong? hell, I can’t even remember Lee’s comment since it’s all year-old info to me. It’s a good thing that I only ever wanted to get and use a single static IP address for my Sonicwall VPN router.
Thanks.
Dave
[Edit…]
If there are no machines on the LAN using DHCP then there will never be a conflict because the DHCP server would never be asked for an address. Assigning an IP address to each system statically should work. But as soon as one new computer, like a laptop on Wi-Fi, is added to the LAN and asks for an address from the DHCP table, it might be assigned an address that is already in-use. So there is a way to use all of the static IP addresses with this modem/router, but it really sucks. A simple firmware change would solve the problem by having a range of addresses that are not DHCP addresses but are expected to be statically assigned and used as internet static IP addresses.
No wonder this post gets so many hits. This is painful stuff to deal with.
Haha, yes, it can seem painful.
I believe in this situation, with 2 nodes (NVG510 & SonicWall) and 5 available addresses, there’s not much to worry about. The Sonicwall interface is the only node that would be physically connected to the NVC510 and could ever request a DHCP address IF it were configured to (which it wouldn’t be). And, by creating “public server” rules on the SonicWall, you are essentially statically assigning the other IP addresses to the SonicWall’s WAN interface.
Also, things have gotten much better – RFC5227 (Address Conflict Detection) has been implemented on the client-side since Windows 2000 (the MS article you linked to above applied to Windows NT 3.51 and earlier, yikes!). Here’s an excerpt from a technet article (https://technet.microsoft.com/en-us/library/cc780760%28v=ws.10%29.aspx); it refers to MS operating systems but is true for other vendors too:
So, even if the DHCP server were to give out a bad address, the client would (should) see that it’s in use and refuse to use it.
I agree with you – this could have been implemented in the firmware much better; they could have just implemented a bridge mode.
Obviously, the way you have it setup works for you and I’m glad you posted your experience because it helped me!
Thanks.
Thanks to both Dave and Lee! This blog post helped me because I didn’t understand where to put the public scope in the NVG510; I had been messing around with the “cascading router” options. Lee’s start and end range let’s you use all of the IPs. One is assigned directly to the WAN address of your router and the others are made use of by creating NAT & firewall rules (I use the public server wizard in the SonicWall to create the defaults and then lock it down further, if needed, by editing the firewall rule and restricting the source addresses; for example, maybe I only want certain IPs accessing my FTP server.).
Hope to offer some insight on this one. First all the usual legalese: I have worked for AT&T as a tech, but am here on this site representing myself NOT the company. Anything I say is personal opinion (yada, yada, etc).
Ok, now that is out of the way. Quickly addressing the above comments: AT&T technicians in a static IP installation have guides to follow specific to each model RG (modem/router). Technicians that ignore the guides are working off of their own personal knowledge; as noted AT&T doesn’t provide certified training such as Network+ or A+.
Regarding static IP on the NVG510:
The account is assigned at minimum 8 addresses (you can purchase more, but not fewer). 3 are reserved for the system itself (the first is for the network base address, the second to last is the RG, the last is the broadcast address) leaving 5 usable addresses for other network devices. Let’s use a scenario for an account assigned the (made-up) block of IPs starting with 333.222.11.72.
To ensure static IP is correctly set up, in the router’s configuration page (192.168.1.254) under Home Network>Subnets & DHCP you should see the following:
Public Subnet Enable – On
Public IPv4 Address – 333.222.11.78 (this is the RG’s address)
Public Subnet Mask – 255.255.255.248
DHCPv4 Start Address – 333.222.11.73
DHCPv4 End Address – 333.222.11.77
Primary DHCP Pool – Public
(Note: these settings within the RG’s configuration page WILL BE RESET to default if the unit is factory reset)
That is the sum total of what the technician is to set up. Anything beyond that would be referred to ConnecTech, the tech support dept of AT&T.
With an NVG510 RG to use those static IPs it’s best to configure the IPs on the client side (for example if you want your Windows XP computer to use a static IP from your block manually assign it within Windows’ Internet Options dialog. Reboot all devices on the network and the IP should be recognized and usable).
Some other quick notes: the NVG510 doesn’t support PPPoE, bridging, or router-behind-router/cascading router. Also any 3rd party router downstream of the NVG510 can have one static IP assigned to it via DHCP, but can’t be assigned more than one (ie a 3rd party router can’t be assigned to manage the entire pool of static IPs).
Hope this is informative and helps you guys out!
I’m not sure if you got this wrong or if I’m just reading it wrong. Assingning a static IP address to a Windows XP machine that is behind the router does not make it visible at that static IP address on the internet. The entire purpose of being assigned a static IP address is so that a machine outside of the local subnet can see the machine at the static IP address. So a computer in China should be able to access my router using the static IP address, and then access the system behind (meaning within the local network) the router that is set up to get port forwarding from the router when the static IP address is used.
I can make up addresses that I use within my own local subnet, so paying for a static IP address just to set machines in the subnet to those addresses is pointless.
Maybe you were saying this. It’s been more than six months since my router was set up incorrectly by the AT&T technician. ONe thing that I remember is that numerous posts on numerous forums described people having trouble configuring this particular router. It is no surprise that the technician got things wrong considering how complex network addressing is. Especially since I added a different router between the AT&T supplied router and my intrAnet. I had to do that so that I could use the hardware VPN capabilities of my other router to provide VPN access to my entire network, not just an individual system using software VPN.
I wanted to pass on some feedback that I just got about this blog post. This came in an email from someone with an @att.com email address:
“Your comments regarding AT&T technicians are ignorant. AT&T technicians are not A+ Certfified [sic], nor do they have any traning [sic] in networking. It is NOT their job to configure your computers for you, there job is to only provide you with working internet signal to your premise. The most they can do is enter the Static Ip addressed they were given into the modem, the rest you or your IT guy must cover. To say they do not know their job, or are doing half assed [sic] jobs, when you do not know what there job entails is ridiculous, espicially [sic] if you were never a AT&T technician yourself. “
“The most they can do is enter the Static Ip addressed they were given into the modem…” is what the technician tried to do and it is exactly what the technician did wrong. If the technician had done this one simple step correctly, there would be no other work for my IT guy to do.
You may not be aware that a static IP address is an IP address that is reserved on the entirety of the internet for my router/modem/computer. On the intranet (the local network), I can assigned each device, including the router, with any IP address that I want to use. Yes, I need to pick my internal addresses properly or they won’t work together, but the point is that I can pick the internal IP addresses out of my ass.
There is a huge difference between assigning the modem/router an IP address on the internet and assigning it an IP address on the intranet (notice the spelling of intranet if this sounds confusing). One address is used within the firewall and behind (technically, not literally) the router, while the other is there for all of mankind to see.
You’ve probably got all this info but:
– suggestion is to put it in Bridge mode and do all work elsewhere
Check out these two.
http://www.linksysinfo.org/index.php?threads/rooting-your-at-t-u-verse-modem-for-tomato.60135/
http://earlz.net/view/2012/06/07/0026/rooting-the-nvg510-from-the-webui
Personally I moved to using ddwrt or tomato on another router and being able to do everything from there.
I use a TPLink 941ND but I undertand the Asus RT-N12 is great and also has some installs designed to make certain things very simple to do – like for schools.
YMMV Good luck…
If I set up bridge mode, I suspect that the router IP address could be accessed remotely, but there would be no way to use one of the static IP addresses that I bought to access it and my other router. My other router is a VPN router that needs a static IP address to be stable. The static IP address issue is why I didn’t try bridge mode.
I’ll have to revisit the issue one of these days.