Logon/Administrate a modem in bridge mode??

Hi all,
Is it possible to get access to a modem set up in bridge mode for admin/monitoring purposes?
I have the following setup on a Talk talk llu adsl2+ service.
A BT Voyager 190 running Dynalink RTA1320 firmware in full bridge mode. It's local IP address is set to 192.168.1.1 but I'm not sure that's relevant in bridge mode??
This is Connected to a Asus RT-AC66U which is serving my LAN, DHCP, NAT etc. with a LAN address of 192.168.0.1
It's all working OK but I'd like to be able to
1. Monitor my adsl connection; sync speed, noise figures etc. and
2. Login to and manage the modem while it's online.
Is this possible? If so how?

I also have the TT supplied D-Link ADSL 2780 set up the same for comparison purposes.

Any advice greatly appreciated.
Regards
Clive

With the BT 2700 hub running in bridge mode it sets an IP address of 192.168.1.254 . Provided the local network is set with a suitable IP range 192.168.1.xxx and subnet 255.255.255.0 then it is easy to access the 2700.

In your case you are using 192.168.1.1 and 192.168.0.xxx - can you change you LAN addressing to use the 192.168.1.xxx range, selecting say .111 for the ASUS and the DHCP allocatable block at 192.168.1.160 to 200. You will then be able to access the Voyager.

A trick I use when doing reviews of bridge mode hardware is to unplug the Internet connection, which sometimes makes it easier to see the configuration interface

Thanks guys. Think I need to redesign my lan ip setup.
Nice trick MrSaffron but I really want to be able to get at it while the network is up and running.
Thanks again guys.

So long as a subnet of 255.255.255.0 is used there should be no issues with 192.168.1.x and 192.168.0.x

Have seen some routers that are not so clever and have problems though with these ranges.

Actually, there will with that subnet mask. You need 255.255.254.0

You mis-understand 255.255.255.0 is correct if you want the 1.x and 0.x ranges to be handled with one on the LAN side and one on the WAN side.

using 255.255.254.0 would cause confusion between LAN/WAN routing for these particular IP blocks

There's no way 192.168.x.x will be on the WAN side.

He means on the WAN side of a device, the router, not the WAN side of the whole caboodle..

Ah, ok - looks like there's double-NAT being recommended.

Interesting discussions going on Makes interesting reading.
So will this work...

Modem:
Dynamic WAN IP
Connection Type 1483 Bridge I/P VC MUx
LAN IP192.168.0.200
DHCP OFF

Router:
LAN IP 192.168.0.1
Subnet Mask 255.255.255.0
DHCP Range 192.168.0.2..199

This puts the modem outside my LAN DHCP range but within the Subnet range.

With this setup will I be able to login to the modem on 192.168.0.200 from a client within the 192.168.0.2..199 range?

Also, out of interest, if I were to set the modem up as above and connect it up in isolation to another PC will I be able to connect to it by setting an IP manualy on the client as there in no DHCP service running?

No not double NAT, but access the management IP of a bridge device

No that would NOT work.

The router would see the requestion for 0.200 and as that is in the range when you apply 255.255.255.0 to the IP block 192.168.0.x it would NOT route the request to the WAN interface.

If the Bridge device is already using an 192.168.0.x address, then can I suggest using a different range for the LAN side of the router, perhaps 172.17.17.x which is so different it will be easier to think about what is happening.

This faffing around is why I dislike bridge type setups.

Thanks MrSaffron, I understand your logic, I think .
At least I can see why the subnet mask of 155.155.155.0 would put the modems IP inside the LAN and so traffic for it wouldn't be routed to the wan port.
As for changing things. I have static IP's setup in the LAN for various servers (multimedia, print etc.) Plus it is working fine at the moment. So I would rather leave the LAN alone and change the modem setup to work with it.
So, I need the modems IP to be outside the subnet to that any traffic for it will be sent to the wan port of the router.
If I just change the subnet mask on my router to match the range 192.168.0..199.
That will put 192.168.0.200 outside and therefore in the wan will it not? Or am I missing the plot completely?
If I'm on the right path is 255.255.255.199 the right subnet mask for this?
My only concern is that that looks very much like my setup at the moment with my LAN/Router being on 192.168.0.1, subnet 255.255.255.0 and my modem being on 192.168.1.1 completely outside the subnet.
But I can't access it from within the LAN. That makes me think I've missed something fundamental??

On another tack, following on from your faffing around statement in paragraph 3 of your post.. If there is another way to skin this rabbit I'm all ears

The Asus router I used was happy with 192.168.1.x range on one side, and 192.168.0.x on the other side of the router, so don't think that is the issue.

It is more down to the bridge modem, some will only make their LAN IP interface visible to the same device that requested the WAN IP address. So for doing serious reconfiguration I would unplug the ADSL line, and reboot the bridge device before connecting direct to a PC. Then do the reboot before putting a router in the way.

One additional thing that would sometimes help is setting the PC up with manual IP addressing when connected direct to the bridge device.

In short your subnet masks of 255.255.255.0 and 192.168.1.x and 192.168.0.x appear fine.

As the way of avoiding this - use an all in one modem/router. If the reason for the AC router is the high speed wireless then configure that to run as a wireless access point. the RT-N66U I had certainly has that option and works well in that mode

I suspect the the 192.168.x.y IP of the bridge device won't be in the routing table of the ASUS router (even on its WAN side).

Instead of looking for it on the "directly-connected" network of the WAN interface - which being a public IP won't be in the same subnet - it will be looking on the default route (next router at ISP).
(or just dropping it because it's private).

If someone has a router where they can add an IP alias (in the right subnet) to the WAN interface (something more advanced like pfSense would allow that) it might work, but would be impressed if the ASUS has this option?

Edit I'm pretty sure it makes a difference depending if the router is using PPPoE to access the internet via the next device. In this case some routers can talk to the internet via PPPoE but also talk to local (WAN) network at the same time
(if under the hood if ethn and pppn are treated as separate logical interfaces so it can route differently).

Edited by prlzx (Mon 03-Dec-12 20:38:38)

In reply to a post by MHC:

With the BT 2700 hub running in bridge mode it sets an IP address of 192.168.1.254.

Is that a preset fact with it? i.e. it will always set that IP address regardless of what I set?

In reply to a post by MHC:

In your case you are using 192.168.1.1 and 192.168.0.xxx - can you change you LAN addressing to use the 192.168.1.xxx range, selecting say .111 for the ASUS and the DHCP allocatable block at 192.168.1.160 to 200. You will then be able to access the Voyager.

If you are assuming/saying that the bridge will have a local IP of 192.168.1.254 I cabn see the logic as it's outside the DHCP range so the ASUS will pass it to the WAN port but whats the difference between that and what I have already? i.e LAN/Router on 192.168.0.1..255 and Modem on 192.168.1.1 which is definitly outside the LAN segment and I can't access it from within the LAN.
Sorry but I'm getting confused.

In reply to a post by prlzx:

I suspect the the 192.168.x.y IP of the bridge device won't be in the routing table of the ASUS router (even on its WAN side).

Instead of looking for it on the "directly-connected" network of the WAN interface - which being a public IP won't be in the same subnet - it will be looking on the default route (next router at ISP).
(or just dropping it because it's private).

If someone has a router where they can add an IP alias (in the right subnet) to the WAN interface (something more advanced like pfSense would allow that) it might work, but would be impressed if the ASUS has this option?

I see your logic. Pretty sure the Asus doesn't have the capability of your workaround and not sure I do either

In reply to a post by MrSaffron:

The Asus router I used was happy with 192.168.1.x range on one side, and 192.168.0.x on the other side of the router, so don't think that is the issue.

It is more down to the bridge modem, some will only make their LAN IP interface visible to the same device that requested the WAN IP address. So for doing serious reconfiguration I would unplug the ADSL line, and reboot the bridge device before connecting direct to a PC. Then do the reboot before putting a router in the way.

One additional thing that would sometimes help is setting the PC up with manual IP addressing when connected direct to the bridge device.

In short your subnet masks of 255.255.255.0 and 192.168.1.x and 192.168.0.x appear fine.

As the way of avoiding this - use an all in one modem/router. If the reason for the AC router is the high speed wireless then configure that to run as a wireless access point. the RT-N66U I had certainly has that option and works well in that mode

Just jumped from an all in one because I thought it would be more flexible and resilient. and to upgrade LAN/WLAN.
So you think my setup may be ok and if I try rebooting in order it may work.
I'll give that a go.
So will be offline for a short while (I hope )

You can run a traceroute (or tracert on Windows) to what you expect the IP of the bridge device to be, and see if it crosses the ASUS router.
If you then see it heading off into the ISP network (or stopping at their customer access router) you'll know it isn't being recognised / answered by the bridge device.

And that could be because the ASUS router already put this WAN traffic inside the PPPoE tunnel instead of looking on the local WAN (if that is how you are setup) - see Edit on above post.

Edited by prlzx (Mon 03-Dec-12 20:50:05)

Hence my old work around of unplugging the ADSL line from the bridge device

I was giving you an example based on the other BT hub which I had previous had set in bridge mode. For teh 2700 the IP address is fixed, but for your one it is likely to be fixed but a different address.

I no longer have access to any set up in that way as they are all replaced with Infinity connections so I cannot check up.

Getting more detailed than this starts to get outside my detailed experience and as MrS is replying to you, you may be wise sticking with his comments or those of the others replying.

Another way I have seen this done - is to put a small unmanaged switch on the WAN side, connecting the router WAN and the bridge device.

Then a laptop or similar with manual IP in the desired subnet on its wired interface into this switch may be able to talk to the bridge device while your "proper" LAN network and internet remains operational via the router.

Don't specify a gateway on the laptop wired interface in this case.

Reason being if you can also join the wireless network (of your ASUS router) the laptop will have two networks.

(1 = wired - local only to bridge device, 2 = wireless using DHCP). As the laptop would see only the wi-fi network has a gateway, the routing table will use (2) for internet access (anything that doesn't match the two local subnets).

Edited by prlzx (Mon 03-Dec-12 21:15:14)

Yes I've seen this work with an industrial 3G modem. If there was no 3G connection (on bootup) it would enable a local DHCP server and offer an IP to the WAN of a separate router.

What I don't recall is if the router also had to be in a mode that saw the primary connection of PPP timeout and fallback to secondary of DHCP client on WAN to pick this up.

But yes in this instance stuff on the LAN side of the router could see through to the modem interface at least when the internet was offline.

Edited by prlzx (Mon 03-Dec-12 21:36:15)

Good idea prizx,
tracert does indeed show it going out via the Routers LAN IP straight to a remote IP address in the isp network. So it isn't seeing it on my modem.
The router is using PPoE as you describe in your other edited post.
Not sure how to investigate the eth(0) etc. so will have to research that.
Thanks a million to all who are having an input on this. I'm learning loads even if I'm not getting anywhere, yet.

Thanks MHC. All input is greatly appreciated.

In reply to a post by prlzx:

Another way I have seen this done - is to put a small unmanaged switch on the WAN side, connecting the router WAN and the bridge device.

Then a laptop or similar with manual IP in the desired subnet on its wired interface into this switch may be able to talk to the bridge device while your "proper" LAN network and internet remains operational via the router.

Don't specify a gateway on the laptop wired interface in this case.

Reason being if you can also join the wireless network (of your ASUS router) the laptop will have two networks.

(1 = wired - local only to bridge device, 2 = wireless using DHCP). As the laptop would see only the wi-fi network has a gateway, the routing table will use (2) for internet access (anything that doesn't match the two local subnets).

Now that sound like a good backup plan if I can't get it to work any other way. Many thanks.

I have got something similar (but a little more complex) working OK.
All IP addresses start 192.168.1.

I have 2 * O2 lines, both with WAG320Ns (Bridge mode. IP 192.168.1.4 and 192.168.1.5)
These both attach to WAN ports on a cheap load balancing router (TL-R470T+) 192.168.1.3. This is the DHCP server.
This has 3 LAN ports - going to Wired ethernet, Powerline and a TD-W8960N (192.168.1.2) working as a wireless access point.

The next bit should be relevant to you.
I have a 2nd ethernet cable from both of the WAG320Ns connecting to LAN ports on the wireless AP.
The DHCP has fixed addresses for everything, with other network devices starting at 192.168.1.80.
With this setup, I get full network access to the 2 Bridge mode devices.

So, for you, I'd say you could connect a 2nd ethernet cable from your bridge modem to a LAN port of the router, and assign a fixed IP address to the modem in your DHCP.

As for me, I'm hoping to get FTTC in a month or so, and go back to just 1 wireless router, (probably with a wireless repeater).

Edited by deleted (Tue 04-Dec-12 01:21:08)

Thanks Sandacol,
Sounds like a workable solution. My only question is where does your firewall sit?
In my situation, with the firewall in the router. If I connect my modem directly to the LAN wouls I not be introducing a path past my firewall?
This sounds similar to a previous sugestion to put an unmanaged switch between the Router and modem and patch a laptop into there for admin of the modem. Which, by it's temp nature would be more secure.

Ditto for the FTTC hopes. But I think I'll be waiting a while longer than you

Edited by deleted (Tue 04-Dec-12 09:33:24)

This is obviously a path around the firewall, I think you need a more sophisticated network structure. Alternatively, have you considered a combined modem/router?

In reply to a post by BatBoy:

This is obviously a path around the firewall, I think you need a more sophisticated network structure. Alternatively, have you considered a combined modem/router?

Thanks BatBoy, as I thought. On the combined modem/router,, I have just "upgraded" from a couple of old modem routers, which were starting to show their age, to give me GB LAN and faster WLAN cababilities.
Also looking forward to FTTC, although not sure when I'll be able to get it yet.
I thought this would be a good and reasonably futureproof way forward.
To be fair, it's working pretty well as I can now stream multimedia around my LAN much more easily/quickly.
My only bug bear is that I can't monitor my ADSL stats as easily as I could on a one piece modem/router.
In honesty thats all I'm missing. Didn't realise it would be hard to achieve

I have adjusted my IP plan a bit having read the advice here. I now have

Modem:
WAN IP = Dynamic
Local IP = 192.168.0.64
Connection = 1483 Bridge IP VC Mux
DHCP = Disabled

Router:
IP = 192.168.0.1
Subnet = 255.255.255.92
DHCP Range = 192.168.0.2..62

I have set both modems up the same and tried both. In each case a can still not access the modem from within the LAN.
A tracert to the IP of the modem shoes it going straight to the IPS's routers and getting stuck there. So the modem isn't looking at the ip at all. Which I guess is what Ive asked it to do by setting it to bridge mode.
I'm wondering if Half Bridge/PPP IP Extension would fair any better?
Anyone any experience of it?

I have no idea what a subnet of 255.255.255.92 will do to your network.

In reply to a post by BatBoy:

I have no idea what a subnet of 255.255.255.92 will do to your network.

It will create a LAN segment of 192.168.0.2 to 192.168.0.62.
Everything else will be outside my LAN.

Probably too late now but what you should have done is keep a combined Modem and Router so you can access the modem stats. Feed the 100Mbps Ethernet into a small 8/12/16 port managed Gigabit switch. Connect all your devices to the switch and the traffic will move at high speeds on your network whilst only using the switch to router connection for inbound/outbound traffic and management requirements such as DHCP server requests.

Ah, the wonders of hindsight

In reply to a post by crey:

I have adjusted my IP plan a bit having read the advice here. I now have

Modem:
WAN IP = Dynamic
Local IP = 192.168.0.64
Connection = 1483 Bridge IP VC Mux
DHCP = Disabled

Router:
IP = 192.168.0.1
Subnet = 255.255.255.92
DHCP Range = 192.168.0.2..62

I'm sure you realise that in the subnet mask, 128+64=192 (typo: you've missed out the 1in the /26 subnet mask - 255.255.255.192)!
Furthermore, 192.168.0.64/26 is the network address - the first usable IP address is ...65.

But, going back to your opening post, now that you've unlocked the router functionality of the BT Voyager 190, why don't you configure it as a router and use the Asus as a switch + wireless access point.

Edited by JimmyBoy (Tue 04-Dec-12 14:07:20)

In reply to a post by prlzx:

...If someone has a router where they can add an IP alias (in the right subnet) to the WAN interface (something more advanced like pfSense would allow that) it might work, but would be impressed if the ASUS has this option?

As suggested by 'prlzx', adding an alias should work if the Asus OS allows you to do so.

e.g.

ifconfig eth1:1 192.168.1.2 netmask 255.255.255.252

eth1      Link encap:Ethernet  HWaddr F0:FF:F0:FF:F0:FF  
          inet addr:93.97.54.nnn  Bcast:93.97.55.255  Mask:255.255.248.0
          UP BROADCAST NOTRAILERS RUNNING  MTU:1500  Metric:1
          RX packets:89188367 errors:0 dropped:0 overruns:0 frame:0
          TX packets:54725209 errors:1 dropped:0 overruns:0 carrier:1
          collisions:0 txqueuelen:1000 
          RX bytes:663989107 (633.2 MB)  TX bytes:661912097 (631.2 MB)
          Interrupt:5 Base address:0xe400 Memory:e8203000-e8203038 

eth1:1    Link encap:Ethernet  HWaddr F0:FF:F0:FF:F0:FF  
          inet addr:192.168.1.2  Bcast:192.168.1.3  Mask:255.255.255.252
          UP BROADCAST NOTRAILERS RUNNING  MTU:1500  Metric:1
          Interrupt:5 Base address:0xe400 Memory:e8203000-e8203038

Modem stats.

Alternatively, when you feel the need to view the BT Voyager 190 line stats, reconfigure the Asus WAN port with a static IP address in the appropriate subnet (instead of PPPoE), obtain the stats, then reconfigure back to PPPoE. It's not an elegant solution, but it'll work.

Cheers JimmyBoy, a couple of things for me to study up on.
Your alternate config idea will work in the interim at any rate.
Thanks again

Update: I can certainly telnet into the Asus so config should be possible. Having trouble as many of the simple linux network commands don't see to be recognised.
I'm going to look through the Asus users forum and surrort pages see if I can find anything there

Edited by deleted (Tue 04-Dec-12 16:20:11)

Thought I had firewall set on both WAG320Ns, and definitely there on the load balancer. But now I have doubts.
I'll have to check when I get home.

In reply to a post by crey:

Router:
IP = 192.168.0.1
Subnet = 255.255.255.92
DHCP Range = 192.168.0.2..62

That is an invalid subnet mask. the last octet can only be certain numbers, which are 0, 128, 192, 224, 240, 248, 252, or 255 (254 would fit in the mathematical pattern that these numbers are formed from , but for other reasons is invalid in the last octet)

In reply to a post by BatBoy:

I have no idea what a subnet of 255.255.255.92 will do to your network.

It depends, in a well designed and programmed router it will be rejected as invallid and the superflous bits ignored and the subnet 255.255.255.0 would be used. In a badly programmed router that chose to use the net mask it would match some interesting numbers. Putting 192.168.0.1-192.168.0.3, 192.168.0.32-192.168.0.35, 192.168.0.128-192.168.0.131 and 192.168.0.160-192.168.0.162 in the same subnet with 192.168.0.0 as the network address and 192.168.0.163 as the broadcast address.

Or the router would crash.

Also most network drivers would fail to handle that subnet, either rejecting it as the well programmed router above did or failing to bring up a network connection.

it was a typo sorry for the confusion.
My router would indeed offer to chage the DHCP range if it could or reject the mask if I tried it as shown.

Edited by deleted (Wed 05-Dec-12 10:07:05)

Looks like there may be an answer to my problem...here

Need to study it in detail but it looks as if its separating out the ppp and eth0 at first galnce, as suggested earlier in this thread.
I'll let you know how it goes.

BTW: I emailed Draytek to see if the Vigor 120 supported this but they came back with the suggestion of putting a switch between the modem and router and connecting the switch to both WAN and LAN ports on router and having the modem on the same LAN segment as the router. Surely a firewall issue??

Edited by deleted (Wed 05-Dec-12 10:21:49)

Post deleted by billford

Advertising is not permitted.

I can confirm that the solution I refered to in my previous post works fine