ATT Resident Gateway 802.1x
-
pfSense plus version: 23.05 (latest version that supports 802.1x)
ATT: 5268AC w/ external ONT
500 mb subscribed bandwidth.Configured per documentation, it does work but-
- Take a long time to get internet.
- The connection will drop periodically and take a long time to return.
Basic diagnostic shows
-
WAN IP address is acquired on the firewall with ATT public IP, and can ping WAN interface from LAN but traffic stops there, the led on the 5268AC has power, broadband1 and service led lit.
-
When the internet is up pinging 8.8.8.8 replies, the 5268AC has only power and broadband1 lit. Service is no longer lit.
-
Did not do anything, about 10 minutes the continuous ping to 8.8.8.8 times out. Checking the 5268AC has only power light.
-
It eventually will return to step 1.
Assuming of what happened-
-
Since the certificate is bounded to the ONT, it takes time to establish secured traffic at initial change over. That is why the WAN IP is in the firewall but no traffic leaving ONT.
-
When it does work when the service lit up, the ONT has a secured channel and bind with the firewall WAN. So, the services is at the firewall.
-
During the periodically re-negotiation, 5268AC detect the firewall and reset to start over which leads to a never ending loop of connect and disconnect pattern.
Anyone experience the same issue? I am wondering instead of bridging the WAN and MODEM, what if I place a switch connects WAN, MODEM and ONT. Will that work better or would it work at all? Any suggestions? TIA.
#ATT #802.1x #5268AC -
This is an update- tried to use a switch and connect the ONT, WAN and Modem together. The firewall does not get an IP address. So the switch route is out. Upgraded to the 1GB for extra $20 and will get a new gateway BGW/320 gateway tomorrow. We will see if it fairs better.
-
The issue was connection lost after 10 minutes as the connection would not survive the re-validation.
Had no choice but forked over extra $20 and upgraded to full GB connection and a new bwg320-500 gateway.
Swap out the 5268AC, updated the MAC, rebooted ONT, BWG32 and pfSense. It came up and it has been about 30 minutes, looking good.
This also resolved a plaquing problem that had bugged me for 2 year, as my Ring camera will time out, not it does not.The only remaining is the bwg-320 now flash orange instead of solid white. It is going need to get a cover over it.
-
So after getting fiber and the new gateway everything is still working great for you?
-
@tkronic , it works much better than the old 5268AC. But I am not sure is the pfSense working better or bwg320-500. It is probably the pfSense because I actually never used the bwg320 as the router. I went directly to the pfSense. Here are the basic stat difference that I have measured.
For 5268AC, ping to 8.8.8.8 averages 3ms, pfSense is 2ms.
For 5268AC, rings lose connection usually less then 2 minutes. pfSense still happens but it is far more stable, every couple of days.
Speedtest comparison is not relevant as I upgraded from 500 to 1gb. However, I get 975mb up, and 982mb down.My pfSense is a white-box: 2.5GbE Firewall Appliance Mini PC, 12th Gen Intel N100(up to 3.4GHz) Fanless Mini Computer Router with 4xIntel I226 Nics 8GB DDR5 Ram 128GB
The only note I will say is that rebooting pfSense does not always survive the public ip binding. Rebooting the ONT, bwg320 and pfsense all together will take a few minutes but it will always come up. My pfsense has been up for 8 days running the acme, arpwatch, notes, ntopng and openvpn. Works well for sure.