Configure your Pace 5268AC with Static IPs for pfSense



  • Previously, this could only be done using CARP IP Aliases, but with the current firmware it is now allowing pfSense to use normal IP Aliases, so I thought I’d help others out with this post.  By using this new configuration, you will end up being able to use the Router Address that was previously assigned to the Pace 5268AC, and the WAN IP address (could change over time) of the Pace 5268AC, in addition to the IP addresses that you were already using.  This also bypasses the firewall in the Pace 5268AC.  With all this being stated, the setup is pretty much identical to the setup that AT&T will configure you with using the Supplementary Network / Add Additional Network settings.

    If you haven’t changed the default LAN and DHCP settings, you can continue to use them, but you might want to exclude a block at the base.  I do not recommend changing the default LAN subnet, as it will make troubleshooting easier if something goes wrong.  You will need to assign a static IP address to the WAN interface of your pfSense that is on the LAN subnet of the Pace 5268AC; otherwise, the Pace 5268AC could decide to assign a different DHCP address to your router.  Once that is set, it all comes down to changes to Settings / Broadband / Link Configuration in the Pace 5268AC.  Instead of using the Add Additional Network section, you need to use the Add Cascade Router section (see below):

    The Network Address setting can be ANY of the IP addresses in your IP block, and it doesn’t matter which one you chose.  Most will either use the first IP address in the block, or the Router Address that AT&T used when setting up Add Additional Network, it doesn’t matter which you use.  The Subnet Mask is the same that was used under Add Additional Network.  The router for the secondary subnet is your pfSense device.  If the static IP address that you gave it is not available in the dropdown, enter it into the IP Address text box.  Make sure to select the appropriate radio button and click Save.  That’s it for the Pace 5268AC configuration, now you just need to configure your pfSense device.

    In pfSense, you need to create a Virtual IP Alias for each of the public IP addresses that you have, under Firewall / Virtual IPs.  Here are the settings for each alias:

    • Type: IP Alias

    • Interface: <your wan="" port="" that="" is="" plugged="" into="" the="" <strong="">Pace 5268AC></your>

    • Address(es):

    • Subnet Mask (dropdown):<the significant="" number="" of="" bits="" in="" your="" subnet="" mask=""></the>

    If you have 5/8 IPs (5 usable of 8 as defined by AT&T), you will actually get 6 usable, and you would select 29 from the dropdown (28 for 13/16, 27 for 29/32, etc.).  Don’t forget to create an entry for the Router Address that was previously being taken by the Pace 5268AC, as it is now usable.  Once that is done, you can then use those IP Aliases within pfSense.  To use the IP address of the Pace 5268AC, just configure pfSense to use the IP address of the WAN interface, which is that static LAN IP address that you gave it earlier.

    ENJOY!

    P.S.  On the LAN side of the Pace 5268AC I am seeing ~970Mb up/down.  I am waiting for a new pfSense device to get that full BW, as my old pfSense device maxes out at around 430Mb(up)/267Mb(down).



  • So this completely bypasses the RG entirely?

    Can you post a tracert to any site showing the first 2 hops?

    At&t Static ip required?



  • Can you post a tracert to any site showing the first 2 hops?

    Asking the important questions. This technique is unfortunately of limited benefit if all traffic still passes through the RG’s LAN subnet.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy