Quick and simple guide to configure AT&T BGW320 Fiber ONT Gateway (whatever it’s called on AT&T’s end) with Ubiquiti UDM Pro.
Couple steps needed:
1. Login to AT&T Gateway and modify DHCP settings (Reboot)
2. Connect UDM Pro with AT&T Gateway (Ethernet Cable, 5G Eth Port with SFP+ Transceiver)
3. Login to AT&T Gateway and modify Firewall and IP Passthrough settings
4. Obtain IPv6-PD information (From AT&T Gateway) and configure DHCPv6 on UDM Pro
5. Reboot UDM Pro
Step 1: Modify AT&T Gateway DHCP settings
Too many companies love to use the famous subnet 192.168.1.0/24. Ubiquiti and AT&T included. This would introduce an issue because this All-in-one ONT Modem Gateway does not allow Bridge Mode, instead AT&T have IP Passthrough, which means your traffic still need to have a hop to AT&T’s Gateway before going “online”.
Having both UDM Pro and AT&T Gateway using the same 192.168.1.0/24 as default subnet would cause UDM Pro to disable the default subnet, which is not what we wanted. So, we need to login to AT&T’s gateway and change their DHCP information before we connect the two equipments.
There are two ways you can connect, by Wi-Fi or plug in an ethernet cable.
By defualt, the device would broadcast an Wi-Fi signal with SSID starting “ATT”. You can find the Wi-Fi SSID, Password, Device Access Code and Management URL on the back of the AT&T device. Strongly suggest you to snap a picture so you don’t have to flip it.
After you are connected to their network, open up your browser and go to http://192.168.1.254 . You’ll see an interface like this (As of 7/18/2022 on software version 3.18.5)
You’ll want to check a couple things first. Go to ‘Broadband’ -> ‘Status’ page.
Verify there’s a Broadband IPv4 Address, IPv6 is listed as ‘Available’, IPv6 Service Type better be ‘Native IPv6’ and there’s a Global Unicast IPv6 Address.
Once you have all these, continue to modify DHCP settings!
Go to ‘Home Network’ -> ‘Status’, this obviously is the internal network summary for this gateway. Click on the second level menu and go to ‘Subnets & DHCP’. You might see a device auth page, type in the Device Access Code you got from the back of the equipment.
In that page, you’ll need to modify the Private Lan Subnet and DHCP Server information (at minimum). On ‘Private LAN Subnet’, change the Device IPv4 Address to one that does not cause conflict with your UDM Pro networks (I did 192.168.0.254). On DHCP Server, modify the DHCPv4 Start and End Address accordingly. If you don’t plan to plug anything other than UDM Pro into the equipment, then you can make DHCP Address Pool to be less than 5 available addresses.
After you are done with that two sections, click on Save, and reboot the modem. Login to the modem after it’s online to make sure everything works properly.
Step 2: Connect UDM Pro with AT&T Gateway
In order to connect downstream devices, AT&T’s device have several ethernet port you can use, but only one is a 5G port. Sadly there’s no SFP or SFP+ port that you can use for downstream device.
UDM Pro have both SFP+ and Ethernet (RJ45) upstream ports available, but Ethernet limits speed to 1G, and SFP+ is 10G. Pay close attention to which ports you connect, because each have a different Mac address and switching them would most certainly cause service disruption.
It’s better to always plug in cable for 5G port on AT&T’s side. If you want 1G speed max, you can directly plug in the other end to UDM Pro’s upstream RJ45 port. If you want higher speed, you’ll need to get a transceiver. I got a MikroTik 6-Speed RJ-45 Module (S+RJ10) from an authorized reseller, you can also get Ubiquiti’s own version (in early access as of writing) UACC-CM-RJ45-MG-EA (https://store.ui.com/collections/accessories/products/10g-sfp-to-10gbe-rj45-module-ea)
Connect those in, reboot your AT&T Gateway and UDM Pro, then continue to next step.
Step 3: Configure Firewall and IP Passthrough on AT&T Gateway
Go back to AT&T’s device management page. This time, we go to ‘Firewall’ -> ‘Status’. Most listed on that page should be ‘On’, but you most certainly don’t want them to be on.
Now, go through each secondary menu and turn these off.
Disable Packet Filter. Make sure everything are off under ‘Firewall Advanced’.
Now, go back to ‘Device’ -> ‘Device List’. You can look at which MAC Address your UDM Pro represent, copy it down.
Go back to ‘Firewall’ -> ‘IP Passthrough’, setup it like this:
Allocation Mode: Passthrough. Passthrough Mode: DHCPS-fixed. Passthrough Fixed MAC Address: MAC Address of your UDM Pro. Passthrough DHCP Lease: 10 Minutes (Or whatever you want).
All done! Go back to ‘Firewall’ -> ‘Status’ and you should see something like this
Step 4: Obtain IP information for UDM Pro
At this point, you should already have connectivity from AT&T to your UDM Pro. Your UDM Pro should also see your assigned AT&T Public IP as their WAN IP. Now we just need to configure IPv6 so it would stay relative static. (Make sure your UDM Pro is configured to request IPv6-PD on WAN)
Login back into AT&T Gateway.
This time, go to ‘Home Network’ -> ‘Status’
If you see IPv6 section, find ‘IPv6 Delegated Prefix Subnet (including length)’. This is what AT&T Gateway would hand down to UDM Pro. If that field is empty, go to UDM Pro and request IPv6 PD again on WAN.
Now, go to your UDM Pro. Under the new portal, go to ‘Settings’ -> ‘Networks’ -> Your Primary Network.
Go to ‘Advanced Configuration’ (Switch to ‘Manual’) -> IPv6 (Switch to ‘Static’). Simply put the ‘IPv6 Delegated Prefix Subnet (including length)’ to ‘IPv6 Gateway/Subnet’.
Configure your IPv6 DHCP distribution and you are done!
Step 5: Turn off Wi-Fi on AT&T Gateway
Now that everything worked. Turn off Wi-Fi and unplug everything else from your AT&T Gateway. You are done with setup!