Does double natting apply if the ASUS is in the DMZ and all SH2 traffic is forwarded to the ASUS? If it does I haven't seen any issues. My kids have an xbox and a ps4 and are often playing the same online game at the same time.
Yes, the gaming fraternity seem to think that double port forwarding and double natting are the same thing, they are not. However, not being a gamer, I don't know if it is double natting or double port forwarding or both that causes problems. I suspect it is double port forwarding that causes problems and is erroneously referred to as double natting.
Sounds like its suitable for 90% of the userbase then!
Cant see any major issue with connecting other non-routing devices such as switch, POE switch or access points chaining out of the SH2. Without question the superior technical solution is to remove it altogether but I dont think its as bad as you're making out if your goal is to extend your home WiFi coverage. Certainly a subnet can be implemented, but as you say, if you're tinkering with subnets theres a strong chance you will be of the mind to dispense with the SH2 altogether.
This article explains double nat and how to get around the issues. This is essentially what I have carried out, so my ASUS WAN IP is a private address 192.168.2.2 and my LAN is 192.168.1.1 and is in the DMZ of the SH2 which I have given the gateway address of 192.168.2.1 and subnet of 255.255.252.0. All traffic is forwarded to the ASUS from the SH2...
Manchego, I don't want to have to go back to using the SH2 just because BT/Openreach insist on swithcing me to digital voice, but I'm willing to give it a try so that I'm not all at sea when they just impose it on me anyway.
If I understand correctly, you have an ASUS downstream of SH2, but the BT hardware is completely dumb?
i.e. DHCP and everything else is done by the ASUS .......... NOTHING is done by SH2?
If that's correct, I'd be very grateful if you would post details or screenshots of your own configuration. The ASUS setup pages of course (excluding SSIDs, etc.) but also the settings of the SH2 to make it nothing more than a conduit from fibre modem to ASUS router.
It's several weeks ago now but IIRC, I couldn't figure out how to turn off basic management functions like DHCP on the SH2.
If I can make it work to deliver everything I want from the ASUS RT-AX88U I'll then post the screenshots for that model so that future sufferers with the same hardware as me have a template to work from.
Many thanks, Ian
Yes, effectively, the SH2 is dumb. So the hardware connectivity is Openreach socket on the wall, SH2, ASUS running Merlin firmware. I've been using Merlin for so long now I can't recall what settings are Merlin's and what are default ASUS. DHCP, firewall, routing etc all done by the asus. It'll take me a while to get you screenshots but will try when I can but if you look back through this thread you should be able to see the info on settings.
Many thanks for that.
I'll try to do it plain vanilla first without changing the firmware to Merlin. That way I can keep it as simple as possible for those who come later.
If that doesn't work I'll roll my sleeves up and dive in.
No rush for the screenshots, whenever you get the chance will be fine.
O.k, so here are my screenshots. You should view these and read mine and @choppyc posts in this thread - his guidance helped me get started. I have tried to name the screenshots to give you an idea on where to find the settings, but I'm not sure if their filenames will be visible. I've blanked out mac addresses and personal stuff (red). Hopefully this should help others too but bear in mind that if you do flash your ASUS firmware to Merlin, which I highly recommend, you may need to start your network config from scratch again.
I also use Cloudflare for DNS which isn't necessary but just my personal choice.
Thanks to those who contributed to this thread, it did help me to get started.
However, I found a much simpler way to make it work, so I thought I'd share my notes:
When not using the SH2, for example because you don't need an extra AP and don't need the Digital Phones, use PPPoE in WAN settings, with the following login credentials:
Connect the ONT directly to the WAN port of the router. Pack the SH2. Done.
When using the SH2 to be able to use the Digital Phones with another router (mine is an Asus ZenWifi AX with 2 other nodes in a mesh, but it should work with any other router), connect the ONT to the WAN port of the SH2 and do the following:
In the SH2
- First register the Digital Phones with the default configuration on the SH2. Make sure they work.
- If you're using the range 192.168.1.x for your router and your devices (as I do), change the IP address of the SH2 to 192.168.0.254 (advanced settings) or any other address in a non used IP range. You don't want the SH2 and the router to be on the same IP range.
- If you're using a range that is not 192.168.1.x your your router and devices, you can keep the SH2 default IP address of 192.168.1.254.
- Disable everything (DCHP, Firewall, UpNP, Smart setup, Wireless, IPV6) as advised earlier in the thread.
- Note: despite using WPS to connect, the digital phones do not need the wifi on the hub to work.
- Connect the LAN 1 port of the SH2 to the WAN port of the router
In the router:
- In the WAN settings, select a fixed IP and specify an IP address in the same range as the SH2 (i.e. not in the range of your router and devices). I chose 192.168.0.253. For the gateway and for the two DNS, specify the IP address of the SH2. In my case, 192.168.0.254.
- In the LAN settings, specify the LAN address for your router, in the same range as all your devices. I specified 192.168.1.1 as that's always been were my main router is. The two Asus nodes are at 192.168.1.2 and 192.168.1.3. All my devices are above that, but I reserve the address of all my permanent devices to make sure they keep the same IP address. DCHP is only really used with new devices or guest devices.
That's about it. Everything else is standard. Then,
- Switch both the SH2 and the router off (might be unnecessary but it just forces everything to resync).
- Switch the SH2 on. Wait until the phones connect (it takes a few minutes). Make sure they work.
- Switch the router on. Wait until it has booted. Check the internet. It should be on.
- I had initially brought the SH2 near the router. Big mistake. It kills the wifi performance of my Asus router, as even when the wifi is disabled on the SH2 it still radiates interference. I moved it two floors down and I got my full wireless speed. So make sure the SH2 isn't anywhere near your router.
- I use a 20m CAT7 cable to go from the ONT to the router in the loft. There is no performance loss. I get 900Mbs down, 110mbs up wired with Halo 3 900, and I get up to 750Mbps down, 110 up on my iPad Pro 2021 with Wi-fi 6. So all is working fine.
- There seems to be an unrelated fault outside my house that is bringing the up speed down to 50Mbps (the speed was down with the SH2 on its own, before I hooked up the router), but hopefully that will be fixed soon.
That's about it. I didn't need to use a DMZ or to forward any ports. As soon as I changed the IP address of the SH2 so that it wouldn't be in the same range as my router and devices, it worked straight away.
I hope this will help others.
If you think there is something utterly insecure in this configuration, please let me know, but I'm assuming that the router firewall will perform its duty.