If you're putting your own router (for example a Peplink) behind an AT&T fiber gateway, you'll want the gateway to hand the public IP address to your router instead of doing its own routing. On AT&T equipment this is done with IP Passthrough. This article explains why, and how to set it up.
There is no true bridge mode on AT&T gateways
AT&T residential and business gateways (such as the BGW320-500, BGW320-505, and the older BGW210) do not offer a true bridge mode. The gateway cannot be fully removed from the path. Instead, AT&T provides IP Passthrough, which hands the gateway's public WAN IP address to one device on the LAN (your router). This is the standard, supported way to run your own router behind AT&T fiber.
Practical implications:
- Only one device can be placed in passthrough at a time.
- The gateway stops applying its own firewall/NAT to that device, so your router receives the public IP and handles routing and firewalling.
- The gateway itself stays powered and in the signal path (it terminates the fiber), so you can't unplug it.
Setting up IP Passthrough
- Connect your router's WAN port to one of the gateway's Ethernet LAN ports, and make sure the gateway can see it (power the router on first so its MAC appears in the list).
- From a device on the network, browse to the gateway at 192.168.1.254.
- Go to Firewall > IP Passthrough. (You may be prompted for the Device Access Code printed on the gateway label.)
- Set Allocation Mode to Passthrough.
- Set Passthrough Mode to DHCPS-Fixed.
- In the device list, select your router by its MAC address.
- Save, then reboot the gateway so the change takes effect.
After the reboot, your router's WAN interface should pick up the public IP address from the gateway (it may take a minute, and you may need to release/renew the WAN on your router).
Recommended extra steps
- Turn off the gateway's Wi-Fi (both bands) so clients don't accidentally connect to the gateway instead of your router.
- Cascaded Router option: in some firmware you can also enable the "Cascaded Router" setting to route a public subnet if AT&T provisioned you a block of static IPs. For a single dynamic IP, DHCPS-Fixed passthrough is all you need.
- Double-NAT check: with passthrough working correctly your router holds the public IP, so you should not be double-NATed. If your router shows a 192.168.1.x WAN address, passthrough didn't take, recheck the MAC selection and reboot.
Using this with a Peplink device
Once IP Passthrough is set, the AT&T connection behaves like a normal WAN to your Peplink router, so you can use it as a WAN link for failover, load balancing, or a SpeedFusion tunnel just like any other. See our Peplink articles for WAN and SpeedFusion setup.
Need a hand deploying a router behind AT&T fiber, or setting up failover across multiple connections? Reach out to sales[at]llamanetworks[dot]com.