State Limits - Bypass RG

[saqib-s]

Thanks for the great work, wanted to say that the folks at Netgate seems to have realized the issues with the limited states on the ATT RG and have come up with a innovative feature in their new pfsense+ 23.05, which effectively uses the RG to help authenticate with the ATT network but pulls all the WAN addressing onto the Pfsense itself, bypassing the RG and it's state limitations.

Feature is: "WAN Connectivity with 802.1X Authentication Bridging and VLAN 0 PCP Tagging"

See here: https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html#wan-connectivity-with-802-1x-authentication-bridging-and-vlan-0-pcp-tagging

Let me know what you think.

[jamesmanes]

This is interesting, but I think it requires a very specific configuration (i.e., ONT and AT&T RG as separate devices). With modern AT&T equipment, they integrate the ONT with the RG, thus you cannot divide and conquer, and must stick with passthrough mode.

[saqib-s]

You're right James, the above works with the separate ONT and RG, but 'passthrough' on the AT&T RG is not the only option when you have a combined RG (like BGW-320) …. where there's a will, there's a way...

I've seen come articles like this one below which will allow you to remove the AT&T RG completely by using you're own ONT (the one listed is about $125). In this scenario you would only need the Azores COTS ONT and your PfSense box.

https://simeononsecurity.com/other/bypassing-the-bgw320-att-fiber-modem-router/