[SOLVED] How to set up 2 routers behind ATT Arris router

[Fred Wightman]

I have ATT fiber, which is terminated by an ONT box and an Arris BGW210 router. ATT insists I use the Arris router, which is a BEAR to work with. In order to use my own router, I put the Arris in pass-through mode and connected my Netgear Nighthawk's WAN port to a LAN port on the Arris. After a lot of fiddling with subnet numbers, all works just fine. Now I'm going to install a new router with built-in VPN. However, I need to keep my ROKU boxes off the VPN since some providers (e.g., HULU) do not allows VPNs. SO, what I want to do is keep the ROKU devices on my Netgear and put everything else on the VPN router. Can I do this by simply connecting the new router's WAN port to one of the remaining LAN ports on the Arris (and by changing the local subnet numbers?), keeping the current Nighthawk connection as is?

 

[kanewolf]

I have ATT fiber, which is terminated by an ONT box and an Arris BGW210 router. ATT insists I use the Arris router, which is a BEAR to work with. In order to use my own router, I put the Arris in pass-through mode and connected my Netgear Nighthawk's WAN port to a LAN port on the Arris. After a lot of fiddling with subnet numbers, all works just fine. Now I'm going to install a new router with built-in VPN. However, I need to keep my ROKU boxes off the VPN since some providers (e.g., HULU) do not allows VPNs. SO, what I want to do is keep the ROKU devices on my Netgear and put everything else on the VPN router. Can I do this by simply connecting the new router's WAN port to one of the remaining LAN ports on the Arris (and by changing the local subnet numbers?), keeping the current Nighthawk connection as is?

You probably can't connect to another LAN port on the BGW210. When in pass through mode, only one IP address is available. Plugging a second router into the BGW210 will probably fail.
You can try it, but it is not guaranteed to work and could mess up your first connection.
You need to investigate the VPN router. See if it supports "split VPN". If so, you could assign your ROKU devices to the non-VPN group and other devices to the VPN group. That would allow you to have only 1 router.

 

[bill001g]

Why do you have it in passthrough mode are you hosting a server ?

If you let the att run in its normal mode you could easily put 2 router behind it like you want.

As mentioned above you could also use single router that allows some traffic to bypass the vpn. I know you can do this with asus routers that run merlin firmware, I don't know if asus has taken the split tunnel feature into the main line code yet but they have most the other vpn features.

Now you have the older att fiber router their newer ones they are offering 5gbit data plans on. In that case having multiple routers might be a good plan because of the limitation of gbit ports on equipment. You might also have issues running a single vpn router on your connection. I don't know how much overhead having the vpn code on the router has when the traffic is bypassing the vpn.

ATT pass-through mode is very strange implementation. It gets even stranger when you buy their plans with multiple public IP addresses.

 

[Alabalcho]

Why not switch router' roles: Connect non-VPN router directly to the ATT, and connect VPN-enabled one to LAN port of the other one.