Using all 4 RJ45 ports on BT2700HGV in bridge mode

jlb4u · ‎01-02-2010

I have a query and would like to pick your brain on my problem, about static IP addresses and using the 3 spare RJ45 ports on our BT2700HGV modem/router.

We currently have one static IP address (217.*.*.141) and our BT2700HGV modem/router is setup in bridge mode, linked to a Juniper SSG20 firewall. This only uses 1 RJ45 port out of the 4 available on the BT2700HGV.

The system is used as a backup for the lease line connecting our site to our head-office, and is therefore hardly ever loaded.

Now we would like to use also the other 3 ports on the BT2700HGV modem for applications like video-conferencing, with more flexibility than what our firewall currently allows (currently we need to add each of our contact's IP addresses to our Cisco firewall exceptions to allow the system to work).

I believe we will have more flexibility if we can connect a dedicated computer (and/or) additional router to the spare RJ45 ports of the BT2700HGV. This will also optimize the use of the 8MB unlimited ADSL line, deemed sufficient for low-cost conferencing, but not reliable enough for other services like VOIP and ERP.

I understand the BT2700HGV is in bridge mode and merely used as an ADSL router. I was fine setting this up. The Juniper firewall authenticates with PPPoA and I am aware it has spare RJ45 ports that could be used, but the main point for us is to have unrestricted access for designated computers that are completely isolated from our corporate network and used for low-cost video-conferencing in our meeting rooms.

Is my assumption correct ?

I believe for this to work we would perhaps need additional static IP addresses. We only use one at the moment, but since we have a BT Business Total Broadband Option 2 contract, we should be able to get 4 other static IP addresses from BT for the same price, or cheap anyway.

But then I don't know how to setup the BT2700HGV modem/router for the system to work.

Can someone please help me out on that ? I have contacted BT who are currently investigating. I definitely need some technical expertise on this subject.

spank · ‎02-02-2010

Hi there,

If the router is in bridge mode then only 1 device can connect to it I'm afraid. However that device must be using PPPoE, not PPPoA, are you sure it's PPPoA? If it is then the router may not be in bridge mode after all.

You can upgrade your static package by going to the business website and logging in with your primary email address. Click manage services > connection settings and change, beside the IP option. It is the same price as a single but £10 admin charge.

The statics become available immediatelly and you will need to assign one to your juniper's wan interface. Then restart the router. However this will not solve your problem, if the router is in bridge mode, only 1 device can be connected, multiple statics or not.

Thanks

jlb4u · ‎02-02-2010

Thanks for your reply Spank. I did have a feeling that would be the case if I leave the BT2700HGV in bridge mode. I guess one option would be to DMZ one port on the Juniper firewall and connect a video-conference computer (or even a router) to that.

However, I still want to explore solutions using the 3 spare RJ45 ports on the BT2700HGV.

Would it make sense to reset the BT2700HGV to remove the bridge mode,

identify the Juniper firewall in the LAN connections and assign our static IP address to it,

use the 3 other ports in DHCP or with additional static IP addresses?

I believe the Juniper firewall would then not need to authenticate anymore (PPPoE actually, not PPPoA, sorry about that mistake). But would the connection be just as transparent then?

Can I keep the benefit of the BT2700HGV firewall for 3 LAN ports, but have a completely free connection for the Juniper firewall?

Thank you for your help

spank · ‎02-02-2010

Hi there,

One thing to check first is if the Juniper is capable of running the WAN interface as dynamic, so it receives an IP from the router. I assume it is as it works with the single static. DMZ on the router does a couple of unsuspecting things that can cause confusion. It takes the peer address, in your case the static, and assigns it to the DMZ client using DHCP. If you have a multiple static package then this peer address actually becomes dynamic, and changes with every session.

Basically, if your not using bridge mode the Juniper must be able to receive an IP over DHCP to communicate properly with the router. And yes, pppoe won;t work, it will have to be set to ethernet or the equivalent.

Then it's up to yourself if you need multiple statics or not, it doesn't matter. You can connect as many computers as you like direct to the BT Router and they will function fine.

You can DMZ to the Juniper, this will give the Juniper the static public address but still allow the other clients to connect through the router unhindered.

If you decide you need multiple statics then it will work, but requires a couple of additional settings in the BT router. Let me know if you need them.

Thanks

socketbox · ‎29-02-2012

Hi Spank,

Just reading your posts there, we need to do exactly the same thing.

I ordered two static IP's from BT, one will be for the ADSL Modem and the other we want to assign to a Firewall / VPN Server.

Reading up on the manual for the BT2700HGV router it indicates that the port assigned to the DMZ will use the same public static IP as the ADSL modem.

Effectively we would like the normal clients LAN and Wifi clients of the ADSL router to remain as they are and connect through the router unhindered. In addition we would like the the ADSL router to assign the second Public Static IP Address to one of the LAN ports of the Router which will be connected to the WAN port of the Firewall / VPN box.

Is this what you are referring to in your comment from last post:

"If you decide you need multiple statics then it will work, but requires a couple of additional settings in the BT router."

Could you provide any more details on this?

Many thanks,

Damien.

spank · ‎02-03-2012

Hi there,

Because you have more than 1 static the BT router will always be assigned a dynamic peer address after it connects, so using DMZ to the Firewall/VPN will just push the IP onto that so thats not an option.

Go to the BT router settings, choose settings > broadband > link config and tick the box for public IP, put in the gateway address (last ip in the range of 5 you have) and the subnet mask.

This will make the public subnet available. You can the assign the firewall WAN interface one of the 5 addresses BT have supplied you and it should work.

Thanks

nikkil · ‎03-03-2012

Quick question. What is the primary use of this 8MB line aside from low-cost conferencing and does it need all access without restriction? If yes, this would be my suggested set up.

BT Modem/Router - Juniper firewall - Switch

You could assign a VLAN for each subnets where you want to have specific access like conferencing. If there are no servers inside this local network, you don't even need to use those extra static IPs. You just need to set the BT router as A DHCP server giving PCs private IP addresses.