There are people that have successfully added their own ONT setup to by-pass AT&T awful BGW-320 500/505 gateways. But it seems that its an uphill battle. dslreports.com has an entire thread dedicated to this.
I myself looked into it and realized as much as I'd like to have true bridge mode, it just wasn't worth the headache if AT&T made a change on their end. So I have BGW-320 configured for passthrough mode and an OPNSense box behind it. With Unbound recursive DNS resolver and Pihole - I fortunately don't have the problems as described in the github writeup
In the past, I got AT&T FTTN, and their router somehow managed to break my NAT firewall. I've never had this problem before or since, and spent over a day debugging it. If I had to use their stuff at this point, I'd probably set up an SSH tunnel from my local router to some machine elsewhere, and then run ppp or similar over it. I'd also stick their wifi access point garbage inside a faraday cage.
Annoyingly, I had these problems in California when network neutrality was in full force. One of the rules said that ISPs were not allowed to discriminate against customer-owned network devices. Clearly, it didn't apply to AT&T.
If you have had ATT fiber for years the the ONT is separate from the router/gateway. They use 802.1x port security but the key and cert are easily extracted from the gateway due to firmware bugs and they are probably available online too (but doing the former is easy enough). No need to use any AT&T provided equipment other than the ONT.
If you have the newer combined device you can put it in bridge mode which is probably sufficient for most needs though some have procured and installed their own ONT only setup (SFP modules are like $50).
Even if you don't have a separate ONT you can bypass the BGW320 completely with an SFP GPON-ONT-on-a-stick into SFP+ interface or a 2.5g media converter if you are in a GPON area. If you are XGSPON the common option is to buy a WAG-D20. Either way you still need certs for 802.1x.
> The WAG-D20 is no longer supported/works if you're on AT&T. At least according to the discussion on dslreports and also 8311 discord server.
The WAG-D20 is basically not recommended generally due to chipset bugs on newer revs and reduced speeds, nothing specifically with AT&T, though the VEIP issue is a specific sticking point.
The Baltic link you provided also is not limited to AT&T, and that is more a disclaimer because they are probably sick of return attempts by people with just enough to knowledge to find a cite for WAG-D20 but otherwise clueless. I doubt they want to encourage any residential customers for any model regardless if it works.
thanks for the clarification. Do you know if WAG-D20 chip issues have been resolved? Back when i had first looked into replacing the BGW-320 505 with my own ONT setup, the WAG-D20 instructions I found were straightforward. The newer setup process with ONT like the WAS-110 seem to be a bit more complicated to me.
Actually for GPON the 802.1x is enforced on the ONT, so if you use an ONT SFP stick you do not need 802.1x. I already had pulled mine years ago and they’re good until 2038 or something so I haven’t bothered bypassing the ATT ONT.
Yeah, I meant for newer customers. The ONT is built into the BGW320 with no separate ONT box. You still need the certs from a BGW-210 etc. in that scenario.
Does having control of the ONTs allow them to throttle traffic/abuse in a GPON/passive fiber system?
I downshifted my ATT Fiber recently, I was getting a full gigabit when I was the first customer in the neighborhood but lately I couldn't do better than 700. So why pay for the full boat?
This. I wish they had an ONT setup that allowed me to fully bypass everything of theirs.