since May 14, 2001
As with any DSL service in this area, the first challenge is to get it installed. Telephone lines (required by DSL) in this area range from fantastic, but technologically incompatible with DSL to very old, very unsuitable for DSL. Somewhere in the middle are some people who have wiring which is of adequate condition and type for DSL use.
Ameritech offers several "grades" of DSL:
The router my clients have been getting recently from Ameritech is the Efficient Networks SpeedStream 5861. This appears to be a very capable box, perhaps a little too capable. The manual is over 300 pages in length, and provided ONLY in .PDF file format. Now, this may be a personal quirk here, while I appreciate Adobe Acrobat's ability to print something very pretty cross-platform, trying to use it to READ a document using Acrobat Reader I have found almost impossible (note: "continuous" mode makes it almost useful (Thanks, Mike!). On Acrobat Reader v5.0, they have FINALLY set this on by default). Put bluntly, I don't have a whole lot of interest in learning to configure every imaginable router out there with every imaginable Internet service provider. We are talking many, many hours of learning for something that I may never see again. Do I charge the client $5000 for a DSL install and set up? I think not. Do I waste my time learning what may well be a "one-shot" product and service combination? Again, I've got more important things to learn and keep on top of.
What I prefer to do is to to "open up" the router to the Internet, and
put an external firewall and/or other service box behind the router.
For external firewalls, I like either
OpenBSD or
GNATbox, two very capable and
cost effective solutions, both of which I support and have spent considerable
time learning, and support a wide array of different internet connectivity
options (DSL, Microwave, T1, etc.).
First, always start by making sure you have a backup of your initial router configuration. The Efficient Networks configuration program does a pretty good job of this -- load the software, first thing it will do is connect to the router and download the configuration. Apparently, however, it is rather stupid about knowing how to do anything resembling rotated backups. I like to have a copy at every "benchmark" stage: as Ameritech left it, when I start making progress, when I have it exactly how I want it. Simple solution to this: Rename the directory it ends up in. (something like C:\DSL\<letters&numbers). Next time you do a backup, it will recreate this same directory (I believe it is the serial number of the router).
If you choose to restore the router, you do this through the backup/tools menu.
Virtually all useful configuration of the router must be done from a telnet session with the router. The 5861 only accepts connections from nodes on the same subnet as its ethernet ports. This is a security aid, but it often requires an "extra" computer handy.
You are going to have to find out what your IP is. Ameritech won't tell you. How nice of them. I usually telnet to a machine I have which will tell me where I am coming from, though some web sites will also tell you your IP address, as well. Your reported IP should be the top-most of the available IPs of your subnet block -- if it isn't, you are probably not set for static IP yet (see below).
The "protected" side of the router defaults to 192.168.254.254 with a subnet mask of 255.255.255.0.
There are two solutions I have found to making this thing useful...
From a telnet session, use the commands:
system addhostmap 192.168.254.101 192.168.254.105
12.34.56.78
save
reboot
In this example, 192.168.254.101-105 are the "mapped" ip addresses for
the devices you want external access to.
12.34.56.78 is the FIRST usable IP of your block.
In this case, your machines use the IP address of the router (192.168.254.254) as their gateway to the Internet.
Does it work? Yes. Are there potential problems? Yes -- for one, you will (typically) have double NAT going on, first at your router, then again at your external firewall. I would imagine this would break many VPN systems, and can cause other problems, though it won't hurt your normal browsing.
This solution was suggested by Ameritech.
Anyway, using the system I had been walked through configuring and another client who was patient for the service, I was able to "reverse engineer" the steps required:
I have bold faced the commands you need to type, the lines starting
with # are comments to let you know what is being done.
Again, through telnetting to the router
# use the "login name" and PW you were given.
This enables the DSL box to
# connect to the Ameritech service, apparently.
sys name <user1@static_ameritech.net>
sys passwd <assigned password>
# Set the router's IP and the range that it will
be supporting. Note that for
# the installs I have done so far, the router goes
at the TOP of the address
# range.
eth ip ena
eth ip addr 12.34.56.78 255.255.255.248
# The following are commands which are using curious
terminology of the
# Efficient routers...some of it quite contrary
to what I would have guessed
# one would want to use, so I will not describe
what is happening, I'd
# probably be wrong. Note: 'rem' below is
short for 'remote', not
# 'remark' -- those are commands, not comments.
sys wan2wanforwarding on
rem disbridge internet
rem setiptrans off internet
# Make it happen
save
reboot
Now, all this is assuming you are starting at where Ameritech left you. If you are trying to use this guide with another ISP which uses the same router, good luck to you. This worked for me in my situations so far, I'm not going to pretend I know entirely how or why.
Once you have enacted "dumb as a brick mode", set your computers to
use the router as their gateway, and put them right on the 'net.
Should you need to use the Efficient Networks management software, you
will have to do it from a machine on the subnet you are working with, not
behind a firewall (I think...gotta test this).
After reconfiguring the DSL router in any way...power it off and back up. It is important.
Ameritech really has no idea what they are doing here. To sell a service without any idea how to guide the customer through using it would be unacceptable in any other industry. Fortunately for them, the expectations for service and support in the computer industry is very low.
There are many things Ameritech does not tell you when they do the DSL install. Most notably, when they set you up, they typically program the router with a "temporary" user ID and password, and don't bother to tell you this. This temporary address is a dynamic IP. In order to actually USE your system, you will have to go in and reprogram the router when they get around to updating their back end equipment with your user information. Worse, in one case, they actually set us up with a temporary ID, then a semi-permanent, but still dynamic IP, and almost a week later, the static IP was actually activated.
This is inexcusable. Apparently, they don't even start to consider setting up your service account ID until AFTER the DSL modem is installed and operational. Why? All I can figure is their install success rate is so low, they don't want to waste their time actually doing any back-end record keeping until they know everything is going to actually work. AFTER the wires are operational, then they will start getting things in order on their end...this has taken a week or more in one case!
In three out of three cases, the installers have told my clients "The computers are down, I've set you up with my temporary ID". Get real. Have you EVER made a phone call that their computers didn't track? Has your bill ever not arrived on time due to a phone company problem (we'll ignore the USPS right now). The phone companies not only have some of the most sophisticated computer systems in industry, but also pioneered many of the technologies we now take for granted (remember, Unix came out of AT&T).
In one Ameritech DSL install I did, they actually had some kind of record keeping snafu on their end -- took almost a week to get that cleared up and bizarrely enough, I had to give them a credit card number. Never got a good explanation on that one, they assured me it wouldn't be charged, "the old registration system computer just needs it" "Then use yours" "Uh, can't do that". So, just to mess up their systems the best I could, I gave them *my* credit card, rather than the client's.
The individual people I talked to at Ameritech were (with one exception -- Carol, you are on my shit list. My client, after hearing the one side of that conversation, said "Wow. I've never heard you loose your cool like that before, Nick!") very nice, understanding, and sympathetic to the problems I was having. And, they had obviously heard it all before (be nice to them, you get NOWHERE yelling at the person who is trying to help you). The problem isn't the people you are dealing with, the problem is the Ameritech management, the system is broken, the people are great, and doing their darnest to get you going.
Holland Consulting home
page
Contact Holland Consulting
since May 14, 2001
Copyright 2001-2003, Nick Holland, Holland Consulting