Bridge/modem only mode for Thomson routers (TG587nv2 / O2 wireless box IV)

I unfortunately haven’t had the best experiences with ISP-provided routers so far, so when I got the O2 wireless box IV (a rebranded Thomson TG587nv2), I wanted to configure it as a bridge or “modem only”, so that I could let one of my routers (that has an Ethernet WAN port) do the routing. Ideally, the TG587nv2 would just deal with encapsulating my Ethernet frames so that they can traverse O2’s ETHoA network, and not mess with my packets otherwise. Even more ideally I should still continue using the other features of the TG587nv2 (media server, 802.11n access point, remaining switch ports). My final config will let you do exactly this.

Logical topology before and after turning a TG587nv2 into a modem + switch + wireless access point.

My other option would have been using NAT, while forwarding all ports to my router and setting up protocol forwarding (for forwarding non-IP packets, like IPv6 or GRE for VPN); I’ll briefly talk about this at the end, in case it’s useful to anyone.

Now I will explain my method of going from the challenge to the final solution.

Preliminary research results

This is what I found by searching the internet and trying a few simple things:

  • The O2 wireless box IV unfortunately doesn’t come with a “bridge mode” button that can be easily turned on. Firmware updates also seem to be hard to come by.
  • There was very little technical information available on the manufacturer’s website. It looks like their routers are reasonably sophisticated though (for home router standards) – have a look at the guide on setting up triple play for the TG784 (click the “8.2.x release” tab) if you’re curious.
  • It looks like BE (another UK ISP) gives their customers similar Thomson routers (they call them “BE Box”), and provides them with bridging options.
  • The O2 wireless boxes have a SuperUser account preconfigured (you’ll find the password by asking Google) and there exists a telnet interface. This gives you access to what looks like an Alcatel-CLI. You can find CLI reference guides for some of the other Thomson models though, such as here for the TG585v7; I imagine that most of the commands will common across models.

One of the BE templates seemed to provide the functionality that I wanted, only for a different router model and ISP. I figured that their config would need a couple of changes so that it would work in my setup, though hopefully there shouldn’t be anything major. I did think that the method was not very well documented (or if it was, I didn’t find it at the time), and information on this router was generally quite fragmented, so I decided to write up my findings anyway. Hopefully they will be useful to someone stuck with a similar problem.

Working towards “bridge mode”

So, after creating a backup of my router config via the web interface, my plan was to reverse-engineer the BE template, try to figure out how the bridging was configured and then apply that configuration over telnet, so that I could run some list commands to see if I was doing the right thing. The ‘help <command>’ and ‘… list’ commands were very useful at this stage, and it helps to know that you delete one character from the CLI with CTRL+H, and go ‘up’ one config mode with ‘..’ (for more information, see these notes on the telnet interface). This somewhat trial-and-error-based approach mostly worked, until I had to mess around with the LAN interfaces, which of course disconnected my telnet session – this is why it’s nice to have a non-IP based method of communicating with your router, like a serial port ;-). After that, I had to move to merging my backed up configuration file with the BE one, uploading it via FTP (as explained here), reboot the router, see if it worked as expected and if not hit the “reset to defaults” button.

Disclaimer: As you can probably guess from the above, I’m by no means an expert on Alcatel configuration – in fact, I had never touched an Alcatel CLI before this, so I may not have gotten everything correct. I am also writing this post from memory, as I did this configuration some time ago, in the hope that it will help somebody out there. I’ll also publish my full config, which seems to work for me.

Firstly, you configure an ATM interface, which essentially represents your connection to the phone network. I remember there were different configurations for this, depending on whether or not your local loop is unbundled, and you can probably leave this the way it is in your current config, just make a note of the interface name. For other O2 customers benefiting from LLU, the config looks something like this:

[ atm.ini ]
ifadd intf=atm_llu
ifconfig intf=atm_llu dest=llu_Internet ulp=mac
ifattach intf=atm_llu

[ phone.ini ]
; this next line will different if you're with another ISP - copy it from your config.
add name=llu_Internet addr=0*101

Now, let’s bridge the ATM interface to an Ethernet interface (port #4):

[ bridge.ini ]
add brname=direct_bridge
ifadd brname=direct_bridge intf=ethport4 dest=ethif4 logging=disabled
ifadd brname=direct_bridge intf=atm
ifconfig brname=direct_bridge intf=ethport4 wan=disabled logging=disabled
ifconfig brname=direct_bridge intf=atm dest=atm_llu wan=enabled
ifattach brname=direct_bridge intf=atm
ifattach brname=direct_bridge intf=ethport4 logging=disabled
config brname=direct_bridge age=300 filter=no_WAN_broadcast vlan=disabled

[ bridgevlan.ini ]
;I'm not entirely sure if this is necessary.
ifconfig brname=direct_bridge intf=OBC1 vlan=1 ;this must have been added automatically
ifconfig brname=direct_bridge intf=ethport4 vlan=1
ifconfig brname=direct_bridge intf=atm vlan=1

If you run ‘:eth bridge iflist brname=direct_bridge’ after applying the above, you should be able to see the two interfaces (atm and ethport4) being part of the bridge. Now, it looks to me like these boxes define one “interface” and one “port” per physical port – I’m not entirely sure, why; I think the datapath for packets coming from the internet is therefore something like this:

atm_llu -> atm ---(direct_bridge)--> ethport4 --> ethif4

The ‘interface list’ command seems to support this view:

{SuperUser}=>interface list
Name           Type                 State            Use  UL Interfaces
loop           ip                   connected        0    
ethif1         physical             connected        1    ethport1
ethif2         physical             connected        1    ethport2
ethif3         physical             connected        1    ethport3
ethif4         physical             connected        1    ethport4
ethif5         physical             connected        1    virt
bridge         eth                  connected        1    LocalNetwork
OBC            bridge               connected        1    bridge
ethport1       bridge               connected        1    bridge
RELAY          eth                  connected        0    
atm_llu        atm                  connected        1    atm
wlif1          physical             connected        1    WLAN
ethport2       bridge               connected        1    bridge
ethport3       bridge               connected        1    bridge
virt           bridge               connected        1    bridge
WLAN           bridge               connected        1    bridge
direct_bridge  eth                  connected        0    
OBC1           bridge               connected        1    direct_bridge
ethport4       bridge               connected        1    direct_bridge
atm            bridge               connected        1    direct_bridge
LocalNetwork   ip                   connected        0

As you can see from the above, I left the original “bridge”, which now  implements the packet switching between the other ports. This way, I can still use one of the other ports to telnet to the box, transfer files or look at stuff in the web GUI – it was actually surprisingly simple to retain the remaining functionality. Please see my config files for details on this.

Now, you’ll probably want to change your Thomson router’s MAC address, so that you can give that address to your new router. This link explains how to do that, or you can simply look in the config for the MAC address and for example add one to one of the last few digits (just make sure you keep your numbers in hexadecimal, i.e. from 0-9 and then a-f).

Config download

Here’s my TG587nv2 config (user.ini)

A quick note on “protocol forwarding”:

It appears to be possible to create NAT mappings that will cause packets of a particular protocol to be forwarded, somewhat similarly to port forwarding. You’ll see this most often in discussions around how to forward GRE packets to VPN servers, or this discussion in the context of IPv6. The ‘nat mapadd’ command seems to be what you need to make this work, and I think that for many scenarios you may get away with forwarding ports and the other protocols you’re interested in. If you need your global IP on another router’s interface, this won’t be of much use to you though, and therefore I didn’t try this approach either.

Full disclosure

I am currently a Cisco employee, and the views expressed on this blog are mine and do not necessarily reflect the views of Cisco.

20 Replies to “Bridge/modem only mode for Thomson routers (TG587nv2 / O2 wireless box IV)”

    1. Hi Paul,
      Thanks for leaving a comment with a link to your article, it looks good!
      I’m more than happy with the way how you referenced this article, thanks for asking 🙂

  1. hi,
    I’m trying to put a thomson router TG587 in to bridge mode. I’ve tried adjusting the commands that I used on my previous box without success. The new broadband is called O2_static:

    ip ifdelete intf=O2_ADSL2plus
    eth ifdelete intf=eth_llu
    eth bridge ifdetach brname=bridge intf=ethport2
    eth bridge ifdelete brname=bridge intf=ethport2
    eth bridge add brname=bridge2
    eth bridge ifadd brname=bridge2 intf=ethport2
    eth bridge ifconfig brname=bridge2 intf=ethport2 dest=ethif2
    eth bridge ifadd brname=bridge2 intf=atm
    eth bridge ifconfig brname=bridge2 intf=atm dest=atm_llu
    eth bridge ifattach brname=bridge2 intf=atm
    eth bridge ifattach brname=bridge2 intf=ethport2

    does anyone have any ideas?

    regards

    Robert James

  2. I’m a complete novice and want to use my O2 IV router to extend the WIFI coverage of my new Sky hub. I already have a CAT5 cable running to the space I require the WIFI to extend to.

    Would I need to configure the O2 router to act as an access point? If so I would be very grateful for any guidance on this. Many thanks.

  3. Hi Andrew,
    I can’t remember if there is an option to configure the O2 wireless box IV as an access point. If there is, just use that option, but if there isn’t there’s no need to despair. Make sure that the wireless settings match your Sky hub’s ones (same SSID, password), and make a note of the Sky hub’s IP address and netmask (e.g. 192.168.0.1 and 255.255.255.0 or /24). Then, change the LAN IP address of the O2 wireless box to something that’s on the same network as the Sky box’ one (e.g. 192.168.0.250 and 255.255.255.0), and turn off the DHCP server on the O2 wireless box.

    You can find similar instructions on other pages if you search for phrases like “using a router as wireless access point” (don’t use the quotation marks in the search box 🙂 ).

    Regards,
    Michiel

  4. I have a Thomson box iv on O2 wireless but I am not with O2 I am on sky network how can I convert my old O2 box to a repeater

    1. Hi Dennis,
      I don’t know if you can turn it into a wireless repeater, but what you can do is turn it into a wireless access point. See my previous reply (from August 3, 2013) for notes on this. You might find this article useful, it explains towards the bottom why wireless repeaters are a bad idea anyway.

  5. I also have the Thomson/ O2 IV but with the SKY takeover and upgrading I now have a SKY wireless box & BT modem but have lost the advantage of the USB port & therefore Wireless printing.
    I have decent Wireless throughout my house with the Sky box.

    Can the TG587nv2 be tweaked such that it can be used as a Wireless Print server only?

    1. I think a wired print server is more likely to work (set it up similarly to a wireless Access Point and then enable the print server, possibly in addition to the wireless network). A wireless-only print server would require you to either use a separate WLAN for the printing (just set it up like a router and don’t plug in a WAN cable) or find a way to make the box connect to your existing WLAN as a client. I don’t know if the latter is possible.

  6. Sir please tell me how can i used my o2 wireless box iv as a wifi router , without dsl connection,

    i have usb 3g evo, can i used it as a wifi router while using usb 3g evo, this o2 wireless box iv have 2 usb ports.

    please guide me please.

    i am waiting

    1. I think your best bet is starting here. However, I have no idea if it will work with “usb 3g evo”, the wiki page suggests only a small number of 3G USB dongles will work.

      I also suggest you familiarise yourself with the telnet interface and the text configs before attempting this. Good luck!

  7. there is the option to use one of the usb ports as a ftp server with a usb hard drive the other can be used to add a printer so anyone connected to the router can send files to printer without having to have a pc running all the time just to be able to print stuff

    hope that helps

    an i havent attempted either as yet but am looking at doing the printer option if anyone has done it info would be gratefully recieved

  8. Hi, great website. I’m rather like many of the commenters here, I have my old O2 Wireless Box IV and have been sent a Sky box. I’ve an AV receiver which supports ethernet, but is in a painful place to run cabling to. I’d rather like to configure my Wireless Box IV to join the Sky box wifi and bridge it to ethernet. Presto, AV Receiver should have a route to the internet as well as being reachable from any other device on wifi.

    My ip knowledge is way rusty and I’ve not found any better knowledge than here thus far online. Any tips as to what I should be researching?

    1. Hi Ed,
      Thanks! I’d probably start with poking around in the telnet CLI and looking at the wireless commands (use the built-in help function), and/or searching for “technicolor command reference” and seeing if there’s anything promising there; there are some CLI reference manuals available for other models (e.g. here: http://wiki.aa.org.uk/Category:Router_TG582N). Alternatively, you could try to look into alternative firmware options such as OpenWRT or dd-wrt, or even firmwares from other ISPs (such as Plusnet?), and see if you can install any of those. Getting root/linux terminal access would also be a good start.
      It’s really annoying that these devices don’t come with a client mode, it would be much “greener” to re-purpose the device than send it to a landfill site and buy something else.
      From what I remember unfortunately none of these options looked particularly promising 🙁

      If your sky box is more “hackable”, perhaps you can turn the problem around and make your sky box join your Wireless Box IV? (I don’t know if this makes any sense in your deployment of course)

      Good luck!

  9. Hi Michiel
    I am trying to setup Wireless bridge, My main AP is a Tipilink Wireless router with BB cable connection.
    I want to extend my wireless network by using Wireless Box IV /Locked only as bridge with my main AP. I tried your method but I get
    “atm_llu atm not-connected 1 atm”
    and
    OBC1 bridge connected 1 direct_bridge
    ethport4 bridge connected 1 direct_bridge
    atm bridge retrying 0

    any suggestion where I am doing wrong ?
    Regards

    1. Hi Haradhon,
      Thanks for reaching out!

      I’m not sure I fully understand the question. Do you just want to have a network like this?

      [TPLink wireless router]-----(ethernet cable)----[Wireless Box IV] )))) wifi )))

      If that’s the case, then you may be overcomplicating things; you should be able to plug the Ethernet cable into one of the Wireless Box’ switch ports, disable the DHCP server and manually configure the Wireless Box’ IP address. Check my suggestion to Andrew for more info.

      If you’re trying to have a different setup, please help me understand what you’re trying to achieve, a diagram might help.

  10. i have used your config file but i have failed to get the username and password to log in back into the device. I want to secure my Wi-fi

    1. I’m sorry to hear that.
      Have a look in the config file, in the wireless.ini section there are some placeholders (like <YOURWLANSSID> and <YOURWPAKEY>) that you should update before applying the configuration. In general it’s probably a good idea to at least skim read the configuration before applying it; there are a few other comments in there as well.
      If you can’t access your router anymore, I’d recommend doing a factory reset.
      Good luck!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.