How do I properly route static IP Addresses outside of the DHCP range through an ASUS RT-3200?

My current setup:

• ISP: AT&T U-Verse
Router/Modem: Arris NVG589
Router:ASUS RT-3200
iTach GC-WF2IR:

I am trying to set up a universal remote control system that converts IR signal to Wi-Fi via the oncontrols iTach Module units. In order for the control to function correctly the units must have static IP addresses assigned to each unit. Currently there are 4 iTach units that need a static IP Address.

The way to assign the static IPs to the modules is by connecting directly to the modules via wifi and typing in the IP, subnet and gateway addresses.

I have followed the instructions on the manual PDF link which I provided above and have successfully managed to get the static IPs to work directly with the AT&T Arris router, however when I bring the ASUS into the network the iTach modules aren't able to communicate using their static IPs.

I have tried setting up the router both in Wireless Router Mode and in Access Point Mode with no luck.

We are paying an extra $15/month for getting Static IPs from AT&T, these all start with 104.14.X.X with subnet Currently we have 5 useable Static IPs.

I've been on the phone with both AT&T and ASUS techs for about 5 hours and still have not been able to figure it out. We need the strength of the ASUS to cover the entire 3-story house, biggest issue is reaching the basement.

ASUS reps say that I have to assign the last available static IP to the ASUS router in order to make the entire network function properly but the only thing that ends up happening is that the ASUS assigns the other 4 static IPs to all the other devices on the network and we currently have about 14 different clients online from iPhones, iPads, computers and HDTVs. The rep also said that the ASUS CAN NOT assign the static IPs because they are outside of the 192.168.X.X DHCP range, but I don't believe that's the case since it works on the AT&T router.

If anyone can help resolve this, it would be  G R E A T L Y  appreciated! I'm not a networking specialist but I can definitely manage myself around the settings. If more info is needed, just let me know.

Caleb AlonsoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Fred MarshallPrincipalCommented:
The way things are connected would help..

As I understand it, you have 4 devices needing a public IP address and have set those IP addresses on those devices OK.

Then, you introduced the ASUS router and everything went bad?  But where did you introduce it?

Here is how to do this (if I understand it):

Arris to a switch which I will call the "Internet Switch".
The Arris will have one of the 6 IP addresses in the .248 or /29 subnet of public addresses.
Then you will have 5 more addresses to use:
4 for the devices you mentioned.
1 for the WAN side of the ASUS router.
All of your other devices will be behind the ASUS on something like no doubt.

You plug the ASUS WAN port and the 4 devices into the internet switch.
You assign a static public IP address out of your pool to the ASUS WAN port as a static address.

The 4 devices will NOT be behind the ASUS router.
Access to those 4 devices will be as to any other device on the internet.

So, to answer your initial question: "You don't".
No routing in the ASUS should be necessary any more than to any other internet addressed device.

I see:
Enable DHCP if you are not entering a static IP address, and select Apply to permanently store the settings

So, this suggests that you might put the devices behind the ASUS, turn on DHCP and not use public addresses on them at all.
Which is your choice and why?
Caleb AlonsoAuthor Commented:
@Fred, thanks for the info!

Currently, whenever I plug the ASUS to the Arris and turn off the wireless on the Arris, I'm not able to connect to the ASUS, even after inputting the right SSID settings in iTach modules.

The remote control runs on 6 different iOS devices for 4 rooms (4 iPads + 2 iPhones) each iTach module controls 3 different components per room (TV, cable box, audio receiver). In order to gain functionality of the control, we need to input the correct IP addresses of each iTach in the iOS control app. If the IPs aren't static they'll always be dynamically assigned and change, if these change then the remote stops working and the settings have to be continually updated on all iOS devices.

Also, these models of the iTach devices don't have have ethernet ports, they only connect to the network via wifi, will that be an issue with the Internet switch?

The iPads need to connect to the network in order to gain control and currently the signal is too weak to reach one room and intermittent in another when only using the Arris, the iTach modules sometimes all connect to the Arris, but at other times 1 does not.

Another idea I had was if the iTach modules connected successfully to the Arris and then I had the iPads and all other devices connect to the ASUS, the iPads should gain control since the iTach modules would still be on the same network. Do you believe there's any foreseeable issues with this method?
Fred MarshallPrincipalCommented:
I'm seeing some confusion here and it may well be mine!  :-).

- The iTach devices *must* connect via wireless.  OK.
- The intent is to control the iTach devices using iOS devices.

I did not think that the Arris would have a wireless capability.  But, since it does, then fine.
And, the ASUS clearly has a wireless capability.

You say:
Currently, whenever I plug the ASUS to the Arris and turn off the wireless on the Arris, I'm not able to connect to the ASUS, even after inputting the right SSID settings in iTach modules
.  I'm thinking that I should describe two broad approaches so that you might tailor your approach in putting this together.

But first, I don't know that you need public IP addresses on the iTach devices.  So some of what follows may not be what you want.

#1 Put the iTach devices behind (i.e. downstream) of the ASUS router.

In this case, the iTach devices will have static addresses in the 192.168.X.0 range because that's how the ASUS is set up.  
These iTach static addresses can be manually set (as it appears you've already been doing) or perhaps via DHCP.  If via DHCP then the ASUS would *reserve* certain addresses for the MAC addresses of the iTach devices in the DHCP setup.
In this case, the iTach devices would likely be accessed from the outside world using the ASUS public IP address and a port number.  Let's say ports 5001,5002,5003,5004 just as an example.
Let's assume that the iTach IP addresses reserved would be:
In this case, there would be port forwarding in the ASUS like this to reach each iTach device.
[public IP address]:5001 to
[public IP address]:5002 to
[public IP address]:5003 to
[public IP address]:5004 to
I'm assuming that the iOS devices are *not* necessarily on the same LAN but have internet access.
If they are on the same LAN then they should still be able to access the iTach devices by addressing the ASUS public IP pluss the iTach port number assigned in the ASUS.
AND the iOS devices, if on the same LAN, should be able to access the iTach devices by addressing their respective LAN IP addresses with no port number needed.

#2 Put the iTach devices behind (i.e. downstream) of the Arris router and upstream (i.e. "outside") of the ASUS router.

I believe this is more like the way you have it set up now.
I understand that the iTach devices would connect to the Arris wireless.
I understand that the iTach devices would each have a static public IP address that matches the Arris subnet range just like the ASUS WAN port.
In this case, you don't need an internet switch as I described because there is only one Ethernet connection to the Arris .. the ASUS.
In this case, the ASUS has nothing to do with anything really.
If the iOS devices are on the ASUS subnet then that would be the same as if they were in Norway as far as the iTach devices are concerned.

Getting back to your current problem.  Here is all I can imagine (and suggest):
1. You have the Arris working properly.
2. You connect the ASUS and make sure that it's working properly.
3. You want the iTach devices to connect to the Arris wireless because that's where the public address accesses are located.  (The wireless access acts like a switch on the LAN side - that's why you don't need an "internet switch" .. it's built in).
4. Whatever you do behind the ASUS doesn't matter.  If the iOS devices are there then they should address the iTach devices according to their public IP addresses (no port required in this case and no port forwarding).

What you cannot do, and may have attempted is this:
You can't have the iTach devices with public IP addresses connecting downstream of the ASUS.
(There's not much point in my describing "why?" right now or what "connecting" means.)
You say "when I turn off the Arris wireless"... etc.  So, I can imagine that's what you've done.
In order to use the ASUS as the wireless source, you have to use private LAN addresses on the iTach devices - which means you only need ONE public IP address.

All subject to the equipment details of course .. but this should work

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Caleb AlonsoAuthor Commented:
I'll give it a try, thanks for all the detailed help Fred!

If I'm not mistaken, your second option seems a lot like the question I had:

Another idea I had was if the iTach modules connected successfully to the Arris and then I had the iPads and all other devices connect to the ASUS, the iPads should gain control since the iTach modules would still be on the same network. Do you believe there's any foreseeable issues with this method?

Is that right? Setting up the iTach modules to connect to the Arris wirelessly and then using the ASUS to extend the wifi signal to the rest of the house?

I really didn't have extensive experience with networking before all of this, and I didn't know I could use the DHCP settings to lock in IPs without the need to purchase static IPs from AT&T. If so, then your first proposed solution would be more ideal, I'm just a bit confused on the "ports" tidbit, the entire control will be set to function within the home network locally, I don't have a use for connecting to it outside of the home, is that the only reason I'd need the ports set up?

Regardless I believe both of these solutions are great.

Thanks again for all the help!! It's greatly appreciated!!
Fred MarshallPrincipalCommented:
I'm happy to help!  

Here is "the ports thing" in a nutshell:

A "port" is really another name for an address extension.
If 101 Main St is analogous to your IP address.
Then Apartment 222 is analogous to a port - it's a suffix to 101 Main St.

When a packet arrives at the outside IP address, and there's a port number attached, then the receiving router may use the port number to decide where to send the packet on the *inside*.
World-wide gamers use this a lot so they can connect their game computers to the public internet.

Actually, it's a little more than that.  The arriving packet may be directed to port 100 and the departing packet may address port 200 - the port address is translated as well.  

The end result is like:
A packet arrives at the outside of my router that's supposed to go to my gaming computer.  So, it arrives with port 999 attached as in  The router knows to send this packet to
So this is how you reach individual computers on your network from the internet.  And, yes, they must have static IP addresses for the port forwarding to work.

Now, if all you want to do is reach the iTach devices within your own network then all you need is their IP addresses which are in your private IP address range.  It's very handy to have them be static.
Then that's all there is to it.  I believe I gave examples of that.

But, if you want to reach the iTach devices from the internet then:
- they have to be *in front* of the ASUS and have public addresses.
AND, if you do that, you can still reach them from within the house "over the internet"....
Like this:

An iOS device that's on the ASUS wireless (192.168.X.0/24 let's say) will be on your local LAN by virtue of its wireless connection to the ASUS.
The iTach devices will be "on the internet" with their public IP addresses accessed using the Arris wireless - assuming the Arris will do public addresses on the wireless.  I don't see why not but some devices are funny that way.
So now your iOS devices will address packets to the internet addresses of the iTach devices.  The ASUS will pass them up to the Arris because that's its internet gateway.  The Arris will recognize that the addresses are on its own LAN subnet and put the packets out "on the wire" which will include the wireless part of that LAN.  Coming out on the Arris wireless, the iTach device with the particular address will react to the packet.  No ports or port forwarding required.

As long as it's clear that there are two wireless subnets in operation (and needed) then it should all be clear.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.