@andsoitgoes --  not working with DNS?

Doubtful. If you can PING to a FQDN (Fully Qualified Domain Name), e.g., PING www.shaw.ca then DNS-queries are working correctly.

What is NOT working for you?

Any "filtering" inside the cable-modem?  Parental restrictions?

Everything is disabled on the Shaw modem, even parental controls

i can ping sites just fine. No issues. The second I try and make any connections whether wired, wireless, PC, Linux, my ring security system, I have no ability to load the pages. It just hangs. It seems impossible to return any queries. 

that's what boggles my mind. ASUS router has an active wan address. DNS servers match. All the above works. 

@andsoitgoes -- note that "special" packets, such as used by PING and TRACERT, are handled by the network adapter at the target IP-address, unlike HTTP/HTTP-s packets, which require an application program, namely a web-server, to receive the packets, and to respond.

If Shaw has assigned a second IP-address to your account, connect your computer to the second LAN port on the BlueCurve, and see if bypassing the ASUS router allows you to access web-servers.

Also, observe the "traffic" lamps on the BlueCurve, and on your ASUS router. The lamps should blink, when there are TCP/IP packets being sent/received.

Also, can you do a packet capture on your computer running Windows?

Okay so a minor update. 

I dug put an old TP Link Router and after fighting for a few hours to remove open wrt, I got it back in operation. 

hooked it up. Prepared for failure. 

got internet. 

words are mostly failing me right now BUT I have it working with that router. Looked at the settings and the IP address that the TP link router had and was shocked when I discovered it was entirely different. This was a 24.* IP address. 

I’m honestly at a loss here. The tp link router doesn’t work as a solution. It’s too slow and the speeds are significantly lower. 

I even went as far as trying to clone the mac address of my tp link router but I then get an error rom the ASUS router. 

I’m now assuming it’s either a setting in the ASUS router OR it’s something Shaw is doing when it sees the asus router and is blocking it somehow? I honestly don’t know. Anything that you can provide would be useful. 

I did save the packets using wire shark from both the TP Link and the asus Routers, I don’t feel comfortable sharing those in public but I’m happy to share them Privately.  

A few tiny updates. I'm posting on the SNB forums as well in case this is an Asus issue, but here's something pertinent between the success/failure and I'll attach screenshots, too:

Here's screenshots from both the TP Link success and the Asus failure. I stupidly didn't capture the Shaw modem's page during the success of the TP link, just during the Asus failure.

Hopefully this helps shed some light? This HAS to have something to do with the incorrect WAN address, right?

Another thing to note:

Asus Router - Gateway matches the WAN except for the last number. The Wan IP ends in 254, the Gateway ends in 1. This is completely different on the C2600 which there is no match except the first 2 octets. DNS matches exactly. Subnet Mask also matches.

So at this point it's the IP address and Gateway that are entirely different on the C2600 which successfully can access the internet. I BELIEVE when I was trying my laptop the other night when it worked I was also getting a 24.* IP address.

But what do I do with this information?

@andsoitgoes -- the IP address that the TP link router had and was shocked when I discovered it was entirely different

Don't be shocked. Every router has a network adapter on its WAN side. Every network adapter on the Internet has a unique MAC-address (although I have seen one exception -- two network-cards from the same manufacturer, probably due to a screw-up at the factory).

When a DHCP-request is sent to Shaw's DHCP-server, the unique MAC-address is embedded in that request. So, sending a different MAC-address (from the second router) will cause the response from the DHCP-server to return a different IP-address. 

> I’m now assuming it’s either a setting in the ASUS router

Maybe. Can you "factory reset" it? It should work "out-of-the-box".

> OR it’s something Shaw is doing when it sees the ASUS router and is blocking it somehow?

Note that MAC-addresses are assigned in a "block" to each manufacturer of network devices, such as ASUS and CISCO and D-LINK.

A MAC-address has 12 characters, and the first 6 characters are a unique "block" that is assigned to one manufacturer.

That being said, I truly doubt that Shaw is "keying" on those first 6 characters. Other contributors on this forum have ASUS routers and a bridged cable-modem, apparently successfully.

@andsoitgoes -- This HAS to have something to do with the incorrect WAN address, right?

Wrong. For each unique MAC-address that you send to Shaw's DHCP-server, you get a response containing a unique IP-address.

> Asus Router - Gateway matches the WAN except for the last number. The Wan IP ends in 254, the Gateway ends in 1. This is completely different on the C2600 which there is no match except the first 2 octets. DNS matches exactly. Subnet Mask also matches.

The "netmask" is the key to how IP-packets are routed. Compare to entering a branch of a bank. During COVID-19, after you enter the bank, you must answer the questions from an employee ("have you travelled outside of Canada in the last 14 days?" and/or "have you been in contact with somebody who is positive?"). Then, you are routed to one of the bank tellers.  After the transactions, if you want to talk to somebody, you have a choice in your personal routing: to look around the inside of the branch, to see if a friend also is inside and you want to talk to that friend, or to go outside the branch.

The "netmask" is used by your computer to determine how to route from one IP-address to another. Expressed somewhat mathematically: 

     IF MaskFunction(IP#1,NetMask) == MaskFunction(IP#2,NetMask)

      THEN SAY "IP#1 and IP#2 are within the same network";

      ELSE SAY "Send to the Gateway's IP-address to route the packet out through the router"';

For a NetMask of "255.255.252.0", express it as binary: "11111111 11111111 11111100 00000000". In this case, that "MaskFunction" (above) indicates that the first 22 bits of "IP#1" must match the first 22 bits of "IP#2", and that the final 10 bits of each IP-address do not matter. Those 10 bits indicate that there could be up to 1024 (2 to the 10th power) computers within the same network.

Note that Shaw typically reserves IP-addresses ending with ".1" for all of their routers, while Telus typically reserves IP-addresses ending with ".254" for their routers. It is just a convention that each company has standardized on using.