Q. How can I use my own router as primary while still keeping remote DVR access and Caller-id on my TVs.
A. This is option #8 in the trade-offs FAQ. This particular option allows you to use your router as primary, while keeping all Verizon functionality, including guide data, VOD, widgets, remote DVR, and on-screen caller-id. However, this option is more complex that some of the other options in the trade-offs FAQ. You should review the trade-offs FAQ to select to most appropriate bridging option.
In addition to the user router, the Actiontec, a third "back-end" router is also required.
Note: Although this FAQ refers specifically to Actiontec, it should also work with the Westell 9100EM, although it has not been tested with that router. Should anyone get this working with the Westell 9100EM, please post in the »Verizon FiOS TV forum.
•You must have a working cat5 connection from the ONT. If you do not already have a cat5 connection from the ONT, follow the instructions here: Replacing the Actiontec (part 1): Coax to Ethernet
•You will need an extra router to use as the "back-end" router.
•Make sure all services are working with the Actiontec as primary before starting. Even if you already have your own router functioning as primary, you should make sure that Remote DVR and CID work with the Actiontec as primary before attempting these instructions. If you have any issues with remote DVR and CID working, resolve them with Verizon now, while the Actiontec is primary.
•Record the IP and MAC for the Actiontec's WAN port as well as the port forwarding rules set up by the Actiontec.
•Prepare your replacement router and back-end router, then move the cat5 WAN cable from the Actiontec to the replacement router. (Do this quickly to avoid losing your IP address assignment.)
Install your own router between the ONT and your internal network.
Configure port forwarding rules on that router for remote DVR and Caller-ID.
•Install the "back-end" router between your LAN and the Actiontec WAN port.
•Configure the Actiontec to the same IP address as it used to have and set up port forwarding rules to allow the remote DVR and CID traffic to pass to the Actiontec.
Notes: The Actiontec router plays a critical role in several ways in the configuration described in this FAQ. It bridges the MOCA networking from the set-top boxes to the Internet and it supports the protocols that allow the set-top boxes to communicate with the Verizon systems.
To use this system, you'll need a simple router with Network Address Translation (NAT) features to use in addition to your primary router and the Actiontec. This router doesn't handle all of the traffic from your internal network to the Internet, but it supplies the set-top boxes with Video on Demand. A simple "Cable Modem" router will be fine in most cases. After you connect up the cat5 to feed the Actiontec, verify that services are working as you expect. If Verizon doesn't allow you to use remote DVR or if Caller-ID isn't working, you'll need to get them working before you start changing things. You can sometimes trigger Remote DVR to work by doing a factory reset on the Actiontec, but sometimes you just need to ask the Fiber Support Center to 'portmap' your set-top boxes to get things working again. Here's the detailed directions:
1. Hook up a PC to one of the LAN connectors on your Actiontec and open the web interface. Click on the "My Network" icon, then "Network Connections". You should see a link reading "Broadband Connection (Ethernet)" with status "Connected". Click on that Broadband connection and you'll see a "Broadband Connection (Ethernet) Properties" page. Record the contents for the "MAC Address" and "IP Address" fields as you'll need those later. As recommended in other areas of this FAQ, you probably want to disable wireless on the Actiontec at this point (Wireless Settings). You should also enable remote administration (Advanced/Remote Administration, then select the "Use Secondary HTTP port" setting.)
2. On the Actiontec, click on the "Firewall Settings" icon and choose the "Port Forwarding" option. You should see several port forwarding rules that were inserted to support remote access. For example, under "Networked Computer/Device" you'll see entries like "192.168.1.101:8082", with a corresponding entry under "Applications & Ports Forwarded" reading "Application, TCP Any -> 35000". Those are ports forwarded from the Actiontec to your set-top boxes to support Caller-ID. The first STB will use port 35000, the next 35001, and so forth. You need to re-create these rules on the primary and secondary routers for this setup to work. Similarly, you'll see forwarding rules with "192.168.1.101:63145" and "UDP Any -> 63145" for the first DVR in your house, with port 63146 and up used for subsequent DVRs. Record what port range is in use here for later. You can now power down the Actiontec.
3. Your primary replacement router should be configured to provide address distribution (DHCP) to your LAN. The primary LAN subnet must be different from the Actiontec LAN subnet.
4. On your primary router, set the MAC address of its WAN port to the MAC address recorded in step 1 above. Move the cat5 cable coming from the ONT to the WAN port of the Actiontec so it's now connected to the WAN port of your primary router and restart the primary router. If all is well, it will pick up the same WAN IP address that the Actiontec used to have. You should now verify that your internal network is operating properly.
5. Prepare a simple NAT router (the secondary router) which will be used to connect the Actiontec to the Internet. It should be configured to use a static IP address from your internal network on the WAN side. Hook the WAN port of the secondary router to your internal network.
6. On the LAN side of the secondary router, configure the subnet scope to use the same network as your Actiontec's former WAN address (recorded in step 1 above). For example, if your Actiontec's IP address was 18.104.22.168, then you should set the LAN side to an address of 22.214.171.124, netmask 255.255.255.0.
7. On your secondary router, configure the DHCP server to add a static IP address assignment, giving the MAC address of the Actiontec the same IP address it used to have. You should also configure the DNS servers for that DHCP scope. Using the Google public DNS servers (126.96.36.199 and 188.8.131.52) is one option. You can also use your internal DNS servers if you have them.
8. On your secondary router, configure forwarding rules for the following ports from the WAN side of the secondary router to the Actiontec's WAN port (192.168.2.101 -> 184.108.40.206 in the diagram above)
•TCP port 4567
•UDP port 63145 and up
•TCP port 35000 and up
The port forwarding rules for 63145 and 35000 should mirror the rules that you see in port forwarding on the Actiontec. The number of ports starting with 63145 depends on how many DVRs you have, and the number of ports starting with 35000 depends on how many set-top boxes you have. You can also set up a port forwarding rule for TCP port 8080 forwarding to the Actiontec's IP address, port 8080. This will allow you to manage the Actiontec via its web interface across your secondary router.
9. On your primary router, forward the following traffic to the WAN address of your secondary router:
•TCP port 4567
•UDP port 63145 and up (as above in step 8)
•TCP port 35000 and up
These port forwarding rules should mirror the rules that you see in port forwarding on the Actiontec.
10. Hook up a cable from the Actiontec's WAN RJ45 port to the LAN port on your secondary router. Turn on the Actiontec.
11. Verify that your set-top boxes still have network connectivity using Video on Demand. Now, things should look like the attached diagram. Note that if the IP address that Verizon gives to the WAN port of your primary router changes, you'll have to reconfigure the LAN network of your secondary router to match as well as reconfiguring the DHCP server so the Actiontec's address follows. Thanks to user rspadaro for the insight that leaving the Actiontec off of the LAN makes this much simpler to set up.
Thanks to rmurphy and rspadaro for their efforts in getting this working.
3/1/15: Javi404 notes that with the arris boxes (quantum tv) the ports are different. TCP: 35000 -> 9001 on DVR 35001 -> 9001 on STB1 35002 -> 9001 on STB2 UDP: 63145 -> DVR