Q. How can I use my own router as primary while still keeping remote DVR access and Caller-id on my TVs.
Note: This FAQ is replacing »Verizon Online FiOS FAQ »Can I use my own router as primary and keep remote DVR
A. This is option #8 in the trade-offs FAQ. This particular option allows you to use your router as primary, while keeping all Verizon functionality, including guide data, VOD, widgets, remote DVR, and on-screen caller-id. However, this option is more complex that some of the other options in the trade-offs FAQ. You should review the trade-offs FAQ to select to most appropriate bridging option. In addition to the user router, the Actiontec, a third "back-end" router is also required.
Note: Although this FAQ refers specifically to Actiontec, it should also work with the Westell 9100EM, although it has not been tested with that router. Should anyone get this working with the Westell 9100EM, please post in the "Verizon FIOS TV forum
•You will need an extra router to use as the "back-end" router.
•Make sure all services are working with the Actiontec as primary before starting. Even if you already have your own router functioning as primary, you should make sure that Remote DVR and CID work with the Actiontec as primary before attempting these instructions. If you have any issues with remote DVR and CID working, resolve them with Verizon now, while the Actiontec is primary.
•Prepare your replacement router and back-end router, and then move the cat5 WAN cable from the Actiontec to the replacement router. (Do this quickly to avoid losing your IP address assignment.) Install your own router between the ONT and your internal network. Configure port forwarding rules on that router for remote DVR and Caller-ID.
•Install the "back-end" router between your LAN and the Actiontec WAN port.
•Configure the Actiontec to the same IP address as it used to have and set up port forwarding rules to allow the remote DVR and CID traffic to pass to the Actiontec.
•Disable the Actiontec's DHCP server and connect the Actiontec's LAN to your internal LAN.
Notes: The Actiontec router plays a critical role in several ways in the configuration described in this FAQ. It bridges the MOCA networking from the set-top boxes to the Internet and it supports the protocols that allow the set-top boxes to communicate with the Verizon systems. After a factory reset of the Actiontec, you must use the Actiontec to provide IP addresses for the set-top boxes so the forwarding rules (and internal state of the Actiontec) are set up correctly. After this initial setup, you can use your own DHCP server on the LAN.
To use this system, you'll need a simple router with Network Address Translation (NAT) features to use in addition to your primary router and the Actiontec. This router doesn't handle all of the traffic from your internal network to the Internet, but it supplies the set-top boxes with Video on Demand. It must support static DHCP assignments.
After you connect up the cat5 to feed the Actiontec and before you change anything, verify that services are working as you expect. If Verizon doesn't allow you to use remote DVR or if Caller-ID isn't working, you'll need to get them working before you start changing things. You can sometimes trigger Remote DVR to work by doing a factory reset on the Actiontec, but sometimes you just need to ask the Fiber Support Center to 'portmap' your set-top boxes to get things working again. Here are the detailed directions:
•On the Actiontec, click on the "Firewall Settings" icon and choose the "Port Forwarding" option. You should see several port forwarding rules that were inserted to support remote access. For example, under "Networked Computer/Device" you'll see entries like "192.168.1.101:8082", with a corresponding entry under "Applications & Ports Forwarded" reading "Application, TCP Any -> 35000". Those are ports forwarded from the Actiontec to your set-top boxes. It was once thought that these connections were used for Caller-ID, but that does not seem to be the case. Once of your STBs will use port 35000, the next 35001, and so forth. You need to re-create these rules on the primary and secondary routers for this setup to work. Similarly, you'll see forwarding rules with "192.168.1.101:63145" and "UDP Any -> 63145" for the first DVR in your house, with port 63146 and up used for subsequent DVRs. Record what port range is in use here for later. This system has several forwarding rules, but the ones that matter are the following:
You can now use the "My Network" page on your Actiontec to view and record the IP addresses and MAC addresses for each of your STBs. Once you have all of this information recorded, you can begin to prepare your new primary router.
•Your primary replacement router should be configured to provide address distribution (DHCP) to your LAN. The LAN network should be the same as the LAN network that the Actiontec is using. It is best if you use 192.168.1.0/24 so you are consistent with the factory default on the Actiontec. In addition, having 192.168.1.1 as your network's default gateway is recommended.
•On your primary router, set the MAC address of its WAN port to the MAC address recorded in step 1 above. Move the cat5 cable coming from the ONT to the WAN port of the Actiontec so it's now connected to the WAN port of your primary router and restart the primary router. If all is well, it will pick up the same WAN IP address that the Actiontec used to have. You should now verify that your internal network is
operating properly. At this point, remote DVR is not yet working.
•Prepare a simple NAT router (the secondary router) which will be used to connect the Actiontec to the Internet. It should be configured to use a static IP address from your internal network on the WAN side. Hook the WAN port of the secondary router to your internal network.
•On the LAN side of the secondary router, configure the subnet scope to use the same network as your Actiontec's former WAN address (recorded in step 1 above). For example, if your Actiontec's IP address was 22.214.171.124, then you should set the LAN side to an address of 126.96.36.199, netmask 255.255.255.0.
• On your secondary router, configure the DHCP server to add a static IP address assignment, giving the MAC address of the Actiontec the same IP address it used to have. You should also configure the DNS servers for that DHCP scope. Using the Google public DNS servers (188.8.131.52 and 184.108.40.206) is one option. Eventually, the DNS servers configured by your primary network's DHCP server will be used throughout, but you need to hand the Actiontec a good DNS server pair off of your primary network for now.
• On your secondary router, configure forwarding rules for the following ports from the WAN side of the secondary router to the Actiontec's WAN port (192.168.1.x -> 220.127.116.11 in the diagram above)
•UDP port 63145 and up to the Actiontec's WAN address, port 63145.
•On your primary router, forward the following traffic to the LAN address of your secondary router:
•UDP port 63145 and up (as above in step 8)
•TCP port 35000 and up to the appropriate set-top boxes.
The port forwarding rules for 35000 and up should mirror the rules that you see in port forwarding on the Actiontec. The number of ports starting with 63145 depends on how many DVRs you have, and the number of ports starting with 35000 depends on how many set-top boxes you have.
•Configure the DHCP server on your primary router to provide static address assignments for the set-top boxes as recorded in step 2 above.
•Hook up a cable from the Actiontec's WAN RJ45 port to the LAN port on your secondary router. Turn on the Actiontec.
•Verify that your set-top boxes still have network connectivity using Video on Demand. Also, verify that Remote DVR is still working. If not, you may need to factory reset your Actiontec. First verify that the WAN address on the AT matches the WAN address of your primary router and that the port forwarding rules are correct. For remote DVR, UDP 63145 must be forwarded to the Actiontec through the secondary router.
•Now that the secondary router is in place and remote access is still working, you can complete the connections between the Actiontec and your primary LAN. Hook up a PC to the LAN switch on the Actiontec and connect to the administrative page (192.168.1.1). Use "My Network", "Network Connections", "Network (Home/Office)", "Settings" to view the network configuration. Make the following changes: On your primary router, change the port 63145 rule to forward to the LAN address of the DVR, not the AT. For DNS Servers, choose "Use the following DNS Server Addresses" and fill in the DNS server(s) for your LAN. " For "IP Address Distribution", choose "Disabled". For "Internet Protocol" choose "Use the following IP Address", then fill in a LAN address for the Actiontec under "IP Address".
Note: not 192.168.1.1 as that should be the address of your primary router's LAN side. Click on "Apply" at the bottom of the screen, then "Apply" again. Now you can connect a cat5 cable from the Actiontec's LAN switch to your internal LAN switch. Now things should look like figure 1 above.
Note that if the IP address that Verizon gives to the WAN port of your primary router changes, you'll have to reconfigure the LAN network of your secondary router to match as well as reconfiguring the DHCP server on the back-end router so the Actiontec's address follows. Ideally, your secondary router should be on a battery backup system to minimize the chance of this. However, if you lose power for over an hour, your address will change and you must reconfigure the three routers to match the new address. The steps to do this are: Fix the LAN network and DHCP service on the back-end router to give the new public IP address to the Actiontec. Reboot the Actiontec. If this doesn't fix it (wait a day or two), then you'll have to disconnect the LAN-to-LAN cable, change the primary router port forwards back to the back-end router, then factory reset the Actiontec. That should recover the access (again, after waiting a day or two.)
Thanks to rmurphy , rspadaro , and solarein for their efforts in getting this working.