dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads




3.0 Networking

The following information is for users who have seen the various bridging threads and/or the FAQs about using their own router and wondered which of these various configurations they should choose.
References to the Actiontec router apply to all models of the Actiontec and to the Westell 9100EM, unless specified otherwise.
    • Options 1 through 3 leave the Actiontec as primary router and the added (user) router as secondary.
    • Options 4 through 7 replace the Actiontec with a different primary router. The Actiontec becomes secondary.
    • Options 9 and 10 set the user router as primary, and replaces the Actiontec with a MOCA bridge for coax data.
Summary:
Feature \ Option 1 2 3 4 5 6 7 8 9 10
Cat5 WAN to ONT Y Y Y N N Y Y Y Y N
Coax WAN to ONT Y Y Y Y Y N N N N Y
VZ support for configuration Y Y Y N N N N N N N
Double NAT'ed Y Y N N N *1 N N N N
Small NAT table issue (Actiontec Rev. A-D only) Y Y Y N N N N N N N
FiOS-TV (VOD and Guide) supported Y Y Y na Y Y Y Y Y Y
MediaShare software supported Y2 Y2 Y na Y N Y N Y N
Remote access to DVR Y Y Y na N3 N3 N3 Y N3 N
On-screen caller-id Y Y Y na N3 N3 N3 Y N3 N
Usable with Actiontec Rev. A-F Y Y Y Y Y Y Y Y Y Y
Usable with Westell 9100EM Y Y Y Y N4 Y Y Y Y Y


Notes:
    • 1) STBs are double NAT'ed, but not an issue.
    • 2) Only for PC's connected directly to the Actiontec.
    • 3) Verizon does not officially support remote (web) access to the DVR or on-screen caller-id with a non-VZ router as primary. See option #8 for support of Remote DVR and On Screen CID.
    • 4) To date, no one has had success getting this configuration working with the Westell 9100EM. If someone is able to get this working, please post the exact steps you followed, so this FAQ can be updated.


Options 1, 2 and 3 can be used with either a coax or cat5 connection to the ONT.
1. Secondary (LAN-to-WAN)
Simply plug the secondary (user) router into a LAN port on the Actiontec. User router must be configured for a different subnet than the Actiontec. The WAN port on the user router must also be set to use either a static IP address on the Actiontec subnet, or obtain its WAN address via DHCP.
    PRO:
      • Simplest. VZ recommended solution.
      • No configuration changes required in the Actiontec.
      • Supported by VZ. i.e. No changes to Actiontec config needed when calling for support.
      • No cabling changes.
      • Can be used with either a coax or cat5 connection to the ONT.
      • All current STB functionality supported. Guide, VOD, widgets, Remote DVR, On Screen Caller ID.
    CON:
      • Secondary (user) router is double NAT'ed.
      • No VZ support for secondary (user) router.
      • Still subject to small NAT table in the Actiontec.
      • Any port forwarding will need to be configured on both routers.
      • PCs connected to one router won't be visible to PCs connected to the other router.
2. Secondary DMZ
Similar to #1, with secondary router as a DMZ address in the Actiontec. User router must be configured for a different subnet than the Actiontec. The WAN port on the user router must also be set to use either a static IP address on the Actiontec subnet, or obtain its WAN address via DHCP.
    PRO:
      • Simple config change to create DMZ address for secondary (user) router.
      • Eliminates need to configure port forwarding in both routers. Port Forwards are configured in secondary (user) router only.
      • No cabling changes.
      • Can be used with either a coax or cat5 connection to the ONT.
      • All current STB functionality supported. Guide, VOD, widgets, Remote DVR, On Screen Caller ID.
    CON:
      • Secondary (user) router is double NAT'ed.
      • Still subject to small NAT table in the Actiontec.

    Note: One member reports success with a secondary router in the DMZ of the Actiontec, while others report an improvement but not problem resolution. See this thread for more details. »Steam on a router in the Actiontec DMZ

3. Secondary LAN-to-LAN
LAN-to-LAN connection between Actiontec and user router. User router becomes a switch. WAN connection and firewall not used in user router. LAN DHCP server should be disabled in the user router. Instructions are detailed in this FAQ: »Verizon Online FiOS FAQ »Can I use my wireless or an extra router along with the Verizon provided router?
    PRO:
      • Easy.
      • Avoids double-NATing. Port Forwards are configured in the Actiontec only.
      • Good choice, if all you need is to connect your 802.11n router as a Wireless Access Point (WAP).
      • VZ support for Actiontec.
      • All current STB functionality supported. Guide, VOD, widgets, Remote DVR, On Screen Caller ID.
    CON:
      • Still subject to small NAT table in early (GEN1) Actiontecs. Does not apply to the Westell's larger NAT table.

Options 4 and 5 are for users with an existing coax WAN connection between the Actiontec and the ONT.

4. Internet Only Bridge
Bridging the Actiontec passes all WAN traffic through, making the user's router primary. Follow the bridging thread here: »How-to: make ActionTec MI424-WR a network bridge
    PRO:
      • Bypasses the small NAT table in the Actiontec. NAT limited by primary router, not Actiontec.
      • No cabling changes.
      • Supports VZ's CPE management interface.
    CON:
      • Moderate difficulty to setup.
      • Not supported by VZ. May require a HARD reset of the Actiontec to restore to factory defaults for support.
      • Internet only. No VOD or guide data for STBs.
      • Switch ports on Actiontec not available as LAN ports.
5. Double Bridge
Bridging the Actiontec passes all WAN traffic through, making the user's router primary. Another internal bridge passes data from the user's primary router to the coax LAN for STB data.
See note #4 above regarding the Westell 9100EM.
The following instructions are for Actiontec revisions (A-F). »Re: MI424WR-GEN2 Rev E Configuration Thread
Rev. I. »How-to: Make Actiontec MI424WR Revision I (Rev.I) a Network
Click for full size
Click to enlarge

    PRO:
      • Bypasses the small NAT table in the Actiontec. NAT limited by primary router, not Actiontec.
      • VOD and guide data supported.
      • No cabling changes.
      • Supports VZ's CPE management interface.
    CON:
      • Moderate difficulty to setup.
      • Unsupported by VZ. May require a HARD reset of the Actiontec to restore to factory defaults.
      • Not all configuration information saved to config file. Some bridging information lost on a power fail.
      • Switch ports on Actiontec not available as LAN ports.
      • Does not support remote access to DVR or on-screen caller id (see note #3 above).


Options 6 - 9 are for users with a cat5 WAN connection to the ONT. These options replace the Actiontec with a different primary router and relegate the Actiontec to servicing only the STBs. Option 8 replaces the Actiontec with a NIM-100 to provide coax LAN data. If you currently have a coax WAN connection and want to switch to a cat5 WAN connection, instructions for switching are here: »Verizon Online FiOS FAQ »Replacing the Actiontec (part 1): Coax to Ethernet Keep in mind that when using a third-party router, that it must be capable of supporting the high throughput of your FIOS internet connection and if you have FiOS-TV, the additional bandwidth of Video-On-Demand (VOD). Many older routers can not support these higher bandwidth requirements.

6. Primary LAN-to-WAN
Cat5 from ONT to user router. LAN port on user router to WAN port on Actiontec per FAQ here: »Verizon Online FiOS FAQ »Replacing the Actiontec (part 3): WAN-to-LAN keeps Guide and VOD (easier)
    PRO:
      • Easy. FSC can switch WAN connection from coax to cat5 remotely.
      • NAT limited by primary router, not Actiontec.
      • VOD, guide data and widgets supported.
    CON:
      • Configuration not supported by VZ. May have to reconnect Actiontec to ONT (via cat5) as primary router for support.
      • Does not support media sharing on PCs connected to primary router.
      • Does not support remote access to DVR, on-screen caller id or VZ's CPE management interface (see note #3 above).
7. Primary LAN-to-LAN
Cat5 from ONT to user router. LAN port on user router to LAN port on Actiontec per FAQ here: »Verizon Online FiOS FAQ »Replacing the Actiontec (part 4): LAN-to-LAN keeps VZ MediaManager
    PRO:
      • Easy. FSC can switch WAN connection from coax to cat5 remotely.
      • NAT limited by primary router, not Actiontec.
      • Media sharing PCs connected to primary router supported.
    CON:
      • Configuration not supported by VZ. May have to reconnect Actiontec to ONT (via cat5) as primary router for support.
      • Does not support remote access to DVR, on-screen caller id or VZ's CPE management interface (see note #3 above).
8. "Three router"
Cat5 from ONT to user router. Actiontec provides MOCA LAN. Extra router makes secondary actiontec "think" it is primary. »Verizon Online FiOS FAQ »Can I use my own router as primary and keep remote DVR
This is the only configuration which allows a third-party router as primary and keeps Remove DVR and on-screen caller id.
    PRO:
      • NAT limited by primary router, not Actiontec.
      • All current STB functionality supported. Guide, VOD, widgets, Remote DVR, On Screen Caller ID.
    CON:
      • Configuration not supported by VZ. May have to reconnect Actiontec to ONT (via cat5) as primary router for support.
      •Media Manager not supported
      • Most complex of all the configurations.
9. Primary with MoCA LAN Bridge
In options 6 and 7 above, a NIM-100 or other MOCA bridge can be used instead of the Actiontec to provide the MOCA LAN bridge needed by the STBs. A NIM-100 supports MOCA LAN only. It can not be used between a router and the ONT. A list of available MOCA Bridges can be found here: »Verizon Online FiOS FAQ »What is a MOCA Bridge?
    PRO:
      • Can eliminate Actiontec completely.
      • Smaller, simpler device. Less power consumption.
    CON:
      • Additional unit to purchase.
      • Does not support remote access to DVR, on-screen caller id or VZ's CPE management interface (see note #3 above).

10. MoCA WAN Bridge
A MOCA bridge is used between the ONT and the user router.
How to use a MOCA WAN bridge

    PRO:
      • Can eliminate Actiontec completely.
      • Smaller, simpler device. Less power consumption.
    CON:
      • Additional unit to purchase.
      • Does not support remote access to DVR, on-screen caller id or VZ's CPE management interface (see note #3 above).
Note: The description of this option only includes connecting the user router to the ONT via the MOCA bridge. If FIOS-TV is involved, then a MOCA LAN connection is still required for the STBS. Options 6, 7 or 9 can be used in addition for the MOCA LAN connection.

This FAQ was edited to add option 3. Posts dated 12/28/08 or earlier making references to options 3 through 7 are now referring to options 4 through 8.



by More Fiber See Profile
last modified: 2014-03-09 10:31:15

Most definitely. Using more than one router allows you to put your wireless router's antenna where it will best cover your house or property; allows you to use the printer port; allows you to hard-wire more than 4 ethernet devices into your LAN.

These instructions leave your Actiontec router as primary. Your secondary router will connect LAN-to-LAN (wired) to the Actiontec, so it will simply act as a switch. The Actiontec will handle DHCP. All of these steps use your PC connected wired to the routers. Do not connect the secondary router to the Actiontec until instructed below. Here's how:

First, set up the primary router:
    1. To start with a simple configuration, disconnect or power off all devices connected to the Actiontec except the computer used to configure it. Reset the Actiontec to its default configuration by pressing the reset button for 10 seconds. Note that this will delete all port forwards and filter rules you may have already established. You may want to make notes of your existing config before resetting to default. The default Actiontec router address is 192.168.1.1. Point your browser to the login page.

    2. When reset, the Actiontec will boot up and ask you to set a password. It is suggested it be something different than password or password1. I use 8 characters in an alpha/number mix. Make sure you can connect to the internet. This verifies primary router connectivity.

    3. Click on My Network icon, click Network Connections, then Network (Home/Office), then click Settings button. Change the DHCP address range by scrolling down to locate IP Address Distribution. Verify DHCP Server is selected in the dropdown box. Set the Start IP Address to 192.168.1.11, and leave the Ending IP Address at 192.168.1.254. You can use a different start or end address. I selected .11 because I want to have several, but not too many addresses I can use as static addresses. The secondary router will be one of them.

    Click Apply, wait for the Actiontec to reconfig, then click Apply again to make it stick.

    4. If you intend your secondary router to handle all the wireless connections, you may choose to disable the Actiontec Wireless. This might be the case if, for instance, your secondary router is Wireless-N. Disable Actiontec Wireless by clicking Wireless Settings icon, then click Basic Security Settings. Click item 1. Wireless Radio to Off. Then click Apply, wait for the Actiontec to reconfig, then click Apply.

    5. Verify Internet connectivity, then shut off your PC.

Next, set up your router as secondary
    6. Unplug your PC's wired connection from the Actiontec LAN port, then plug it into a LAN port on your secondary router. Make sure the secondary router WAN port is not connected to anything. Boot up your PC and the router and log into your secondary router's interface.

    7. You should be able to login with a login and a password. If you are unable to, you may have to resort to a hard reset on the secondary router and use the operator's manual to determine the default login and password.

    Please note that routers from different manufacturers will vary in their default settings and interface. If your PC is set to get a LAN address automatically, you can determine your IP address by typing "ipconfig /all" (without the quotes) at a command prompt, then press Enter.

    You should be able to log in to your secondary router at "http://192.168.1.1" or by using your LAN IP address with .1 as the last octet.

    8. Once logged in, ignore the router's Internet settings because the WAN port is not used. You need to change its Network Settings to set the Router IP address to 192.168.1.2 with Subnet mask 255.255.255.0.

    9. Also, it's very important to Disable DHCP Server. On my secondary router after I made those changes, I needed to Save Settings.

Finally, connect secondary router to Actiontec
    10. Then I connected a patch cable from a LAN port on the Actiontec to a LAN port on the secondary router, and clicked Reboot Now. Instructions for your router may vary.

    After the secondary router reboot, reboot your PC. You should be connected to your secondary router and pick up a LAN IP from the Actiontec. Verify internet connectivity.

    11. At this point, verify you can log in to the Actiontec at 192.168.1.1, and log in to your secondary router at 192.168.1.2. It will make no difference what router you are physically connected to for administration of both.

    12. Any additional changes to primary or secondary routers can be made at this time. Here is where you may set wireless on the secondary router. Any port forwards will be done on the Actiontec. The secondary router WAN port is not connected.

To summarize:
    Actiontec is set to serve DHCP addresses from 192.168.1.11 to 192.168.1.254, and your
    secondary router has a static network address of 192.168.1.2 and DHCP is disabled.
    Both are connected with a patch cable from LAN to LAN.
    Straight or crossover cable doesn't matter because the Actiontec is self-sensing.

Review more options described here: »Verizon Online FiOS FAQ »What are the tradeoffs between the various router configurations.

Notes:
Connecting an Access Point wirelessly to the Actiontec using WDS (Wireless Distribution System) is not supported by the Actiontec hardware. The only currently known connection method for an access point is through ethernet wiring to the Actiontec. See this FAQ »Verizon Online FiOS FAQ »Does the Actiontec support Wireless Distribution System (WDS)?

As noted above, the WAN portion of the second router is not used. It should not be necessary to change any WAN settings (NAT, port forwards, etc) on the second router.


Please use the feedback link below only to suggest improvements to this FAQ. If you have questions about this FAQ, please post them in the »Verizon FiOS forum.



by bobTeatow See Profile edited by More Fiber See Profile
last modified: 2012-06-21 06:57:12


The Actiontec and Westell routers used by Verizon support either coax or cat5 connection to the ONT. Verizon's standard installation is to use coax between the ONT and the router.


If your WAN connection between the ONT and the primary router is coax, you will not find any retail versions of routers available that support the MoCA standard. To use a different primary router, you will need to get the WAN connection switched over to Ethernet, or bridge your router through the Actiontec.


Internet only If you are getting only FIOS internet, you can request a cat5 install from the ONT to the router. Running cat5 instead of coax from the ONT to the router is up to the installer. The tech will install the Actiontec in order to verify that everything is working correctly. Once the installer has verified that you are receiving your provisioned speeds, you can replace the Actiontec. When swapping out your primary router be sure to release your WAN DHCP lease or you may have trouble acquiring a new WAN DHCP lease. »Verizon Online FiOS FAQ »How do I release my DHCP lease


FIOS-TV and Internet Since FiOS set-top-boxes rely on the MoCA LAN for guide data, widgets and VOD, most alternative configurations include the Actiontec in a secondary role as a MOCA bridge for TV service.


The Pros/Cons of a number of possible configurations for connecting your own router are detailed in the FAQ: »Verizon Online FiOS FAQ »What are the tradeoffs between the various router configurations


You may find Verizon unwilling to provide support unless you reconnect the Actiontec as the primary router. Of course, you can post your question in the »Verizon FiOS forum.


Some older routers may not be able to support FiOS' higher speeds. For example, some users have discovered a 16-17 Mbps limit with the Linksys WRT54G using third party firmware.


Update 9/14:  The Actiontec rev. I MUST be the primary router in order to activate the Video Media Server.



by Sizzlechest See Profile edited by More Fiber See Profile
last modified: 2014-09-25 18:51:03

The original FAQ entry that was posted here has been expanded to cover a wider variety of configurations. Please refer to the following links:

Replacing the Actiontec (part 1): Coax to Ethernet

Replacing the Actiontec (part 2): Internet only, no TV

Replacing the Actiontec (part 3): WAN-to-LAN keeps Guide and VOD (easier)

Replacing the Actiontec (part 4): LAN-to-LAN keeps MediaShare DVR

With thanks to More Fiber See Profile for assistance.

by birdfeedr See Profile edited by sashwa See Profile
last modified: 2008-06-26 21:42:42

Yes, Verizon FiOS Internet Service offers you the ability to create a home network so multiple devices connected to your LAN [Local Area Network] can be connected simultaneously. This requires a Broadband Router (wired or wireless).


Verizon supplies a wireless broadband router with 4 wired Ethernet ports for your FiOS connection. Current router in widespread use is the Actiontec MI424WR router. The most recent version is the rev. I. 


You must either rent, purchase or have an existing Verizon router.


 



Feedback received on this FAQ entry:
  • Verizon does not supply a free wireless broadband router anymore

    2014-10-14 09:35:17 (socbrian See Profile)



by drake See Profile edited by More Fiber See Profile
last modified: 2014-10-14 12:35:49

Be aware that Verizon does not currently establish separate subnets for the static IP range users, even though the address blocks they assign follow subnetting rules. (This issue appears to affect East Coast subscribers as well as at least one recent West Coast subscriber.)

Verizon's absence of subnetting can create routing problems for static customers. Specifically, other users on the same supernet may have difficulty reaching services you are offering. Possible solutions include Verizon correctly deploying their FIOS service, FIOS customers could utilize a transparent firewall, or customers can try IP translations such as 1:1 mappings.

by firewalls4u See Profile edited by birdfeedr See Profile
last modified: 2008-12-24 16:12:32


Q. Can coax and cat5 be active at the same time?

A. That depends on the context of the question.

In the FIOS forums, that question usually refers to your WAN (internet) connection.
Your WAN connection between the ONT and the router can be delivered over coax (MOCA WAN) or cat5, but not both. So in that context, only one can be active.*

If you have FIOS-TV, video (except VOD) is always delivered over coax.
If you do not subscribe to FIOS-TV, no video is present on the coax.
Normal video is never delivered over cat5.

Verizon's standard install is coax from the ONT to the router for speed tiers under 100Mbps. For speed tiers over 100Mbps, cat5 is required from the ONT to the router.

Click for full size

Click to enlarge

* = The SOHO ONTs (Motorola 1500G and the Alcatel-Lucent 821) can have simultaneous ENET and MoCA, since they both have 2 ENET ports and 1 MoCA port.

Please use the feedback link below only to suggest improvements to this FAQ. If you have questions about this FAQ, please post them in the »Verizon FiOS forum.



by More Fiber See Profile
last modified: 2014-09-15 18:40:22

Q. How can I use my own router as primary while still keeping remote DVR access and Caller-id on my TVs.

A. This is option #8 in the trade-offs FAQ. This particular option allows you to use your router as primary, while keeping all Verizon functionality, including guide data, VOD, widgets, remote DVR, and on-screen caller-id. However, this option is more complex that some of the other options in the trade-offs FAQ. You should review the trade-offs FAQ to select to most appropriate bridging option.
In addition to the user router, the Actiontec, a third "back-end" router is also required.

Note: Although this FAQ refers specifically to Actiontec, it should also work with the Westell 9100EM, although it has not been tested with that router.  Should anyone get this working with the Westell 9100EM, please post in the »Verizon FiOS TV forum.


Preparation:

•You must have a working cat5 connection from the ONT.  If you do not already have a cat5 connection from the ONT, follow the instructions here: Replacing the Actiontec (part 1): Coax to Ethernet

•You will need an extra router to use as the "back-end" router.

•Make sure all services are working with the Actiontec as primary before starting.  Even if you already have your own router functioning as primary, you should make sure that Remote DVR and CID work with the Actiontec as primary before attempting these instructions.  If you have any issues with remote DVR and CID working, resolve them with Verizon now, while the Actiontec is primary.

Short Version

•Record the IP and MAC for the Actiontec's WAN port as well as the port forwarding rules set up by the Actiontec.

•Prepare your replacement router and back-end router, then move the cat5 WAN cable from the Actiontec to the replacement router. (Do this quickly to avoid losing your IP address assignment.)

Install your own router between the ONT and your internal network.
Configure port forwarding rules on that router for remote DVR and Caller-ID.

•Install the "back-end" router between your LAN and the Actiontec WAN port.

•Configure the Actiontec to the same IP address as it used to have and set up port forwarding rules to allow the remote DVR and CID traffic to pass to the Actiontec.


Long version: 
Notes: The Actiontec router plays a critical role in several ways in the configuration described in this FAQ. It bridges the MOCA networking from the set-top boxes to the Internet and it supports the protocols that allow the set-top boxes to communicate with the Verizon systems.

To use this system, you'll need a simple router with Network Address Translation (NAT) features to use in addition to your primary router and the Actiontec. This router doesn't handle all of the traffic from your internal network to the Internet, but it supplies the set-top boxes with Video on Demand. A simple "Cable Modem" router will be fine in most cases. After you connect up the cat5 to feed the Actiontec, verify that services are working as you expect. If Verizon doesn't allow you to use remote DVR or if Caller-ID isn't working, you'll need to get them working before you start changing things. You can sometimes trigger Remote DVR to work by doing a factory reset on the Actiontec, but sometimes you just need to ask the Fiber Support Center to 'portmap' your set-top boxes to get things working again. Here's the detailed directions:

1. Hook up a PC to one of the LAN connectors on your Actiontec and open the web interface. Click on the "My Network" icon, then "Network Connections". You should see a link reading "Broadband Connection (Ethernet)" with status "Connected". Click on that Broadband connection and you'll see a "Broadband Connection (Ethernet) Properties" page. Record the contents for the "MAC Address" and "IP Address" fields as you'll need those later. As recommended in other areas of this FAQ, you probably want to disable wireless on the Actiontec at this point (Wireless Settings). You should also enable remote administration (Advanced/Remote Administration, then select the "Use Secondary HTTP port" setting.)

2. On the Actiontec, click on the "Firewall Settings" icon and choose the "Port Forwarding" option. You should see several port forwarding rules that were inserted to support remote access. For example, under "Networked Computer/Device" you'll see entries like "192.168.1.101:8082", with a corresponding entry under "Applications & Ports Forwarded" reading "Application, TCP Any -> 35000". Those are ports forwarded from the Actiontec to your set-top boxes to support Caller-ID. The first STB will use port 35000, the next 35001, and so forth. You need to re-create these rules on the primary and secondary routers for this setup to work. Similarly, you'll see forwarding rules with "192.168.1.101:63145" and "UDP Any -> 63145" for the first DVR in your house, with port 63146 and up used for subsequent DVRs. Record what port range is in use here for later. You can now power down the Actiontec.

3. Your primary replacement router should be configured to provide address distribution (DHCP) to your LAN. The primary LAN subnet must be different from the Actiontec LAN subnet.

4. On your primary router, set the MAC address of its WAN port to the MAC address recorded in step 1 above. Move the cat5 cable coming from the ONT to the WAN port of the Actiontec so it's now connected to the WAN port of your primary router and restart the primary router. If all is well, it will pick up the same WAN IP address that the Actiontec used to have. You should now verify that your internal network is operating properly.

5. Prepare a simple NAT router (the secondary router) which will be used to connect the Actiontec to the Internet. It should be configured to use a static IP address from your internal network on the WAN side. Hook the WAN port of the secondary router to your internal network.

6. On the LAN side of the secondary router, configure the subnet scope to use the same network as your Actiontec's former WAN address (recorded in step 1 above). For example, if your Actiontec's IP address was 123.45.67.8, then you should set the LAN side to an address of 123.45.67.1, netmask 255.255.255.0.

7. On your secondary router, configure the DHCP server to add a static IP address assignment, giving the MAC address of the Actiontec the same IP address it used to have. You should also configure the DNS servers for that DHCP scope. Using the Google public DNS servers (8.8.8.8 and 8.8.4.4) is one option. You can also use your internal DNS servers if you have them.

8. On your secondary router, configure forwarding rules for the following ports from the WAN side of the secondary router to the Actiontec's WAN port (192.168.2.101 -> 123.45.67.8 in the diagram above)
•TCP port 4567
•UDP port 63145 and up
•TCP port 35000 and up

The port forwarding rules for 63145 and 35000 should mirror the rules that you see in port forwarding on the Actiontec. The number of ports starting with 63145 depends on how many DVRs you have, and the number of ports starting with 35000 depends on how many set-top boxes you have. You can also set up a port forwarding rule for TCP port 8080 forwarding to the Actiontec's IP address, port 8080. This will allow you to manage the Actiontec via its web interface across your secondary router.

9. On your primary router, forward the following traffic to the WAN address of your secondary router:
•TCP port 4567
•UDP port 63145 and up (as above in step 8)
•TCP port 35000 and up

These port forwarding rules should mirror the rules that you see in port forwarding on the Actiontec.

10. Hook up a cable from the Actiontec's WAN RJ45 port to the LAN port on your secondary router. Turn on the Actiontec.

11. Verify that your set-top boxes still have network connectivity using Video on Demand. Now, things should look like the attached diagram. Note that if the IP address that Verizon gives to the WAN port of your primary router changes, you'll have to reconfigure the LAN network of your secondary router to match as well as reconfiguring the DHCP server so the Actiontec's address follows. Thanks to user rspadaro for the insight that leaving the Actiontec off of the LAN makes this much simpler to set up.


Thanks to rmurphy See Profile and rspadaro See Profile for their efforts in getting this working.



by More Fiber See Profile
last modified: 2012-06-28 23:10:25

Q. How can I use my own router as primary while still keeping remote DVR access and Caller-id on my TVs.

Note: This FAQ is replacing »Verizon Online FiOS FAQ »Can I use my own router as primary and keep remote DVR

A. This is option #8 in the trade-offs FAQ. This particular option allows you to use your router as primary, while keeping all Verizon functionality, including guide data, VOD, widgets, remote DVR, and on-screen caller-id. However, this option is more complex that some of the other options in the trade-offs FAQ. You should review the trade-offs FAQ to select to most appropriate bridging option. In addition to the user router, the Actiontec, a third "back-end" router is also required.
Note: Although this FAQ refers specifically to Actiontec, it should also work with the Westell 9100EM, although it has not been tested with that router. Should anyone get this working with the Westell 9100EM, please post in the "Verizon FIOS TV forum

Preparation:
    •You must have a working cat5 connection from the ONT. If you do not already have a cat5 connection from the ONT, follow the instructions here: Replacing the Actiontec (part 1): Coax to Ethernet
    •You will need an extra router to use as the "back-end" router.
    •Make sure all services are working with the Actiontec as primary before starting. Even if you already have your own router functioning as primary, you should make sure that Remote DVR and CID work with the Actiontec as primary before attempting these instructions. If you have any issues with remote DVR and CID working, resolve them with Verizon now, while the Actiontec is primary.

Short Version
    •Record the IP and MAC for the Actiontec's WAN port as well as the port forwarding rules set up by the Actiontec.
    •Prepare your replacement router and back-end router, and then move the cat5 WAN cable from the Actiontec to the replacement router. (Do this quickly to avoid losing your IP address assignment.) Install your own router between the ONT and your internal network. Configure port forwarding rules on that router for remote DVR and Caller-ID.
    •Install the "back-end" router between your LAN and the Actiontec WAN port.
    •Configure the Actiontec to the same IP address as it used to have and set up port forwarding rules to allow the remote DVR and CID traffic to pass to the Actiontec.
    •Disable the Actiontec's DHCP server and connect the Actiontec's LAN to your internal LAN.

Long version:

Notes: The Actiontec router plays a critical role in several ways in the configuration described in this FAQ. It bridges the MOCA networking from the set-top boxes to the Internet and it supports the protocols that allow the set-top boxes to communicate with the Verizon systems. After a factory reset of the Actiontec, you must use the Actiontec to provide IP addresses for the set-top boxes so the forwarding rules (and internal state of the Actiontec) are set up correctly. After this initial setup, you can use your own DHCP server on the LAN.

To use this system, you'll need a simple router with Network Address Translation (NAT) features to use in addition to your primary router and the Actiontec. This router doesn't handle all of the traffic from your internal network to the Internet, but it supplies the set-top boxes with Video on Demand. It must support static DHCP assignments.
After you connect up the cat5 to feed the Actiontec and before you change anything, verify that services are working as you expect. If Verizon doesn't allow you to use remote DVR or if Caller-ID isn't working, you'll need to get them working before you start changing things. You can sometimes trigger Remote DVR to work by doing a factory reset on the Actiontec, but sometimes you just need to ask the Fiber Support Center to 'portmap' your set-top boxes to get things working again. Here are the detailed directions:

    •Hook up a PC to one of the LAN connectors on your Actiontec and open the web interface. Click on the "My Network" icon, then "Network Connections". You should see a link reading "Broadband Connection (Ethernet)" with status "Connected". Click on that Broadband connection and you'll see a "Broadband Connection (Ethernet) Properties" page. Record the contents for the "MAC Address" and "IP Address" fields as you'll need those later. As recommended in other areas of this FAQ, you probably want to disable wireless on the Actiontec at this point (Wireless Settings).

    •On the Actiontec, click on the "Firewall Settings" icon and choose the "Port Forwarding" option. You should see several port forwarding rules that were inserted to support remote access. For example, under "Networked Computer/Device" you'll see entries like "192.168.1.101:8082", with a corresponding entry under "Applications & Ports Forwarded" reading "Application, TCP Any -> 35000". Those are ports forwarded from the Actiontec to your set-top boxes. It was once thought that these connections were used for Caller-ID, but that does not seem to be the case. Once of your STBs will use port 35000, the next 35001, and so forth. You need to re-create these rules on the primary and secondary routers for this setup to work. Similarly, you'll see forwarding rules with "192.168.1.101:63145" and "UDP Any -> 63145" for the first DVR in your house, with port 63146 and up used for subsequent DVRs. Record what port range is in use here for later. This system has several forwarding rules, but the ones that matter are the following:

     
    +---------------------+----------------------+------------------+
    |localhost | Verizon FiOS Service | AT Management |
    |127.0.0.1 | Tcp Any - > 4567 | |
    +---------------------+----------------------+------------------+
    |192.168.1.100:63145 | Application | First DVR |
    | | UDP Any -> 63145 | |
    +---------------------+----------------------+------------------+
    |192.168.1.103:8082 | Application | First STB |
    | | UDP Any -> 35000 | |
    +---------------------+----------------------+------------------+
    |192.168.1.101:8082 | Application | Second STB |
    | | UDP Any -> 35001 | |
    +---------------------+----------------------+------------------+
    |192.168.1.105:8082 | Application | Third STB |
    | | UDP Any -> 35002 | |
    +---------------------+----------------------+------------------+
    |192.168.1.102:8082 | Application | Fourth STB |
    | | UDP Any -> 35003 | |
    +---------------------+----------------------+------------------+
    |192.168.1.104:8082 | Application | Fifth STB |
    | | UDP Any -> 35004 | |
    +---------------------+----------------------+------------------+
    |192.168.1.100:8082 | Application | DVR Again |
    | | UDP Any -> 3500 | |
    +---------------------+----------------------+------------------+

    You can now use the "My Network" page on your Actiontec to view and record the IP addresses and MAC addresses for each of your STBs. Once you have all of this information recorded, you can begin to prepare your new primary router.

    •Your primary replacement router should be configured to provide address distribution (DHCP) to your LAN. The LAN network should be the same as the LAN network that the Actiontec is using. It is best if you use 192.168.1.0/24 so you are consistent with the factory default on the Actiontec. In addition, having 192.168.1.1 as your network's default gateway is recommended.

    •On your primary router, set the MAC address of its WAN port to the MAC address recorded in step 1 above. Move the cat5 cable coming from the ONT to the WAN port of the Actiontec so it's now connected to the WAN port of your primary router and restart the primary router. If all is well, it will pick up the same WAN IP address that the Actiontec used to have. You should now verify that your internal network is
    operating properly. At this point, remote DVR is not yet working.

    •Prepare a simple NAT router (the secondary router) which will be used to connect the Actiontec to the Internet. It should be configured to use a static IP address from your internal network on the WAN side. Hook the WAN port of the secondary router to your internal network.

    •On the LAN side of the secondary router, configure the subnet scope to use the same network as your Actiontec's former WAN address (recorded in step 1 above). For example, if your Actiontec's IP address was 123.45.67.8, then you should set the LAN side to an address of 123.45.67.1, netmask 255.255.255.0.

    • On your secondary router, configure the DHCP server to add a static IP address assignment, giving the MAC address of the Actiontec the same IP address it used to have. You should also configure the DNS servers for that DHCP scope. Using the Google public DNS servers (8.8.8.8 and 8.8.4.4) is one option. Eventually, the DNS servers configured by your primary network's DHCP server will be used throughout, but you need to hand the Actiontec a good DNS server pair off of your primary network for now.

    • On your secondary router, configure forwarding rules for the following ports from the WAN side of the secondary router to the Actiontec's WAN port (192.168.1.x -> 123.45.67.8 in the diagram above)

      •TCP port 4567 forwarded to the Actiontec's WAN address (123.45.67), port 4567.
      •UDP port 63145 and up to the Actiontec's WAN address, port 63145.
    The number of ports starting with 63145 depends on how many DVRs you have. For the network above, we would set up rules like the following for the secondary router: Protocol Source Port Destination Destination Port TCP 4567 123.45.67.8 4567 UDP 63145 123.45.67.8 63145

    •On your primary router, forward the following traffic to the LAN address of your secondary router:
      •TCP port 4567
      •UDP port 63145 and up (as above in step 8)
      •TCP port 35000 and up to the appropriate set-top boxes.

    The port forwarding rules for 35000 and up should mirror the rules that you see in port forwarding on the Actiontec. The number of ports starting with 63145 depends on how many DVRs you have, and the number of ports starting with 35000 depends on how many set-top boxes you have.
    •Configure the DHCP server on your primary router to provide static address assignments for the set-top boxes as recorded in step 2 above.

    •Hook up a cable from the Actiontec's WAN RJ45 port to the LAN port on your secondary router. Turn on the Actiontec.

    •Verify that your set-top boxes still have network connectivity using Video on Demand. Also, verify that Remote DVR is still working. If not, you may need to factory reset your Actiontec. First verify that the WAN address on the AT matches the WAN address of your primary router and that the port forwarding rules are correct. For remote DVR, UDP 63145 must be forwarded to the Actiontec through the secondary router.

    •Now that the secondary router is in place and remote access is still working, you can complete the connections between the Actiontec and your primary LAN. Hook up a PC to the LAN switch on the Actiontec and connect to the administrative page (192.168.1.1). Use "My Network", "Network Connections", "Network (Home/Office)", "Settings" to view the network configuration. Make the following changes:  On your primary router, change the port 63145 rule to forward to the LAN address of the DVR, not the AT. For DNS Servers, choose "Use the following DNS Server Addresses" and fill in the DNS server(s) for your LAN. " For "IP Address Distribution", choose "Disabled". For "Internet Protocol" choose "Use the following IP Address", then fill in a LAN address for the Actiontec under "IP Address".
    Note: not 192.168.1.1 as that should be the address of your primary router's LAN side. Click on "Apply" at the bottom of the screen, then "Apply" again. Now you can connect a cat5 cable from the Actiontec's LAN switch to your internal LAN switch. Now things should look like figure 1 above.


Note that if the IP address that Verizon gives to the WAN port of your primary router changes, you'll have to reconfigure the LAN network of your secondary router to match as well as reconfiguring the DHCP server on the back-end router so the Actiontec's address follows. Ideally, your secondary router should be on a battery backup system to minimize the chance of this. However, if you lose power for over an hour, your address will change and you must reconfigure the three routers to match the new address. The steps to do this are: Fix the LAN network and DHCP service on the back-end router to give the new public IP address to the Actiontec. Reboot the Actiontec. If this doesn't fix it (wait a day or two), then you'll have to disconnect the LAN-to-LAN cable, change the primary router port forwards back to the back-end router, then factory reset the Actiontec. That should recover the access (again, after waiting a day or two.)

Thanks to rmurphy See Profile, rspadaro See Profile, and solarein See Profile for their efforts in getting this working.



Feedback received on this FAQ entry:
  • Hello! I'm in the process of trying to implement the three router solution that you typed up a while back. I've got most everything configured except I've got a lot of confusion concerning the port forwarding toward the bottom of your text. "• On your secondary router, configure forwarding rules for the following ports from the WAN side of the secondary router to the Actiontec's WAN port (192.168.1.x -> 123.45.67.8 in the diagram above) •TCP port 4567 forwarded to the Actiontec's WAN address (123.45.67), port 4567. •UDP port 63145 and up to the Actiontec's WAN address, port 63145. The number of ports starting with 63145 depends on how many DVRs you have. For the network above, we would set up rules like the following for the secondary router: Protocol Source Port Destination Destination Port TCP 4567 123.45.67.8 4567 UDP 63145 123.45.67.8 63145 •On your primary router, forward the following traffic to the LAN address of your secondary router: •TCP port 4567 •UDP port 63145 and up (as above in step 8) •TCP port 35000 and up to the appropriate set-top boxes. The port forwarding rules for 35000 and up should mirror the rules that you see in port forwarding on the Actiontec. The number of ports starting with 63145 depends on how many DVRs you have, and the number of ports starting with 35000 depends on how many set-top boxes you have. •Configure the DHCP server on your primary router to provide static address assignments for the set-top boxes as recorded in step 2 above." If you don't mind helping, I'd appreciate it. I'm running a Cisco 891 as my primary and a Cisco 1811 as my secondary. Please email me at KJ94GT@gmail.com in reply to this if you don't mind helping. If you have a sample config I could reference, that would be much appreciated. Thanks, KJ

    2014-12-08 03:13:22 (KOKJ75 See Profile)



by More Fiber See Profile
last modified: 2011-11-23 17:51:22


»[FiOS] Dual Router Separated Computer & TV Service Networks

by NOYB See Profile edited by More Fiber See Profile
last modified: 2012-06-08 17:58:03