dslreports logo


3.1 General Networking

The following information is for users who have seen the various bridging threads and/or the FAQs about using their own router and wondered which of these various configurations they should choose.
 
References to the Verizon Router router apply to all models of the Actiontec, the FiOS Quantum Gateway G1100, the FiOS Home Router G3100, and the Westell 9100EM, unless specified otherwise.

  • Options 1 through 3 leave the Verizon Router as primary router and the added (user) router as secondary.

  • Options 4 through 7 replace the Verizon Router with a different primary router. The Verizon Router becomes secondary.

  • Options 9 and 10 set the user router as primary, and replaces the Verizon Router with a MOCA bridge for coax data.
Summary:
Feature \ Option 1 2 3 4 5 6 7 8 9 10
Ethernet WAN to ONT Y Y Y N N Y Y Y Y N
Coax WAN to ONT Y Y Y Y Y N N N N Y
VZ support for configuration Y Y Y N N N N N N N
Double NAT'ed Y Y N N N *1 N N N N
Small NAT table issue (Actiontec Rev. A-D only) Y Y Y N N N N N N N
FiOS TV (VOD and Guide) supported Y Y Y na Y Y Y Y Y Y
All devices on same network (LAN-LAN)Y2 Y2 Y na Y N Y N Y N
Remote access to DVR Y Y Y na N3 N3 N3 Y N3N
On-screen caller-id Y Y Y na N3 N3 N3 Y N3N
Usable with Verizon RoutersY Y Y Y Y4Y Y Y NN


Notes:

  1. 1) STBs are double NAT'ed, but not an issue.

  2. 2) Only for PC's connected directly to the Verizon Router.

  3. 3) Verizon does not officially support remote (web) access to the DVR or on-screen caller-id with a non-VZ router as primary. See option #8 for support of Remote DVR and On Screen CID.

  4. 4) To date, no one has had success getting this configuration working with the Westell 9100EM (EOL for quite some time). If someone is able to get this working, please post the exact steps you followed, so this FAQ can be updated.




Options 1, 2 and 3 can be used with either a coax or cat5 connection to the ONT.
1. Secondary (LAN-to-WAN)
Simply plug the secondary (user) router into a LAN port on the Verizon Router. User router must be configured for a different subnet than the Verizon Router. The WAN port on the user router must also be set to use either a static IP address on the Verizon Router subnet, or obtain its WAN address via DHCP.
    PRO:

    • Simplest. VZ recommended solution.

    • No configuration changes required in the Verizon Router.

    • Supported by VZ. i.e. No changes to Verizon Router config needed when calling for support.

    • No cabling changes.

    • Can be used with either a coax or cat5 connection to the ONT.

    • All current STB functionality supported. Guide, VOD, widgets, Remote DVR, On Screen Caller ID.
    CON:

    • Secondary (user) router is double NAT'ed.

    • No VZ support for secondary (user) router.

    • Still subject to small NAT table in the Verizon Router.

    • Any port forwarding will need to be configured on both routers.

    • PCs connected to one router won't be visible to PCs connected to the other router.
2. Secondary DMZ
Similar to #1, with secondary router as a DMZ address in the Verizon Router. User router must be configured for a different subnet than the Verizon Router. The WAN port on the user router must also be set to use either a static IP address on the Verizon Router subnet, or obtain its WAN address via DHCP.
    PRO:

    • Simple config change to create DMZ address for secondary (user) router.

    • Eliminates need to configure port forwarding in both routers. Port Forwards are configured in secondary (user) router only.

    • No cabling changes.

    • Can be used with either a coax or cat5 connection to the ONT.

    • All current STB functionality supported. Guide, VOD, widgets, Remote DVR, On Screen Caller ID.
    CON:

    • Secondary (user) router is double NAT'ed.

    • Still potentially subject to small NAT table in the Verizon Router.

    Note: One member reports success with a secondary router in the DMZ of the Verizon Router, while others report an improvement but not problem resolution. See this thread for more details. »Steam on a router in the Actiontec DMZ Router-DMZ

3. Secondary LAN-to-LAN
LAN-to-LAN connection between Verizon Router and user router. User router becomes a switch. WAN connection and firewall not used in user router. LAN DHCP server should be disabled in the user router. Instructions are detailed in this FAQ: »Verizon FiOS FAQ »Can I use my wireless or an extra router along with the Verizon provided router?
    PRO:

    • Easy.

    • Avoids double-NATing. Port Forwards are configured in the Verizon Router only.

    • Good choice, if all you need is to connect your 802.11n router as a Wireless Access Point (WAP).

    • VZ support for Verizon Router.

    • All current STB functionality supported. Guide, VOD, widgets, Remote DVR, On Screen Caller ID.
    CON:

    • Still subject to small NAT table in early (GEN1) Actiontecs.



Options 4 and 5 are for users with an existing coax WAN connection between the Verizon Router and the ONT.

4. Internet Only Bridge
Bridging the Verizon Router passes all WAN traffic through, making the user's router primary. Follow the bridging thread here: »How-to: make ActionTec MI424-WR a network bridge

    PRO:

    • Bypasses the small NAT table in the Verizon Router. NAT limited by primary router, not Verizon Router.

    • No cabling changes.

    • Supports VZ's CPE management interface.
    CON:

    • Moderate difficulty to setup.

    • Not supported by VZ. May require a HARD reset of the Verizon Router to restore to factory defaults for support.

    • Internet only. No VOD or guide data for STBs.

    • Switch ports on Verizon Router not available as LAN ports.
5. Double Bridge
Bridging the Verizon Router passes all WAN traffic through, making the user's router primary. Another internal bridge passes data from the user's primary router to the coax LAN for STB data.
See note #4 above regarding the Westell 9100EM.
The following instructions are for Verizon Router revisions (A-F). »Re: MI424WR-GEN2 Rev E Configuration Thread
Rev. I. »How-to: Make Actiontec MI424WR Revision I (Rev.I) a Network
Click for full size

Click to enlarge


    PRO:

    • Bypasses the small NAT table in the Verizon Router. NAT limited by primary router, not Verizon Router.

    • VOD and guide data supported.

    • No cabling changes.

    • Supports VZ's CPE management interface.
    CON:

    • Moderate difficulty to setup.

    • Unsupported by VZ. May require a HARD reset of the Verizon Router to restore to factory defaults.

    • Not all configuration information saved to config file. Some bridging information lost on a power fail.

    • Switch ports on Verizon Router not available as LAN ports.

    • Does not support remote access to DVR or on-screen caller id (see note #3 above).



Options 6 - 9 are for users with a cat5 WAN connection to the ONT. These options replace the Verizon Router with a different primary router and relegate the Verizon Router to servicing only the STBs. Option 8 replaces the Verizon Router with a NIM-100 to provide coax LAN data. If you currently have a coax WAN connection and want to switch to a cat5 WAN connection, instructions for switching are here: »Verizon FiOS FAQ »Replacing the Actiontec (part 1): Coax to Ethernet Keep in mind that when using a third-party router, that it must be capable of supporting the high throughput of your FIOS internet connection and if you have FiOS-TV, the additional bandwidth of Video-On-Demand (VOD). Many older routers can not support these higher bandwidth requirements.

6. Primary LAN-to-WAN
Cat5 from ONT to user router. LAN port on user router to WAN port on Verizon Router per FAQ here: »Verizon FiOS FAQ »Replacing the Actiontec (part 3): WAN-to-LAN keeps Guide and VOD (easier)
    PRO:

    • Easy. FSC can switch WAN connection from coax to cat5 remotely.

    • NAT limited by primary router, not Verizon Router.

    • VOD, guide data and widgets supported.
    CON:

    • Configuration not supported by VZ. May have to reconnect Verizon Router to ONT (via cat5) as primary router for support.

    • Does not support media sharing on PCs connected to primary router.

    • Does not support remote access to DVR, on-screen caller id or VZ's CPE management interface (see note #3 above).
7. Primary LAN-to-LAN
Cat5 from ONT to user router. LAN port on user router to LAN port on Verizon Router per FAQ here: »Verizon FiOS FAQ »Replacing the Actiontec (part 4): LAN-to-LAN keeps all devices on one network
    PRO:

    • Easy. FSC can switch WAN connection from coax to cat5 remotely.

    • NAT limited by primary router, not Verizon Router.

    • Media sharing PCs connected to primary router supported.
    CON:

    • Configuration not supported by VZ. May have to reconnect Verizon Router to ONT (via cat5) as primary router for support.

    • Does not support remote access to DVR, on-screen caller id or VZ's CPE management interface (see note #3 above).
8. "Three router"
Cat5 from ONT to user router. Verizon Router provides MOCA LAN. Extra router makes secondary Verizon Router "think" it is primary. »Verizon FiOS FAQ »Can I use my own router as primary and keep remote DVR
This is the only configuration which allows a third-party router as primary and keeps Remove DVR and on-screen caller id.
    PRO:

    • NAT limited by primary router, not Verizon Router.

    • All current STB functionality supported. Guide, VOD, widgets, Remote DVR, On Screen Caller ID.
    CON:

    • Configuration not supported by VZ. May have to reconnect Verizon Router to ONT (via cat5) as primary router for support.

    • Media Manager not supported

    • Most complex of all the configurations.
9. Primary with MoCA LAN Bridge
In options 6 and 7 above, a NIM-100 or other MOCA bridge can be used instead of the Verizon Router to provide the MOCA LAN bridge needed by the STBs. A NIM-100 supports MOCA LAN only. It can not be used between a router and the ONT. A list of available MOCA Bridges can be found here: »Verizon FiOS FAQ »What is a MOCA Bridge?
    PRO:

    • Can eliminate Verizon Router completely.

    • Smaller, simpler device. Less power consumption.
    CON:

    • Additional unit to purchase.

    • Does not support remote access to DVR, on-screen caller id or VZ's CPE management interface (see note #3 above).

10. MoCA WAN Bridge
A MOCA bridge is used between the ONT and the user router.
How to use a MOCA WAN bridge

    PRO:

    • Can eliminate Verizon Router completely.

    • Smaller, simpler device. Less power consumption.
    CON:

    • Additional unit to purchase.

    • Does not support remote access to DVR, on-screen caller id or VZ's CPE management interface (see note #3 above).
Note: The description of this option only includes connecting the user router to the ONT via the MOCA bridge. If FIOS-TV is involved, then a MOCA LAN connection is still required for the STBS. Options 6, 7 or 9 can be used in addition for the MOCA LAN connection.

This FAQ was edited to add option 3. Posts dated 12/28/08 or earlier making references to options 3 through 7 are now referring to options 4 through 8.



Feedback received on this FAQ entry:
  • For #9, I couldn't get my NIM100 to work, possibly because the NIM100 is limited to MoCA 1.0. Folks in the forum guided me to a MoCA 2.0 device like GoCoax or the list of MoCA bridges listed here: http://www.dslreports.com/faq/16626. I think the theory is correct, that you don't have to use a Verizon-supplied device, it's just the NIM100 isn't compatible anymore it seems.

    2023-07-22 16:03:17 (countryjudge See Profile)

  • Option 8 has a typo at the end. ?Keep Remove DVR? is supposed to be ?keep remote DVR

    2021-06-08 08:54:42 (Mike Wolf See Profile)

  • Why do you need to keep the IP address of the Actiontec in sync with the IP address of the primary router's WAN?

    2018-04-03 15:25:29 (ctwise See Profile)

  • I am using a setup that does not encompass any of the options in this FAQ. It is detailed in the forum topic: https://www.dslreports.com/forum/r31633481-Networking-ONT-Ethernet-to-Google-Wifi-Setup-Guide-new-option-11-in-FAQ As some commenters have suggested, I need to test the remote access features, but besides those, this is working great!

    2017-09-29 09:28:18 (talllguy See Profile)

by More Fiber See Profile edited by Branch See Profile
last modified: 2019-12-12 20:55:28


Most definitely. Using more than one router allows you to put your wireless router's antenna where it will best cover your house or property; allows you to use the printer port; allows you to hard-wire more than 4 ethernet devices into your LAN.

These instructions leave your Actiontec router as primary. Your secondary router will connect LAN-to-LAN (wired) to the Actiontec, so it will simply act as a switch. The Actiontec will handle DHCP. All of these steps use your PC connected wired to the routers. Do not connect the secondary router to the Actiontec until instructed below. Here's how:

First, set up the primary router:
    1. To start with a simple configuration, disconnect or power off all devices connected to the Actiontec except the computer used to configure it. Reset the Actiontec to its default configuration by pressing the reset button for 10 seconds. Note that this will delete all port forwards and filter rules you may have already established. You may want to make notes of your existing config before resetting to default. The default Actiontec router address is 192.168.1.1. Point your browser to the login page.

    2. When reset, the Actiontec will boot up and ask you to set a password. It is suggested it be something different than password or password1. I use 8 characters in an alpha/number mix. Make sure you can connect to the internet. This verifies primary router connectivity.

    3. Click on My Network icon, click Network Connections, then Network (Home/Office), then click Settings button. Change the DHCP address range by scrolling down to locate IP Address Distribution. Verify DHCP Server is selected in the dropdown box. Set the Start IP Address to 192.168.1.11, and leave the Ending IP Address at 192.168.1.254. You can use a different start or end address. I selected .11 because I want to have several, but not too many addresses I can use as static addresses. The secondary router will be one of them.

    Click Apply, wait for the Actiontec to reconfig, then click Apply again to make it stick.

    4. If you intend your secondary router to handle all the wireless connections, you may choose to disable the Actiontec Wireless. This might be the case if, for instance, your secondary router is Wireless-N. Disable Actiontec Wireless by clicking Wireless Settings icon, then click Basic Security Settings. Click item 1. Wireless Radio to Off. Then click Apply, wait for the Actiontec to reconfig, then click Apply.

    5. Verify Internet connectivity, then shut off your PC.

Next, set up your router as secondary
    6. Unplug your PC's wired connection from the Actiontec LAN port, then plug it into a LAN port on your secondary router. Make sure the secondary router WAN port is not connected to anything. Boot up your PC and the router and log into your secondary router's interface.

    7. You should be able to login with a login and a password. If you are unable to, you may have to resort to a hard reset on the secondary router and use the operator's manual to determine the default login and password.

    Please note that routers from different manufacturers will vary in their default settings and interface. If your PC is set to get a LAN address automatically, you can determine your IP address by typing "ipconfig /all" (without the quotes) at a command prompt, then press Enter.

    You should be able to log in to your secondary router at "http://192.168.1.1" or by using your LAN IP address with .1 as the last octet.

    8. Once logged in, ignore the router's Internet settings because the WAN port is not used. You need to change its Network Settings to set the Router IP address to 192.168.1.2 with Subnet mask 255.255.255.0.

    9. Also, it's very important to Disable DHCP Server. On my secondary router after I made those changes, I needed to Save Settings.

Finally, connect secondary router to Actiontec
    10. Then I connected a patch cable from a LAN port on the Actiontec to a LAN port on the secondary router, and clicked Reboot Now. Instructions for your router may vary.

    After the secondary router reboot, reboot your PC. You should be connected to your secondary router and pick up a LAN IP from the Actiontec. Verify internet connectivity.

    11. At this point, verify you can log in to the Actiontec at 192.168.1.1, and log in to your secondary router at 192.168.1.2. It will make no difference what router you are physically connected to for administration of both.

    12. Any additional changes to primary or secondary routers can be made at this time. Here is where you may set wireless on the secondary router. Any port forwards will be done on the Actiontec. The secondary router WAN port is not connected.

To summarize:
    Actiontec is set to serve DHCP addresses from 192.168.1.11 to 192.168.1.254, and your
    secondary router has a static network address of 192.168.1.2 and DHCP is disabled.
    Both are connected with a patch cable from LAN to LAN.
    Straight or crossover cable doesn't matter because the Actiontec is self-sensing.

Review more options described here: »Verizon FiOS FAQ »What are the tradeoffs between the various router configurations.

Notes:
Connecting an Access Point wirelessly to the Actiontec using WDS (Wireless Distribution System) is not supported by the Actiontec hardware. The only currently known connection method for an access point is through ethernet wiring to the Actiontec. See this FAQ »Verizon FiOS FAQ »Does the Actiontec support Wireless Distribution System (WDS)?

As noted above, the WAN portion of the second router is not used. It should not be necessary to change any WAN settings (NAT, port forwards, etc) on the second router.


Please use the feedback link below only to suggest improvements to this FAQ. If you have questions about this FAQ, please post them in the »Verizon FiOS forum.

by bobTeatow See Profile edited by Branch See Profile
last modified: 2016-10-05 16:21:18

The Actiontec, FiOS Quantum Gateway, and FiOS Home Router routers used by Verizon support either coax or ethernet connection to the ONT. Verizon's standard installation is to use ethernet between the ONT and the router.


Internet only: The tech will install the FiOS Home Router in order to verify that everything is working correctly. Once the installer has verified that you are receiving your provisioned speeds, you can replace (and return to Verizon, if you're renting) the FiOS Home Router. When swapping out your primary router be sure to release your WAN DHCP lease or you may have trouble acquiring a new WAN DHCP lease. 

»Verizon FiOS FAQ »How do I release my DHCP lease? Why would I need to?

Note for older installations: If your WAN connection between the ONT and the primary router is coax, you will not find any retail versions of routers available that support the MoCA standard. To use a different primary router, you will need to get the WAN connection switched over to Ethernet (Verizon Support can take care of this quickly), or bridge your router through the Actiontec, FiOS Quantum Gateway, or FiOS Home Router.



TV and Internet: Since FiOS STBs rely on MoCA LAN for Guide Data and VOD, most alternative configurations include the Actiontec, FiOS Quantum Gateway, or FiOS Home Router in a primary or secondary role as a MOCA bridge for TV service. You do not need a Verizon router for CableCard devices (such as the TiVO) as they do not get their guide data from Verizon. Note that a FiOS Quantum Gateway or FiOS Home Router is required to activate Verizon STBs.


The Pros/Cons of a number of possible configurations for connecting your own router are detailed in the FAQ: 

»Verizon FiOS FAQ »What are the tradeoffs between the various router configurations



You may find Verizon unwilling to provide support unless you reconnect the Actiontec, FiOS Quantum Gateway, or FiOS Home Router as the primary router. Of course, you can post your question in the:

»Verizon FiOS forum.

by Sizzlechest See Profile edited by Branch See Profile
last modified: 2020-05-10 20:42:13

Yes, Verizon FiOS Internet Service offers you the ability to create a home network so multiple devices connected to your LAN [Local Area Network] can be connected simultaneously. This requires a Broadband Router (wired or wireless).


You must either rent, purchase or have an existing Verizon router.


 

by drake See Profile edited by Branch See Profile
last modified: 2016-10-05 16:21:58

Be aware that Verizon does not currently establish separate subnets for the static IP range users, even though the address blocks they assign follow subnetting rules.

Verizon's absence of subnetting can create routing problems for static customers. Specifically, other users on the same supernet may have difficulty reaching services you are offering. Possible solutions include Verizon correctly deploying their FIOS service, FIOS customers could utilize a transparent firewall, or customers can try IP translations such as 1:1 mappings.

by firewalls4u See Profile edited by Branch See Profile
last modified: 2016-10-05 16:22:11


Q. Can coax and cat5 be active at the same time? 

A. That depends on the context of the question.

In the DSLR FiOS forums, that question usually refers to your WAN (internet) connection. 

Your WAN connection between the ONT and the router can be delivered over coax (MOCA WAN) or cat5, but not both. So in that context, only one can be active. If you have FiOS TV, video is delivered over coax. Verizon's standard install is Ethernet from the ONT. 

Click for full size

Click to enlarge


Please use the feedback link below only to suggest improvements to this FAQ. If you have questions about this FAQ, please post them in the »Verizon FiOS forum.



Feedback received on this FAQ entry:
  • Is cat5 a standard protocol or is it a medium for the Ethernet protocol? I see you saying cat5 very frequently but I am not sure what that is. If cat5 is not a standard protocol (like Ethernet or MOCa) then it seems inappropriate to say cat5 to refer to the networking protocol.

    2019-12-30 14:33:41 (Sam Tomato See Profile)

by More Fiber See Profile edited by sashwa See Profile
last modified: 2016-10-05 20:16:48

Q. How can I use my own router as primary while still keeping remote DVR access and Caller-id on my TVs.

A. This is option #8 in the trade-offs FAQ. This particular option allows you to use your router as primary, while keeping all Verizon functionality, including guide data, VOD, widgets, remote DVR, and on-screen caller-id. However, this option is more complex that some of the other options in the trade-offs FAQ. You should review the trade-offs FAQ to select to most appropriate bridging option.  In addition to the user router, the Actiontec, a third "back-end" router is also required.

Note: Although this FAQ refers specifically to Actiontec, it should also work with the Westell 9100EM.  Although it has not been tested with that router.  Should anyone get this working with the Westell 9100EM, please post in the »Verizon FiOS TV forum.


Preparation:

•You must have a working cat5 connection from the ONT.  If you do not already have a cat5 connection from the ONT, follow the instructions here: Replacing the Actiontec (part 1): Coax to Ethernet


•You will need an extra router to use as the "back-end" router.


•Make sure all services are working with the Actiontec as primary before starting.  Even if you already have your own router functioning as primary, you should make sure that Remote DVR and CID work with the Actiontec as primary before attempting these instructions.  If you have any issues with remote DVR and CID working, resolve them with Verizon now, while the Actiontec is primary.

Short Version


•Record the IP and MAC for the Actiontec's WAN port as well as the port forwarding rules set up by the Actiontec.


•Prepare your replacement router and back-end router, then move the cat5 WAN cable from the Actiontec to the replacement router. (Do this quickly to avoid losing your IP address assignment.)

Install your own router between the ONT and your internal network.
Configure port forwarding rules on that router for remote DVR and Caller-ID.


•Install the "back-end" router between your LAN and the Actiontec WAN port.


•Configure the Actiontec to the same IP address as it used to have and set up port forwarding rules to allow the remote DVR and CID traffic to pass to the Actiontec.


Long version: 
Notes: The Actiontec router plays a critical role in several ways in the configuration described in this FAQ. It bridges the MOCA networking from the set-top boxes to the Internet and it supports the protocols that allow the set-top boxes to communicate with the Verizon systems.

To use this system, you'll need a simple router with Network Address Translation (NAT) features to use in addition to your primary router and the Actiontec. This router doesn't handle all of the traffic from your internal network to the Internet, but it supplies the set-top boxes with Video on Demand. A simple "Cable Modem" router will be fine in most cases. After you connect up the cat5 to feed the Actiontec, verify that services are working as you expect. If Verizon doesn't allow you to use remote DVR or if Caller-ID isn't working, you'll need to get them working before you start changing things. You can sometimes trigger Remote DVR to work by doing a factory reset on the Actiontec, but sometimes you just need to ask the Fiber Support Center to 'portmap' your set-top boxes to get things working again. Here's the detailed directions:

1. Hook up a PC to one of the LAN connectors on your Actiontec and open the web interface. Click on the "My Network" icon, then "Network Connections". You should see a link reading "Broadband Connection (Ethernet)" with status "Connected". Click on that Broadband connection and you'll see a "Broadband Connection (Ethernet) Properties" page. Record the contents for the "MAC Address" and "IP Address" fields as you'll need those later. As recommended in other areas of this FAQ, you probably want to disable wireless on the Actiontec at this point (Wireless Settings). You should also enable remote administration (Advanced/Remote Administration, then select the "Use Secondary HTTP port" setting.)

2. On the Actiontec, click on the "Firewall Settings" icon and choose the "Port Forwarding" option. You should see several port forwarding rules that were inserted to support remote access. For example, under "Networked Computer/Device" you'll see entries like "192.168.1.101:8082", with a corresponding entry under "Applications & Ports Forwarded" reading "Application, TCP Any -> 35000". Those are ports forwarded from the Actiontec to your set-top boxes to support Caller-ID. The first STB will use port 35000, the next 35001, and so forth. You need to re-create these rules on the primary and secondary routers for this setup to work. Similarly, you'll see forwarding rules with "192.168.1.101:63145" and "UDP Any -> 63145" for the first DVR in your house, with port 63146 and up used for subsequent DVRs. Record what port range is in use here for later. You can now power down the Actiontec.

3. Your primary replacement router should be configured to provide address distribution (DHCP) to your LAN. The primary LAN subnet must be different from the Actiontec LAN subnet.

4. On your primary router, set the MAC address of its WAN port to the MAC address recorded in step 1 above. Move the cat5 cable coming from the ONT to the WAN port of the Actiontec so it's now connected to the WAN port of your primary router and restart the primary router. If all is well, it will pick up the same WAN IP address that the Actiontec used to have. You should now verify that your internal network is operating properly.

5. Prepare a simple NAT router (the secondary router) which will be used to connect the Actiontec to the Internet. It should be configured to use a static IP address from your internal network on the WAN side. Hook the WAN port of the secondary router to your internal network.

6. On the LAN side of the secondary router, configure the subnet scope to use the same network as your Actiontec's former WAN address (recorded in step 1 above). For example, if your Actiontec's IP address was 123.45.67.8, then you should set the LAN side to an address of 123.45.67.1, netmask 255.255.255.0.

7. On your secondary router, configure the DHCP server to add a static IP address assignment, giving the MAC address of the Actiontec the same IP address it used to have. You should also configure the DNS servers for that DHCP scope. Using the Google public DNS servers (8.8.8.8 and 8.8.4.4) is one option. You can also use your internal DNS servers if you have them.

8. On your secondary router, configure forwarding rules for the following ports from the WAN side of the secondary router to the Actiontec's WAN port (192.168.2.101 -> 123.45.67.8 in the diagram above)

•TCP port 4567

•UDP port 63145 and up

•TCP port 35000 and up

The port forwarding rules for 63145 and 35000 should mirror the rules that you see in port forwarding on the Actiontec. The number of ports starting with 63145 depends on how many DVRs you have, and the number of ports starting with 35000 depends on how many set-top boxes you have. You can also set up a port forwarding rule for TCP port 8080 forwarding to the Actiontec's IP address, port 8080. This will allow you to manage the Actiontec via its web interface across your secondary router.

9. On your primary router, forward the following traffic to the WAN address of your secondary router:

•TCP port 4567

•UDP port 63145 and up (as above in step 8)

•TCP port 35000 and up

These port forwarding rules should mirror the rules that you see in port forwarding on the Actiontec.

10. Hook up a cable from the Actiontec's WAN RJ45 port to the LAN port on your secondary router. Turn on the Actiontec.

11. Verify that your set-top boxes still have network connectivity using Video on Demand. Now, things should look like the attached diagram. Note that if the IP address that Verizon gives to the WAN port of your primary router changes, you'll have to reconfigure the LAN network of your secondary router to match as well as reconfiguring the DHCP server so the Actiontec's address follows. Thanks to user rspadaro for the insight that leaving the Actiontec off of the LAN makes this much simpler to set up.


Thanks to rmurphy See Profile and rspadaro See Profile for their efforts in getting this working.

3/1/15: Javi404 notes that with the arris boxes (quantum tv) the ports are different. TCP: 35000 -> 9001 on DVR 35001 -> 9001 on STB1 35002 -> 9001 on STB2 UDP: 63145 -> DVR


Feedback received on this FAQ entry:
  • Can someone consolidate the current understanding for the FIOS TV One boxes and G1100? Is the 3 router approach still needed for remote DVR functionality? Also - are the various forwards to the DVR and other STBs or to the Verizon router (G1100 in my case)?

    2021-01-31 22:00:31 (ultradianguy See Profile)

  • I am using an Asus RT-AX86U along with an Actiontec ECB6205S02 MOCA adapter (both picked up from Amazon) and I didn't even need to set the port forwards for Remote DVR functionality. Just a reboot of the STBs after installing the devices and the DVR services worked (Set recording, delete, etc). I don't have phone services so I cant say anything about that.

    2020-11-15 00:16:59 (SuperPat See Profile)

  • Looks like Fios TV One ports are 7547 (35000+) and now using 4567 and 4577

    2020-08-14 23:22:40 (rroach3753 See Profile)

  • Has anyone had success getting this to work with the new "Fios Home Router"...the G3100 (the new router with WiFi6)

    2020-08-12 14:54:25 (rroach3753 See Profile)

  • In the process of troubleshooting my Actiontec-plus-my-own-primary-router system - which is working fine, with guide and VoD - I reset the Actiontec to factory and in the process removed the remote-DVR Port Forwarding rules. Now I want to add a back-end router to gain remote DVR back. Is there a reference on how to reset those rules, or are the ones listed in your FAQ correct?

    2020-05-19 15:06:56 (gallde6 See Profile)

  • Curious, do you have an updated version of this? I've been in IT for 20 years and this is easy for me to follow, except where to interject the port forwards with only the primary and the FiOS-G1100.

    2019-01-12 02:53:05 (rroach3753 See Profile)

  • Hi, I'd like to point out that this is far too complex. I have set this up with a separate MOCA bridge (as you have outlined in one of the other faqs), and then had my own router give a fixed ip to the DVR when it makes a DHCP request. Then, you can enable port forwarding for the DVR (and other STBs if you also give them fixed IPs). This eliminates the need for having a backend router entirely. I have it working great with remote dvr and caller id across the board.

    2017-09-16 22:47:06

  • Brilliant! I was looking for something like this. I will try it tomorrow.

    2017-06-13 23:57:48

by More Fiber See Profile edited by sashwa See Profile
last modified: 2016-10-05 19:21:21

Q. How can I use my own router as primary while still keeping remote DVR access and Caller-id on my TVs.

Note: This FAQ is replacing »Verizon FiOS FAQ »Can I use my own router as primary and keep remote DVR

A. This is option #8 in the trade-offs FAQ. This particular option allows you to use your router as primary, while keeping all Verizon functionality, including guide data, VOD, widgets, remote DVR, and on-screen caller-id. However, this option is more complex that some of the other options in the trade-offs FAQ. You should review the trade-offs FAQ to select to most appropriate bridging option. In addition to the user router, the Actiontec, a third "back-end" router is also required.
Note: Although this FAQ refers specifically to Actiontec, it should also work with the Westell 9100EM, although it has not been tested with that router. Should anyone get this working with the Westell 9100EM, please post in the "Verizon FIOS TV forum

Preparation:
    •You must have a working cat5 connection from the ONT. If you do not already have a cat5 connection from the ONT, follow the instructions here: Replacing the Actiontec (part 1): Coax to Ethernet •You will need an extra router to use as the "back-end" router. •Make sure all services are working with the Actiontec as primary before starting. Even if you already have your own router functioning as primary, you should make sure that Remote DVR and CID work with the Actiontec as primary before attempting these instructions. If you have any issues with remote DVR and CID working, resolve them with Verizon now, while the Actiontec is primary.

Short Version
    •Record the IP and MAC for the Actiontec's WAN port as well as the port forwarding rules set up by the Actiontec. •Prepare your replacement router and back-end router, and then move the cat5 WAN cable from the Actiontec to the replacement router. (Do this quickly to avoid losing your IP address assignment.) Install your own router between the ONT and your internal network. Configure port forwarding rules on that router for remote DVR and Caller-ID. •Install the "back-end" router between your LAN and the Actiontec WAN port. •Configure the Actiontec to the same IP address as it used to have and set up port forwarding rules to allow the remote DVR and CID traffic to pass to the Actiontec. •Disable the Actiontec's DHCP server and connect the Actiontec's LAN to your internal LAN.

Long version:

Notes: The Actiontec router plays a critical role in several ways in the configuration described in this FAQ. It bridges the MOCA networking from the set-top boxes to the Internet and it supports the protocols that allow the set-top boxes to communicate with the Verizon systems. After a factory reset of the Actiontec, you must use the Actiontec to provide IP addresses for the set-top boxes so the forwarding rules (and internal state of the Actiontec) are set up correctly. After this initial setup, you can use your own DHCP server on the LAN.

To use this system, you'll need a simple router with Network Address Translation (NAT) features to use in addition to your primary router and the Actiontec. This router doesn't handle all of the traffic from your internal network to the Internet, but it supplies the set-top boxes with Video on Demand. It must support static DHCP assignments.
After you connect up the cat5 to feed the Actiontec and before you change anything, verify that services are working as you expect. If Verizon doesn't allow you to use remote DVR or if Caller-ID isn't working, you'll need to get them working before you start changing things. You can sometimes trigger Remote DVR to work by doing a factory reset on the Actiontec, but sometimes you just need to ask the Fiber Support Center to 'portmap' your set-top boxes to get things working again. Here are the detailed directions:

    •Hook up a PC to one of the LAN connectors on your Actiontec and open the web interface. Click on the "My Network" icon, then "Network Connections". You should see a link reading "Broadband Connection (Ethernet)" with status "Connected". Click on that Broadband connection and you'll see a "Broadband Connection (Ethernet) Properties" page. Record the contents for the "MAC Address" and "IP Address" fields as you'll need those later. As recommended in other areas of this FAQ, you probably want to disable wireless on the Actiontec at this point (Wireless Settings).
    •On the Actiontec, click on the "Firewall Settings" icon and choose the "Port Forwarding" option. You should see several port forwarding rules that were inserted to support remote access. For example, under "Networked Computer/Device" you'll see entries like "192.168.1.101:8082", with a corresponding entry under "Applications & Ports Forwarded" reading "Application, TCP Any -> 35000". Those are ports forwarded from the Actiontec to your set-top boxes. It was once thought that these connections were used for Caller-ID, but that does not seem to be the case. Once of your STBs will use port 35000, the next 35001, and so forth. You need to re-create these rules on the primary and secondary routers for this setup to work. Similarly, you'll see forwarding rules with "192.168.1.101:63145" and "UDP Any -> 63145" for the first DVR in your house, with port 63146 and up used for subsequent DVRs. Record what port range is in use here for later. This system has several forwarding rules, but the ones that matter are the following:


    You can now use the "My Network" page on your Actiontec to view and record the IP addresses and MAC addresses for each of your STBs. Once you have all of this information recorded, you can begin to prepare your new primary router.
    •Your primary replacement router should be configured to provide address distribution (DHCP) to your LAN. The LAN network should be the same as the LAN network that the Actiontec is using. It is best if you use 192.168.1.0/24 so you are consistent with the factory default on the Actiontec. In addition, having 192.168.1.1 as your network's default gateway is recommended.
    •On your primary router, set the MAC address of its WAN port to the MAC address recorded in step 1 above. Move the cat5 cable coming from the ONT to the WAN port of the Actiontec so it's now connected to the WAN port of your primary router and restart the primary router. If all is well, it will pick up the same WAN IP address that the Actiontec used to have. You should now verify that your internal network is
    operating properly. At this point, remote DVR is not yet working.
    •Prepare a simple NAT router (the secondary router) which will be used to connect the Actiontec to the Internet. It should be configured to use a static IP address from your internal network on the WAN side. Hook the WAN port of the secondary router to your internal network.
    •On the LAN side of the secondary router, configure the subnet scope to use the same network as your Actiontec's former WAN address (recorded in step 1 above). For example, if your Actiontec's IP address was 123.45.67.8, then you should set the LAN side to an address of 123.45.67.1, netmask 255.255.255.0.
    • On your secondary router, configure the DHCP server to add a static IP address assignment, giving the MAC address of the Actiontec the same IP address it used to have. You should also configure the DNS servers for that DHCP scope. Using the Google public DNS servers (8.8.8.8 and 8.8.4.4) is one option. Eventually, the DNS servers configured by your primary network's DHCP server will be used throughout, but you need to hand the Actiontec a good DNS server pair off of your primary network for now.
    • On your secondary router, configure forwarding rules for the following ports from the WAN side of the secondary router to the Actiontec's WAN port (192.168.1.x -> 123.45.67.8 in the diagram above)
      •TCP port 4567 forwarded to the Actiontec's WAN address (123.45.67), port 4567.•UDP port 63145 and up to the Actiontec's WAN address, port 63145.
    The number of ports starting with 63145 depends on how many DVRs you have. For the network above, we would set up rules like the following for the secondary router: Protocol Source Port Destination Destination Port TCP 4567 123.45.67.8 4567 UDP 63145 123.45.67.8 63145
    •On your primary router, forward the following traffic to the LAN address of your secondary router:
      •TCP port 4567 •UDP port 63145 and up (as above in step 8) •TCP port 35000 and up to the appropriate set-top boxes.

    The port forwarding rules for 35000 and up should mirror the rules that you see in port forwarding on the Actiontec. The number of ports starting with 63145 depends on how many DVRs you have, and the number of ports starting with 35000 depends on how many set-top boxes you have.
    •Configure the DHCP server on your primary router to provide static address assignments for the set-top boxes as recorded in step 2 above.
    •Hook up a cable from the Actiontec's WAN RJ45 port to the LAN port on your secondary router. Turn on the Actiontec.
    •Verify that your set-top boxes still have network connectivity using Video on Demand. Also, verify that Remote DVR is still working. If not, you may need to factory reset your Actiontec. First verify that the WAN address on the AT matches the WAN address of your primary router and that the port forwarding rules are correct. For remote DVR, UDP 63145 must be forwarded to the Actiontec through the secondary router.
    •Now that the secondary router is in place and remote access is still working, you can complete the connections between the Actiontec and your primary LAN. Hook up a PC to the LAN switch on the Actiontec and connect to the administrative page (192.168.1.1). Use "My Network", "Network Connections", "Network (Home/Office)", "Settings" to view the network configuration. Make the following changes:  On your primary router, change the port 63145 rule to forward to the LAN address of the DVR, not the AT. For DNS Servers, choose "Use the following DNS Server Addresses" and fill in the DNS server(s) for your LAN. " For "IP Address Distribution", choose "Disabled". For "Internet Protocol" choose "Use the following IP Address", then fill in a LAN address for the Actiontec under "IP Address".
    Note: not 192.168.1.1 as that should be the address of your primary router's LAN side. Click on "Apply" at the bottom of the screen, then "Apply" again. Now you can connect a cat5 cable from the Actiontec's LAN switch to your internal LAN switch. Now things should look like figure 1 above.


Note that if the IP address that Verizon gives to the WAN port of your primary router changes, you'll have to reconfigure the LAN network of your secondary router to match as well as reconfiguring the DHCP server on the back-end router so the Actiontec's address follows. Ideally, your secondary router should be on a battery backup system to minimize the chance of this. However, if you lose power for over an hour, your address will change and you must reconfigure the three routers to match the new address. The steps to do this are: Fix the LAN network and DHCP service on the back-end router to give the new public IP address to the Actiontec. Reboot the Actiontec. If this doesn't fix it (wait a day or two), then you'll have to disconnect the LAN-to-LAN cable, change the primary router port forwards back to the back-end router, then factory reset the Actiontec. That should recover the access (again, after waiting a day or two.)

Thanks to rmurphy See Profile, rspadaro See Profile, and solarein See Profile for their efforts in getting this working.

by More Fiber See Profile edited by Branch See Profile
last modified: 2016-10-05 16:23:14


»[FiOS] Dual Router Separated Computer & TV Service Networks

by NOYB See Profile edited by Branch See Profile
last modified: 2016-10-05 16:23:28