Verizon FIOS - don't want them to have access to my network

[KingFatty]

Hi all,

We just got Verizon FIOS, and they seem to mandate that we use their network device, which is a cable modem+wifi router. The fiber comes into a box outside the house, and then a coax cable comes out of their box into the house to their Verizon router inside the house.

1) has anyone else used their own cable modem? I have one laying around, but never tried it due to Verizon's insistence that I use theirs, would it even work? Would Verizon refuse to use the MAC address of my cable modem if I swapped it, and can I just make it work somehow without calling them and asking them to accept the MAC address?

2) Any special configuration when I use my own router to stop Verizon from accessing my network - either on my router or Verizon's configurations? I planned to just connect my router's WAN port to one of the 4 wired LAN ports of the Verizon router, but is there a better way?

I don't want Verizon having access to my home network, so I want to use my own router to connect all my computers together and give all my computers internet. I could see that happening by using my own cable modem and router, or somehow reconfiguring the Verizon router as a dumb cable modem?

Thanks in advance, and sorry if this has been covered before, I'm new to this subforum and I searched for Verizon but didn't see this specific aspect being covered before?

 

[pauldun170]

Hook your own router up to Verizon's.
Configure that router as desired.

 

[rsutoratosu]

Their router is required for on demand. I tried my router, all I saw was pixelation.

I dont think that device is a "cable modem", i think its a router with moca which is like ethernet over coax. If you have the ethernet port activated, you can plug your router directly into that ethernet port on the ONT. If its already installed, im not sure how to call those people to get it done.

I have fios for business at work and we plug our firewall right into the ethernet port, we dont have FIOS tv, so no fios router required.


http://forums.verizon.com/t5/FiOS-Internet/Advantage-of-connecting-to-ethernet-on-ONT/td-p/12818

looks like its easy to switch

http://forums.verizon.com/t5/FiOS-Internet/Switch-ONT-to-ethernet-from-coax/td-p/98278

 

[alkemyst]

Ask for their device to be set to bridge mode, configure your own device downstream.

Whether or not they can access your gear they can sniff your data to their heart's content.

 

[KingFatty]

Thanks for the input. Hmm I never looked on the ONT for ethernet, cool.

But are most FIOS users OK with using the Verizon router to route their personal home network (e.g., a LAN with a fileserver, NAS, etc.)? That would be more convenient, but I'm just nervous about it.

I'm curious what affect it will have to configure their modem+router in bridge mode? Does that help performance, compared to just leaving it as a router and connecting my router's WAN input port to one of the 4 LAN output ports of their router in router mode?

 

[azazel1024]

Google Fu my friend, Google Fu.

In short Verizon FIOS (which I have) uses MoCA. It isn't cable modem here. You need a MoCA Bridge (again, google).

You have options here. If you don't mind keeping the crap router/bridge combo, but don't want to use their router, get your own router and connect it WAN port on your router to LAN port on theirs. Done (double NAT though).

Or if you want to avoid double NAT call them up and get them to enable the ethernet port on the ONT box and plug your router right in to it. You'll then either need to set up their router in to bridge mode, or else buy a MoCA bridge. Or if you don't/can't run an ethernet line to the ONT box, just setup their router in to bridge mode and connect the LAN port on their router to the WAN port on yours (no double NAT, all your own network, your DVR can still do on demand and guide information).

My personal setup when I moved to my current house, after about a month I had them enable the ethernet port on the ONT and ran some cat5e from there (in my garage) to my living room (which is next to the garage with a convenient crawl space). I plugged in my router, stuck their router/bridge abomination in to bridge mode and called it a day. Then a couple of months back I got sick of their huge power suck device completely and just went out and bought a MoCA bridge to replace it.

No Verizon gear at all (well, other than their ONT and DVR) for me right now. Yeah, whether it is the ONT, their router or what, all your data has to go through their network, so they can do deep packet inspection to their hearts content. I guess if you want to setup a VPN from your router out, using your own is kind of a requirement though...though you could setup client VPN connections instead of at the door if it was their router.

That said...I will say when I was having some internet issues briefly a couple of months ago I called them up and the help desk person I spoke with started in on a "Okay, just let me login in to your router to reboot it...", "Uh...yeah, I am using my own router. Not your equipment".

That took about a 5 minute explanation. They couldn't grok the fact that I was using my own router and that I was connected to the ONT by ethernet to my router and not through their's in bridge mode (as they insisted on rebooting the MoCA bridge...which of course they tried doing from their end again). The service tech who had to swap my ONT box about a month prior (power outage/downed pole fried my ONT, fortunately nothing else) had no problems grapsing my setup in about a 30 second explination. His only comment "Your setup might have been the second one I've seen this month".

 

[azazel1024]

Thanks for the input. Hmm I never looked on the ONT for ethernet, cool.

But are most FIOS users OK with using the Verizon router to route their personal home network (e.g., a LAN with a fileserver, NAS, etc.)? That would be more convenient, but I'm just nervous about it.

I'm curious what affect it will have to configure their modem+router in bridge mode? Does that help performance, compared to just leaving it as a router and connecting my router's WAN input port to one of the 4 LAN output ports of their router in router mode?

What performance are you hoping to help? Depending on what Actiontec model they've given you, it should work just fine. I will say latency was slightly lower using my Negear 3500L with an ethernet connection to my ONT rather than using their Actiontec (older one) router/bridge combo. Zero difference in internet speeds (75/35 package). Then moving from my old Netgear 3500L to a newer TP-Link WDR3600 decreased latency again, but zero budging on internet speeds. That said, a newer Actiontec router/bridge probably has a newer/faster processor in it, so there might not really be much of a difference in latency.

I do prefer to handle the firewall settings and stuff myself and have a bit more confidence in my choosen router, firmware, etc than I do in the generic Actiontec one which I hadn't seen any firmware updates to my router in roughly the 3 years I had it. At least my router has seen 3 firmware updates in the past year.

Also the Wifi was crap on the Actiontec (11g) and even the newer Actiontecs aren't very good from what I have heard. I don't know what a newer actiontec uses, but the old one I had burned 11.5w even in bridge mode (I think 12w with wireless on). By comparison my router, with very good wifi, uses around 4.5-5w and the little MoCA bridge I have to get guide info/on demand uses about 3w.

That might not matter to anyone, but that is down from the 12w of the actiontec a little (yay, like $3 a year in electrical savings)...but also doesn't count the fact that I'd probably still need to add an AP and disable the wireless on the Actiontec because it is such crap (okay, now we are talking up in to the $8-9 a year range. Still not worth much, but something).

 

[Red Squirrel]

If there's no way to set it in bridge mode just plug your own anyway, only thing is you'll have a double NAT. Just port forward everything to your router so that if you need to port forward something you only need to do it once (at your router).

That's basically what I did with my fibre service. ONT->their router->pfsense.

 

[kevnich2]

Just run a cat5 cable to where you want a router and then call in and have the not reprovisioning to cat5 for data. You then have option to use their router or your own. BUT, if you have tv service, you have to have to either put their router in your network somewhere or buy a moca bridge for tv service. The verizon boxes communicate via moca for guide data and such.

The verizon routers are actually decent in the past year with the I rev. And the only thing they really have access to would be to communicate with the dvr.

 

[JackMDS]

I have the FIOS deal in one of my installations.

As a Router the ActionTecch is OK (it has Giga wire ports)

As a Wireless AP aa.... Good Wireless Laptop in the same room gets n level 150 Mb/sec.

I use it as a Wireless set to b/g to statisfy the staff that is, or perfectly OK to do b/g.

With a few feet wire I connected a a/b/g/n HP (Giga ports) Buffalo configured as an Access Point.

I get a nice WIFI cover up to 450 Mb/sec.

ActionTech is b/g CH1 with its own SSID.

Buffalo CH 11 set to do a/n only with its own SSID.

------------

Does Verizon has a Back Door to the Router? Who knows!!

However, the other vendors of WIFI are Not "Pollyannas". From that percepective I do not trust them more than Verizon.

 

[KingFatty]

OK thanks so much for all the feedback. I think I can trust just using the Verizon router, but I will punish it by putting it down in the dungeon, I mean basement. Then I'll just use two of my own gigabit routers configured as access points/switches at opposite corners of the house via Ethernet wire, and let the Verizon router handle all the routing/NAT, but do the wifi through my APs.

Verizon sold me the Actiontec MI424WR Rev. I, and it made me nervous when the tech guy over the phone reached into my router and reconfigured it remotely. I mean, if a Verizon tech goes rogue, I'm worried he could just maybe reach in there and turn off the firewall/protection/etc. and try to give me a virus to mine bitcoins or something.

 

[JackMDS]

Logon to the the WAN side of the Verizon Router and change the credentials of the WAN Remote control to whatever you like.

It is probably right Now it is on the default settings and thus Verizon people can access the Router and its menu.

I am not justifying Verizon but the initial capacity to access the WAN through the Internet give then a chance to Help Millions of new customers that do not know anything about Internet and Networking (and do not want to know anything technical) and help in the initial setting.

-----------------------

P.S. To have a good live it is better that One educates him/herself rather to resort by default to mainstream conspiracy Theory.

 

[azazel1024]

Logon to the the WAN side of the Verizon Router and change the credentials of the WAN Remote control to whatever you like.

It is probably right Now it is on the default settings and thus Verizon people can access the Router and its menu.

I am not justifying Verizon but the initial capacity to access the WAN through the Internet give then a chance to Help Millions of new customers that do not know anything about Internet and Networking (and do not want to know anything technical) and help in the initial setting.

-----------------------

P.S. To have a good live it is better that One educates him/herself rather to resort by default to mainstream conspiracy Theory.

I agree completely. I prefer to rely solely on myself, which for the most part, I've been able to troubleshoot my own issues a dozen times faster than trying to pick up the phone and call Verizon. I would never recommend that to anyone else who isn't resonably tech proficient (especially networking proficient). Having them be able to monkey around with things remotely can save a lot of time and grief depending on what is going on (especially if you end up thickfingering something changing settings).

 

[cmetz]

We just got Verizon FIOS, and they seem to mandate that we use their network device, which is a cable modem+wifi router. The fiber comes into a box outside the house, and then a coax cable comes out of their box into the house to their Verizon router inside the house.

There's a FAQ in the broadbandreports.com forum for FIOS that has a lot of the info you're looking for. Quick summary: You can avoid using their router entirely, but should keep one around in case you have to deal with their tech support. You can also use their router in several different "partial" configurations like putting your own behind it.

The Actiontec routers allow Verizon to remotely update and configure them from their network side without your knowledge or consent. See Comcast's recent announcement that they're going to turn many of their home gateways into Xfinity WiFi hotspots unless you opt-out for a fine reason why the vendor having any control of gear at your site can be quite dangerous. I think that VZ's intentions for that feature might be good, but I still would not recommend trusting those routers.

You cannot get around them controlling the ONT, but that's not a big deal.

 

[Red Squirrel]

Interesting they use Actiontec too? What about the ONT is it Alcatel Lucent? Sounds like the service I have is very similar. I have read that you can bypass the actiontec. Internet is on one VLAN, TV is on another, and phone is on another but part of the ONT anyway. For TV the packets need to be prioritized for video though, so you would need a managed switch that has that option. I have not done it myself though so not sure how involved it is.

 

[shortylickens]

I go thru another router. My own, it connects my computers for file sharing even if the FIOS modem/router gets messed up.

 

[KingFatty]

There's a FAQ in the broadbandreports.com forum for FIOS that has a lot of the info you're looking for. Quick summary: You can avoid using their router entirely, but should keep one around in case you have to deal with their tech support. You can also use their router in several different "partial" configurations like putting your own behind it.

The Actiontec routers allow Verizon to remotely update and configure them from their network side without your knowledge or consent. See Comcast's recent announcement that they're going to turn many of their home gateways into Xfinity WiFi hotspots unless you opt-out for a fine reason why the vendor having any control of gear at your site can be quite dangerous. I think that VZ's intentions for that feature might be good, but I still would not recommend trusting those routers.

You cannot get around them controlling the ONT, but that's not a big deal.

This was a concern for me, in that I worried that no matter how I configured Verizon's router, and changed all the passwords etc., I still thought maybe Verizon could always have their own back door into the router. We just got Verizon FIOS, and I read that article about Comcast fiddling around with customer routers without their consent.

I need to read up on the FAQ you mentioned, thanks!

 

[JackMDS]

Your ISPs control the flow to our systems and thus can find ways to get into our Networks No matter what we do.

A User (depending on the psychological level of his/her "Paranoid" concerns) has to make his/her decision at which level they stop.

I can lock my house install security alarm and cameras.

Build a Mot put Mines between the Mot and the house, then build a huge Mirror with metal mesh embedded to avoid Drone optical and electronic activities.

Where to stop is my choice.

 

[azazel1024]

Interesting they use Actiontec too? What about the ONT is it Alcatel Lucent? Sounds like the service I have is very similar. I have read that you can bypass the actiontec. Internet is on one VLAN, TV is on another, and phone is on another but part of the ONT anyway. For TV the packets need to be prioritized for video though, so you would need a managed switch that has that option. I have not done it myself though so not sure how involved it is.

Yeah, I think it was Lucent. Or at least I think mine is. Several different models out there, but I think they may all be Alcatel Lucent ONTs.

I don't believe that is the case at all. From what I know of it, the TV and phone are actually on different frequency carriers and are muxed with the internet. The break out is internal to the ONT and its carried on its own mediums.

Phone over the RJ-11 POTS ports, TV on the coax and Internet on either the ethernet or on a seperate frequency on the coax. Once from the ONT out to the FIOS office, it might actually be on different VLANs (it is PPPOE for FIOS internet), but the phone/TV I think are on different carriers and may not be using PPPOE at all.

NOT VLANS on your home's side. Seperate mediums and technologies.

 

[azazel1024]

Your ISPs control the flow to our systems and thus can find ways to get into our Networks No matter what we do.

A User (depending on the psychological level of his/her "Paranoid" concerns) has to make his/her decision at which level they stop.

I can lock my house install security alarm and cameras.

Build a Mot put Mines between the Mot and the house, then build a huge Mirror with metal mesh embedded to avoid Drone optical and electronic activities.

Where to stop is my choice.

Actually I think the state steps in a little before you get to the illogical conclusion of "where to stop is my choice". I think they draw the line at mining your property.

At least my state frowns upon burying explosives. Especially with pressure or tripline sensitive triggers. Though Texas might be okay with that.

 

[cmetz]

I still thought maybe Verizon could always have their own back door into the router.

They do. I forget the name, but there's some protocol they use and the Actiontec implements that allows the carrier to update the firmware and change the config remotely, without regard to your password/security settings.

Red Squirrel, VZ uses several different makes and models of ONT. I believe their makes are AFC, Moto, and Alcatel. Many models, some of which are custom to semi-custom for VZ.

 

[VirtualLarry]

Do what I do. Get your own, secondary router, put it behind the ActionTec, and configure the ActionTec to send all incoming unsolicited traffic to your secondary router. Thereafter, you would configure all of your port forwards and UPnP on the secondary router. VZ cannot get directly on your home LAN then, and they cannot know your secondary router's wireless password.

 

[KingFatty]

Do what I do. Get your own, secondary router, put it behind the ActionTec, and configure the ActionTec to send all incoming unsolicited traffic to your secondary router. Thereafter, you would configure all of your port forwards and UPnP on the secondary router. VZ cannot get directly on your home LAN then, and they cannot know your secondary router's wireless password.

Can you elaborate on what you mean by configuring the ActionTec to send all incoming traffic to the secondary router?

Earlier posts say to configure it to bridge mode (but I looked through the ActionTec manual and it didn't provide much detail about setting it to bridge mode), and this would avoid double NAT.

Could someone clarify what benefit is gained by avoiding double NAT? Sorry for all the noob questions, I'm still learning.

 

[azazel1024]

Can you elaborate on what you mean by configuring the ActionTec to send all incoming traffic to the secondary router?

Earlier posts say to configure it to bridge mode (but I looked through the ActionTec manual and it didn't provide much detail about setting it to bridge mode), and this would avoid double NAT.

Could someone clarify what benefit is gained by avoiding double NAT? Sorry for all the noob questions, I'm still learning.

Reduced latency and less chance of crap getting screwed up.