Using a non-ISP router with or instead of an ISP supplied router/gateway

[PumpUpVolume]

For those of you who are using a non-ISP router instead of, or a non-ISP router in addition to the router/gateway supplied by the ISP, which of the following installation configuration methods do you use:

1. The non-ISP router is installed behind the ISP router/gateway. Both the ISP router and the non-ISP gateway are configured to perform DHCP, resulting in a double-NAT configuration.
2. The non-ISP router is installed in the advanced DMZ of the ISP router/gateway. DHCP is provided by the ISP router/gateway and the non-ISP router is configured to be a DHCP client
3. The non-ISP router is installed behind the ISP router/gateway and is configured in bridge mode; DHCP is provided by the ISP provided router/gateway.
4. The non-ISP router is installed such that it entirely replaces the ISP supplied router/gateway. A SFP termination device provided by the ISP is plugged into a media adapter or an SFP slot on a non-ISP router.
5. The non-ISP router replaces the ISP supplied gateway, but is connected to an ISP supplied ONT
6. Another configuration - please describe

[lippavisual]

I've used all of the above.  Depends on what the ISP provides/supplies.  There's only 2 where I live.

Comcast= Modem in Bridge mode, router receives public IP

Verizon= Router sits in DMZ or have done Double NAT (Double NAT isn't that big of a deal for homes)

[RAV]

1. provide your own modem
2. install proper router in DMZ of Gateway
3. install proper router with Gateway in Bridge Mode (seen the ISP screw this up)

[PumpUpVolume]

7 minutes ago, lippavisual said:

I've used all of the above.  Depends on what the ISP provides/supplies.  There's only 2 where I live.

Comcast= Modem in Bridge mode, router receives public IP

Verizon= Router sits in DMZ or have done Double NAT (Double NAT isn't that big of a deal for homes)

In the situations where you don't have double-NAT configuration, what do you perceive to be the benefits of adding a non-ISP router? That is, when you are still relying on the ISP provided device for DHCP, what purpose/value do you see the additional router providing? Why not just connect a high quality switch to the ISP router?

Note: my ISP provides an ONT and a gateway. The ONT converts fibre to POTS (plain old telephone service) and ethernet that carries internet and IPTV to the ISP provided gateway. I have a business class POE switch connected to the ISP provided gateway. I believe I could install a self-provided router in DMZ mode; however, entirely replacing the ISP provided gateway would be difficult or possibly impossible/problematic. In my view, I don't have any issues with relying on the ISP gateway for WAN routing and the switch for L2 switching, but some people vehemently insist a self supplied router is better/important. I'm not sure that I would gain anything by adding a router, but I'm interested in learning why others are putting one in and why. Also note that I don't use the WiFi on the ISP provided equipment - all my WiFi is provided by access points that are connected to the POE switch via cat 6 ethernet.

[PumpUpVolume]

16 minutes ago, RAV said:

1. provide your own modem
2. install proper router in DMZ of Gateway
3. install proper router with Gateway in Bridge Mode (seen the ISP screw this up)

In situation two, the ISP gateway is performing DHCP - what you are you using the non-ISP router for? WiFI?

[Cyknight]

1 hour ago, PumpUpVolume said:

In situation two, the ISP gateway is performing DHCP - what you are you using the non-ISP router for? WiFI?

No the ISP router provides DMZ to the second router - the ISP router IS NOT providing dhcp beyond one to the 'actual' router and potentially IPTV devices).

The order of preference of that list should be:

1 Set ISP router to bridge mode (or bridged port, also an option on many routers for ISP that allow their own IPTV boxes to still operate on the other hardwired outptus (with added switches behind it if needed AND EVEN WIFI))

2 Provide your own modem

3 USE DMZ

[RAV]

Be aware that fist level phone support can turn off bridge mode, and will often do so on a whim to try and get off the phone quicker.
DMZ they haven't a clue about, and leave it alone.
Also, not for a while, but in the past, ISP updates that reverted out of bridge mode.

[PumpUpVolume]

6 minutes ago, Cyknight said:

No the ISP router provides DMZ to the second router - the ISP router IS NOT providing dhcp beyond one to the 'actual' router and potentially IPTV devices).

The order of preference of that list should be:

1 Set ISP router to bridge mode (or bridged port, also an option on many routers for ISP that allow their own IPTV boxes to still operate on the other hardwired outptus (with added switches behind it if needed AND EVEN WIFI))

2 Provide your own modem

3 USE DMZ

Bridge mode is not supported in my ISP's gateway/router, so #1 is not an option.

#2 is not an option in my case because the IP connection is established by the ONT. The ISP does not disclose account information and there is no information available for doing a wholesale ONT replacement. The ONT provides my phone, internet, and IPTV and I'm not about to try to figure out how to replace the ONT as that would be more pain than gain.

#3 is an option with my Gateway, but if I am not mistaken, with this approach one still must choose between (i) double-NAT - both the gateway and router have DHCP active; and (ii) using the ISP gateway as the sole DHCP device. One can't achieve single NAT with only the self provided router providing DHCP with this approach. But, please correct me with an explanation if that is wrong. From your comment I understand you take the double NAT approach.

 

[PumpUpVolume]

6 minutes ago, RAV said:

Be aware that fist level phone support can turn off bridge mode, and will often do so on a whim to try and get off the phone quicker.
DMZ they haven't a clue about, and leave it alone.
Also, not for a while, but in the past, ISP updates that reverted out of bridge mode.

Bridge mode is not supported on my ISP gateway, so that is a red herring for me. The DMZ approach is the only option available to me and I'm not convinced there is benefit in bothering with it. I'm curious as to what benefit others have found from taking this approach. To the best of my knowledge, by ISP gateway is not causing me any problems.

[ekohn00]

29 minutes ago, PumpUpVolume said:

Bridge mode is not supported in my ISP's gateway/router, so #1 is not an option.

#2 is not an option in my case because the IP connection is established by the ONT. The ISP does not disclose account information and there is no information available for doing a wholesale ONT replacement. The ONT provides my phone, internet, and IPTV and I'm not about to try to figure out how to replace the ONT as that would be more pain than gain.

 

 

An ONT does not establish an IP connection. Do you have FIOS with both an ONT and Router? (2 boxes)?

[PumpUpVolume]

4 minutes ago, ekohn00 said:

An ONT does not establish an IP connection. Do you have FIOS with both an ONT and Router? (2 boxes)?

I have an Alcatel-Lucent ONT (fibre in and ethernet out) and a Home Hub 3000 gateway. Do you need a photo of all this? Would that help?

 

[PumpUpVolume]

3 minutes ago, PumpUpVolume said:

I have an Alcatel-Lucent ONT (fibre in and ethernet out) and a Home Hub 3000 gateway. Do you need a photo of all this? Would that help?

 

More specific...

Alcatel-Lucent ONT --> Bell MTS Home Hub 3000 gateway (internet & IPTV) --> Netgear 28PT GE POE Smart Switch (GS728TP-100NAS) --> Netgear access point (WAC720)

[ekohn00]

6 minutes ago, PumpUpVolume said:

I have an Alcatel-Lucent ONT (fibre in and ethernet out) and a Home Hub 3000 gateway. Do you need a photo of all this? Would that help?

 

The tough question is does your ISP lock DHCP to the home Hub? And is the home hub for just internet, or TV? If your ISP locks you, then use the DMZ of the home hub, otherwise you should be able to find a way to replace the home hub with your own router.

[PumpUpVolume]

2 minutes ago, ekohn00 said:

The tough question is does your ISP lock DHCP to the home Hub? And is the home hub for just internet, or TV? If your ISP locks you, then use the DMZ of the home hub, otherwise you should be able to find a way to replace the home hub with your own router.

The Home Hub 3000 is used for both internet and IPTV. I don't believe that I can replace whatever device established the IP connection because my ISP will not share login/account credentials. I'm not entirely clear whether the login/account authentication is done by the ONT or the Gateway, but either way, the login/authentication is not accessible and when I've requested that information they refuse to provide it. There is a lot of good information on the internet about how to replace the Home Hub 3000 supplied by Bell, but my unit is supplied by Bell MTS; the two units have the same name but are quite different. The Bell HH3000 takes a SFP plugin to connect the fibre (and no ONT); the Bell MTS uses an ONT and there is standard ethernet cable between the ONT and the HH3000 - so the configurations are vastly different. Also, Bell discloses the "B1" account and Bell MTS won't disclose the authentication account. 

[Cyknight]

32 minutes ago, PumpUpVolume said:

 

#3 is an option with my Gateway, but if I am not mistaken, with this approach one still must choose between (i) double-NAT - both the gateway and router have DHCP active; and (ii) using the ISP gateway as the sole DHCP device. One can't achieve single NAT with only the self provided router providing DHCP with this approach. But, please correct me with an explanation if that is wrong. From your comment I understand you take the double NAT approach.

 

First things first: NAT is not DHCP.

Disabling DHCP on either router won't disable double NAT. Having two DHCP servers behind each other doesn't mean you have a double NAT.

 

DMZ doesn't truly ELIMINATE double NAT, but it does bypass several of the issues you MAY see when using double NAT (it's a big MAY because in the VAST majority of homes, it's not a problem at all) - including the xbox double NAT error, many (most) vpn issues and numerous (almost all) port forwarding issues. The most common issue with double NAT seen by 'homes' is that people don't understand that what is behind router #1 can't talk to things behind router #2 - which is just a matter of ensuring there's no need to do so. ie don't connect anything behind the ISP router with the possible exception of your ISP's IPTV boxes.

 

What you seem to have trouble believing is that your ISP router is not suitable for a smart home. If that's you belief, fine - but know that every time you ask a dealer, or on here for that matter, let alone C4 direct for support with any communication issues, system freezes and more, the first thing you'll hear (and possibly the last) is to fix that setup.

 

[ekohn00]

4 minutes ago, PumpUpVolume said:

The Home Hub 3000 is used for both internet and IPTV. I don't believe that I can replace whatever device established the IP connection because my ISP will not share login/account credentials. I'm not entirely clear whether the login/account authentication is done by the ONT or the Gateway, but either way, the login/authentication is not accessible and when I've requested that information they refuse to provide it. There is a lot of good information on the internet about how to replace the Home Hub 3000 supplied by Bell, but my unit is supplied by Bell MTS; the two units have the same name but are quite different. The Bell HH3000 takes a SFP plugin to connect the fibre (and no ONT); the Bell MTS uses an ONT and there is standard ethernet cable between the ONT and the HH3000 - so the configurations are vastly different. Also, Bell discloses the "B1" account and Bell MTS won't disclose the authentication account. 

The simplest thing for you is to use keep the HH3000 as the primary router and hang your own off it in the DMZ. Based on your description of logins, it sounds like the ISP probably maps their DHCP to the router's MAC address.

However, if you're dead set on using your own router only, check with your ISP if they will reset the DHCP to the router for your own device. If so, you should be able to place the HH300 downstream from your router in order to get IPTV.

Also an ONT is never your problem, it only takes fiber and converts to an ethernet signal.

[PumpUpVolume]

12 minutes ago, Cyknight said:

First things first: NAT is not DHCP.

Disabling DHCP on either router won't disable double NAT. Having two DHCP servers behind each other doesn't mean you have a double NAT.

 

DMZ doesn't truly ELIMINATE double NAT, but it does bypass several of the issues you MAY see when using double NAT (it's a big MAY because in the VAST majority of homes, it's not a problem at all) - including the xbox double NAT error, many (most) vpn issues and numerous (almost all) port forwarding issues. The most common issue with double NAT seen by 'homes' is that people don't understand that what is behind router #1 can't talk to things behind router #2 - which is just a matter of ensuring there's no need to do so. ie don't connect anything behind the ISP router with the possible exception of your ISP's IPTV boxes.

 

What you seem to have trouble believing is that your ISP router is not suitable for a smart home. If that's you belief, fine - but know that every time you ask a dealer, or on here for that matter, let alone C4 direct for support with any communication issues, system freezes and more, the first thing you'll hear (and possibly the last) is to fix that setup.

 

I believe I understand the DHCP vs. double NAT - I'd need bridge mode to avoid double NAT and my gateway doesn't support bridge mode so two routers and single NAT is no go.

 

Understanding that my switch is meeting my connection needs, what router would you recommend - where that router would have one connection to the HH3000 and one connection to the switch? i.e. I don't need a lot of ports, SFP slots, POE, WiF, etc on the router. What is a great but simple/bare-bones router that your recommend?

[PumpUpVolume]

5 minutes ago, ekohn00 said:

The simplest thing for you is to use keep the HH3000 as the primary router and hang your own off it in the DMZ. Based on your description of logins, it sounds like the ISP probably maps their DHCP to the router's MAC address.

However, if you're dead set on using your own router only, check with your ISP if they will reset the DHCP to the router for your own device. If so, you should be able to place the HH300 downstream from your router in order to get IPTV.

Also an ONT is never your problem, it only takes fiber and converts to an ethernet signal.

If I were to take the DMZ approach, what router would you recommend understanding I have enough switching capacity with the existing switch, don't need SFP ports, don't need WiFi on the router. What is a great bare bones router?

[PumpUpVolume]

Would this be a good and appropriate choice of router for my situation: Ubiquiti EdgeRouter X 5-Port Advanced Gigabit Ethernet PoE Router

Or could someone please recommend an alternative if that one isn't satisfactory for my needs?

[lippavisual]

ONT is nothing but a fiber converter.  Now some ISPs disable the ethernet port on the ONT, but nothing a phone call doesn't fix.

Not familiar with Bell, but they sound very similar to Verizon (who may even rent to Bell for service).

With Verizon, if you have cable boxes, you need their gateway.  Yes there are workarounds for that and yes, I've tried them all.  Not worth the hassle because something always breaks eventually.  In this situation, configure a DMZ for your own router.  Also, configure port forwarding to your router in the DMZ (Extra steps but I've seen ISP not forward ports to DMZ).  The only device wired to your ISP router should be your own router and/or cable boxes.

Now if you don't have cable boxes, send the gateway back and plug directly to the ethernet port on the ONT.  Reboot the ONT to release the IP.

As for routers, pick your poison.  The EdgeRouter would be fine.

[ekohn00]

14 hours ago, PumpUpVolume said:

Would this be a good and appropriate choice of router for my situation: Ubiquiti EdgeRouter X 5-Port Advanced Gigabit Ethernet PoE Router

Or could someone please recommend an alternative if that one isn't satisfactory for my needs?

NO.

you'd probably be better served with the Unifi line. Look at the UDM-PRO

[PumpUpVolume]

51 minutes ago, lippavisual said:

ONT is nothing but a fiber converter.  Now some ISPs disable the ethernet port on the ONT, but nothing a phone call doesn't fix.

Not familiar with Bell, but they sound very similar to Verizon (who may even rent to Bell for service).

With Verizon, if you have cable boxes, you need their gateway.  Yes there are workarounds for that and yes, I've tried them all.  Not worth the hassle because something always breaks eventually.  In this situation, configure a DMZ for your own router.  Also, configure port forwarding to your router in the DMZ (Extra steps but I've seen ISP not forward ports to DMZ).  The only device wired to your ISP router should be your own router and/or cable boxes.

Now if you don't have cable boxes, send the gateway back and plug directly to the ethernet port on the ONT.  Reboot the ONT to release the IP.

As for routers, pick your poison.  The EdgeRouter would be fine.

This is helpful. I do have a "cable box" (IPTV). Based on other reading, I do understand that these consumer based gateways handle DMZ differently than how DMZ is configured in an enterprise setting. Some consumer grade gateways forward all ports to the DMZ; others don't. I'm assuming the HH3000 does, but I'll have to test that.