My encounter with Verizon

Topic

New Reply

INTERNET By Will Fastie I had two support encounters of note in the past 60 days, but the one with Verizon is worth noting. Second by second, it seems
[See the full post at: My encounter with Verizon]

13 users thanked author for this post.

genej101, DLivesInTexas, Norio, fisher75, rc primak, TechTango, teuhasn2, Sky, Charlie, Casey S, Cybertooth, F A Kramer, windbg

Reply | Quote

Replies

Thanks for this very informative article.  It has undoubtedly saved me a lot of time, money, and aggravation.  I was considering using Verizon home as a backup to my (much improved) Comcast setup.  I, too, use only wired for computers and printers. I use WiFi only for ‘phones although I plan to test an Ethernet dongle soon. Apart from the much higher level of performance, we still don’t have enough reliable information about the dangers of radiation.

I didn’t know that WiFi performance could be enhanced at the expense of the wired connections! (clearly a WTF moment for me). I will not now consider using Verizon for my home network.  To change my mind their system must actually be plug-and-play since there is now essentially no usable tech support (not just Verizon for this phenomenon, it’s just part the accelerating decline of the West).

You were extremely lucky to have been connected to Terri after only three attempts. Intelligent and capable people don’t normally stay very long with these outfits.

I have used my own modem and router for many years now. I would not do business with an ISP if using their equipment was mandatory.

2 users thanked author for this post.

genej101, Will Fastie

Reply | Quote

Then there is my experience with AT&T. I have digital fiber optical service for internet and telephone. The AT&T supplied router converts the digital signal to analog for my telephone. One day my telephone was dead. The internet was all okay.

AT&T “requires” that I contact them for service for telephone problems by telephone! Eventually I was able to get to another telephone and called support.

Of course the problem was my wiring, my telephone set, my router(?), etc. No, I said, the problem is yours. After almost 45 minutes and explaining the problem in turn to six different support persons, I finally got an answer. “Oh, we had you disconnected. We will reconnect you.” Why I was disconnected was never explained.

Why is it necessary to make support so difficult for the customer? And while I am asking, could AT&T please employ someone who speaks English clearly?

11 users thanked author for this post.

RuosChalet, genej101, jerrylaufer, gwt10, fk5353, WScpupro, J9438, wavy, Charlie, Cybertooth, windbg

Reply | Quote

I suspect the thing that Terri changed that fixed your problem was turning off IPv6. I’ve had problems like yours in the past that were solved by turning off IPv6. Your switch could be at fault, but I’ve not dug into the low-level details of why these problems occur. It seems that outgoing packets get stuck waiting for a connection. I think it’s fundamentally a routing problem where not all of the players agree on the protocols.

5 users thanked author for this post.

genej101, gwt10, teuhasn2, Will Fastie, rbailin

Reply | Quote

I agree that IPv6 is the culprit. I routinely shut it off when I install a cable modem, wifi or no.

3 users thanked author for this post.

genej101, gwt10, teuhasn2

Reply | Quote

It is our practice to not to use our internet service provider’s modems / routers.

By purchasing our own we save on the “monthly rental charge” and can plug in a backup unit immediately if we run into a problem.

In the 800 Mbps modem category, in addition to their own equipment, our ISP has approved 46 modems manufactured by:

• Arris,
• ASUS,
• Hitron Technologies,
• HUMAX,
• Linksys,
• Motorola,
• Netgear,
• TP-Link, and
• Zoom Telephonics.

To protect privacy, all of our workstations, printers, and televisions are hard wired while we us WiFi for our internet radios.

2 users thanked author for this post.

genej101, teuhasn2

Reply | Quote

You seem to have a benevolent ISP.  I do not think Verizon FIOS allows customer-provided cable modems.  Here in my home office, we are stuck with Spectrum (the brand name of Charter Communications) and equally stuck with their cable modem. I once had my own cable modem, with payback of 12 months compared to Charter’s cable modem rental.  Then they changed the rules of the game, made their cable modem mandatory and buried the cable modem rental fee in the overall monthly charge,

Reply | Quote

Ben

Have you done a deep dive into Verizon FIOS’ terms of service?

Best Buy lists a number of “modems for verizon fios” including the:

• NETGEAR – 32 x 8 DOCSIS 3.0 Cable Modem,
• ARRIS – SURFboard AC1600 Dual-Band Router with 16 x 4 DOCSIS 3.0 Cable Modem,
• ARRIS – SURFboard SB6190 32 x 8 DOCSIS 3.0 Cable Modem,
• NETGEAR – Dual-Band AC1750 Router with 16 x 4 DOCSIS 3.0 Cable Modem,
• Etc.

https://www.bestbuy.com/site/shop/modems-for-verizon-fios

Then there is the March 25, 2022 Updater article A Guide to Verizon Fios Compatible Modems that includes a section entitled What are the best modems and routers for Verizon Fios internet?

They list four modems:

• Asus AX3000,
• TP-Link AX1500,
• NETGEAR Orbi, and
• TP-Link Deco.

https://updater.com/guides/verizon-compatible-modems

 

Reply | Quote

FiOS does not have cable modems. The FiOS technology is fundamentally incompatible with the Cable technology. No company makes third-party FiOS modems. That is why Verizon does not allow customers to have their own modems — there aren’t any available. There also are no “Cable Cards” for FiOS. So you can’t use your own recorder with this type of service.

We need to make sure when we are talking about routers that we use only this term. What is being discussed in this part of this thread are not modems, but routers.

You can use your own router with Verizon FiOS, but you must use their modem. Let’s please keep our terms straight here.

-- rc primak

3 users thanked author for this post.

RuosChalet, appyface, charlesrbasin

Reply | Quote

rc primak wrote:

There also are no “Cable Cards” for FiOS. So you can’t use your own recorder with this type of service.

Not sure what you mean there. We have FiOS in our home, and we are running two CableCARD devices to view and record shows from the channel lineup offered by Verizon. The CableCARDS were sent to us by Verizon, and we phoned a special Verizon number to activate them.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

windbg

Reply | Quote

Terminology is getting in the way here.

A modem talks to your ISP and outputs an Ethernet port. Regardless of the type of Internet connection – cable, fibre, 5G or DSL – you will have a modem.

Any router can be connected to any modem.

The confusion comes from the fact that many ISPs give you a device that serves as a combination modem and router. Often this is called a gateway, but combination box works too.

Any router can be connected to a combination box without doing anything special (as long as their LANs use different subnets). Connect the WAN port of the router to a LAN port of the combo box.

If you connect a router to a combination box, you may want to disable Wifi in the combo box, but not necessary. You may also want to put the combo box into Bridge mode, but again, not technically needed. Modems can not be put in Bridge mode.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

6 users thanked author for this post.

RuosChalet, THDrido, Norio, charlesrbasin, mapletrail, J9438

Reply | Quote

Kathy Stevens wrote:

It is our practice to not to use our internet service provider’s modems / routers.

By purchasing our own we save on the “monthly rental charge” and can plug in a backup unit immediately if we run into a problem.

In the 800 Mbps modem category, in addition to their own equipment, our ISP has approved 46 modems manufactured by:

• Arris,
• ASUS,
• Hitron Technologies,
• HUMAX,
• Linksys,
• Motorola,
• Netgear,
• TP-Link, and
• Zoom Telephonics.

To protect privacy, all of our workstations, printers, and televisions are hard wired while we us WiFi for our internet radios.

I do the same. In fact, I tend to buy the dumbest device that will serve as only a modem (and support the throughput I need). I don’t trust my ISP to do my routing duties the same way I can nor to do wireless well, so I’d rather get a modem I can put into bridge mode, then hook up a router to do my wireless and wired things. So my modem is an Arris SB8200 which fits almost everyone’s compatibility lists. And because it has no wireless, xFinity can’t hand out my bandwidth as a wireless hotspot either.

If I was recommending to a regular user, I’d probably recommend a midlevel ASUS router that lists lifetime AiProtection as one of its features; this is like getting a poor-man’s firewall in that it will usually have gateway antivirus, reputational-defense, optional internet filtering, and basically the things a more expensive business-oriented UTM (Unified Threat Management) router-firewall does. They’ll also more likely have better wireless than any ISP’s router. And for an enthusiast, you can set up a VPN so you can connect back securely into your network from the outside, which is also a great way at having a protected connection if you’re connected to an insecure hotspot somewhere else (e.g., a coffee shop or airport) , as your traffic will be encrypted. You can also set the DNS servers to be secure ones from somewhere like CloudFlare or Quad9 so the ISP and others aren’t snooping your traffic, and some of these also offer a base level of malware protection by blocking known bad sites.

In my case, I have a Fortigate firewall and a Ubiquiti WiFi6 access point, but that’s also because I work in tech and often have access to expensive equipment for less or because I have certifications that put me in a special access program for them so I can keep educated on them. This is overkill in 90% of all cases or requires more configuration than most everyday people, (thus I don’t recommend it). But I’ll never be a fan of recommending people use only the modem the ISP gave them.

We are SysAdmins.
We walk in the wiring closets no others will enter.
We stand on the bridge, and no malware may pass.
We engage in support, we do not retreat.
We live for the LAN.
We die for the LAN.

3 users thanked author for this post.

SupremeLaW, Norio, mapletrail

Reply | Quote

Again, these are routers, not modems. Let’s keep our terms straight, please.

Yes, you can disable the router portion of the Verizon FiOS gateway (combination modem and router). The posts in this thread seem all to be about routers, not modems.

-- rc primak

2 users thanked author for this post.

RuosChalet, SupremeLaW

Reply | Quote

Please explain this to AT&T. In their advertising and support they call it a router. I also have encountered the term “Internet Gateway” for this device, which I always assumed refers to the combination of modem and router.

Reply | Quote

Yes, “gateway” is the common term for a combination modem and router.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

2 users thanked author for this post.

Will Fastie, J9438

Reply | Quote

I do the same. I use my own modem (Comcast approved) which I buy and have been using Cisco routers for years with no issues at all – well once, I was bottle necked by using a 1GB router, upgrading to a 2GB Cisco router solved that. Only when I first got broadband did I use a Comcast modem and that was a mistake, which I’ve never made again.

1 user thanked author for this post.

SupremeLaW

Reply | Quote

Will, now you get the drift of why I get asked to contact vendors, cable and computer alike, on behalf of my clients, many of whom would needs years of language lessons to speak the same level of technobabble that we have learned so well.

2 users thanked author for this post.

SupremeLaW, Will Fastie

Reply | Quote

mo-pep wrote:

turning off IPv6

That was my guess, too, but I can’t prove it.

Reply | Quote

Kathy Stevens wrote:

It is our practice to not to use our internet service provider’s modems / routers.

I’m aware of these options. However, the one thing I’m not sure about is whether they work in the home environment. A long time ago I discovered that some of the services provided by FIOS for TV came over the Internet connection, so the FIOS box needed to sit on the COAX side. When I deployed FIOS for business, that wasn’t the case.

Reply | Quote

At home we have two “boxes”.

A modem for the internet of things including smart TVs and a television “box” to handle cable TV.

Our structure is fed via a single coaxial cable. We equipped the cable with a splitter with one line going to the TV box and the other to the modem.

Second and third TVs are internet only.

 

Reply | Quote

Your final few hundred feet may be a coax cable, but Verison FiOS is not Cable. It is fiber optic. And as such it does not have a “coax side” technically. It has a fiber optic side.

-- rc primak

1 user thanked author for this post.

SupremeLaW

Reply | Quote

Will Fastie wrote:

FIOS box needed to sit on the COAX side.

See #post-2543867 below

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

chasrome wrote:

I will not now consider using Verizon for my home network.

I’ve been using FIOS for a long time. My ability to work at home jumped dramatically after I switched from DSL (I never used Comcast/Infinity because of its COAX heritage and the node organization in neighborhoods). The key to this boost was symmetrical performance – same speed up as down. Before the family was doing so much streaming, I used more upstream bandwidth than downstream.

So I don’t have any inherent problem with the tech and have no problems recommending it.

Reply | Quote

I feel your pain.  I try to avoid phone support as much as possible, because of the very bottom-of-the-barrel approach most tech support assumes.  Sometimes, like you, I’ll get lucky and the agent will actually listen to what I’ve already troubleshot, and adjust their playbook/scripted responses accordingly.

Most of the time, they’ll adamantly refuse to jump ahead in their troubleshooting, and demand we start with step 1.  More and more I believe that most tech support  operators have no idea what’s going on, and they can only follow a script.  In fact, I’ll bet dollars to donuts many are in call centers that handle multiple vendors products.  Depending on what phone number you dial, the pop up on their screen for your incoming call tells them they’ll be playing the part of Steven from Dell.  Their next call, they’re Jake from State Farm.

I’ve finally given up… It’s gotten to the point I’ll just play along without doing anything they’re actually asking.  you want me to reboot?  Okay, I’m rebooting now (without actually doing anything; wait the time typically associated with rebooting), yep it’s rebooted.  Nope, problem still exists…  I’ll play this game with them while they progress through their scripted troubleshooting, all the while I’m working on another project altogether.  Just  keep playing and waiting until their script “catches up” to the point I’ve already troubleshot/arrived at.

Another part of the issue, I believe, is where over-automation has actually stripped away the tech’s actual ability to help you.  Not too long ago, savvy tech’s could fix about anything through their employers system portals.  Now, in an employer always knows best situation, it seems most techs are locked out of most, if not all, system change/control.  Where they could previously override or change a flag to get something working.  Now they can’t.  Either their employer doesn’t want them to, or whomever engineered the system never took into consideration just how many one-off use cases there are, and that you can’t conceive every possible combination of if/then.

And you know, their versions of Sydney and Bard are in the works…  I’m afraid it’s only going to get worse…  At least there’s the off-chance Sydney will proclaim it’s love for you during the call.

6 users thanked author for this post.

ctRanger, SupremeLaW, gwt10, wavy, F A Kramer, Cybertooth

Reply | Quote

Casey S wrote:

their versions of Sydney and Bard are in the works…  I’m afraid it’s only going to get worse…

I’m sure that’s coming. But if it is, the companies are much more likely to use Terri as the exemplar. In other words, I’d expect properly provisioned AI to be extremely effective at coming up with solutions in specific problem sets. Even with computers doing the work, the same economic model applies – help as many people as possible at the lowest cost achievable.

Reply | Quote

Verizon’s FIOS is supposed to be a Fiber Optic System.  I would think a special Fiber Optic modem would be required to connect to the fiber optic cable.  When I hear “Cable Modem” used, I immediately think of Coax Cable TV such as Xfinity.  It seems like there should be a Fiber Optic Modem, or modem/router.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

I chastised several people already in this thread for calling routers modems. FiOS has no third-party modems. It only uses the Verizon modems. But you don’t have to use their router. You can switch that off and use your own router. Not modem — router.

-- rc primak

3 users thanked author for this post.

RuosChalet, appyface, Charlie

Reply | Quote

Charlie wrote:

Verizon’s FIOS is supposed to be a Fiber Optic System

It is. Fiber arrives at an interface box, which has both COAX and Ethernet outputs. Both of those connect to the router. This is usually called fiber to the curb (FTTC).

Fiber has been deployed for decades, but FTTC arrived quite late on the scene. Cable TV had been around much longer, so a very large number of homes had COAX wiring. That’s because a run of COAX was required to each TV. Fiber is a bit more delicate, so it was simpler (and cheaper) for fiber to interface to that existing wiring. So it does.

In my household, we’ve “cut the cable.” We no longer have cable boxes with each TV. But when we did, they were connected via COAX. However, command, control, and guide services came over the Internet side, which meant the in-house router needed to have a COAX connection.

 

1 user thanked author for this post.

Charlie

Reply | Quote

So your use of the term “coax side” only refers to your in-house wiring, not to the Verizon FiOS interface wiring?

I was wondering, as there were people posting in this thread who were confusing FiOS with Cable, and claiming you can get third-party FiOS modems. Which is not true. Only routers to replace the one in the Verizon box.

-- rc primak

Reply | Quote

I have FIOS and all I have from them is the Optical Network Terminal (ONT) located in my garage. From there I have an Ethernet cable running to my control box in the basement with Ethernet running to the rest of the house’s computers,, TV, certain cameras and the router. That works great since I have my router in the middle of the home and do not need extensions or MESH. My other home is on ATT and they insisted I use their router. Like many have said before, I turned off their WIFI and put the router into bypass mode to my MESH system. Works great as I have solar powered cameras outside the home and need the extra connectivity.

1 user thanked author for this post.

Charlie

Reply | Quote

rc primak wrote:

So your use of the term “coax side” only refers to your in-house wiring, not to the Verizon FiOS interface wiring?

Yes, that’s right. Glass to the FIOS interface box, then copper from there to the router.

As I said, two outputs – RJ-45 for pure Internet and COAX for TV. But the COAX network must include a connection to the router, or TV service won’t work properly. That’s because boxes attached to the TV, which are connected via COAX, must have a way to get to the Internet. The router is extending a network over COAX so the TV boxes can get to the Internet.

There are two ways to look at systems like this. One is as “cable” TV with Internet, and the other is as Internet with “cable” TV. Consumers who think about getting cable TV tend to think in terms of the former because CATV has been around since the ’60s, while FTTC is much more recent. So consumers think “I’ll get cable TV” and then decide on their chosen vendor, which might be Verizon, Infinity/Comcast, or some other provider. They don’t think so much about the underlying technology.

Reply | Quote

I’m puzzled by the network topology diagram you gave in the article.  If it’s correct, Verizon has complete access to your network and all devices on it since they have complete access to their router/modem.  Normally one would place a firewall/router between Verizon’s box and their own network.

 

3 users thanked author for this post.

Michael432, Charlie, Will Fastie

Reply | Quote

Yes, you do need your own wireless access point. Absolutely. And your own router/firewall.

They control everything on their router.  They can examine and capture all traffic – both outbound and your local traffic.  They can open inbound ports on your router so that a service that you think is for local use only is now exposed to everyone on the internet – think RDP, HTTP, SMTP, SNMP, SMB for a few.  Do you really want Verizon and possibly the rest of the world to have access to your local services and local traffic?  What happens to your security if they even innocently misconfigure leaving a port open or leaving PnP turned on?

There’s also no way I’d let Verizon run a piece of software on my network but that’s just me.  I guess that’s up to how much you trust a phone company.

 

2 users thanked author for this post.

rc primak, Charlie

Reply | Quote

While I completely agree with the concept of using your own router, the problem for most people is what happens when things go wrong. If all the hardware is from the ISP, then they are on the hook to fix it. When you own your own router, the ISP can just blame any issue on your router.

Techies can simply connect a computer to the modem to see if the router really is the source of the problem. Or, we can learn to understand what the lights on the modem mean. But for non techies, having one place to call where they are on the hook for fixing any problem is obviously appealing.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

4 users thanked author for this post.

RuosChalet, rc primak, J9438, Still Anonymous

Reply | Quote

I’m writing this after a different follow-up down-thread, where I mentioned that a lot of support reps are working under the expectation of non-technical users with FAQ-grade questions.

In that context, the problem with providing your own hardware (whether a combo unit or separate modem and router) is that you’re using something that’s not on their approved list, then it’s really easy to blame the user for problems, so that they can end the call.

The underlying assumption is “our stuff works”, and if things aren’t working, it’s your fault, even if it isn’t.

Reply | Quote

I agree using their hardware does eliminate some problems – I use Charter/Spectrum’s modem/router instead of buying one for just that reason.  More expensive, yes, but less grief when talking to support.  I also put my own router/firewall behind it.  I get around the finger pointing by tell them “you make your hardware work when I have my laptop plugged directly into to it and I’ll take it from there with the rest of the net”.

2 users thanked author for this post.

rc primak, Cybertooth

Reply | Quote

While the article is informative, I fail to see why the reference to Metro by T-Mobile. That statement seems like an endorsement for Metro by T-Mobile and has absolutely nothing to do with the purpose of the article to begin with. Why the comparison of the ‘cellular wireless’ side of one company -vs- the home internet side of another? As for cellular we utilize 2 different companies in AT&T and Verizon and can compare those two services since they are in fact the same. I would never compare T-Mobile’s ‘Home Internet 5G’ to either AT&T or Verizon cellular wireless, those would not be a fair comparison. It seems like a bit of personal bias came into play in this article. This is just from my perspective that articles should containing valuable information should be as free from personal bias as possible to allow consumers to actually be informed.

Reply | Quote

Will Fastie wrote:

Yes, that’s right. Glass to the FIOS interface box, then copper from there to the router. As I said, two outputs – RJ-45 for pure Internet and COAX for TV. But the COAX network must include a connection to the router, or TV service won’t work properly. That’s because boxes attached to the TV, which are connected via COAX, must have a way to get to the Internet. The router is extending a network over COAX so the TV boxes can get to the Internet.

I’ve been on Google Gigabit Fiber for the past 3 years and their fiber “wall jack” only includes an ethernet port.

Their TV service, which I didn’t purchase and they no longer provide, required a second box that used COAX to connect to the TV and an ethernet cable that connected back to a “specific” port on their gateway router that could only be used to for TV service.

Initially I had to use their gateway router but, about a year after I signed up for their service, they made a change to their system that allowed users to connect their own “in-house” gateway routers to their fiber wall jack via ethernet so my Linksys WRT1200AC router is now directly connected to the fiber wall jack using a short 2 foot long ethernet cable.

BTW, I still have the Google gateway router (in it’s original box with all its accessories) since they didn’t want it back.

2 users thanked author for this post.

rc primak, Will Fastie

Reply | Quote

Yes, I suspect that if Will connected a Linksys router to the Ethernet port on his modem (“interface box” in his words) the router would work just fine.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

rc primak

Reply | Quote

That’s the bare minimum that anyone should be doing unless they trust the phone company  completely.

You can always use the phone/cable company’s Wi-Fi for a guest network or an IOT network.  IOT and guests should never be on the same network as your data anyway.

Reply | Quote

Yes, if you supply your own router and keep the Wi-Fi enabled on the ISP router, then the ISP Wi-Fi is fine for Guests. IoT is a matter of opinion. However, there is a good chance that one or both routers does a miserable job of picking a Wi-Fi channel, so you should pick the channels manually in this case.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

3 users thanked author for this post.

rc primak, J9438, Charles Canard

Reply | Quote

Good point on the channels. Two devices on the same channel isn’t the end of the world but it’s always better to spread them out.

Having IOT on an isolated network makes those devices no different than any other device out on the internet as far as interacting with your personal network.  The only problem I see is that if one of them goes rogue, you’ll get blamed for the traffic it creates since it’ll be coming out of your modem.

Best thing to do with IOT hardware is to stick it behind its own router/firewall and rate-limit the communications from that net.  At that point we’re getting into more complexity that most would want to mess with.  Letting IOT only talk to your ISP’s hardware and keeping it off of your personal data network is a huge step in the right direction for security.

1 user thanked author for this post.

rc primak

Reply | Quote

Charles Canard wrote:

Normally one would place a firewall/router between Verizon’s box and their own network.

That’s a very good point. But it also means that one would need their own wireless access point.

Verizon pushes people very hard to install their app on at least one PC. during the installation of my first Verizon deployment in my home, the installer put the app on my PC without asking me first. I was allowing him to use my PC to check the router, which could have been done with a browser. I rarely lose my cool, but I dressed the guy down (mostly for not asking permission) and filed a complaint with Verizon.

So yes, Verizon can see the traffic because it’s going through the router. But I don’t see evidence that the router is doing anything evil. I hope I’m right.

3 users thanked author for this post.

rc primak, Charlie, Cybertooth

Reply | Quote

Will

Is there any value in installing a VPN on computers connected to the Verison network in order to encrypt outbound traffic and thus making it unavailable to the ISP?

Reply | Quote

Will Fastie wrote:

So yes, Verizon can see the traffic because it’s going through the router. But I don’t see evidence that the router is doing anything evil. I hope I’m right.

I’m now wondering where it is and who is seeing your traffic.  I wonder if Verizon is farming out their service work to countries like India, which is usually why we have a tough time understanding them, and them us.

This is just my opinion, but I’d rather not have my information going out of my own country.  Yes, I guess I’m being “Old Fashioned”.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

It not so much that they can see the traffic going out of your LAN but that they can see all of the traffic on your LAN – all the traffic between your machines, all the trafffic to your NAS, and to your printer, and that’s usually not encrypted.

A hundred bucks spent on your own Wi-Fi router between your LAN and Verizon’s box will fix this gaping security hole.

1 user thanked author for this post.

rc primak

Reply | Quote

In the case of Will’s network, the Verizon box would, almost definitely, not see any Ethernet traffic at all. Ethernet frames between LAN side devices should stay within in his big Linksys switch.

In general, what you are saying is true. Will’s network is an exception.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

2 users thanked author for this post.

rc primak, Will Fastie

Reply | Quote

Almost definitely?

The remote adminstration function on these devices will allow port mirroring and allow port forwarding, both of which are serious security vulnerabilities in the wrong hands.   He who owns the router/firewall owns the network.

Reply | Quote

There seems to be a lot of confusion in several of these posts and I’m only replying to this one because it is simplest and somewhat related to my answer.  I just had Verizon FIOS installed a couple months ago to replace ever more expensive Comcast (I cut my bill more in half).  The termination point for the fiber installed by Verizon is a small box called an ONT (Optical Network Terminator) which jacks into the wall plug where the fiber comes into the house.  There was absolutely no pressure to install their router — I simply moved my Linksys router from the Comcast connection to the ONT connection, made one change in the router setup to account for the fact that I no longer had the Comcast fixed IP address and everything worked.  I run 6 devices hardwired (computers, printers, Roku) through ethernet and maybe a dozen devices (laptops, phones) on WiFi and everything coexists with no problems.

1 user thanked author for this post.

rc primak

Reply | Quote

By the way I have Verizon consumer not business service.

1 user thanked author for this post.

Charlie

Reply | Quote

Effectively, the ONT is a modem.

-- rc primak

Reply | Quote

rc primak wrote:

Effectively, the ONT is a modem.

Technically, it’s not. The only similarity is that both sit at the same position in the network hierarchy.

The significant difference is that modems convert analog RF signals to digital and vice versa. Optical systems are inherently digital, so an optical interface converts light pulses into electrical pulses, and vice versa.

Reply | Quote

Kathy Stevens wrote:

Is there any value in installing a VPN

I don’t know how to answer that question. Networking isn’t my specialty, so I don’t want to offer advice beyond my comfort zone.

I have deployed VPN a few times for clients, but it always involved special cases. For example, 17 years ago a client wanted to be able to log into his office from his home PC, effectively joining its domain. Routers with VPN were installed in both places. The use case was the comfort level of the client, who was concerned about the confidential nature of his customer’s data.

Today, we’re doing banking online and depending upon SSL. The data is encrypted between a browser and a Web site, so those encrypted packets flow through the router.

It’s a good question, though.

Reply | Quote

Will,

A VPN is the best answer to your original issue, dealing with the IP address whitelist.

One option is a small mom and pop VPN provider that only has one server in a given city. Pick two cities and add the IP address of these two VPN servers to the allow list. Or, with a larger VPN company, pick just one specific server in a couple different cities. Most, but not all, large VPN providers will show you all their servers in a particular city. If you want recommendations for specific VPN providers, email me.

This is a more flexible solution than a static public IP address. If nothing else, it lets you be on the IP white list even when away from home.

Michael Horowitz

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

3 users thanked author for this post.

rc primak, wavy, Will Fastie

Reply | Quote

Passing on the mechanics of hardware configuration, and addressing how you were treated by tech support…

A common problem is that vendors tend to treat tech support as a cost center, and where the incentives are to keep calls as brief as possible.  And as an aside, where they may use their phone reps as sales agents. (If you’re calling to resolve a tech problem and you get a sales pitch, refuse the sales, regardless of the deal offered, and emphasize that your call is for tech support, not sales. Don’t let the rep distract from that.)

Beyond that, the majority of people that they talk to (especially consumer-focused support channels) tend to be technically-limited end users, for whom the FAQ approach to simple problems often does what’s needed. And many of the support techs don’t have any real hands-on experience, and what they’re telling the user is merely reading from a script.  They have no idea of what might work or not, just that what they’re telling you is what’s on the script. But then it’s frequent that they’re trying to get a call finished ASAP, where a manager (or electronic equivalent) is looking over their shoulder, and pushing for resolution to move on to the next call.  Unfortunately, too many support reps are graded on the speed of resolution, not the quality.

Years ago, I was working on configuring a modem/router, and the rep advised me to configure for WEP, rather than WPA-2. I was surprised, and asked if the intent was a temporary setting, just to get things operating initially.  When the rep told me that was not a temporary thing, I objected, and insisted that he give me the instructions for WPA-2.

As Will notes, there are times when it’s useful to tell a support rep that you have some experience in troubleshooting. Among other things, that helps the rep to know that I’m going to be reporting technical detail in symptoms, not just the “it doesn’t work” complaint that’s common in reports by non-technical users.

Sometimes, alerting the rep helps to get past the basics (e.g., you’re calling support because you’ve already done all the FAQ stuff), but there are some reps that are insistent at starting at Step One, and meticulously going through all of the steps sequentially, and not listening to any detail that you give. The script doesn’t allow for skipping steps, and so they won’t (plus, there are occasions when a knowledgeable user may have missed something, and doing the steps in order can catch a problem).

If a support rep is non-responsive or rude, there is no reason to see the call all the way to the end.  Request a transfer to another rep or escalate to Level 2 support.  Or there can be times when you may explicitly request a supervisor, if you believe the treatment you’re getting is inappropriate.  Remember also that you have the final control over the call, and if necessary, there’s always the switch hook, and you can end the call.

Although sometimes support reps will have a call-back number in the event of disconnection (especially telcos) and try to call you back if a connection is lost, you can still try calling back, with the hopes of getting a different rep.  I don’t think you have to wait to ensure that the problem rep is off-shift, just wait long enough to ensure that the rep has gone on to another call and is no longer available.

Reply | Quote

Speaking of Verizon FIOS – many years back a relative of mine converted from cable to FIOS. The router Verizon provided was doing WEP encryption for Wi-Fi, years and years and years after it had been shown to be insecure. The router was capable of WPA2, but was doing WEP by default. Security is not a concern for any ISP.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

2 users thanked author for this post.

rc primak, J9438

Reply | Quote

Well to my understanding some questionable statements regarding FIOS in this thread.

Let me try to explain. The FIOS ‘signal’ comes to the premise (or, as in my case, into) on a Fiber Optic cable. This plugs into an Optical Network Terminal (ONT ). The ONT may supply a connection for a phone (RJ11 IIRC) , Ethernet RJ45 and an RJ6 MoCA connection for signal to Set Top Box (STB) and router (G3100 in my and Will’s case). This later can be for your internet and/or chat between G3100 and STB (on demand video and TV guide stuff)

I do not know if the protocols work between the ONT and one of the Best Buy ‘modems’. They do have the same connectors but I do not know just what the function would be if so.

As to using one’s own router as the primary, it is possible (or even only router if certain TV functions are forgone).

This is my configuration:

Background material for this:

https://www.dslreports.com/faq/15992

https://www.dslreports.com/faq/verizonfios

https://community.verizon.com/t5/Home-Internet-Fios-and-High/Bridge-G1100-So-Your-Router-Becomes-Primary/td-p/1492789

The black box in the middle labeled VZ router would be the G3100.

There are several ways to do this but IMHO this is the easiest but one needs to review the materials.

However %100 NOT Plug and Play
Maybe more like plug and pray.

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

3 users thanked author for this post.

rc primak, windbg, Will Fastie

Reply | Quote

Michael432 wrote:

big Linksys switch

That made me laugh. That switch is pretty tiny. The scale of my drawing might be off, though.

Michael432 wrote:

Will’s network is an exception.

What’s the exception?

Reply | Quote

All Ethernet devices plugged into your own switch.

This should prevent Ethernet device -> Ethernet device traffic from ever hitting the Verizon router which is a good thing.

I used to copy a large file between two ethernet devices on my LAN and it went through my router, which showed a 99% cpu usage during the file copy.

 

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

J9438

Reply | Quote

Michael432 wrote:

Yes, I suspect that if Will connected a Linksys router to the Ethernet port on his modem (“interface box” in his words) the router would work just fine.

I absolutely know that to be true for Verizon Business FIOS because I’ve done exactly that. I don’t know it to be true for consumer FIOS.

Reply | Quote

wavy wrote:

As to using one’s own router as the primary it is possible

I’ve never tried that.

I don’t think I care if the G3100 sits at the top of the heap. I’m most interested in a secure wired network. If I develop further concerns, the advice here to add a firewall and wireless access point downstream of the G3100 seems on target.

1 user thanked author for this post.

rc primak

Reply | Quote

The first step in getting a secure wired network is to get your own router/firewall in there.

He who owns the router/firewall owns the network.

Reply | Quote

Michael432 wrote:

Yes, I suspect that if Will connected a Linksys router to the Ethernet port on his modem (“interface box” in his words) the router would work just fine.

One caveat to that; Verizon is weird in regards to WAN DHCP services. It is best to clone the MAC address and set the Wan IP address on the replacement and ask for DHCP release on the Verizon router immediately before removing it from network. It can take hours before Verizon decides to redistribute IP addresses and do you really want to try to explain to the VZ tech you just need DHCP re-provisioning?

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

My “original” Google Fiber setup was ONT wall jack ⇒ Google Fiber box (GFRG100) ⇒ Personal router (Linksys WRT1200AC) ⇒ Internal network (both Wifi & Ethernet).

Then Google changed their service to allow “direct connection” of end user gateways/routers so…

My “existing” Google Fiber setup is now ONT wall jack ⇒ Personal router (Linksys WRT1200AC) ⇒ Internal network (both Wifi & Ethernet).

And making the change was dirt simple with absolutely no drama at all!

I unplugged the “existing” Google Fiber box from the ONT wall jack, plugged my Linksys router in it’s place, power cycled the ONT wall jack (it’s powered by a small “wall brick” style transformer) and, once everything synced up (the ONT LED turned solid blue) it all worked with no further steps needed.

BTW Will, according to various online sites, it is possible to use your own router with Verizon consumer FIOS service and, as long its standalone FIOS (i.e. not FIOS + TV), setting it up is just as simple as what I did with my Google Fiber.

• Using your own router with Verizon FIOS

Note: the above link also includes instructions on how to use your own router with Verizon’s FIOS + TV service but it’s a more complicated setup.

3 users thanked author for this post.

Will Fastie, rc primak, windbg

Reply | Quote

Michael432 wrote:

In the case of Will’s network, the Verizon box would, almost definitely, not see any Ethernet traffic at all.

Just broadcasts, but is UPNP broadcast based? That would be traffic I would not want available at the ‘modem’.

BTW, Verizon support may not be great but it is much better than Optimum/Altice in my experience. I have not spoken to a tech since I set up my network and then it was my misunderstanding than was causing my problem, the DHCP thing I mentioned elsewhere.

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

is UPNP broadcast based?

I don’t know but disabling UPnP is a standard thing for anyone interested in security.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

2 users thanked author for this post.

rc primak, Kathy Stevens

Reply | Quote

Correct me if I’m wrong, but connecting the WAN port of a second router to the LAN port of the Verizon modem/router/Wi-Fi box should not have anything to do with the Verizon box’s WAN DHCP services.  It’s just another device on the Verizon LAN.  One caveat, be sure the new router’s LAN IP range is different than the Verizon LAN IP range.  I.E. if the Verizon uses 192.168.0.1-255, then don’t use that on the new router LAN.

1 user thanked author for this post.

Will Fastie

Reply | Quote

wavy wrote:

BTW Verizon support may not be great

I don’t mean to imply that Verizon support isn’t good. I think my second interaction was an aberration, because historically I’ve been extremely happy with support.

My gripe this time is that the G3100 came configured in a way that instantly destroyed performance. That wasn’t tech support’s fault, and Terri cleared that up. For all I know, she was acting outside Verizon’s desires, but she did solve the problem and she did it fast. I think she’s good at her job, but I also think she’d gone through it before because there was no hesitation in what she did.

So, no blanket condemnation of Verizon support was intended.

Reply | Quote

Charles Canard wrote:

One caveat, be sure the new router’s LAN IP range is different than the Verizon LAN IP range.

That’s a good tip.

The G3100 came configured with 192.168.1.X. Admin is at 192.168.1.1.

Reply | Quote

Charles Canard wrote:

And your own router/firewall.

Which router/firewall do you use?

Reply | Quote

I use a Ubiquiti UDM Pro with a Ubiquiti 24 port POE switch and six Ubiquiti Wireless Access Points.  (It’s covering almost 9,000 sqft on three levels.)  I like the Ubiquiti because of the software defined network that allows me four independent wireless and wired networks over one set of hardware, all manageable and updatable from a single administration point.  This is all fed by the Comcast/Spectrum modem with T-Mobile as a backup connection. The firewall also supports “geofencing” to block a long list of countries – both in and out.  Call me paranoid but I’ve been in this business a long, long time.  You only need to get bitten once to become a believer.

Currently it’s defined as a personal network, a guest network, an “IOT” network, and a test network.  It also supports a home surveilance system.

3 users thanked author for this post.

rc primak, DLivesInTexas, wavy

Reply | Quote

I use Peplink which is, in my opinion, a step up from Ubiquiti. But, they do not offer geofencing. If the geofencing is based on IP addresses, be aware that it is far from perfect. Still, I have no doubt its helpful and every little bit helps.

Peplink can do generic DNS blocking, so I can configure it such that no device on the LAN can contact any .cn or .ru domain. Does Ubiquiti offer this?

As to your VLANs (that’s what your “networks” are), let me suggest two for IoT. One where the devices can not see each other and one where they can.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

3 users thanked author for this post.

rc primak, gort77, Kathy Stevens

Reply | Quote

For Michael432

I’ve been using the Peplink Surf for a few years now, since following your router security site. Works great with the ATT fiber Gateway.

Love the Vlan feature. My only complaint is their built in wifi is a little weak in coverage. I am about to add a pair of wired wifi access points, not sure of brand yet. This will also ugrade my house to wifi6.

Sorry for the shameless promotion, but keep up the good advice on security.

 

Reply | Quote

Charles Canard wrote:

Correct me if I’m wrong, but connecting the WAN port of a second router to the LAN port of the Verizon modem/router/Wi-Fi box should not have anything to do with the Verizon box’s WAN DHCP services.

Correct

Charles Canard wrote:

It’s just another device on the Verizon LAN.

Yes.

Charles Canard wrote:

… be sure the new router’s LAN IP range is different than the Verizon LAN IP range. I.E. if the Verizon uses 192.168.0.1-255, then don’t use that on the new router LAN.

Agreed.
FYI: the official term for “LAN IP range” is subnet.
This page
https://routersecurity.org/ipaddresses.php
shows the default subnet used by many different router companies. The 192.168.1.x subnet is probably the most popular.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

2 users thanked author for this post.

gort77, Kathy Stevens

Reply | Quote

Comcast uses a range of 10.0.0.x, etc.

-- rc primak

Reply | Quote

Charles Canard wrote:

Ubiquiti

Whew. Bit out of my budget.

1 user thanked author for this post.

rc primak

Reply | Quote

Ok

We have the hardware for our internet connection up and working the way we want.

Now the question is does a virtual private network (VPN) really protect your online privacy?

There are a number of providers including:

• Proton VPN,
• NordVPN,
• Surfshark VPN,
• TunnelBear VPN,
• IVPN,
• etc.

But what exactly does a VPN do?

It is my understanding that a VPN creates a private network and masks the internet protocol (IP) address of our computers and phones so that our online actions are untraceable.

In addition, our VPN represents that it establishes secure and encrypted connections to provide greater privacy.

In short, it is our understanding that a VPN creates a digital tunnel that hides our data stream from our internet service provider and others.

But do they encrypt only outbound traffic or in and outbound traffic?

In addition to masking our computer’s IP address do they mask its:

• Microsoft Product Key,
• Name,
• Device ID, and
• Product ID?

Reply | Quote

A VPN encrypts everything leaving and entering your computer bound for the Internet (not for your LAN). It also gives you a new public IP address which hides your physical location. Data is encrypted between your device and a VPN server run by a VPN company. That connection is called a tunnel. When data leaves the VPN server computer and goes to its ultimate destination, it is no longer encrypted by the VPN. If the data is a secure web page (HTTPS) that encryption is still in place. Big advantage is that an ISP can see nothing about what you are doing. A VPN does not “mask” anything other than your public IP address. It also changes the DNS configuration on your device while the VPN tunnel is active.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

4 users thanked author for this post.

rc primak, charlesrbasin, J9438, Kathy Stevens

Reply | Quote

While on line, using a VPN, can a third party harvest a computer’s Microsoft Product Key, Name, Device ID, and/or Product ID?

Likewise, when not using a VPN is it possible for a third party harvest the same information?

1 user thanked author for this post.

gwt10

Reply | Quote

6 Things A VPN Hides and Protects And What it Doesn’t
https://www.cyberghostvpn.com/en_US/privacyhub/what-does-vpn-hide/

Does a VPN change your MAC address?
No, it doesn’t. Your MAC address is assigned by the hardware manufacturer — and connecting to a VPN will not change it.
https://nordvpn.com/blog/mac-address/

So no, you can’t hide your device ID from anyone by using a VPN. This is a more specific identifier than the Device Name.

I will not answer about Microsoft Product Keys due to possible legal/licensing issues involved.

-- rc primak

1 user thanked author for this post.

Kathy Stevens

Reply | Quote

MAC addresses are now, more and more, assigned randomly by either the OS running your device or by the router. Its a somewhat recent security feature to avoid tracking across multiple Wi-Fi networks. The same device will now typically have a different MAC address on each SSID.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

3 users thanked author for this post.

rc primak, Kathy Stevens, wavy

Reply | Quote

rc primak

Thank you for taking the time to find the CyberGhost VPN and NordVPN discussions of what VPNs do.

A key driver for using a VPN is how internet service / cable TV providers use your internet and television activity to drive targeted advertising.

The power of an ISP to harvest and use your information is clearly demonstrated on Comcast’s website at   https://comcastadvertising.com/  .

Key areas of interest outlined on the site include:

• “Effectv is the advertising sales division of Comcast Advertising that helps local, regional, and national advertisers connect with their audiences on every screen by using advanced data to drive targeting and measurement of their campaigns.”
• “FreeWheel offers advertising management solutions for the entire TV ecosystem, including digital and linear, enabling agency, media, and entertainment clients to manage and maximize value from their TV and premium video media.” and
• “AudienceXpress delivers multiscreen TV advertising, using data insights and leveraging a total reach of more than 300 million viewers nationwide to find the right target audiences across cable, broadcast, and streaming content.”

Think about it.  You are diagnosed as having cancer. You do multiple internet searches to gain a better understanding of the disease and how it is treated.  And all of a sudden your Comcast TV programing is interrupted by advertisements for cancer related drugs and hospitals that treat cancer.

Or, you find that you are pregnant, do internet searches related to maternity,  and all of a sudden your television’s advertising is focused on diapers and infant formula.

Reply | Quote

Or the famous one where a women that miscarried got pampers ads. A little more than annoying IMHO.

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

1 user thanked author for this post.

Cybertooth

Reply | Quote

I hope this comment is not too off-topic.

We’ve had 2 of 3 TP-Link 2.5GbE unmanaged switches fail during the recent past.

Out of frustration with Tech Support, I decided to tear down one of the failed switches.

I’ll attach a simple drawing, that attempts to show a section view of the heatsink:

That heatsink has 2 surfaces at two different elevations.  The space directly above the red plane is filled in with a thermal interface material that hardens into a chalk-like substance.

That design is clearly vulnerable to over-heating, and that is exactly what happened to both failed switches.

We cured this problem by replacing all TP-Link switches with comparable QNAP switches, which operate much cooler.

Problem solved.

RSVP if anyone wishes to know the TP-Link model number.

Bottom line:  I voided the warranty (obviously) on the switch I tore down, and the retailer did not want the defective parts shipped to them.

p.s.  We had prior experience with defective heatsinks many  years ago, when we isolated a problem caused by the defective “push-pins” on Intel’s stock CPU HSF.  That experience is archived here:

http://supremelaw.org/systems/heatsinks/warning.htm

2 users thanked author for this post.

rc primak, Cybertooth

Reply | Quote

Many companies make switches. Just curious, why did you go with QNAP? I did not know they even made switches.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

SupremeLaW

Reply | Quote

QNAP’s QSW-2104-2T-A unmanaged switches are just ideal for our home lab:

our Cisco router feeds downward at 1GbE to one of its 2.5GbE ports

one of the 10GbE ports connects directly to a workstation re-purposed as a fast file server with a StarTech 10GbE AIC that works fine in a PCIe 2.0 expansion slot

I designed and built that workstation several years ago, using premium parts, and it just continues to boot up and run almost perfectly all the time

the second 10GbE port cascades downward to the first 10GbE port on a second QNAP QSW-2104-2T-A

my primary workstation is wired to the second 10GbE port on the latter switch

3 other PCs at my desk share the same KVM switch, and those 3 plug into the remaining 2.5GbE ports on that second QSW-2104-2T-A

Our backup storage servers use a second 1GbE branch coming off the same Cisco router

The WAN port on our Cisco router connects upstream to our newly installed Spectrum 1 Gigabit cable modem, which did stabilize after a few on-site visits by Field Techs.

We’ve done some analysis of our backup and network needs, and the premium costs of upgrading our home LAN even further to 10GbE were prohibitive, and just not cost-effective.

We’ve saved many hours by writing Windows BATCH programs that only update sub-folders that have changed in our website mirror e.g. with custom PUT.bat and GET.bat BATCH programs stored in C:\Windows\System32\

p.s.  We have had 2 of 3 identical TP-Link unmanaged switches fail, most likely due to defects in the controller heatsinks:  one was returned to TP-Link, one is now stored in spare parts, and the other we tore down to isolate the overheating problem.

The one now in spare parts did function most of the time (but not without intermittent failures) as long as active cooling / floor fans were switched ON non-stop.

Hope this helps.

Reply | Quote

Verizon refuses to install FIOS in my area so I still have DSL with a modem at 1  Mbps.  I watch movies at midnight when everyone is asleep.

2 users thanked author for this post.

ctRanger, Cybertooth

Reply | Quote

Geo wrote:

Verizon refuses to install FIOS in my area

Verizon seems to be on and off in this regard. About 10 years ago, the company said it would stop building out fiber in general, but certainly in my area. Then just a couple of years later, there was equipment all over my neighborhood and in it came.

Geo wrote:

I still have DSL with a modem at 1  Mbps.

Maybe you’re a candidate for Starlink.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Just another Forum Poster wrote:

Using your own router with Verizon FIOS

There’s an interesting twist here.

My problem was clearly with the wired side of the Verizon router. The Wi-Fi site was unaffected and ran at speed. (Note: my performance problems may not have been fully eliminated.)

If I install my own router and wireless access point, everything in my home will end up on the wired side of the Verizon router.

Reply | Quote

A bit late to the party here (health problems), but I had 1G FIOS installed in mid January. As part of the package, I received a Verizon CR1000A router and extender, both rent free. The CR1000A has 2-2.5gb ports and 1 10gb port. It has a MOCA adapter built-in (Ethernet over COAX for TV STB).

Initially, I was getting 900 Mbps in both directions (wired with a Realtek 2.5Gbps NIC). Verizon pushed a router firmware update and now I rarely hit 900 down and cannot break 500 on the up link. Like you, I suspect that there’s some hidden QOS setting that favors wireless to the detriment of wired. I’ve had Verizon managers and technicians at the house multiple times. They acknowledge the problem, but don’t know how to fix it. They claim that being oversubscribed/provisioned is not the problem. On-line support is useless – if the connection from the router to their server works, then the problem must be me even though it’s their hardware.

If I swap their router with my Netgear Nighthawk R8000, I can get 900 in both directions. Put their router back (which is a better router) and speeds suck. By the way, as of last year, it’s no longer required to have Verizon branded hardware for the TV channel guide or content – any MoCA 2.5 Network Adapter will suffice.

On a whim, I put my Netgear router out front and plugged the Verizon router into the Netgear. I expected double NATing, but to my surprise, the network configured itself. My Netgear router was assigned 10.0 private addressing and the Verizon equipment retained 192.168. I only did this for speed testing and didn’t check the topology or security. I’m not sure if Verizon can push firmware updates to their router and STB in this configuration.

I’ve tried Intel and Realtek NICs and still have the same problem with the Verizon router. My Ethernet cables are CAT 6/7. IPv6 enabled/disabled makes no difference. My desktop also has WiFi 6, but I have the radio turned off.

As a side note, people with Verizon FIOS using Intel NICs and Wifi need to be aware of this Intel technical bulletin:

Disabling TCP-IPv6 Checksum Offload Capability

Read the bulletin, then download and run the PS script. If this is too difficult/confusing, I wrote a step-by-step how to document and work-around should someone need it.

IPv6 is now enabled by default for Verizon hardware and it should work given that the IETF made a draft in 1998 and ratified it as an Internet Standard in 2017 (/snarky). There’s an unacceptable amount of TCP “resends” on the Verizon uplink (3-15%) that also impacts speed. Since I’m now retired, Verizon support won’t allow me to speak to level 2 tech to present my findings and proof that a problem exists upstream.

3 users thanked author for this post.

TechTango, windbg, SupremeLaW

Reply | Quote

Do you have any switches downstream of those 2 routers?

We had similar instabilities right after upgrading our Spectrum cable modem from 100Mbps to 1Gbps.

After 3 on-site visits by Field Technicians, we learned to power cycle our new cable modem BEFORE scheduling any more on-site visits.

Then, we took delivery of more QNAP switches, so our entire LAN downstream of our Cisco router is now nothing but unmanaged QNAP switches.

Those switches run noticeably cooler than a TP-Link switch that failed from over-heating (bad heatsink design, discovered after tear-down).

With the latest hardware and brand new Ethernet cabling, we power-cycled the new 1G cable modem only twice after the latest visit with Field Techs, and since then it’s been smooth as silk.

The Field Techs did say that they were changing a few upstream settings, during off hours, that should be fixed by power-cycling the cable modem:  they were right about that!

I wish I could help you with more ideas.  Now that our LAN has stabilized at 2.5GbE, I’ve moved on to other projects.

Reply | Quote