Solved

Turning Verizon Fios Router into a Bridge?

Posted on 2017-03-31
28
56 Views
Last Modified: 2017-04-17
Hi Experts,

We currently have a Cisco ASA and a verizon router that is set up as a bridge.

We have a second Verizon Fios router with our second line, yes we pay for two.  We have a application that uses a lot of bandwidth that they want to dedicate on this line.

As I said we have a second Verizon Fios Router and a second Cisco ASA that I have configured with the same rules as the first but different ip address.

What I would like to do is bridge this router and I have no idea how to do this in the admin.  It's different than the first and Verizon isn't being very helpful.

Any idea how I can get this router to bridge or has anyone set this up?  The end result will be Verizon is a bridge plugged into internet and Cisco ASA, cisco asa is plugged into it's own dedicated switch and the only systems plugged into that switch will have their own static its with the gateway to the second cisco ASA.

We originally wanted a second network for this but that right now is beyond my expertise.

thank you,

Karen
0
Comment
Question by:klsphotos
  • 12
  • 9
  • 5
  • +2
28 Comments
 
LVL 27

Expert Comment

by:Dr. Klahn
ID: 42073857
In this situation, I'd go out on ebay and buy another one of the first model routers, the one that you do know how to set up.  Then you'll have two identical pieces of hardware and need only stock one spare, rather than two different pieces of hardware for which you'll need to stock two spares.

Verizon might not like you bringing your own equipment to the table, but if it's identical to the one you already have they will have a hard time claiming that it's not supported.
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42073942
What model router is it?

If you have FiOS and want to have an ASA directly connected to the internet, I'd recommend to take a different approach if possible: Have Verizon provision the Ethernet port on the ONT (assuming there is one installed), so that way you can connect your ASA directly to the Verizon service instead of being forced to utilize coax and their router.
0
 
LVL 22

Expert Comment

by:Tom Cieslik
ID: 42073951
I don't know what kind of model you have but try to go trough this tutorial

http://support.actiontec.com/doc_files/Configure_MI424WR_as_a_LAN_MoCA_Bridge.pdf
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 22

Expert Comment

by:Tom Cieslik
ID: 42073955
Or...
If you have regular router like FIOS for home user you can do it using this tutorial

https://www.verizon.com/support/residential/internet/highspeed/networking/setup/questionsone/123766.htm
0
 
LVL 12

Expert Comment

by:Natty Greg
ID: 42074008
Log into the router with a laptop, once the laptop pick up the ip address you will know its ip address and turn off router mode or switch from router mode to gateway or just ask them to bridge it for you.

You pay for it so they will do what you ask
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42074021
Actually, you could also just ask Verizon for assistance and they'll tell you. However, I would still advice switching to the Ethernet route if feasible. Naturally, you would have to run a cable from the ONT to the ASA.

One other question: Do you only have Verizon for internet service, or do you use them for cable TV as well? (This does matter because if you're not careful, you do end up not being able to use the interactive guide)
0
 

Author Comment

by:klsphotos
ID: 42080655
Thank you everyone, I am finally getting back to this.

The model of the router is Quantum g1100 and it's not looking like this is a easy thing to do, or that I can do it in the admin panel?
0
 
LVL 27

Accepted Solution

by:
masnrock earned 500 total points
ID: 42080668
Here's information related to a G1100.

1. Using a Computer/Laptop that is hardwired to the router (Connected via Ethernet)
    Logon to your G1100 - (»myfiosgateway.com or »192.168.1.1)

2. Go to 'Wireless' Under 'Basic Wireless Settings' turn off both 2.4 GHz & 5 Ghz.
    Click 'Apply' at the bottom of the page.

3. Under 'Advanced Wireless Settings' click on 2.4 GHz SSID Broadcast and Turn that off
    then click 5.0 GHz SSID Broadcast and turn that off as well.

4. Now that the wireless access is shut off, Click on 'Firewall' at the prompt click 'Yes'
    Now under General for IPv4 Settings & IPv6 Settings set BOTH to 'Minimum Security'
    and click Apply at the bottom.

5. Next click 'My Network' now Click 'Network Connections' now click 'Advanced >>'
    Now click '5.0GHz Wireless Access Point 1' and then click Disable, once that's finished
    hit Apply

6. Once you're back at Network Connections click 'Advanced >>' and click 2.4GHz Wireless
    Access Point 1 then Disable that as well, and hit Apply.

7. Once both Wireless APs are Disabled, Click 'Broadband Connection (Ethernet/Coax)'
    Then hit 'Settings' at the bottom, Uncheck the box beside 'Internet Connection Firewall'
    Then beside 'Internet Protocol' change it from
    'Obtain IP Address Automatically' to 'No IP Address'
    (Once You hit apply you will no longer be connected to the internet.)
    (NOTE: If you want to chose your DNS Server, change DNS Server from Obtain DNS
      Server Address Automatically to No DNS Server)

8. Now click 'Release' and then quickly click Apply, then click Apply once again.

9. Now Click on 'Network (Home/Office)' and then hit Settings.
    Once in the Settings, under General change the IP Address from "192.168.1.1" to
    "192.168.1.2" This way there's no conflicts from both routers trying to use same IP...
     Now under the Bridge section; Check the box beside 'Broadband Connection
     Ethernet/Coax)' and uncheck the boxes by both Wireless APs.
     then change 'IP Address Distribution' from DHCP Server to Disabled.

10. !!!WARNING!!! Once you click apply, the G1100 will be put into Bridged Mode and will
    no longer assign IP addresses, So don't worry if everything stops working once you
    apply the settings.

11.  Hit Apply and then take an Ethernet Cable and plug one end into any of the 4 Ports
      on the G1100 except the WAN Port, then plug the other end into the WAN/Internet
      Port of your new Primary Router.

12.  Next plug your PC into your new router and reboot both routers.
      Once they have rebooted, logon to your new router and make sure it's IP Address
      range is 192.168.1.0... If it isn't Refer to your new Routers manual on changing it.

13. Now check and see if Verizon assigned your new router your Public IP Address (You
      might need to click Renew in your new routers settings) If it has assigned an IP to
      your new Router, you are good to go. Your new Router is now the Primary and your
      G1100 is just a bridge from Coax (MoCa) to Ethernet.
      If you have Verizon TV as well, You'll need to take another Ethernet Cable and run it
      from one of the Ports on the new Router to one of the 3 Remaining ports on the
      G1100, that way your new Router will assign IPs to your STBs and they can access
      the net.

http://www.dslreports.com/forum/r31057540-Networking-HOW-TO-Bridge-G1100-So-your-Router-becomes-Primary
0
 

Author Comment

by:klsphotos
ID: 42080738
I followed that and it worked it's bridged!!!!  Thank you.  Still confused about the cabling though....it's on the same network as the other firewall so it's 192.168.1.2 our main is .1  I have it plugged into one of our switched to reach it but I have a dedicated switch for this firewall, so how do I plug in the cables into this new switch and also our internal network so the systems being plugged into it can reach both?
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42080749
As far as things internally go, what exactly are you trying to do? Two separate networks that share the same switch, and only need to use a subset of ports?
0
 

Author Comment

by:klsphotos
ID: 42081783
We have two separate verizon lines, 2 separate boxes and two separate ASA's.

For now we have one network, or at least that is what I was trying to do.  I am not able to do the advanced routing to add the separate network as of yet.

We need a group of workstations to be the only ones configured to use this line and this ASA.

They need to go out to the internet through this second line while still being able to connect to the internal resources from behind this ASA.

I do have a dedicated switch to hook up to this ASA for these workstations.
They already have static Ip's so I thought I could just change the gateway, since I turned DHCP off.

Here is the other issue:

I did the above and now I can't get back into the admin of the verizon router.
I chose the wrong Ip address when I configured it, now I can't get back in at all.

Any advice or assistance is appreciated.
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42081855
You can always factory reset the Verizon router you cannot access, and just go through the steps to turn it into a bridge again. Hold in the reset button for 3 seconds.
0
 
LVL 22

Expert Comment

by:Tom Cieslik
ID: 42081975
If you did switched VZ router to Bridge mode you have only ONE IP inside network.
If you want your workstation directly (or through) switch connected to this router go to internet just set on all workstation GATEWAY that is your External Router Gateway.
If you have DNS in your network and this DNS is connected through separate router with NAT to internet use this DNS if not, you need to set external DNS on NIC connected to bridget router too. You can use VZ DNS or Google like 8.8.8.8 but if you do this then your computer will not be able to resolve your internal DNS computers name and will have problem wit access to DC if you have one.
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42082016
So the application that you're talking about wanting to go out on the second connection, is it only loaded on a subset of workstations or is it on a dedicated set of servers?
0
 

Author Comment

by:klsphotos
ID: 42082204
It's a dedicated group of workstations.

The workstations need to utilize the bandwidth on the second line, they still need to access the internal resources files and active directory.  The only need for this second line is so they can have their own dedicated internet and way out.  

Tom, if I put the google DNS in they won't be able to access anything from Active Directory.  Everything on the second Cisco ASA has all of our DNS and settings defined almost identical to the first one.  Each ASA has it's own IP so I did that, I changed the gateway on a testing system BUT I think because I had the wrong IP on the inside of the second Verizon router, it didn't work so I did just reset the Verizon router and am starting over.

I ideally I would love to get this set up on it's own subnet but that requires (I think?) quite a bit of advanced routing that I am not able to do, right now I need to get these workstations off of our fios line and on their own.  When they all run they eat up a lot of our internet and connectivity.
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42082231
Just curious, what model are your ASA units and what is the bandwidth eating application?
0
 
LVL 22

Expert Comment

by:Tom Cieslik
ID: 42082428
OK, so my question is.
Why you asked to reprogram router to bridge ?
Now you have only one IP and is external and you have no firewall between internet and your network.

You should just put second router as a gateway to group of your computers you want to give access on separate connection to.

Now you should change IP on one of your computer connected to bridge to same subnet and go back to bridge and reverse changes.

If you put on bridge IP 192.168.1.2 or something similar you should put temporarily 192.168.1.10 on one computer and connect back to bridge and reprogram it back.
Just disable DHCP ald leave NAT on router so you can set gateway for computers you want to go through this router to 192.168.1.2 and you should be OK
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42082467
In a perfect world, this would've been the setup I would've aimed for (and this is assuming that you do indeed need the two FiOS connections):
1) Have a single firewall (not going to pitch a brand of model as a number of devices can do this) connected to both connections with rules defined for those PCs with the application to use the second connection. (I know you said advanced routing isn't your thing, but there are a number of units that have interfaces that make things tolerable)
2) Depending on the total number of machines and layout of the organization, make use of VLANs.

Now, without using the assumption I put in, I would've ideally gone for ONE connection. But that also depends on what other options are available to you. For example, are you somewhere where Comcast's fiber service is available (granted it would cost considerably more, but you could get higher speeds)?

I also wonder where you're located? (Given who your ISP is, I can at least guess which region of the US) It seems like in many regards you're complicating things more than you have to while trying to keep things in the scope of what you know, and should consider hiring someone to assist, be it a local company or an EE gig.
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42082477
I just read your other EE posts, and that does address the last portion my last post.
0
 

Author Comment

by:klsphotos
ID: 42083745
We are able and have two FIOS lines and boxes, there is no sharing of connection between the two.  Each line has their own static IP Addresses.

Our current main Firewall is older and also only has 4 ports.  All the ports are taken with our internal and DMZ.  The plan was to upgrade and move everything over into our current one that could also accommodate the two lines.  The older one can but since we want to replace it, it was easier to work on the second one and get it set up without interrupting production.

We already have the highest speed allowed from Verizon and the applications running on these systems slow down our connectivity so management wants them on their own.  The application is something that was developed in house.  The set up is not ideal but it's profitable.

We are going to hire outside assistance but I need to at least get these systems hooked up and going out on the second line.  The configuration from the original ASA has already been copied to this second firewall - the difference in ips, etc.

I am currently having issues getting the router to reset so still working on that.
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42083819
If for some reason it won't reset properly (holding in the reset button for ~3 seconds should be all you have to do), Verizon should be able to assist.
0
 

Author Comment

by:klsphotos
ID: 42084137
Ok last question if I can.

I have reset the router successfully.
It wasn't connected to the internet until I manually added our static ip addresses to the configuration.
Once I did that I was connected.
I then followed the directions above but gave it the proper internal IP Address.  I was correct before, now I am able to access the console and not be locked out of it since completing this.

Here is what I am not getting.

In following the directions above on this line:

Obtain IP Address Automatically' to 'No IP Address'

I removed the manual IP Settings put in by myself and Verizon and it's what we are assigned and how we connect to the internet.  I am connected from a workstation successfully and can ping everything on the internal network and see myself in the Cisco ASA but cannot reach the internet.

Should I have left those settings and done everything else?  I'm not getting how it connects to the internet being a bridge if I don't.

Thank you and thank you for all your help.

Karen
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42084153
Obtain IP Address Automatically' to 'No IP Address'

I removed the manual IP Settings put in by myself and Verizon and it's what we are assigned and how we connect to the internet.  I am connected from a workstation successfully and can ping everything on the internal network and see myself in the Cisco ASA but cannot reach the internet.

That should prevent the Verizon router from getting a public IP address via DHCP. However, is the ASA properly configured with the static information?
0
 

Author Comment

by:klsphotos
ID: 42084156
Yes, the ASA has the ......

The ASA has our main static IP address...of static.ip.address/24
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42084179
Can you at least ping outside? Or does that not work either?
0
 

Author Comment

by:klsphotos
ID: 42084226
Nope only everything inside
0
 
LVL 22

Expert Comment

by:Tom Cieslik
ID: 42084234
I thin you should connect second router/bridge the way first one is connected

VERIZON--ASA--SWITCH--LAN
VERIZON--ASA-----|

Second ASA connect to same switch first one is connected.

If second VERIZON is set As Bridge then Your External IP will be assigned to ASA WAN port.
If you ASA LAN will have 192.168.1.1 IP (for example) just set this IP as GATEWAY to all computers you want reroute to internet through second ASA-VERIZON

That's all
0
 

Author Comment

by:klsphotos
I have tried multiple things, I am connected successfully to ASA and internal network and traffic is hitting it, but can't for the life of me figure out why I can't get to the internet.  I'm going to close this since I am successful in creating the bridge.  I can't thank you all enough!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Join & Write a Comment

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question