1. Yes, it's a whole new look! Have questions or need help? Please post your question in the New Forum Questions thread Click the X to the right to dismiss this notice
  2. Seeing tons of unread posts after the upgrade? See this thread for help. Click the X to the right to dismiss this notice

Need Help! Verizon FIOS guest access?

Discussion in 'Community Broadband & Computers' started by Mike-and-Kim, Aug 31, 2014.

  1. Mike-and-Kim

    Mike-and-Kim Member

    Joined:
    Feb 22, 2009
    Messages:
    573
    Likes Received:
    16
    Is there any way to set up a guest account on my FIOS provided router (MI424WR-GEN3I)? I've poked around the menus but am not finding anything.

    Failing that, is there any way to add a second router (WRT54) to the system to provide this function?

    Just wanting some family members to have access to the internet for games but not my work computer/NAS/etc.
     
  2. flynnibus

    flynnibus Well-Known Member Forum Staff

    Joined:
    Oct 29, 2002
    Messages:
    5,242
    Likes Received:
    215
    I don't think you can do it in the verizon router itself.

    The simplest way may be to just put your protected stuff behind another NAT router.

    So verizon network is your 'guest' network, and hang another wireless router off the verizon one that provides NAT. So your stuff can all talk to each other and get out.. but you only have whatever port forwarding you have setup for inbound access. The negative to that though is you'd have a double NAT, which limits some things.

    Or if you wanted to create a guest network, you'd have to implement something with firewall rules so you could allow outgoing traffic, but not traffic to your protected net.

    Or, put a router behind the verizon one that does both your guest network and regular network.. and maybe avoid the double nat.
     
  3. dant

    dant New Member

    Joined:
    Nov 1, 2002
    Messages:
    7
    Likes Received:
    0
    Yes, I've used the last approach mentioned by flynnibus. You can just bridge your new router with the Fios router by connecting their LAN ports. You turn the wireless radio off on the FIOS router, and turn DHCP off on the new router. I ran this way for a few years with a DLink router and just returned to it when someone gave me a nifty Cisco access point.
     
  4. dant

    dant New Member

    Joined:
    Nov 1, 2002
    Messages:
    7
    Likes Received:
    0
    To be clear, you turn off the DHCP Server functionality on your new router. You also create a static IP address for your new router and configure the Fios DHCP Server to not include the IP address for the new router.
     
  5. Mike-and-Kim

    Mike-and-Kim Member

    Joined:
    Feb 22, 2009
    Messages:
    573
    Likes Received:
    16
    Thanks I think this option won't work for me because I still need to access everything with my iPhone on the local wireless network
     
  6. Mike-and-Kim

    Mike-and-Kim Member

    Joined:
    Feb 22, 2009
    Messages:
    573
    Likes Received:
    16
    Thanks I think option one sounds like a viable solution. As long as I do port forwarding what are the limitations?
     
  7. flynnibus

    flynnibus Well-Known Member Forum Staff

    Joined:
    Oct 29, 2002
    Messages:
    5,242
    Likes Received:
    215
    Double nat can impact things that require incoming or bi-directional media streams. Think VoIP, gaming, or other services that have incoming connections. It's hard to qualify as every app can be different in it's requirements and how advanced it is.

    This is kind of hard to map out as there is no 'one solution' but rather which solution is the most capable given the components you have or source. The most robust is to just get a wireless router that has guest network built into it so it does all the policing for you. Anything else is going to require segmenting the network and/or using filtering to keep traffic where you want it.

    The basic premise is either
    1) keep private stuff behind a point in the network that can filter to/from addresses (firewall)
    2) keep the private stuff behind a NAT router from the network that has the guest access
    3) use a wireless router at the head of the network that can keep guest traffic restricted to just the uplink..

    You'll have to have two wireless routers if the router can't do the guest network for you because you'll want one on each side of the 'divide'


    So if you just used what you had to start with...
    Verizon Router has wifi on and DHCP on. Configure the verizon wireless with SSID and key you want for guest access
    wrt54 uplink/internet port is connected to the verizon switch ports
    wrt54 has wireless setup for just the PRIVATE uses with a different SSID and key, and all private stuff is connected to the switch side of the wrt54. DHCP is on and configured for a private network different from the verizon nat'd IP range

    Guests connect to the verizon router wireless or hardwired...
    Private connects to the wrt54 router wireless or hardwired...

    Limitations:
    everything behind the wrt54 is double nat'd
    your wrt54 sucks compared to the verizon wireless router's speeds/interfaces
     
  8. boomertsfx

    boomertsfx Booyakasha!

    Joined:
    Feb 14, 2002
    Messages:
    2,259
    Likes Received:
    32
    Since you don't have TV through FiOS -- have them provision your ONT as Ethernet instead of MOCA/coax (they can do this over the phone), then you can use any router you want (and avoide double NATting, etc)....preferrably an open source one like the Tomato various branches or DDWRT which both support guest wifi.... as long as you can run some cat5/6 from your ONT to your router location. When I used the FiOS DVRs (which require the actiontec router), you can still roll your own router over ethernet... I saw the setup documented on DSL reports forums...
     
  9. Mike-and-Kim

    Mike-and-Kim Member

    Joined:
    Feb 22, 2009
    Messages:
    573
    Likes Received:
    16
    Steve, thanks.

    Boomer, while possible I'm really into minimizing my interaction with Verizon for now.
     
  10. flynnibus

    flynnibus Well-Known Member Forum Staff

    Joined:
    Oct 29, 2002
    Messages:
    5,242
    Likes Received:
    215
    I looked into DDWRT since he mentioned the WRT56 but didn't see Guest Access on the list of features - http://www.dd-wrt.com/wiki/index.php/What_is_DD-WRT?#Features

    I should have just searched the wiki because on second view.. I do find hits on 'Guest' :surrender:

    if the router is a supported firmware... DDWRT opens up almost limitless possibilities since it can do routing, firewall, and multiple radios. It would be possible to setup the guest network just hanging off the verizon network and put in firewall rules to block them from hitting anything on your local verizon network except the gateway. who cares if the guest network is double nat'd :)
     

Share This Page