Tuesday, December 4, 2012

Configuring the Apple Airport Extreme with Verizon FIOS

I have Verizon FIOS triple-play service and I love the TV picture quality and internet speed and reliability, but I don't like Verizon's solution to my Parental Control needs.
So I've decided to buy an Airport Extreme Base Station (AEBS) from Apple, but when I went to set it up, it configured itself for bridged mode since the Verizon modem is also a router and the Airport Utility decided not to have a double NAT configuration. Anyway by doing so you loose the capability of having a guest network with the Airport Extreme since it dummies itself down from a full fledged router to a simple level-2 switch.
So I managed to manually set it up in DHCP/NAT mode even though it is initially complaining about a double NAT configuration (one from the Verizon router and one from the AEBS), but least I gained my guest network back (at the time of this post it is not possible to configure a guest network with the Verizon router). 


Hardware Configuration


Apple Router: AirPort Extreme Base Station, Part Number: MD031LL/A 




Verizon Modem/Router: Actiontec MI424WR Rev. I
  • I used a CAT6 Patch cable to connect the AEBS Internet WAN port to Ethernet Port 1 of the Actiontec. This setting allows the two routers to communicate at wire speed of up to 1 GB per second.




Software Configuration



Here is the step by step procedure to set up the Airport Extreme I ran from an iMac running Mountain Lion.




  • Click on the picture of the Airport Extreme base station: a popup window will show an Edit button
  • Click on the Edit button
  • Click on the Network tab and select "DHCP and NAT" from the Router Mode
  • Click on the Network Options button and select "10.0" for the IPv4 DHCP Range, and "172.16" for the Guest IPv4 DHCP Range. Click on the Save button (see picture below)






  • Click on the Update button: this will reset the AEBS and cause a solid yellow light with a status of Double NAT. The AEBS will advise you to switch back to bridge mode
  • Click on the Double NAT Status pull-down menu and select Ignore: after another reboot the AEBS should come up with a solid green color


Regarding the Actiontec configuration, I left it as is, except for disabling the wireless mode to avoid interference with the AEBS.

  • With an internet browser log on to http://192.168.1.1 using the login and password printed on the bottom of the MI424WR modem/router.
  • Click on the Wireless Settings icon:

Wireless
Settings
  • Click on Basic Security Settings from the left panel
  • Click on Off from the 1. Turn Wireless ON form entry
  • Click on the Apply button to disable wireless

Considerations

Having the Verizon DHCP server using the 198.168.1.xxx IP addresses range and the AEBS the 10.0.1.xxx range will keep you sane and prevent confusions in your mind about which sub-network you are connected to. 
In any case these two sub-networks are completely separated and invisible from the Internet and you cannot have a device connected to one subnet talk to another device on the other subnet (unless you start configuring forwarding ports on the AEBS of course). This is OK since I plan to keep all of my computers and devices on the subnet controlled by the AEBS in order to have access control over each device.
To my disappointment the Airport Utility version 6.1 used to configure the AEBS is probably one the worst application I ever used to set up a router. It's not intuitive and worst of all it doesn't show who's connected to your network (or at least it doesn't show all the connected devices). In fact it only shows wireless clients in a weird fashion (by hovering over the base station picture), but no sign of any device connected through the Gigabit ethernet ports. By the way the list of wireless client is dynamic and you cannot even copy/paste the MAC addresses to add later to the access control table. I ended up switching to the previous version of Airport Utility (version 5.6 - as suggested by several people on the Internet) since with that you can still get a list of all devices connected to the AEBS from the Advanced->Logs and Statistics->DHCP Clients tab.

Still for parental control AEBS only has a time-based table where you can setup a schedule on a per MAC address basis. So I still had to resolve the problem of preventing my kids from hitting questionable web sites. I solved that by setting the OpenDNS servers for primary and secondary DNS servers in my Verizon router. OpenDNS offer a basic parental control filter based on categories. But I found that is is adequate for my needs.

5 comments:

  1. Danilo
    Thanks for sharing this. Very helpful. Everywhere else on the web says use bridge mode. Relief to find something that works properly

    ReplyDelete
  2. The blog containing good information and linksys router technical is well described in this post .
    Linksys Router Technical Support

    ReplyDelete
  3. Lots of user looking for Configuring the Apple Airport so it is nice post for helping other. I am also working as Guide for Linksys Router Support. Join me on Twitter @sarahts01 .

    ReplyDelete
  4. Restriction is must for guest WiFi access specially to certain games and inappropriate website which leads to spam or virus download therefore, little access would be good and often we need to change password for Wifi connections that would help misuse of external free WiFi source @ latestone.com

    ReplyDelete
  5. thanks so much for the walk through.
    do you have any idea if i should also turn off the 5G wireless as well? while in the Verizon Wireless router settings, when i clicked turn off "5G", it states it may mess up wireless info for TV. i left it on for now. what do you think?

    ReplyDelete