VLAN your Verizon FiOS Actiontec Router with OpenWRT

 Check it Out, Gear, Tips & Techniques  Comments Off on VLAN your Verizon FiOS Actiontec Router with OpenWRT
Feb 172014

I was content simply using the Verizon provided Actiontec Router at the head of my home network until I logged into my Verizon account and saw this:


This is wrong on a number of levels. First, the Verizon e-mail account I’m forced to create when I got Verizon FiOS is an annoyance. I don’t check it. Since Verizon thinks this is my “real” e-mail, its only purpose is to act as a receptacle for Verizon’s spam. I also use it for HBO Go and Max Go log-ins, but that’s it. I was never really concerned about the password being strong until I saw this. Second, the Actiontec is NOT my device even if I change either the router log-in password or the security type and wireless key. Verizon will suck this information out via their own backdoor and display it on this page. Sure, this helps them handle support calls when people forget their wireless password, but this is NOT secure and I consider it a slap in the face. If someone compromises my Verizon e-mail account, they now have access to my wireless network. Additionally, Verizon has shown me that they have my wireless password even if I change it. They have the keys to my front door: I’m owned.

DSL Reports has an excellent FAQ showing all the different methods and trade-offs between various configurations of using your own router with Verizon Fios. I went with #6 Replacing the Actiontec (part 3): WAN-to-LAN keeps Guide and VOD

I purchased a Buffalo AirStation WZR-600DHP. This device comes with DD-WRT pre-installed. DD-WRT supports 802.11q VLAN tagging of Wireless on this device but not via the switch ports. Not to worry, I flashed it with OpenWRT using this Guide. With OpenWRT, I now have access to the switch ports for creating VLANs.

The Actiontec is now on a separate VLAN with internet access only and the wireless is turned off. Funny how it still reports the default SSID and password on “My Verizon”. Even if it does get compromised, it can’t access any devices on my home network. I also have an guest/untrusted wireless network via the Buffalo on a separate VLAN. I put my Nest thermostat and Nest smoke/CO detectors on the untrusted wireless network. The FiOS channel guide and video on demand (VOD) still works. The only thing that doesn’t work is changing channels via the Verizon Mobile App on my iPad. Oh nooooo! If I turned the Actiontec wireless on and connected to it, I could, but I’m not going to do that! Maybe sometime when I have nothing to do I’ll determine exactly what traffic needs to traverse the VLAN for the Verizon Mobile App and allow it. For now, it’s not a high priority.

Sure, if I call Verizon for support, they’ll make me put the Actiontec at the front of the network again. Not a big deal. I can reset it all day long without affecting anything. I gave it a DHCP reservation on the Buffalo so it always gets the same WAN IP. The only thing I have to remember after resetting the Actiontec is to turn off the wireless. But even if I forget, or if the wireless magically turns itself on, the Actiontec wireless is isolated on the same untrusted VLAN with no access to my home network.

Take control of your home network and put the Verizon Actiontec Router where it belongs!

 Posted by at 4:02 pm

Redundant RAID 1 Compact Flash for booting VMWare ESXi

 Check it Out, Gear  Comments Off on Redundant RAID 1 Compact Flash for booting VMWare ESXi
Aug 222013

Although most new servers today have built-in redundant SD Card slots for booting ESXi server, our older Dell Poweredge T310 does not.  As we continue to virtualize physical servers, booting our entire world from a single USB flash drive makes me nervous.  What happens if the flash drive fails?

If the USB flash drive fails, sure you could install ESXi to a new thumb drive, then navigate the data store and re-add each virtual machine by right clicking on the *.vmx file and click “Add to Inventory”.   If you have a backup of the ESXi configuration, you could restore to the new install and everything should be back to normal.  Any custom VIBs would have to be re-installed. I’m not a big fan of adrenaline rush hour in the face of downtime.  I’d rather just have redundant boot media.

I went with the StarTech 2CF2SATAR and two 8GB Compact Flash media cards.


StarTech 2CF2SATAR

StarTech 2CF2SATAR

It has a basic utility where you can check the status of the array. Unfortunately, it only runs in Windows. Since this is an external device, not a big deal to disconnect and hook up to a Windows machine if need be.


The 2CF2SATAR is a standard 2.5″ drive form factor which can be installed internally. I wanted it to be external so I could view the status LED. I found a clear 2.5″ drive protector which worked out great.


Final thoughts: For whatever reason, ESXi was not happy installing over the USB interface. Good thing about the 2CF2SATAR is that it also has a SATA interface.

 Posted by at 12:46 pm