This is specifically relevant to KPN Fibre Broadband but the methods described may apply to other FTTH customers as well.
FTTH connections require two boxes - an FTU and a WAP/switch/router much like the early days of ADSL before ISPs started supplying all-in-one boxes.
Although the KPN supplied router allows you to set a DMZ up so you can continue to use the B2/B3 as your main network router, the issue with this is that it requires three boxes to be continuously powered on (four if you count the switch on the B2/B3's LAN side as well) due to KPN sending multiple ethernet signals accross the same wire. This technique is called VLAN tagging.
End of messed up quoting
There are several issues with the KPN supplied router, which they call Experia Box but is in fact a ZTE H220N. First off this is a 100Mbit device and so with a TV settop box and a telephone and the B2/B3 connected to it you're not likely to get any higher speed than ~60Mbps. Second is that KPN changed the software, limiting the way you can use it and which includes a backdoor on TCP port 8085 and that would make me very uncomfortable of ever attaching a USB drive to that router and use it to store private documents. With a 2A power supply the device also does not appear to be particularly green.
Now the problem here is that we get three different signals at the input that need to be split, but the B3 only has one LAN output. Of course if you only require internet this is not an issue, but since KPN implements product tying you're likely to actually use that mandatory TV signal and/or telephone line. The solution is a managed switch that supports 802.1q VLAN tagging and there is a quite reasonably priced one from Netgear that happens to be green technology also. I bought the 8-port version (GS108E) and because I don't use telephony and only 1 TV settop box this gives me 5 spare ports that I can use for LAN.
Configuring the switch is somewhat of a puzzle because it allows several modes of operation. Connect a cable to the port that you will be using to connect the FTU later. In the configuration utility you need to select the VLAN tab and enable 802.1Q advanced. Next is to add the VLAN IDs 4 (for television), 6 (for internet) and 7 (for telephony). Be sure to add one more that you can use for LAN (e.g. 192). Move on to the next page which is VLAN membership and for each of the IDs you created before assign which ports need to be part of that VLAN and whether it needs to be tagged or untagged. The thing to note here is that you should never have more than one untagged VLAN on any port, but it's okay to ignore the default VLAN ID 1 at this point. The port that you connect the FTU to must be a member of VLANs 4, 6 and 7 and they must all be tagged. The port(s) that you want to connect a TV settop box to must be a member of VLAN 4 and must be untagged. The port to which you connect the B2/B3 WAN interface to must be a member of VLAN 6 and you should untag this as well (although the B2/B3 can handle VLANs just fine). If you use telephony than that port must be a member of VLAN 7 and that port must be tagged - you'll still need the Experia Box for this I'm afraid. Make all other ports a member of the additional VLAN ID you created and make these untagged. The next page is where you assign the port PVID's, which stands for Primary VLAN ID. Except for the FTU port you are currently connected to these should all be changed to the IDs you just assigned. Go back to VLAN membership and remove VLAN ID 1 from every port, but don't change the membership of the FTU port and keep it untagged. Go back to VLAN configuration and it should show something like this:
Code: Select all
VLAN ID Port Members
01 01
04 01 02
06 01 03
07 01
192 04 05 06 07 08
To be able to watch TV there's one more thing that needs to be configured. Go to the System tab and select the MultiCast menu. On that page, enable IGMP Snooping on VLAN ID 4. Failure to do this will result in your settop box freezing the image just a few seconds after changing channels.
Done! Well, not completely. If you now put the switch in place of the KPN Experia Box you will be able to watch TV but there will be no internet. This is because KPN insists on using PPP protocol for you to sign in, in this case PPP over Ethernet. Before you switch out the Experia Box you must therefore install the pppoe package and I suggest installing pppoe-config as well. Now disconnect the Experia box and connect the switch. Run pppoeconf and it should automatically detect KPNs PPP concentrator. The username you should enter is the MAC address of the Experia Box, with the colons replaced by dashes, followed by "@direct-adsl" (you'll also find this login name in the configuration pages of the Experia box itself). The password is always "kpn".
Do note that because your external interface is now ppp0 and not eth0 you'll also need to make changes to the firewall settings. In general, you should change every instance of eth0 to become ppp0.