Netgear WNR3500L, DD-WRT and TELUS IPTV

Why?

TELUS is shipping an Actiontec V1000H VDSL modem, wireless and NAT combination with HPNA support to customers now. I am with TELUS and have the Optik TV and Turbo 25 internet bundle. I found that the device has a number of issues such as broken UPnP support, wireless coverage is weak, and no USB support. I set out to replace the TELUS supplied solution with my own more flexible solution.

Remember, none of this is supported by TELUS so you are on your own if things break and you need support!

How?

I found a standalone Alcatel Cellpipe 7130 VDSL2 modem that works with TELUS VDSL2 service, and combined it with a Netgear WNR3500L running DD-WRT (svn15943-snow build.) This guide assumes that you generally know the inner workings of DD-WRT, and have already installed DD-WRT on your device.

Problems & Solutions

I ran into a number of issues, all which had easy fixes. The issues were both caused by how TELUS IPTV operates and flaws in the Netgear hardware:

  • DD-WRT would lock up when too many TVs were on in the household
  • If multicast traffic is disabled, TV will play for 30 seconds and then display the connection error on your STB (set top box)
  • Multicast traffic would be broadcasted over wireless, causing wireless to be unusable when TV was being watched
  • Netgear WNR3500L ports are backwards on the switch (Eg, Port 1 is Port 4 in DD-WRT)
  • The VLAN configuration screen in DD-WRT doesn't actually setup the device correctly

I will attempt to describe how I resolved the issues in this article.

Disable SPI Firewall on the Device

The Netgear WNR3500L (herein refered to as device), at 453Mhz in DD-WRT is simply not fast enough to handle the amount of IPTV (multicast, and otherwise) traffic that TELUS TV requires. To fix this issue, simply navigate to the Firewall tab (located under the Security tab) and select Disable for SPI Firewall.

Enable VLANs to limit multicast traffic to IPTV devices

First, you need to enable SSH or Telnet on your device. This can be accomplished under Services tab. Once you have enabled SSH, you may need to Reboot Router to have SSH access enabled. You can simply SSH to the device and setup the VLAN.

This guide assumes that you will use Ports 2 – 4 on the device for IPTV and no other purpose, and Port 1 for your computer (or switch.) We will setup IPTV on VLAN3 on the device. Keep in mind that the ports on the router are device backwards (eg. Port 1 on the back of the device is Port 4 in DD-WRT) as illustrated below.

Physical 1 2 3 4
Virtual 4 3 2 1

In SSH on the device, enter the following commands

nvram set vlan3ports="1 2 3 8*"
nvram set vlan1ports="4 8*"
nvram commit

Once you have completed these steps, you can navigate to the VLANs tab (located under the Setup tab) and setup your VLAN as follows:

Check the Tagged marks for 1-3 at the bottom of the selection and uncheck ports 1-3 on VLAN1 and check them on VLAN3. Your VLAN configuration screen should look somewhat similar to the one shown below after completion.

Ports are listed backwards; Port 4 on VLAN1 is really Port 1 on your device.

Once you have completed the VLANs configuration as listed above (or similar) select the Save button and navigate to the Networking tab (located under Setup tab.) You are now ready to assign an IP address for the device to this new VLAN you have configured.

On the Network Configuration vlan3 select the Unbridged radio button, enable Multicast Forwarding and Masquerade / NAT options for the VLAN. Enter IP address 192.168.3.1 and Subnet mask 255.255.255.0, once you have completed these steps select the Save button.

Now it is time to setup your DHCP server for the new VLAN you have created. This enables devices to get an IP address on the VLAN, and to communicate with the rest of the network. Simply select the Add button under the DHCPD subheading. Select VLAN3 from the newly created DHCP 0 instance. Then select the Save button to complete the DHCP creation.

Now you are ready to restart your device, navigate over to the Administration tab and select Reboot Router at the bottom of the screen. Once your device has rebooted, if you have followed all the steps listed you should have a separate VLAN on Port 2-4 for your IPTV devices and Port 1 for your computer.

At this point, it would probably be advisable to restart all your IPTV devices in your household by unplugging them from the power and plugging them back in. You may want to test the IPTV ports on your device by plugging a computer into them, and making sure that they are allocated an IP address from 192.168.3.0/24.

3 Comments.

  1. Why not just put a switch in front of the router and Telus will give IP's for all the TV boxes?

    I have all my IPTV units in front and two routers and get IP's for them all. I only want to have the stream for the XBOX behind the firewall, but haven't tested that yet – so I can use MC or such for video streaming, etc.

    It just seems like a lot of work and security loss (Loss of SPI) to have it work. If you have SPI on with one device thug, you need to allow multicast packets though.

    • You're free how to do it how you like. I don't really see SPI as much of a security benefit, but that's just me 🙂

      I don't think I would want all my IPTV devices naked on the internet without any sort of protection, but that's just me (and it breaks the PVR from working with your other devices.)

  2. Oops, though. 🙂