Researching on the interwebs on the topic of setting up a custom router (non-maxis issued) with the Maxis fibre service yields several guides (yup in 2021 still outdated, a networking manufacturer’s guide whom shall not be named) that are outdated, inaccurate, or ambiguous and has long forum threads (ಠ_ಠ yes..that forum with the kopitiam) lacking on all the key details.
Since 2016, this post has been updated several times, the original post is archived at the end of this page. This post is written implicitly with the sole purpose for shedding light on key required information for custom router configurations and I will highlight the following point as many that come across this post fail to understand:
** THIS IS NOT a-step-by-step / how-to guide / tutorial **
The following information provided in good faith that the reader already has the required minimum level of knowledge on how to configure his/her own networking equipment, lacking only in a few key details (which Maxis does not normally disclose for ‘obvious’ and ‘less’ reasons).
I will NOT provide that knowledge. I also reserve the right to not answer / provide support requests to issues pertaining the usage of the key information provided (especially in cases relating to basic issues but not limited to this).
Should the reader of this post find him/herself having no clue what to do with the information below, this post is not intended for you, please seek help from a friend, family member or a trained professional qualified to handle networking equipment.
Custom router requirements
A capable router / managed switch with IEEE 802.1Q / VLAN tagging;
Both on in-hardware and in-software device support is required.
Requirements: the above quote.
Most consumer routers that is adverstised as ‘unifi/maxis/time fiber compatible’ is already doing VLAN tagging, as most/if not all of the Malaysian fiber ISPs are using vlans for their networks.
The capabilities of these devices are limited by the firmware provided by the equipment manufacturer. Most of the home/consumer routers would be able to configure common defaults like
vlan 621 that provides the internet service. However these routers are often limited in flexibility to configure custom VLAN bridging for the full spectrum of other services that comes with the fiber internet service; ie. IPTV, VoIP etc. and that the configuration will vary across the ISPs.
As such, commercial/business class ‘managed switches/routers’ (eg. mikrotik, ubiquiti); or the use of opensource firmware (eg. openWRT, ddWRT, tomato,* etc) for capable consumer routers that provides the full flexibility in the configuring advanced networking features are HIGHLY recommended to properly configure vlan trunking/tagging/bridging.
The key essentials:
##For Maxis Fibre on TM (HSBB) Infrastructure VLAN VID `621` #for internet (PPPoE) `822` #for VoIP/SIP `821` #for TM management network (Maxis Fibre using TM infrastucture) `823` #for Broadband TV/IPTV service ##For Maxis Fibre on Maxis Infrastructure VLAN VID `11` #for internet (PPPoE) `14` #for VoIP/SIP `6` #for Maxis management network (Maxis's own fibre infrascructure) `17` #for Broadband TV/IPTV service
EDIT (March 2021):
Please see new section below Privacy and Security Notes for the information on VLANs
6 for “Management network” as mentioned in the key essentials above
Fast forward to 2018, the key essentials above is an open secret as it is all in plain view on the main web administration page of the stock Maxis issued Archer C5v. Back in 2016, I had to ask my network engineer contact at Maxis for all this information as it was not user accessable in the older hardware, and embeded in the routers’ firmware / configuration.
Below: Screenshot from my Maxis issued Archer C5v for Maxis Fibre on TM (HSBB) Infrastructure
Below: Screenshot courtesy of Afifi of his Archer C5v for Maxis Fibre on Maxis’s own infrastruture
Privacy & Security Notes
It should be noted that Maxis issued routers are configured by default for remote acesss using the TR-069 protocol over VLANs
6 listed above. The protocol enables Maxis’ technicians to remotely access the router for autoconfiguration etc (see Wikipedia for further reading). This feature can be potentially abused as the feature can behave like a backdoor, allowing silent full access to the router and network; ie. router reconfigured maliciously, connected devices traffic and wireless signals in proximity to the router monitored.
If you do NOT want/intend to have Maxis’ technicians to remotely reconfigure/have ability to remotely control your Maxis issued router OR are just privacy minded/values a-more-secure-no-backdoor network, VLANs
6 should NOT be enabled/forwarded to the Maxis issued router. (With that being said, with it disabled, Maxis cannot remotely mess with that router and at the same time: cannot remotely help you reconfigure it should you screw it up. You have been warned, use your own judgement and caution when considering this course of action)
Should you take the step of not using / disabling / blocking VLANs
6; You might want to also dig through the Maxis issued routers’ configuration using the root administrator (please dont ask me for the username and password; search for it) looking for the TR-069 option to also disable that for safe measure. You might also want to block network access to IP(s) and domain relating to the server at
acs069.maxis.com.my (ACS as in automatic configuration server in TR-069 protocol terminology).
Post change log
March 2021 - Privacy/security notes on TR-069, VLAN 821,6 Oct 2020 - Post rewised April 2020 - Post reorder; addition of disclaimer, requirements, etc. Jan 2019 - Key essentials updated w/ screenshot of Archer C5v configured for Maxis Fiber on Maxis's own fibre infrastructure. Oct 2018 - Maxis issued router TP-Link Archer C5v; vlan config details, key essentials updated. Jan 2018 - Post reorder. June 2017 - Voip section was edited for clarity/simplification. Dec 2016 - Original post.
Original post below (no longer accurate); preserved for historical reference; Please refer to the above for proper updated (key essential) list of VLANs to be used and its application notes and security/privacy implications
Long story short, I managed to get Maxis Fibre working with my custom router with VoIP after getting some unofficial help from a friend at Maxis. So, this is a shoutout to that person: Many thanks!
I used the Asus RT-AC66U router running the Tomato firmware (v1.28.0510.6 MIPSR2Toastman-RT-AC K26AC USB VPN) for the Maxis fibre (FTTH) service in a TM/Unifi (HSBB) area.
The details: Here’s how it connects physically, the ethernet connection out of LAN2 (standard for UniFi/HSBB configured networks) from the optical network termination, (ONT), aka fibre modem, eg. Huawei EchoLife HG8240w; connects to the WAN port of the custom router. The custom router handles the Internet connection via PPPoE using Maxis provided username and password.
(optional) Should you want to use the VoIP service provided, tagging traffic on a LAN port (of your choosing) and the WAN port on your router with vlan id 821, 822. This allows the VoIP traffic to pass between LAN port and the WAN port, and no where else. I used the Maxis issued Technicolor TG784nv3 router to handle the VoIP connection. The Maxis router’s WAN is plugged into the designated LAN that you have chosen. No additional configuration is needed in the part of the Maxis issued router, the modem as configured by the service technician will work fine.
Notes: Screenshot above, in this older version of tomato, there is a minor bug: the ethernet ports on the VLAN page is numbered in reverse in firmware from the physical markings on the router. (eg. plugged physical ethernet cable into LAN4 port on the router, configure for the LAN1 port on the VLAN page as in image above). Newer subsequent version of Tomato based router firmware has this issue fixed.
PS: I’ve upgraded from the tomato router to an EdgeRouter X, perhaps I’ll post an updated config for the ERX for maxis in a future post.