When I was living in the dorm at INSA Lyon, the only Ethernet network provider was Quantic Telecom. They have banned the use of routers: if you have a router connected, they prevent you from logging into your account and prompt you to configure the router to bridge or access point mode, essentially downgrading the router to a network switch.

Usually, this doesn’t affect the use of the Internet, but if you want to have more online privacy, install some IoT devices, or in my case, create a home lab, it becomes a problem because we can’t fix static IPs. However, I found a very simple way to bypass this restriction.

Warning

Please read and follow your ISP’s Terms of Use. In my case, sharing account or excessive network traffic is strictly prohibited, while nothing was mentioned for routers.

How to bypass the router ban

  • Get the MAC address of the Ethernet port of your computer
  • Reset your router and configure it as a normal router (plug the network cable in WAN port, setup passwords and DHCP etc.)
  • Change the MAC address of the WAN port to the Ethernet port of your computer
  • Usually the router will tell you to reboot, and voilĂ ! Now you can access the router’s admin page with its inner IP address, and set up your network as you wish

How did I find this bypass

For a while, I plugged the Ethernet cable directly to my desktop computer. I used it to create hotspot for my phone, and everything works. Later I learned that a hotspot uses a virtual router that have the same functionalities of the real one, but somehow my ISP was able to detect my router but not my PC hotspot. Turns out it is way easier than I thought: ISPs can look up the MAC address of a connected port, which contains information about the vendor and possibly the model of the device. Realizing this, I found the widely used method of MAC spoofing with a quick search.

Why are the routers banned

This is just my speculation, but I think ISPs ban routers to prevent account sharing, which directly affects their revenue. When using a router, all packets are sent and received through the same device. On the other hand, if the router is configured in bridge or access point mode, all routing is done on the ISP’s router, meaning they can easily get the number of connected devices and of course, the MAC addresses of those devices, so that they can take action if they suspect an account is being shared.

Can they find out if I do this?

Yes. There are more ways to identify connected devices: they can fingerprint your packets, and they can get information about your device through their login page. So please, DO NOT violate the Terms of Use of your ISP or you may be penalized.