EDIT: Nevermind, I have (bonded) VDSL running through a 5268AC so I don't think I'll be able to do it. If it was "normal" Ethernet it would be possible.
Theoretically, it should be possible for vdsl too. If you can find something to do bonded vdsl in real bridge mode, you could probably hook up the 5268ac to that with the Ethernet want port, and if that works, you could proxy the 802.1x auth there too.
How much bandwidth do you lose? I have AT&T fiber and I want as close to 1Gb as I can. Someone else else I saw online did something similar with an EdgeRouter and he lost a ton of speed.
So there are two ways to add your own equipment. I don't know what method the person you're talking about used.
The first you can put the modem in 'DMZ Plus' mode which is the closest you'll get to a bridge mode. This is where you'll lose bandwidth but it's easier to set up.
The second, which I recommend, is to connect your router to the ONT directly, and use their modem as a client on your network. You have to set up some rules to hook up the 802.1X traffic but otherwise the att modem is no longer in the picture. I haven't lost any bandwidth and I can't imagine that att's provided cheapo box would be faster than an EdgeRouter.
The DMZ Plus mode doesn't really kill much bandwidth. I get pretty close to 1 Gbit through it. Maybe 960-980 Mbit. Good enough for me. The real problem with the DMZ Plus mode is that it basically sets up a NAT to your router and the state table of the modem is somewhat limited. I've never had any problems but supposedly it might choke if you have tons of open connections.
DMZ plus mode is now where near bringing your own hardware and plugging it into the ONT. Everything still has to go through the AT&T gateway.
Comcast will let you bring your own modem and plug it into the coaxial. I've heard google fiber will let your bring your own stuff.
DMZ plus is much different than setting up an EdgeRouter to forward the authentication to the gateway. You are in much more control of your network if you don't use DMZ plus.
Wait, why? I never understood why people with ultrafast connections care so much about this. It's not like you are doing anything that remotely uses 100% of that speed most of the time.
If I had even close to a 1Gb symmetric link I wouldn't care too much if I lost a couple megabits here or there (especially in the name of security or privacy). If I had a 30mbit link that only had 1mbit uplink I'd be upset not to use the whole tube but complaining about 980mbits vs 1000 is just a waste of time.
Simply for the fact that I pay for 1Gb symmetrical and I want the speed which is closer to something like 930mbits. If a lose a hundred or more just to use my own hardware then I'm going to be upset.
I'll do some tests myself. To see what the bandwidth lose is once I get an EdgeRouter.
But why would you need a custom modem for it to work? Can't you use a different modem and just get them to give you xDSL credentials? Login and password, enter VPI/VCI and plug it into the telephone line..? What is the "802.1X auth"?
No, you can't. It doesn't use a username/password for authentication, it uses a protocol known as 802.1X, which uses certificates (and the associated private key) that's stored on the device.
I have my EdgeRouter performing this function currently.