Semi-related: once some hardware arrives, I should be able to finish finding a way to rip the 802.1x certs off of the 5286AC so we can use our own routers, or at least put these things into a proper bridged mode.
https://spun.io/2018/03/18/getting-into-the-pace-5268ac-rout...
You can bypass these routers with an 801.1x MitM attack. You basically put it behind your Linux router and bridge only the EAPoL frames, then do DHCP from your own router.
I posted some details about this on DSLReports[1].
I have been using this method with AT&T GigaPower fiber in Austin, TX for two years and it's been totally stable and free of problems.
That said, I'd love to be able to extract the cert and not have to do this.
1. https://www.dslreports.com/forum/r30708210-AT-T-Residential-...
https://github.com/jaysoffian/eap_proxy
(And thanks for discovering that bypass!)