@AtlanticRebel I'm using your method using my linksys router instead of pfsense, however I can't communicate with the Actiontec on the vlan I've assigned it to.As of recently, you NEED the Actiontec. They are now using what's called DRIPE, which Tomato will not do. People have been having major issues trying to eliminate the Actiontec completely, my solution still works perfectly, allows me to bypass the Actiontec for my internet as well.
This is how I'm doing it: http://www.digitalhome.ca/forum/showpost.php?p=1575129&postcount=93
[[B]ONT[/B]]-->[[B]vlan switch[/B]]--vlan35-->[[B]linux router/fw[/B]]-->[[B]LAN switch 2[/B]]-->[[B]PCs[/B]] -->[[B]vlan switch[/B]]--vlan34-->[[B]Actiontec[/B]]-->[[B]2 STBs[/B]]