I keep having an issue when I try to expand the range of the DHCP server..
When I set it to go above 199, I get a -Invalid value for VPN IP. VPN IP Range Cannot Overlap DHCP IP Range- error message.
Obviously, I need to adjust the VPN range, but the cusadmin default customer login doesn't allow me to do this..
So, I am assuming I need Full Admin access...
This is what I have according to my Comcast account:
Any assistance would be most appreciated.
Hi Michale32086. That IP Range defaults to X.X.X.200 thru X.X.X.229. While LAN IP Address in the 200 thru 254 change can be manually assigned, I will have our Support Team take a look at your gateway as that function is set on the LAN side which is available to the customer.
Thanx for the reply, John...
I have a rather unique setup where I need the DHCP to assign IPs from 192.168.1.80 thru 192.168.1.240...
Appreciate your assistance.
Just a follow up on this..
I see that Comcast has gone in and given me VPN access and that is great. Very much appreciated..
But what I was hoping for was to get 'mso' access to my gateway so I can make the changes myself as needed..
I realize that such a request is not to be taken lightly, but I have a very unique setup here that doesn't fit into the standard templates that Comcast may use..
I think the standard modems/gateways that Comcast provides can handle the most common installations, but a highly customized environment like yours might be easier to configure if you had a separate modem and router. Depending on whether or not you have static IPs, you can either get your own bridge modem and router, or place the Comcast supplied equipment in "static IP mode" and add your own router. In either case, you would have complete control over the DHCP configuration.
Thanx for the reply.
Actually, your idea is EXACTLY what I have in mind..
Here is a topography map of what I want to do...
I spent all last week with a tech friend trying to set up VLANs to accomplish that, but we could not get the .30.xxx/.40.xxx VLANs to talk to the 'Net thru the 192.168.1.1 SMC Gateway. I have a feeling it might be a limitation of the SMC Gateway. Which is why I wanted to get full MSO access to the SMC...
I have since learned that such access is not available to the customer, which is kinda a pisser, but I understand the reasoning behind that..
If you have any suggestions or tips to accomplish what I want to do, I would be most appreciative..
Barring a break thru, my alternative is to basically just set up a second COMCAST account and run the LANs as two completely separate accounts. I really can't afford that, but I can less afford the status quo as it is right now.
Thanx for the reply...
As far as the "status quo" that is mentioned above, here is what it looks like now:
As you can well imagine, it's a security nightmare, never minding the complete lack of coherent traffic routing..
Looks like a fun project!
I really think you would benefit from running a more robust router in place of the standard comcast smc/netgear. Many routers will allow you to place router ports into differenet subnets, and then define rules on what can pass between the subnets.
Your initial design could be easily supported by putting the .30 on one router port(s) and the .40 on another router port (s). I think you definitely want to keep the Shop LAN firewalled off from the Hotspot LAN. Your publicly accessible devices would be in a "DMZ".
I am partial to Sonicwall routers because they are relatively cheap and easy to setup and manage for not geeks, but Juniper, Cisco, and others also make nice equipment.
Thanx for the info. Very much appreciated.
But I was wondering something.
Do you think that my issues with the .40.xxx and .30.xxx VLANs not talking to the SMC .1.1 Gateway is related to SMC Gateway Settings??
I set up the VLANs thru the RV082 Router, but they just can't get past the SMC.. I am wondering if I need to get with Comcast Tech Support and have them set up some Static IPs..
I am always wary of phoning in to Tech Support. While I don't consider myself a Networking Super-Guru, I am definitely not of the "OK, now turn your router off for 30 seconds" group... It takes me an hour to get to a tech who is high enough up on the food chain to help me with my unique and some-what high end issue..
Is there a way to contact THAT kind of tech support thru Comcast directly??
Maybe Comcast_John can field that one.
You gave me an idea...
What if I were to set up a Linux box to act as a firewall for the entire WiFi Grid.. I would then hook THAT box directly to the SMC Gateway and set it as the DMZ.. That would have the effect of separating it from the Shop LAN and SHOULD make it easier to facilitate the connection to the Net...
The only issue I can see is would I be able to set the Linux Box and the WiFi grid for any subnet I choose??
I am afrad that my knowledge of the SMC is lacking (i.e. 0). It is possible that you may be able to coax it into doing what you want. Maybe someone who knows that device will chime in.
I have never been happy with any ISP provided equipment. I always dump it in to bridge mode and supply my own router.
Your linux box idea is interesting. It would depend on what the DMZ capabilities of the SMC are. This might be a good spot for a RaspberryPi.