dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
14724
share rss forum feed

lookingood

join:2005-11-15
Milpitas, CA

Can the SMCD3G-CCR function as Cable Mode only?

We have a SMCD3G-CCR DOCSIS 3.0 Commercial Cable Modem Gateway with our Comcast Business Internet Service.
We use our own Firewall Router on DMZ of this SMCD3G-CCR, because we have much more granular control of the firewall rules.
We do not have a WAN static IP address and don't need it.

So currently, the SMCD3G-CCR is assigned a Comcast dynamic WAN ip address.
The SMCD3G-CCR assigns a LAN ip address to our Firewall Router.
It works.

I am wondering if ...
It is possible for our Firewall Router to be assigned that Comcast dynamic WAN ip address?
If the SMCD3G-CCR can be the WAN dhcp client, so can our Firewall Router.
In other words, can the SMCD3G-CCR function simply as a Cable Modem and let our Firewall Router do the rest?

noisefloor

join:2010-05-09
It can, only via hidden telnet command. But...Comcast will not enable it for you. The best thing to do is ask them to bring you a regular cable modem to swap out your D3G with. That's what I recommend.


espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN
kudos:2
reply to lookingood
said by lookingood:

In other words, can the SMCD3G-CCR function simply as a Cable Modem and let our Firewall Router do the rest?

If you sign up for the static IP option they assign a public address netblock to the LAN interface of the SMC, so you can put a public IP on your firewall and disable all FW functions on the SMC gateway.


joako
Premium
join:2000-09-07
/dev/null
kudos:6
said by espaeth:

said by lookingood:

In other words, can the SMCD3G-CCR function simply as a Cable Modem and let our Firewall Router do the rest?

If you sign up for the static IP option they assign a public address netblock to the LAN interface of the SMC, so you can put a public IP on your firewall and disable all FW functions on the SMC gateway.

The OP clearly stated they do not need a static IP address. And there's no reason to pay extra for an un-needed service when 1) the SMC is perfectly capable of being bridged (if Comcast gave you the password) and 2) there's no technical reason why Comcast couldn't stop being Nazis about it and just give customers the damn regular modem that they want.

You can try to get the older SMC gateway, and then you can telnet into it yourself and set it to bridge mode. How you would go about getting it, is beyond me. But it won't be DOCSIS 3. Make sure you disable remote management, and pray they don't push a firmware update that re-enables NAT.

Otherwise, there's no sanctioned way to get a bridge device. The installer won't leave you one no matter how much you beg, the tech support won't arrange for one to be installed, threaten to cancel and they will not care. Even if you were to continue paying the monthly rental charge, buy your own modem (and even agree to return it like a rented modem) Comcast tech support will not provision it.

What someone @ Comcast tech support suggested to me is take the SMC to the local Comcast center. They aren't supposed to have any SMCs there. Tell them that your internet is down because the modem stopped working. Beg them to give you a cable modem and tell them you will call tech support later to get it swapped for the correct modem, but that you need a modem NOW because you can not be without internet.
--
PRescott7-2097


espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN
kudos:2
said by joako:

The OP clearly stated they do not need a static IP address. And there's no reason to pay extra for an un-needed service when 1) the SMC is perfectly capable of being bridged (if Comcast gave you the password) and 2) there's no technical reason why Comcast couldn't stop being Nazis about it and just give customers the damn regular modem that they want.

I asked this question of our Comcast account team the last meeting we had with them. They stated that they were deploying the SMC on business accounts specifically because it gives them enhanced remote diagnostic capabilities over the standard DOCSIS modems. The business group was able to negotiate extended dispatch windows and expedited dispatch by performing initial troubleshooting via the SMC to verify things like customer-side connectivity. The idea is that the techs agreed to the extended windows as long as the tier 2 support folks do the background work to try and make sure dispatches don't happen for non-line related problems.

When you put the SMC into straight bridging mode, it still takes a DOCSIS profile from the CMTS but you cut off the remote diagnostics. Obviously a standard able modem won't have that functionality either.

Granted this is coming from an account team, so take it with a grain of salt, but it's the most plausible explanation I've heard on the subject to date.


joako
Premium
join:2000-09-07
/dev/null
kudos:6
So very simple, make the customer sign a waiver that states they will not dispatch after 5pm if they got a regular cable modem. This will allow the clueless end users who "handle their own IT" to get their extended dispatch, and allow the people who run real networks to have them working properly.

Or setup your network to assign the SMC an IP address, and bridge the 2nd to the customer. Sure it "costs" you IP address, but I could care less about your extended dispatch and network management strategies. Just assign my router an IP address, that's all I need.

As it stands I bridged the DOCSIS 2.0 SMC anyways. I could care less if your network management works, if it means my VPN doesn't work.

Or better yet offer a real "business class" service like every T1 provider in this country and just give the customer a block of 5+ static IP addresses included in the service price. You get your IP for your modem shenanigans and my device gets the IP it needs. But no, Comcast chooses to be greedy and ignore the customer's basic needs.
--
PRescott7-2097


espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN
kudos:2
said by joako:

So very simple, make the customer sign a waiver that states they will not dispatch after 5pm if they got a regular cable modem.

It's far, far easier to just enforce installation of the SMCs than to try and manage your support / dispatch system to account for one-offs like that.

It comes down to dollars and cents; there is no financial incentive to cater to the people who insist they know how to run the company better than the folks who actually do.


joako
Premium
join:2000-09-07
/dev/null
kudos:6
I never suggested I know how to manage your company better than you do. But it goes both ways, you don't know how my network is best managed, and therefore such a basic & reasonable request shouldn't be declined.

I had to bridge the SMC to make it work with my network. When I would plug in the default SMC to the existing router, the domain name used by the VPN clients became a private (10.x.x.x) IP address.

This site doesn't have but 1 phone line: for the alarm, fax & PBX backup just in case the VoIP goes down. Primary phone connection is VoIP. The PBX needs to know it's external IP address so that it can properly work with NAT. This again would not work with Comcast's SMC. But we have an AT&T DSL line for the VoIP, and do to your SMC don't intend to switch it to Comcast. If we did switch it to Comcast we would probably order a residential service, to avoid your SMC shenanigans.
--
PRescott7-2097


espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN
kudos:2
To be clear, I don't work for Comcast -- we're just a large enterprise customer with several thousand work at home agents so we have a pretty good account team.

That said, the technical issue you present is easily addressed by getting static IP assignments. Even if you don't need a fixed address, you need to know what your WAN IP will be and because the netblock gets assigned to the LAN interface, all of your gear can be addressed using known public IPs. That's why I made the comment I did -- there is a clear option that addresses your problem, only it isn't implemented in the way you think it should be.