I must preface this by saying that networking is hard, so no-one should feel badly about their abilities if you find this process challenging.
While adding a router into a network, even a home network, might seem like an easy thing, there are many details that often get overlooked. It is these gaps that result in internet speed issues, connectivity problems, and even getting hacked. The nature of networking, wireless, and security is also evolving and changing quickly, making it altogether more difficult.
If you are unfamiliar with IP addresses, the difference between public and private IP addresses (more generally, WAN vs LAN), DHCP, the difference between http and https , and/or firewalls, then I highly recommend you hire someone to help you with this part of the project. And, before you ask – no, Comcast will not help you with this, except to disable the wireless on their device and put it into bridged mode. Everything on your router is up to you, or whomever you hire.
If you still want to try this on your own, then, by all means, feel free to follow the basic steps that follow. Do keep in mind that this post is a basic overview, so you must be able to interpret some of these steps in a manner that is consistent with the particular equipment you are using.
Basic Connectivity
Generally, the basic setup is that your Comcast coax cable gets screwed into the F-Type connector on the DOCSIS modem. Unless you’re forced to rent this, the far cheaper, and more secure, option is to buy your own (new) modem.
If there’s only one Ethernet port on the modem you purchased, then that will be your connection between the modem and the WAN port on your router. If not, be sure that you are patching between the WAN port on yoru router and one of the LAN ports on the modem.
Now, you’ll use either wireless or (preferably) an ethernet cable to connect your computer (or tablet or phone) to one of the LAN ports on your router. Don’t connect the router to the modem until you have changed the defaults on your router.
Last, but not least, is location. If this router is going to provide the wireless for your apartment or home, then you must be sure that it is located somewhere that ensures a good strong signal everywhere you plan to use it. Otherwise, you may need to consider adding in another wireless access point. Remember that the Ethernet cable that connects your router to the modem can be up to 100 meters long, so you have lots of flexibility in the placement of the router relative to the location of the modem.
Setup
This is where all the magic happens.
- Plug in and power on the router.
- Connect to the router from your phone or tablet, either via wireless or (preferably) via an Ethernet cable.
- Find the default IP address of the router, either from documentation, or by looking at the IP information on your device.
- Using a browser, login to your router and immediately change the default username and/or password (sometimes you can only change the password).
- If you know how to do so, feel free to change the IP address ranges of the LAN, or just leave them as they are.
- Change the Wireless SSID and Passwords for both the 2.4 and 5GHz Frequencies.
- If there are guest wireless networks enabled by default, either change them, or disable them to meet your needs.
- Check to see what IP address the WAN Port of your router obtained. If it’s in one of the private IP address ranges (like 10.1.10.x or 192.168.100.x), then you’ll need to log into the modem and make changes.
- Now you can connect your router’s WAN port to the LAN port on the DOCSIS modem.
- Login to the modem via the Gateway IP address obtained by the WAN Port on your router, or using the default IP address for your model, which should be in the documentation, or even a label on the modem.
- Immediately change the default username and/or password (sometimes you can only change the password).
- If there’s any wireless on the modem, turn it off – all of it. Find both the 2.4GHz and 5GHz frequencies and disable both of them. If this is a Comcast owned/leased modem, call them and ask them to turn all wireless off, because you will only be able to disable the LAN side wireless, but not the wireless they provide, for free, to everyone (called Xfinity) via the internet connection you are paying for.
- Now, disable DHCP on the LAN.
- Finally, set the modem into Fully Bridged mode (this is a made up term by Comcast – everyone else calls it bridged mode, but Comcast modems have both a “Bridged” mode, which really isn’t bridged, and “Fully Bridged” which really is bridged.
- Save and apply the changes as necessary.
- Check your router. You may need to renew the DHCP lease on the WAN interface.
- Confirm that it is receiving a public IP address. If it’s not, you’ll need to double check the router and make sure that it’s in bridged mode and start troubleshooting.
- Change the WAN DNS servers to something that’s not on Comcast servers – there are lots of reasons for this, just, seriously, do it. The easiest two to remember are Google’s free public DNS servers, 8.8.8.8 and 8.8.4.4.
- Confirm that you have full internet connectivity and check for and install firmware updates for your router.
- If you feel it necessary, add in a static route to allow you to manage the modem, but make sure you can also add a security policy on the router’s firewall that restricts that access, especially since the Comcast modems do NOT protect you against hacking that’s initiated from inside your network (including malware/virus infections, phishing, neighbors or guests (wanted or otherwise) connecting on wireless, fake technical support, and so on).
- Last but not least, never reset the Comcast modem to factory defaults – no matter what the Comcast tech support says, as this will wipe out the changes you’ve already made. At most, you might need to reboot the modem and/or router (better routers will almost never have to be rebooted, except when their firmware is being upgraded).
Good Luck!
In a nutshell, the steps above will allow get you up and running. Keep in mind that there are a lot of DOCSIS modems out there, and a LOT of routers out there. Each of them is different, so you’ll need to interpret the steps above to conform to your specific equipment and software.
Also, the steps above will NOT work with the Comcast static IP addresses. That’s a whole different bag of tricks. If you have Static IP addresses from Comcast you really should be hiring an IT professional who is well versed in networks and has Information Security expertise to help you.
And yes, ECLAT Tech is available to help with any and all of these needs.