Wired COMCAST Network
This document provides special considerations to access the Internet via Comcasts.  Our network consists of a MODEM (connection to ComCast), a router (connection to MODEM), and a switch (connection to our company network).

DEFINITIONS

- ComCast provider of digital cable and Internet Service Provider (ISP).  ComCast dynamically assigns an IP address to your connection.  The following information was give to ComCast to set up the Account
  •  Comcast Account #
  •  MODEM MAC address
  •  MODEM Serial #
  •  MODEM Model #

- DHCP SERVER – dynamically assigns IP addresses to Network Interface Connections (NIC).  Since we assign different Internet privileges to each computer we must permanently assigned IP addresses.

- MODEM - connects to cable and converts signals to an Ethernet or USB protocols.  The following is the unit which we use.
  •  Brand: Motorola SB5100 (a.k.a. SURFboard Cable Model).
  •  P/N: 500887-025-00
  •  HFC MAC ID: 
  •  USB CPE MAC ID: 
  •  Customer S/N: 
  •  Product S/N: 

- ROUTER – manages the TCP/IP protocols on the Ethernet. 
  •  Brand: 3Com OfficeConnect 4Port Cable/DSL
  •  Description: 4 port 10/100 LAN Switch, plus Ethernet WAN port for connecting to broadband modem.
  •  P/N: 3C857
  •  MAC ID:     
  •  S/N:    

- MAC Address – Media Access Control address hard coded into the network interface controller.

- NAT – is network address translation which allows multiple computers to share a single IP address by means of port multiplexing.

- FIREWALL – limits the ports and IP addresses that may access the Internet.  We use a combination of “stateful” (hardware implemented) and “software” (program implemented) blocks.

GENERAL SETUP

•  ComCast runs cable to wall plate.
•  Run coax from ComCast Self-Install kit (HSIK 002) to MODEM.
•  Run Cat 5 cable from MODEM to Router (provided with Router).
•  Run Cat 5 cable from Router to Server (use cable supplied with MODEM).
•  Run Cat 5 CROSS-OVER cable from Router to Switch.

- Comcast

The setup of Comcast was FAR from user friendly.  Comcast provides NO instructions and Router (3Com) documentations was WRONG.  We learner the following by calling their offices.

  1)  Connect the MODEM with cable connected to Comcast directly to a computer through the NIC.
  2)  Call Comcast and give them the information listed above under definitions.
  3)  Comcast activates service to the ONE computer by swapping MAC addresses of the MODEM with that in
       the computer.
  4)  Record the computer’s MAC address (use winicfgip on 9x’s or CMD/ipconfig on the XP’s). 
       It is necessary for setting up the Router/Gateway.

- Router/Gateway

  1) Launch Server Browser and connect to Gateway by typing in URL: http//192.168.1.1
  2) Login using default password admin.  Change password.
  3) Wizard should launch, but if it fails, select Wizard tab and click on Wizard button.
  4) Wizard recommends most parameters.  Some must be provided by ComCast when you setup account.
  5) When DHCP Server Settings page is displayed, make sure Enable the DHCP Server with the following settings option is NOT selected.
  6) ComCast dynamically assigns IP addresses.  Set it up in the Router as follows:
Click for computer hardware support
Click to return to the home page
Click for information on digital photography and graphics support
Click to get the most from the Internet
Click for support on maintaining a SOHO Network
Click for software support information
-Move to Bindings TAB.  Check marks in front of

           Client for Microsoft Networks
           File and Printer Sharing for Microsoft Networks
  7) Select Dynamic IP Address (automatically loaded) in the IP Allocation field.
  8) Enter the Primary DNS and Secondary DNS address (none provided by Comcast. Leave blank)
  9) Enter the Host Name (none provided by Comcast. Leave blank).
  10) Enter the MAC Address of the computer upon which the Comcast connection was initially established. 
       When you register with Comcast, they ask for the MODEM MAC, but Comcast switches the registration to
       use the computer’s MAC (nowhere are you told this).
  11) Click on Apply.

- User Computers

  1) Assign all computers A PERMANENT IP Address as follows.
      • Network ID: 192.168.xxx, xxx is 2 through 254
      • Subnet Mask on all systems: 255.255.255.0

  2) Setup the computers with Internet Access to use the Gateway.
      • For Win 9X:
        - Click on Settings, Control Panel, Network. 
        - Highlight the TCP/IP->NIC and click on Properties. 
        - Select Gateway TAB and enter 192.168.1.1.
        - Select DNS TAB: enter 192.168.1.1 as Server and the name of your 'workgroup' as HOST.

     • For Win XP:
       - Click on Settings, Control Panel, Network Connections
       - Right click on Local Area Network and select Properties. 
       - Highlight Internet Protocol (TCP/IP) and click on Properties. 
       - Enter 192.168.1.1 in Default Gateway.
       - Enter 192.168.1.1 as Preferred DNS Server.

  3) Setup Internet Browser to use Network
      • Right click on the Browser Icon and select Properties
      • Select the Connections TAB
      • Under the little window with the dial-up connections, select the bullet – Never Dial a Connection or
        Dial whenever a network connection is not present.

  4) E-mail Client Outlook Express shares Internet Connection options with Internet Browser. 
      It is not necessary to change these settings once the Browser is setup.

STATEFUL FIREWALL (Router)

On the main frame of the Firewall Setup screen is a menu with four tabs: Virtual Servers, Special Applications, PC Privileges, and Security. We use only the PC Privileges section. Select the PC Privileges to activate the setup screen.

Access to the Internet can be controlled on a computer-by-computer basis. In the default configuration the gateway permits unlimited access to all computers on the Network to the Internet. We assign different rights to each computer.
- Our first task is to BLOCK access to all IP addresses except those to which we give access privileges.

  1) Select PCs access authorized services only
  2) Select All PCs to setup access rights to PCs connected through the Gateway.
  3) Leave ALL boxes unchecked as shown below.  Then change Block or Allow other services to Block.
  4) Click on Modify to save the settings..
- Our next task is to authorize access by IP address.  Repeat the following for every computer that may access the Internet.

  1) Back on the PC Setting Screen click on New button.
  2) Enter the last digits of the PC’s IP address in the PC Address Text Box.
  3) Select authorized services by checking the boxes -- eMail, Web, FTP -- as shown below. 
      Then change Block or Allow other services to Block.
  4) In the except (specify ports) box enter 443.
  5) Click Add to save the settings.

Two computers, Customer Service and Accounting, require SPECIAL access due to their use of E-COM EDI. Authorize access by IP address  for these TWO computers as follows:

  1) Back on the PC Setting Screen click on New button.
  2) Enter the last digits of the PC’s IP address in the PC Address Text Box.
  3) Select authorized services by checking the boxes -- eMail, Web, FTP -- as shown below. 
      Then change Block or Allow other services to Block.
  4) In the except (specify ports) box enter 443, 1414.
  5) Click Add to save the settings.

INTERNET SERVICES

We use ComCast only as a High-Speed ISP.  Our Hosting company, FATCOW, provides Internet Services, such as e-mail and WEB Page management.

- E-Mail Servers

  • POP3: Get from you e-mail administrator
  • SMTP: SMTP.comcast.net

SUPPORTING DOCUMENTATION

  • ComCast:
  • MODEM:
  • ROUTER: Knowledge Base , Diagnostic Software