Main Menu

How To Configure a Comcast Business Class Static IP Address

This tutorial explains how to configure a Comcast Business Class static IP address on a SMC8014 gateway and a Linksys WiFi router to enable remote access to network clients from the Internet. The SMC8014 gateway is configured for “bridge mode” by disabling the normal routing, firewall and DHCP functions. A static IP address is assigned to the Linksys router for Dynamic DNS (DDNS) services and remote Internet access to LAN clients.

Remote Internet Access Problem

I was helping a small business setup the Mobotix network cameras on a small network with the Comcast Business Class cable modem service and ran into a problem with Internet access to the cameras: the DDNS agent in the Linksys WRT router was showing the (“10 space”) non-routable private IP address! I logged into the DynDNS account saw the same private IP address listed in the Host Services table.

If this were DSL Internet service I would put the DSL modem into “Bridge Mode” to solve the problem. In simple terms, Bridge Mode is a Layer 2 network function that disables the DSL modem routing, firewall and DHCP services to transparently connect (bridge) the Linksys WiFi router to the Internet. Bridge mode means the Linksys WiFi router receives the dynamic public IP address assignment from the Internet Service Provider (ISP) instead of the DSL modem. The DDNS agent in the Linksys router can now update the DynDNS service with the public IP address. Remote Internet access will now work with the easy to remember DynDNS host name with port forwarding, e.g.

The Comcast Business Class Internet service uses an SMC8014 gateway, which is a small office/home office cable modem and router combo. Being a Layer 3 router, the SMC8014 does not support true Bridge Mode. Remote Internet access to the LAN network clients (cameras, computers, etc.) therefore requires subscribing to Comcast’s Static IP Service and disabling the various SMC8014 firewall and DHCP functions. Comcast Customer Support will remotely reconfigure the SMC8014 gateway for you when the Static IP is activated. This particular SMC8014 is older, circa 2007, and has only basic router and firewall features with known bugs, so disabling these functions isn’t a major concern.

How To Configure a Comcast Business Class Static IP Address

I called Comcast and upgraded the Internet subscription by adding one (1) static IP address service for $14.95/month since a single IP address would do the job. The sales person said a confirmation e-mail would be sent with the new static IP in 3 to 5 business days. Several days later, an e-mail confirmation arrived with the new IP address, gateway IP, subnet mask, DNS server IPs and instructions to call Comcast Tech Support’s toll free number to active the static IP service. The e-mail was brief and to the point:

Dear Customer,
Below is the Static IP information for Account # xxxxxxxxxxxxxx
Static (Static IP address for my Linksys router)
Gateway (Static IP address of the SMC8014 gateway)
Subnet Mask:
Primary DNS:
Secondary DNS
Note: Static IP's will not be active/available until the file is downloaded
to your gateway. Please call Tech Support...800.391.3000 or reply to this
email when you want to make the change.

Here’s the as-built network diagram with the new static IP service assigned to Wide Area Network (WAN) interfaces of the SMC8014 gateway and Linksys WRT160N router:

Comcast Business Class SMC8014 Static IP Network Diagram

Comcast Business Class SMC8014 Static IP Network Diagram

Fluke LinkSprinter Network Tester

I recently had the pleasure of reviewing the Fluke LinkSprinter Network Tester. It automatically tests:

  • Power over Ethernet (PoE)
  • Ethernet Link and jacks
  • DHCP and Static IP Addresses
  • Network Gateway
  • Internet Connectivity

It’s affordable, easy to use and takes the guesswork out of network test and troubleshooting.

Fluke LinkSprinter 200 Network Tester

Comcast Static IP Address & Bridge Mode

My first call to Comcast Tech Support to activate the static IP’s resulted in 30 minutes of wasted time. The Comcast technician was inexperienced and kept putting me on hold while he tried to figure out what to do. He ultimately gave up and offered to transfer me to another tech, and after a few moments I was disconnected.

I redialed the toll free Comcast Tech Support number and my call was answered by a cheerful young lady who said she knew exactly what to do. She pushed the new static IP configuration to the SMC8014 gateway and reset the device. I explained what I was trying to do with DDNS remote access and asked about a Bridge Mode configuration. She said “Sure, I can do the Bridge Mode setup!” and remotely configured the SMC8014 for the routed equivalent to Bridge Mode, which disables the DHCP, DNS, NAT, firewall, static routing, filtering, etc. functions.

The new SMC8014 “Bridge Mode” configuration can be viewed by logging into the gateway using a web browser:

Comcast SMC8014 Gateway Login

Comcast SMC8014 Gateway Login

The new “bridge mode” configuration settings are for the SMC8014 gateway are as follows with selected screen grabs for the more important settings.

SMC8014 LAN Configuration

  • LAN → IP Setup
    • Enable LAN DCHP: Unchecked
    • Assign DNS Manually: Unchecked

Note: DHCP and DNS will be configured in the Linksys WRT router.

Comcast Business Class: SMC8014 LAN - IP Setup

Comcast Business Class: SMC8014 LAN – IP Setup

  • LAN → Static Routing: No entries, all fields blank.
  • LAN → Filtering: Enable Access Filter: Unchecked
  • LAN → Switch Controls: Keep the default settings.

SMC8014 Firewall Settings

Comcast Business Class: SMC8014 Firewall - Firewall Options

Comcast Business Class: SMC8014 Firewall – Firewall Options

  • Firewall → Port Configuration → Port Forwarding: Disable all Port Forwarding rules: Checked
  • Firewall → Port Configuration → Port Triggering: Disable all Port Triggering rules: Checked
  • Firewall → Port Configuration → Port Blocking: Disable all Port Blocking rules: Checked
  • Firewall → Port Configuration → True Static IP Port Management:
    Disable all rules and allow all inbound traffic through: Checked
Comcast SMC8014 Firewall - Port Configuration - True Static IP Port Management

Comcast SMC8014 Firewall – Port Configuration – True Static IP Port Management

  • Firewall → Web Site Blocking: Enable Web Site Blocking: Unchecked
  • Firewall → DMZ: Enable DMZ Host: Unchecked
  • Firewall → 1-to-1 NAT: Disable All: Checked
Comcast Business Class: SMC8014 Firewall - 1-to-1 NAT

Comcast Business Class: SMC8014 Firewall – 1-to-1 NAT

SMC8014 Gateway Network Summary

The WAN static IP address and /30 subnet block (CIDR) are shown on the Network summary screen.

  • Gateway Summary → Network
Comcast Business Class SMC8014 Gateway Summary with Static IP Address

Comcast Business Class SMC8014 Gateway Summary with Static IP Address

Remember, Comcast will assign the static IP address to the SMC8014 gateway for you.

Linksys Router Static IP Address Configuration

The Comcast provided static IP address, subnet mask and gateway must be configured on the Linksys WRT router to enable Internet access. The configuration is simple by flipping the Internet Connection Type from DHCP to Static IP through these steps:

  1. Log into the Admin page of the Linksys WiFi router at:
  2. Go to the Setup Basic Setup menu.
  3. Select Static IP in the Internet Connection Type choice box.
Linksys WRT - Static IP Internet Connection Type

Linksys WRT – Static IP Internet Connection Type

The screen will refresh and display the Static IP configuration parameters:

Linksys WRT - Comcast Business Class Static IP Internet Configuration

Linksys WRT – Comcast Business Class Static IP Internet Configuration

Fill in the Internet IP Address, Subnet Mask, Default Gateway and DNS fields in the screen above with the parameters specified in the e-mail from Comcast:

Static (Static IP address for my Linksys router)
Gateway (Static IP address of the SMC8014 gateway)
Subnet Mask:
Primary DNS:
Secondary DNS

I opted for Google Public DNS ( and instead of Comcast for DNS 1 and 2 as a matter of preference, and Comcast for DNS 3 for diversity.

Click Save Settings.

Linksys Router Dynamic DNS Settings

This next step assumes you have already created a DDNS Account with DynDNS and have a DDNS host configured.

Navigate to the Setup → DDNS menu in the Linksys WRT WiFi router and check the DDNS update status. The Internet IP Address is now the Comcast Static IP address and the Status is ddnsm.dyn_good, which is a somewhat cryptic Java code value meaning “DDNS is updated successfully”.

Linksys WRT - DynDNS DDNS Setup with Static IP

Linksys WRT – DynDNS DDNS Setup with Static IP

SMC8014 Admin GUI Access

In the future, if you want to log in to the SMC8014 gateway, make sure your computer is on either the Linksys router WiFi or wired network LAN port and point your web browser to to log in to the SMC8014 Admin menu. You will not be able to access the SMC8014 Admin GUI if your computer is plugged directly into a SMC8014 LAN port because the DHCP is disabled and your computer won’t be assigned a 10.1.10.x IP address.

Remote Internet Access to LAN Clients

It is necessary to configure port forwarding on the Linksys router to access your LAN clients (computers, cameras, etc.) via the DDNS host name and port, e.g. or directly with the static IP address of the Linksys router, e.g. For port forwarding configuration instructions, see this project.

Hope this helps,

Bob Jackson

Copyright © 2014   Reproduction strictly prohibited.


, , , , , , , , , , , , , , , , , , ,

55 Responses to How To Configure a Comcast Business Class Static IP Address

  1. Evan Pols August 30, 2011 at 6:03 pm #

    This appears to be exactly the sort of information I’m looking for. I have to put one of these in Bridged mode in a few days to use my third party firewall, and this looks like an awesome summary. Thank you!

  2. Nick Clark July 9, 2012 at 5:09 pm #

    So nice to see this :-) I ran into a SMCD3G but the sale principles applied. I thought I had originally setup the modem to perform true/clean bridge mode but something wasn’t right when I was port scanning it…seeing a different public address than what was configured in my SonicWALL. Anyway, I matched the setup w/ exception to my own public ip’s and it finally put me into true bridge mode. Thanks for your time Bob!

  3. Desperate July 13, 2012 at 1:33 pm #

    All real good information but I still can not connect my back office to my store where my db is.
    I’ve turned everything off but for port forwarding rules, entered my info from BO and no connection. Comcast could care less, all they care about is that I have internet service.
    I need a tech(with experience) in the Fort Lauderdale area to contact me.

    • Bob Jackson July 13, 2012 at 11:11 pm #

      Can you provide a network diagram of your LAN with servers and applications? I realize this is sensitive info. You can e-mail me at the About page.

      The Mobotix network camera project sits behind the Comcast cable modem / router. It should be comparable to your network in concept.

  4. Scott Castro August 14, 2012 at 9:59 am #

    Excellent article. Thank you so much. You helped me avoid dealing with the sometimes frustratingly ignorant Comcast Tier 1 support. Of course I used a different device than the Linksys router but the modem setup was right on the money. Thanks again.

  5. Tim Nelson October 13, 2012 at 12:16 am #

    Hey Bob, nice wiki – well done.
    Question, why would you need ddns if you have a static IP address?
    Another question I have; is it possible to do the same concept, with a public DHCP address from Comcast (business class)?

    What I want to do, is use the public IP address assigned to my SMC, and keep it registered with my web address pointed to dnsexit’s ddns servers. That being said, I wouldnt need a static IP, since I could continue to reference my domain name.

    If I do this, is it possible to set the config on the SMC like you did, and on my Cisco WRVS4400N configure it to point to my SMC(without using a public static IP)?

    Basically I am trying to just trying to set up a IPSEC VPN to my SMC via domain name->DDNS -> Port Forwarded to the static LAN IP on my WRVS4400N.
    Can you set up the WRVS4400N as a router instead of a gateway and do this? I have tried everything.

    • Bob Jackson October 13, 2012 at 2:11 pm #

      > Question, why would you need ddns if you have a static IP address?
      This project example is one of several similar networks at different locations, some are served by DSL modems and other sites by residential class cable modems that only have dynamic WAN IP addresses. For consistency, I configured all the networks with DDNS. DDNS also makes it easier to remember the host name when typing in the URL versus a numeric IP static address. While I normally bookmark the URLs, sometimes I’m at a new computer or tablet and have to type in the URL from memory.

      > is it possible to do the same concept, with a public DHCP address from Comcast (business class)
      That was my first approach only to learn that Comcast’s Business Class DHCP IP addresses are not publicly routable. This is the “Remote Internet Access Problem” described at the beginning of the project. The only solution for Business Class service is to subscribe to a static IP address from Comcast. The Business Class public IP address cost is something like $15/month last time I checked.

      Note that Comcast Residential cable modem service with DHCP addresses are publicly routable and the DDNS service works great for remote access to your home network. I’m a Comcast subscriber and DDNS works great for my home network.

  6. PJ Dale October 29, 2012 at 10:57 am #

    Hi Bob, great job and easy to understand.

    Does comcast have a better modem that i can ask for?

    How will I set up this modem with a cisco small business modem wit VPN.

    I would like to set up the VPN so I can dial from home.

    I have 1 static Ip address.

    • Bob Jackson October 29, 2012 at 6:05 pm #

      > Does Comcast have a better modem that i can ask for?
      You will need to ask Comcast if other cable modem options are available in your area.

      > How will I set up this modem with a cisco small business modem with VPN?
      VPN configuration is outside the scope of this tutorial. A Google search for “cisco vpn setup” should get you started.

  7. NICOLE HESS December 28, 2012 at 8:14 am #

    I have read this article because it mirrors what I’m trying to do at a remote site for our business. I have had Comcast put my smc gateway in the equivalent of “bridge mode” and tried to set my linksys router wrt150n which is behind the modem with the Comcast info to allow it to hand out DHCP so I can port forward or simply put a static ip on a HP4250 printer and add it to my network at corporate,to no avail. My router stops accessing the internet when i save the settings if i set it while its connected to the SMC, and if I unplug and then set it and save , when I plug it back in I get the private ip addresses like … assigned. I’m new to networking and my boss is getting mad I cant do something simple like get a printer printing at a remote site, I’m at my wits end. Please help.

    • BobJackson December 28, 2012 at 10:01 am #

      Hi Nicole,
      This forum isn’t for general IT Support, but I’ll try to help.

      Based on your description where the SMC is handing out a 10.x.x.x LAN IP addresses to the Linksys router, I makes me think you are not subscribed to the Comcast Static IP address service. A static IP address is an optional service for an extra fee. Please confirm that you have a static IP address with Comcast.

      Assuming you have purchased a static IP address from Comcast, the next troubleshooting steps are go back to the basics:
      * Make a simple network diagram with your IP addresses and subnets as shown above.
      * Review the SMC router configuration with Comcast Support.
      * Do a factory reset on the Linksys router and configure it from scratch. Your computer should be plugged directly into the Linksys LAN port for this step. Power cycle the Linksys so it’s synched with the SMC gateway. Verify you can access the Internet from your computer.
      * I would assign a static LAN IP address to the printer behind the Linksys as per the “Remote Internet Access to LAN Clients” topic. DDNS isn’t needed with a WAN static IP address, but it does make it possible to give the printer an easy to remember host name.

      Take care,

  8. Patrick January 30, 2013 at 1:55 am #

    Bob—just wanted to say thanks for this article. I was having this exact problem with my AirPort Extreme and my new Comcast internet service, and your instructions worked flawlessly (and undoubtedly saved me a bunch of time and grief dealing with Comcast tech support). Many thanks for sharing this.

  9. Eric GM February 1, 2013 at 1:06 pm #

    Hi Bob.

    A year and a half later, this article is still helpful. We’ve put an embarrassing number of hours into trying to deploy a Netgear firewall under a Comcast setup like this. It’s still in process, but the answer we’re getting now is that it doesn’t work because the SMC is not in true bridge mode (and that doing so brings down the entire network until the firewall works properly). We’ve had various accounts of what true bridge mode means, so this is a chance to implement that scenario. Trying it this evening…

    • BobJackson February 1, 2013 at 1:45 pm #

      Let me know about your success. Thanks!

  10. Shon Gale February 25, 2013 at 4:28 pm #

    Love your article.
    I have an SMC 8014 from ComCast with 5 static ip’s. I have a NETIS ST3123 8 port 1GB router and a D-LINK DI-604.
    Once I have Comcast set my modem to bridge mode, is there anything else I need to do to assign a static ip to each router?
    Can I add another D-LINK wireless router to another one of the ip’s?
    Any info you can tell me or pitfalls to watch out for would be a great help.

    • BobJackson February 25, 2013 at 9:09 pm #

      Hi Shon,
      The NETIS ST3123 is a switch, not a router. It’s only for connecting LAN clients to the router.

      The D-Link DI-604 router doesn’t support the Comcast static public IP addresses on LAN clients, so what you’re probably thinking won’t work:
      Comcast — SMC8014 — D-Link router — NETIS switch -X- LAN clients with static public IPs

      The D-Link DI-604 will NAT between it’s Comcast static public WAN IP and the private LAN IPs, so you won’t be able to reach your connected devices from the Internet.

      What will work is:
      Comcast — SMC8014 Port 1 — D-Link router #1 — NETIS switch — LAN clients with private IPs
      Comcast — SMC8014 Port 2 — D-Link router #2 — LAN clients with private IPs
      Comcast — SMC8014 Port 3 — single device (computer, web server, NAS, camera, etc.) with a public static IP
      Comcast — SMC8014 Port 4 — single device (computer, web server, NAS, camera, etc.) with a public static IP

      where [Comcast -- SMC8014 Port X] refers to the same SMC8014 gateway.

      The reason that devices assigned a Comcast static public IP address must be connected to a SMC8014 LAN port is because Comcast will route the static public IPs for you.

      If you’ve actually bought 5 assignable static public IP addresses from Comcast, you’ll notice you’ve run out of ports on the SMC8014 since you have 5 usable IP addresses but only 4 LAN ports on the SMC8014. Not a problem, hookup your network as so:
      Comcast — SMC8014 Port 1 — NETIS switch — 2 devices with static public IP addresses
      Comcast — SMC8014 Port 2 — D-Link router #1 — (another Ethernet switch) — LAN clients with private IPs
      Comcast — SMC8014 Port 3 — D-Link router #2 — LAN clients with private IPs
      Comcast — SMC8014 Port 4 — single device (computer, web server, NAS, camera, etc.) with a public static IP

      The NETIS switch is “transparent” to the SMC8014 and your public static IP devices will be routed correctly by Comcast.

      To be more precise, you can connect 1 to 5 devices with static public IP address to the switch:
      Comcast — SMC8014 Port 1 — NETIS switch — 1 to 5 devices with static public IP addresses

      BTW – It doesn’t matter which LAN port # you connect the devices to on the SMC8014, they all work the same.

      Take care that devices with static public IP addresses will be visible to the entire Internet (worldwide) and vulnerable to hacking. Change all default logins and use strong credentials, disable all unnecessary services, run an anti-virus/firewall on all computers and servers, plus any other security measures supported by the various devices. Your devices will be probed and hacked in minutes if left unsecured.

  11. TCCrab March 12, 2013 at 7:06 pm #

    Wish I had found this article about three weeks ago.
    Would have saved me a *LOT* of frustration.
    Too bad the Comcast Tech Support people don’t know about this stuff, or perhaps they do know and won’t share the information.
    I had been hosting a domain and serving my own emails while a Comcast Home Broadband User.
    They found out (after 9 years, took ‘em long enough) and they blocked my Port 25 (SMTP). and Port 80 (HTTP).
    I called and confessed my sins and begged for absolution by upgrading to Comcast Business Class.
    They installed the business class cable modem and still no emails.
    Multiple calls to tech support with no joy.
    Even their tier 2 support weren’t able to get it back up.
    Upon further investigation I found that they had installed a “Gateway” and not just a simple cable modem.
    That “Gateway” doubles as a router.
    Now that i knew what I was up against, a quick search using:
    “How To Configure A Comcast Business Class Static IP address” and VIOLA!!
    The answer I needed.
    Thank you HandyManHowToGuy!!!!

    Folsom, CA

    • BobJackson March 12, 2013 at 8:27 pm #

      Hi Tom,
      I’m pleased my application note helped you. The issue is Tier 1 Tech Support personnel aren’t solution engineers, it’s just the nature of a mass market call center.
      Take care,

  12. Shon Gale March 19, 2013 at 2:07 pm #

    Bob; thanks for your help. It’s greatly appreciated. I am trying once again to make this happen. I got a hold of a LinkSys WRT54G which the doc say is the predecessor of the 160n so if you know any different please let me know otherwise I am going to go for it.
    Once again thanks

    • BobJackson March 19, 2013 at 3:25 pm #

      A Linksys WRT54G or any current WiFi router should do just fine.

  13. Shon Gale March 20, 2013 at 6:13 am #

    Thank you much sir! I will try it today. I need to make it work. I have 2 lines in here, 1 for my server and 1 for my dev testing and the second line costs $72.00 a month (almost as much as business class) and I really want to get rid of it. They are such a ripoff for the consumer. Business kinda get a break, which is ass backwards of the normal way of doing business.
    Once again thanks!

  14. Terry Platt April 3, 2013 at 6:01 am #

    Can you recommend a router without WiFi?
    Or, can I use the Apple WiFi already in place?

    • BobJackson April 3, 2013 at 7:29 pm #

      WiFi is not required, any router that supports a static WAN interface IP address should be fine.

  15. jquill April 30, 2013 at 4:38 pm #

    I’m trying to get an Airport Extreme router set up for a new Comcast Business Class Static IP account. It’s not active yet, but they did email the network settings. I tried plugging them in to the router to get it ready to test but keep getting an Invalid Value error – The router address you have entered is not compatible with your WAN IP address. The Static IP is; Subnet Mask; Router Address/Gateway is The router does not appear to like a Gateway address higher than the Static IP. Is this normal or perhaps a limitation in the Airport Extreme.

    Any feedback would be helpful. Thanks.

  16. jquill April 30, 2013 at 8:17 pm #

    Thanks. I have another extreme router that has been running on a DSL modem connection with a static IP for a few years and has not had a problem. In that case, the IP address ends in .127 and the gateway ends in .1; the router is happy with that. On the new Comcast circuit, the gateway address is higher than the Static IP (.79 IP and .80 Gateway) and the router will not seem to allow that; pops the Invalid Value error message. I’m not a network guy, so I was basically wondering if it was unusual to have a Gateway address higher than the Static IP address or did Comcast perhaps send me bad data.

    Thanks again…

    • BobJackson April 30, 2013 at 8:41 pm #

      The Comcast public static IP address ranges are valid: .79 static ip for your Airport Extreme WAN interface and .80 for the gateway. Best I can do as is offer a few more bread crumbs based on the same error message “The router address you have entered is not compatible with your WAN IP address”. These links suggest the LAN side should be set to DHCP or the LAN subnet mask was modified.

      Set up with a static IP

      Changing Subnet mask in Airport Utility

      Please write back when you’ve solved the problem.

  17. jquill May 7, 2013 at 5:59 pm #

    Well, it turns out Comcast gave me the wrong IP address and the wrong Gateway. After a couple of calls they gave me addresses in the proper block range.


    • BobJackson May 7, 2013 at 6:37 pm #

      You’re welcome! Thanks for writing back.

  18. John May 26, 2013 at 11:20 pm #

    Good article, this brought me about 99% of the way through what I’ve been (pondering) getting done for a couple years now.

    What is your recommendation for port 80? I’d like to be able to hit an internal web server on port 80, but I also don’t want to lock out all control of the comcast bridge from both ends.

  19. eddy123 May 29, 2013 at 9:45 pm #

    I have the comcast business server side setup as recommended by comcast for vpn access, and we have the static ip, etc, but what settings are needed to connect via Shrew Soft VPN?

    • BobJackson May 30, 2013 at 11:58 am #

      VPN client and gateway setup are outside the scope of this project. Contact Shew Soft technical support for product configuration assistance.

  20. HarKenToh June 7, 2013 at 3:39 pm #

    Great article – Comcast should have it on their support site (for a fee, of course).

    Thanks a lot!

  21. Suzy Brown June 14, 2013 at 12:49 pm #

    You are a god send…my experiences with Comcast reflect everyone else here. They actually messed up our system so bad we had no internet for 6 hours, which is forever in a business with no credit cards being processed! Anyway I just wanted to post my thanks.

    Suzy Brown

    • BobJackson June 14, 2013 at 2:41 pm #

      > They actually messed up our system so bad we had no internet for 6 hours…
      Have you considered the Square credit card reader as a backup system?

      Sign up for a Square account and keep the Square reader in the drawer until you need it. If an Internet or Phone outage disables your cash register credit card reader, plug the Square reader into your iPhone/iPad/Android and you’re back in business. You’ll pay $0 per month and about 3% per swipe only when you use it (other pricing plans are available).

      I was at my favorite cigar store and the countertop credit card reader out of service because the phone lines were down. The store proprietor plugged the Square reader into his iPhone, swiped my Amex, the credit card transaction was processed via the cellular data network and I received the receipt via e-mail.

  22. Breanna July 3, 2013 at 11:49 am #

    I have Comcast Business internet service, at my place of work and im wondering how do i get wifi with it, because i have devices that i want to connect to it for customers.

    • BobJackson July 3, 2013 at 6:29 pm #

      There are two ways to setup WiFi:
      1. Comcast XFINITY® WiFi hotspot.

      If you expect more than 20 to 30 simultaneous wireless customer connections or are located in a busy public area (e.g. food court at the shopping mall), I’d go with XFINITY WiFi HotSpot because Comcast will manage the WiFi router and it will be on a separate Internet connection from your Comcast Business Class Internet (more bandwidth for you!).

      2. Buy a WiFi router and connect it to your Comcast cable modem. I’ve illustrated this configuration in the project network diagram.

      Should you setup your own WiFi router, configure a WiFi access password so only your customers can use the service. This will prevent “drive by” public users from leaching on the service.

  23. luke July 24, 2013 at 7:06 pm #

    Here is how I got this setup to work WITHOUT having to have comcast change me to a static IP.

    I found the trick was to put the comcast modem/router on (LAN side), and then the new router on for the LAN(thats what the comcast router was before the switch, and I didn’t want to change any of the clients on the network). This thankfully lets me access both of their web interfaces from a browser on the LAN. Then I plugged the WAN port on the new router into the comcast modem/router, and had it get an IP from the comcast box (set this lease to forever). I set the comcast box to DMZ

    I use Remote Desktop Protocol all the time so I had to get port forwarding working. I have the comcast box forward what comes in on port (9100 in my case) to the new router’s WAN IP( with the same outside port (9100 in my case), and had the new router then forward it to the correct client IP on the internal port 3389. So it was pretty easy once I had the right plan.

  24. luke July 24, 2013 at 8:41 pm #

    You can also get the wifi to work with the comcast modem/router by using a wifi router and disabling it’s dhcp. Set the wifi router to be on a static IP in the same range as your network (but on an IP just outside of the dhcp settings on the comcast router/modem), use an ethernet cable to go from the dhcp disabled wifi router’s LAN port (not the WAN) to a LAN port on a switch or the comcast modem/router. This worked flawlessly for me.

  25. luke July 24, 2013 at 8:52 pm #

    In my post about about how I setup a wifi router behind a comcast modem/router (model 8014). I made a type-O on the DMZ I setup. The DMZ I setup on the comcast box was to the WAN port on the new wifi router. So should be (not as I typed). I’m not sure this is required, but I wanted the WAN port to be straight through from the comcast box without the comcast route/modem doing firewall stuff on it, since the new wifi router has it’s own firewall.

    • BobJackson July 25, 2013 at 7:40 am #

      Are you using a Dynamic DNS (DDNS) update service on your WiFi router to discover the Comcast DHCP-assigned (i.e. dynamic) public IP address assigned to the SMC 8014 WAN port to access your LAN devices via Remote Desktop Protocol? DDNS would allow the Remote Desktop Connection to be configured with a URL instead of the changing Comcast WAN public IP address.

      Allow Remote Desktop connections from outside your home network

      Thanks for the insights!

  26. Juan July 28, 2013 at 11:17 pm #

    Somebody please help me!!!

    I just signed up for Comcast Business Class, I have 5 static IP’s, I purchased a Netgear R6250 WIFI router and I’m trying to figure out a simple way to assign my static IP’s to my Foscam security cameras! I’ve been reading blog after blog and so far I think I rather get my teeth pulled!! There has to be a simple way to do this even for a rookie like me to figure out!! Comcast has put my modem in “bridged mode” (honestly I don’t know what the hell that does)!

    First I need a step by step explanation on how to configure Cable Modem Gateway (Netgear CG3000DCR) and the Netgear Wireless Router (R6250) I purchased and how to assign the static’s to my cams!! I would sincerely appreciate any assistance!!!

    Anybody up to help a me? Please?

    Thanks a bunch!!!!

  27. Jose August 1, 2013 at 1:41 pm #

    Please don’t call this ‘Bridge Mode’. The SMC8014 doesn’t have that functionality. What you’re really describing above is disabling the NAT engine on the Comcast device so you can use the static IP block that you purchased. But this is all still layer 3.

    • BobJackson August 2, 2013 at 8:12 pm #

      “Bridge Mode” is the term that users ask for and understand. The fact that Comcast Tier 2 will disable NAT to accomplish the equivalent functionality is beside the point.

      Comcast refers to it as Bridge Mode in everyday language, so maybe it’s best you post your concerns on the Comcast Business forum.

  28. Dino September 30, 2013 at 8:18 pm #

    This article is tremendously helpful, but unfortunately has not quite solved my problem.

    I have a Sonicwall firewall in place of your Linksys. If I setup the SMC Gateway to use DHCP and hand out addresses, the client machines behind the Sonicwall (192.168.0.x) can browse the web.

    However, if I turn off DHCP, NAT etc. on the SMC Gateway and change the WAN and router addresses on the Sonicwall to the Comcast assigned Static IP addresses, I can no longer browse the web. Yet, I can still ping sites on the internet from client machines behind the Sonicwall,

    This would suggest it is not a DNS problem (since I am pinging my domain name) and not a port blocking problem on the Sonicwall as I have not changed these settings between the two configurations.

    Any ideas what to try next?

    • BobJackson October 1, 2013 at 7:27 am #

      Hi Dino,
      See if the SonicWALL: Configuring a Static IP Address with NAT Enabled instructions solve the problem. The SonicWALL firewall will have a public WAN IP while enabling NAT and DHCP for LAN clients.

      Also see the “UTM: How to configure the SonicWALL WAN/X1 Interface with Static IP Address” – Configuring the SonicWALL WAN interface (X1 by default) with Static IP address provided by the ISP – article in the MySonicWALL Knowledge Portal under the Support menu.

      The SonicWALL UTM appliance is fairly complex. If you’re still having trouble, please open a Service Request at the MySonicWALL portal. The SonicWALL support tech can take a look at your firewall configuration to fix the problem.


  29. Kenneth Moore October 22, 2013 at 3:50 pm #

    I pulled my hair out for most of two days trying to get public access to an internal web server on a Comcast business account with a static IP. It should be as simple as putting the CG3000dcr into bridge mode, and uplinking to my Linksys AP/router which is configured with the static ip and info from Comcast. The Linksys is also setup to forward inbound requests (80 and 21) to the webserver. Simple, except that there is a setting in the cable modem that can only be seen/modified by Comcast that must be changed. After almost two days and three support calls to Comcast, my webserver is now visible to the outside world.

  30. Ken March 18, 2014 at 10:21 am #

    I have a Comcast Business modem/router. Set to pass thru mode. Everything is off except port forwarding ( can’t uncheck box ). Behind the Comcast I have a Netgear FVS318N. My network connects to the FVS thru a switch. On the network I have one server which my software people need to telnet into. I port forward port 23 to the server ( 192.168.2.xx ) with no luck. I test and get a response of “the connected party did not respond”. I know the server is listening on port 23. From the logs on the FVS router, I see incoming port 23 to the server but no outgoing.

    • Bob Jackson March 18, 2014 at 3:23 pm #

      > Comcast Business modem/router… Everything is off except
      > port forwarding ( can’t uncheck box )
      Have you contacted Comcast Technical Support to disable port forwarding on the modem/router? Best to get this out of the equation so you’re not troubleshooting a NAT issue beyond your control.

      > I have one server which my software people need to telnet into.
      > I port forward port 23 to the server ( 192.168.2.xx ) with no luck
      While I’ve no experience with the NetGear FVS318N Wireless N VPN Firewall, I would follow the Virtual Private Networking
      Using SSL Connections starting on page 266 of the FVS318N Reference Manual and more specifically Configure Applications for Port Forwarding on page 273. An SSL encrypted VPN is secure for carrying the what would otherwise be unencrypted telnet traffic. In my business we always disable telnet because it is insecure with user name and passwords sent in clear text.

      If you don’t or can’t use the SSL VPN option then SSH is an encrypted alternative to telnet that could be port-forwarded. Check that LAN WAN firewall rules are configured to admit the SSH (or telnet) traffic.

      Hope this helps,

  31. Lynna Anderson March 18, 2014 at 12:00 pm #

    Thank you so much for this walk through. I have been pulling my hair out trying to get my camera to work and finally got it going. Thank you so much!

  32. jay March 31, 2014 at 3:24 am #

    Bob i followed your instructions to connect my cameras. The only thing different is that i am using a netgear wnr1000v2 router and was able to set up the port forwarding but unable to connect from a remote computer. I have the comcast buisness and am using a static I.P address for my router (Have five total) and have the DVR connected to the router along with multiple devices(LAN) using a netgear switch. the other three ports are connected to VOIP phones as for some reason dont work properly via the router and am able to use a d-link switch for extra ports. so i am not using any other static IP’s.
    I type in the Static IP address of my router on the i.e.browser at my home computer and no connection. what am i missing ? Please help!!!!

    • Bob Jackson March 31, 2014 at 7:43 pm #

      Hi Jay,
      Have you asked Comcast to confirm the cable modem is configured for “bridge mode”, meaning the Network Address Translation (NAT) function is disabled?

      Can you ping the Comcast static IP address assigned to the WAN port of the Netgear WNR1000 WiFi router from the Internet? See page 63 in Section 4-6 “Configuring the WAN Setup Options” of the WNR1000 User Manual for instructions to enable ping. If you can’t ping the Comcast static IP address assigned to the Netgear WAN port, that needs to be resolved first.

      Did you configure static LAN IP addresses for the cameras? The cameras must have a static LAN IP for port forwarding to work to a fixed destination. You’ll also need to configure the camera itself to disable DHCP and use a static LAN (private) IP. See the “Static IP Address and Port Forwarding Configuration” section in this article for assigning static LAN IP’s above the WiFi router DHCP range. This related article may be helpful, too.

      You could sign up for a free DDNS service like no-ip and enable DDNS on both the router and the camera. DDNS works for both public (WAN) and private (LAN) static IP addresses. The DDNS account hosts page will show the IP address actually assigned to the router and camera to help your troubleshooting. If the no-ip DDNS hosts page reports a different WAN IP address for the Netgear router than the Comcast static IP address you assigned, that’s your problem. Check the Netgear WAN static IP address settings again and if it looks OK, check back with Comcast to enable bridge mode on the cable modem.

      Make a network diagram for each device in the daisy chain with the pertinent network information. A diagram is extremely helpful for mapping each device configuration and hop in the network.

      Let me know when you find the problem.


  33. Samy April 15, 2014 at 1:01 am #

    How different is the setup when one has a Dynamic IP with Comcast and wants to add a separate VPN router? DO we still need to Bridge the comcast router modem or ?

    • Bob Jackson April 15, 2014 at 8:15 am #

      You’ll need to consult your router documentation. This article explains how to setup a Linksys VPN with DDNS.

Leave a Reply